Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Similar presentations


Presentation on theme: "Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi."— Presentation transcript:

1 Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi

2 Introduction ► Importance of Integrated Network Security  Example of disjointed solution  Example of properly integrated solution ► Importance to IT Leaders

3 Agenda ► Integrated Solution Architecture ► Integrated Solution Components  Cisco Security Agent (CSA)  Cisco NAC Appliance  Cisco Firewall  Cisco IPS  CS-MARS

4 Cisco Unified Wireless Network ► Anytime, anywhere access to information. ► Real-time access to instant messaging, e-mail, and network resources. ► Mobility services, such as voice, guest access, advanced security, and location. ► Modular architecture that supports 802.11n, 802.11a/b/g, and enterprise wireless mesh for indoor and outdoor locations, while ensuring a smooth migration path to future technologies and services

5 Secure Wireless Architecture ► The following five interconnected elements work together to deliver a unified enterprise-class wireless solution:  Client devices  Access points  Wireless controllers  Network management  Mobility services

6 Campus Architecture ► High availability ► Access services ► Application optimization and protection services ► Virtualization services ► Security services ► Operational and management services

7 Branch Architecture

8 Cisco Unified Wireless Network ► Anytime, anywhere access to information. ► Real-time access to instant messaging, e-mail, and network resources. ► Mobility services, such as voice, guest access, advanced security, and location. ► Modular architecture that supports 802.11n, 802.11a/b/g, and enterprise wireless mesh for indoor and outdoor locations, while ensuring a smooth migration path to future technologies and services

9 Agenda ► Integrated Solution Architecture ► Integrated Solution Components  Cisco Security Agent (CSA)  Cisco NAC Appliance  Cisco Firewall  Cisco IPS  CS-MARS

10 Where CSA Fits into Architecture

11 CSA ► CSA is an endpoint security solution ► Single agent that provides:  zero update attack protection  data loss prevention  signature based antivirus ► Two Components:  CSA MC  CSA

12 Need for CSA

13 Threats and CSA Mitigation

14

15 Prevent Wireless Ad hoc Communications Module ► If a wireless ad-hoc connection is active, all UDP or TCP traffic over any active wireless ad-hoc connection is denied, regardless of the application or IP address. ► Alerts are logged and reported any time the rule module is triggered ► Customization allows:  User Query  Test Deployment

16 Prevent Wireless if Ethernet Active Module ► If an Ethernet connection is active, all UDP or TCP traffic over any active 802.11 wireless connection is denied, regardless of the application or IP address. ► An alert is logged and reported for each unique instance that the rule module is triggered. ► Supports customization  Customized user query as a rule action  Customized rule module based on location  Customized rule module in test mode

17 Location Aware Policy Enforcement ► Enforces different security policies based on the location of a mobile client ► Determines state of mobile client based on:  System state conditions  Network interface set characteristics ► CSA location-aware policy may leverage any of the standard CSA features

18 Roaming Force VPN Module ► If the CSA MC is not reachable and a network interface is active, all UDP or TCP traffic over any active interface is denied, regardless of the application or IP address, with the exception of web traffic, which is permitted for 300 seconds. ► Informs user that VPN connection is required ► Message is logged

19 Agenda ► Integrated Solution Architecture ► Integrated Solution Components  Cisco Security Agent (CSA)  Cisco NAC Appliance  Cisco Firewall  Cisco IPS  CS-MARS

20 Cisco NAC Appliance Overview ► Admission Control and compliance enforcement ► Features:  In-band or out-of-band deployment options  User authentication tools  Bandwidth and traffic filtering controls  Vulnerability assessment and remediation (also referred to as posture assessment)  Network Scan  Clean Access Agent

21 NAC Architecture

22 Out-of-Band Modes

23 In-Band Modes

24 NAC Appliance Positioning: Edge Deployment

25 NAC Appliance Positioning: Centralized Deployment

26 NAC Authentication ► 802.1x/EAP authentication does not pass through to NAC ► Authentication methods include:  Web authentication  Clean Access Agent  Single sign-on (SSO) with Clean Access Agent with the following:  VPN RADIUS accounting  Active Directory

27 Authentication Process: AD SSO

28 Posture Assessment Process

29 Remediation Process

30 Authenticated User

31 Agenda ► Integrated Solution Architecture ► Integrated Solution Components  Cisco Security Agent (CSA)  Cisco NAC Appliance  Cisco Firewall  Cisco IPS  CS-MARS

32 Firewall Placement Options Source: Cisco, Deploying Firewalls Throughout Your Organization

33 Why Placing Firewalls in Multiple Network Segments? ► Provide the first line of defense in network security infrastructures ► Prevent access breaches at all key network junctures ► Help organizations comply with the latest corporate and industry governance mandates  Sarbanes-Oxley (SOX)  Gramm-Leach-Bliley (GLB)  Health Insurance Portability and Accountability Act (HIPAA)  Payment Card Industry Data Security Standard (PCI DSS)

34 ► Cisco Catalyst 6500 Wireless Services Module (WiSM) and Cisco Firewall Services Module (FWSM) ► Cisco Catalyst 6500 Wireless Services Module (WiSM) and Cisco Adaptive Security Appliances (ASA) ► 2100 family WLCs with a Cisco IOS firewall in an ISR router Firewall Integration

35 FWSM and ASA Modes of Operation Transparent Mode Routed Mode

36 High Availability Configuration ASA High Availability FWSM High Availability

37 WLC Deployments and IOS Firewall

38 Agenda ► Integrated Solution Architecture ► Integrated Solution Components  Cisco Security Agent (CSA)  Cisco NAC Appliance  Cisco Firewall  Cisco IPS  CS-MARS

39 IPS Threat Detection and Migration Roles

40 WLC and IPS Collaboration ► Cisco WLC and IPS synchronization ► WLC enforcement of a Cisco IPS host block ► Cisco IPS host block retraction

41 Example of WLC enforcement

42 Agenda ► Integrated Solution Architecture ► Integrated Solution Components  Cisco Security Agent (CSA)  Cisco NAC Appliance  Cisco Firewall  Cisco IPS  CS-MARS

43 CS-MARS ► Cisco Security Monitoring, Analysis and Reporting System ► Monitor the network ► Detect and correlate anomalies ► Mitigate threats

44 Cross-Network Anomaly Detection and Correlation ► MARS is configured to obtain the configurations of other network devices. ► Devices send events to MARS via SNMP. ► Anomalies are detected and correlated across all devices.

45 Monitoring, Anomalies, & Mitigation ► Discover Layer 3 devices on network  Entire network can be mapped  Find MAC addresses, end-points, topology ► Monitors wired and wireless devices  Unified monitoring provides complete picture ► Anomalies can be correlated  Complete view of anomalies (e.g. host names, MAC addresses, IP addresses, ports, etc.) ► Mitigation responses triggered using rules  Rules can be further customized to extend MARS

46 Reporting ► MARS provides reporting  Detected events (e.g. DoS, probes, etc.)  Distinguish between LAN and WLAN events  Leverage reporting from other components (e.g. WLC, WCS, etc.) ► Allows detailed analysis of  Events  Threats  Anomalies

47 Q & A


Download ppt "Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi."

Similar presentations


Ads by Google