We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJune Bishop
Modified about 1 year ago
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Controlling Network Boundaries
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Current security architectures (such as site to site VPNs and tunnels) present scalability and management problems Presents significant challenges for customers when they are expanding (e.g. adding new branches on their network) The security landscape presents new challenges in terms of hackers etc. The network of the future has to be secured by a new architecture that is not only secure but scalable and resilient Examples of these new types of VPN architectures include GetVPN and FlexVPN
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Communications and IT infrastructures must be defended against attack and exploitation Attackers are persistent and well- funded Computing advances are driving a move to higher cryptographic strengths Future Ready – meets security and scalability requirements for 20 years Efficiency Cybersecurity Cost-Effective
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Cisco has Industry-Leading VPN Solutions Flexible for site-to-site and remote-access VPNs Centralized Policy Management with AAA Latest IKEv2 Protocol 3 rd Party Compatible FlexVPN Converged Site to Site and Remote Access Simplifies branch-to- branch instantaneous communications Maximizes security Government compliance and privacy Flexible management Lowered CAPEX and OPEX Simplified branch communications Simplified Deployment Improved business resiliency Public Internet Transport Hub-Spoke, Spoke-Spoke Public Internet Transport Hub-Spoke, Spoke-Spoke DMVPN Private IP Transport Any-to-Any Connectivity Private IP Transport Any-to-Any Connectivity GETVPN
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 5 New/Upgraded algorithms, key sizes, protocols and entropy Compatible with existing security architectures, e.g., GETVPN, DMVPN Cryptographic Technologies Algorithm efficiency enabling increased security Scales well to high/low throughput Secure and Efficient Suite B (US) FIPS-140 (US/Canada) NATO Compatible with Government Standards
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 DH, RSA Significant risk RSA Significant risk MD5, SHA1 Collision attacks 3DES 1GB encryption limit HMAC-MD5 Theoretical weaknesses Entropy Significant risk TLS1.0, IKEv1 TLS1.0, IKEv1 Known flaws, lack of Authenticated Encryption P
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Key Establishment ECDH-P256 Digital Signatures ECDSA-P256 Hashing SHA-256 Authenticated Encryption Authenticated Encryption AES-128-GCM Authentication HMAC-SHA-256 Entropy SP Protocols TLSv1.2, IKEv2, SRTP P Suite B
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Performance and Scalability WAN/Campus EdgeBranch OfficeSOHOInternet Edge ASR 1006/1013 (40 Gbps, 200K cps) ASR 1002/1004 (10-40 Gbps, 200K cps) ISR 2900/3900, ASR 1001 (Up to 2.5Gbps,100K cps) ISR 8xx/1900 VPN, Zone Based Firewall, Integrated Threat Defense ISR / ASR Secure Routers Secure WAN Aggregation Integrated Threat Control Application Intelligence, Control, & Routing
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 VPN Interop Dynamic Routing IPsec Routing Spoke-Spoke Direct (shortcut) Remote Access Simple Failover Source Failover Config. Push Per-Peer Config Per-Peer QoS Full AAA Management Easy VPN NO YESNOYES NOYES DMVPNNOYESNOYESNOSOMENO GROUPNO Crypto Map YESNOYESNOYESPOORNO FLEX VPN YES Unifies all overlay VPN’s under a single umbrella Simplifies deployment and configuration Simplifies positioning Phase1 Shipping Nov’11
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 DMVPNFlexVPNGET VPN Network Style Large Scale Hub and Spoke Converged Site to Site and Remote Access Any-to-Any; (Site-to-Site) Failover Redundancy A/A based on Dynamic Routing Dyn Routing or IKEv2 Route Distribution Server Clustering Stateful Failover * Transport Routing COOP Based on GDOI 3 rd Party Compatibility No Yes – up to 3 rd party implementation No IP Multicast Multicast replication at hub Multicast replication in IP WAN network * Multicast replication in IP WAN network QoS Per Tunnel QoS, Hub to Spoke Per SA QoS, Hub to Spoke Per SA QoS, Spoke to Spoke* Transport QoS Policy Control Locally Managed AAA Integrated Locally Managed Technology Tunneled VPN Multi-Point GRE Tunnel IKEv1 and IKEv2 Tunneled VPN Point to Point Tunnels IKEv2 Only Tunnel-less VPN Group Protection G-IKEv2 * Infrastructure Network Public or Private Transport Overlay Routing Public or Private Transport Overlay Routing Private IP Transport Flat/Non-Overlay IP Routing * Roadmap Item
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Thank you.Thank you.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
CCNA Security v2.0 Chapter 8: Implementing Virtual Private Networks.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.
Virtual Private Network. ATHENA Main Function of VPN Privacy Authenticating Data Integrity Antireplay.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
1 © 2002, Cisco Systems, Inc. All rights reserved. SEC-210 Deploying and Managing Enterprise IPsec VPNs Ken Kaminski Cisco Systems Consulting Systems Engineer.
Generic Routing Encapsulation GRE GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives VPN Overview Tunneling Protocol Deployment models Lab Demo.
© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.
Potential vulnerabilities of IPsec- based VPN GDF Pamuláné Dr. Borbély Éva.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
© 2003, Cisco Systems, Inc. All rights reserved. FNS 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
Agenda VPN tunnels Configuration of basic core network components Maintenance of Cisco devices Exercises & troubleshooting.
RE © 2003, Cisco Systems, Inc. All rights reserved.
Kapitel 7: Securing Site-to-Site Connectivity Connecting Networks.
VPN: Virtual Private Network Presented By: Wesam Shuldhum ID:
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 2: Teleworker Connectivity.
D.Kartheek murugan. outline What is a VPN? Types of VPN Why use VPNs? Types of VPN protocols Encryption Disadvantage of VPN.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Providing Teleworker Services Accessing the WAN – Chapter 6.
CERTIFICATION EXAM QUESTIONS DESIGNING CISCO NETWORK SERVICE ARCHITECTURE (ARCH) V 2.1 Presented By : com.
© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—11-1 Lesson 9 Virtual Private Network Configuration.
Guide to Network Defense and Countermeasures Second Edition Chapter 6 VPN Implementation.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 Implementing Virtual Private Networks.
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential outline What is a VPN? What is a VPN? Types of VPN.
Virtual Private Network (VPN) Topics Discussion What is a VPN? What is a VPN? Types of VPN Why we use VPN? Disadvantage of VPN Types of.
VIRTUAL PRIVATE NETWORK Tahani Aljehani. Why VPN? In today’s economy, companies have dramatically expanded the scope of their businesses. They may.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 CCNA 5.0 Planning Guide Chapter 7: Securing Site-to- Site Connectivity.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.
Providing Teleworker Services Accessing the WAN – Chapter 6.
Implementing VPN Solutions Laurel Boyer, CCIE 4918 Presented, June 2003.
Agenda 1. QUIZ 2. HOMEWORK LAST CLASS 3. HOMEWORK NEXT CLASS 4. DATA LINK CONTROL 5. FIREWALLS 6. PRACTICE EXAM.
Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan July 2009) Department of.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Presenter: Elisa Caredio, Product Manager Date: Thursday 22nd January 2015, 10am PST Enabling the Hybrid WAN Webinar Series Securing Your WAN Infrastructure.
Internet Protocol Security (IP Sec). Securing Intranets and Extranets at all levels.
Faten Yahya Ismael. It is technology creates a network that is physically public, but virtually it’s private. A virtual private network (VPN) is a.
Chapter 13 IPsec. IPsec (IP Security) A collection of protocols used to create VPNs A network layer security protocol providing cryptographic security.
© 2017 SlidePlayer.com Inc. All rights reserved.