Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Controlling Network Boundaries.

Published byJune Bishop Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Controlling Network Boundaries."— Presentation transcript:

1 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Controlling Network Boundaries

2 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Current security architectures (such as site to site VPNs and tunnels) present scalability and management problems Presents significant challenges for customers when they are expanding (e.g. adding new branches on their network) The security landscape presents new challenges in terms of hackers etc. The network of the future has to be secured by a new architecture that is not only secure but scalable and resilient Examples of these new types of VPN architectures include GetVPN and FlexVPN

3 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 333 Communications and IT infrastructures must be defended against attack and exploitation Attackers are persistent and well- funded Computing advances are driving a move to higher cryptographic strengths Future Ready – meets security and scalability requirements for 20 years Efficiency Cybersecurity Cost-Effective

4 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Cisco has Industry-Leading VPN Solutions Flexible for site-to-site and remote-access VPNs Centralized Policy Management with AAA Latest IKEv2 Protocol 3 rd Party Compatible FlexVPN Converged Site to Site and Remote Access Simplifies branch-to- branch instantaneous communications Maximizes security Government compliance and privacy Flexible management Lowered CAPEX and OPEX Simplified branch communications Simplified Deployment Improved business resiliency Public Internet Transport Hub-Spoke, Spoke-Spoke Public Internet Transport Hub-Spoke, Spoke-Spoke DMVPN Private IP Transport Any-to-Any Connectivity Private IP Transport Any-to-Any Connectivity GETVPN

5 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 5 New/Upgraded algorithms, key sizes, protocols and entropy Compatible with existing security architectures, e.g., GETVPN, DMVPN Cryptographic Technologies Algorithm efficiency enabling increased security Scales well to high/low throughput Secure and Efficient Suite B (US) FIPS-140 (US/Canada) NATO Compatible with Government Standards

6 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 DH, RSA Significant risk RSA Significant risk MD5, SHA1 Collision attacks 3DES 1GB encryption limit HMAC-MD5 Theoretical weaknesses Entropy Significant risk TLS1.0, IKEv1 TLS1.0, IKEv1 Known flaws, lack of Authenticated Encryption P

7 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Key Establishment ECDH-P256 Digital Signatures ECDSA-P256 Hashing SHA-256 Authenticated Encryption Authenticated Encryption AES-128-GCM Authentication HMAC-SHA-256 Entropy SP800-90 Protocols TLSv1.2, IKEv2, SRTP P Suite B

8 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Performance and Scalability WAN/Campus EdgeBranch OfficeSOHOInternet Edge ASR 1006/1013 (40 Gbps, 200K cps) ASR 1002/1004 (10-40 Gbps, 200K cps) ISR 2900/3900, ASR 1001 (Up to 2.5Gbps,100K cps) ISR 8xx/1900 VPN, Zone Based Firewall, Integrated Threat Defense ISR / ASR Secure Routers Secure WAN Aggregation Integrated Threat Control Application Intelligence, Control, & Routing

9 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 VPN Interop Dynamic Routing IPsec Routing Spoke-Spoke Direct (shortcut) Remote Access Simple Failover Source Failover Config. Push Per-Peer Config Per-Peer QoS Full AAA Management Easy VPN NO YESNOYES NOYES DMVPNNOYESNOYESNOSOMENO GROUPNO Crypto Map YESNOYESNOYESPOORNO FLEX VPN YES Unifies all overlay VPN’s under a single umbrella Simplifies deployment and configuration Simplifies positioning Phase1 Shipping Nov’11

10 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 DMVPNFlexVPNGET VPN Network Style  Large Scale Hub and Spoke  Converged Site to Site and Remote Access  Any-to-Any; (Site-to-Site) Failover Redundancy  A/A based on Dynamic Routing  Dyn Routing or IKEv2 Route Distribution  Server Clustering  Stateful Failover *  Transport Routing  COOP Based on GDOI 3 rd Party Compatibility  No  Yes – up to 3 rd party implementation  No IP Multicast  Multicast replication at hub  Multicast replication in IP WAN network *  Multicast replication in IP WAN network QoS  Per Tunnel QoS, Hub to Spoke  Per SA QoS, Hub to Spoke  Per SA QoS, Spoke to Spoke*  Transport QoS Policy Control  Locally Managed  AAA Integrated  Locally Managed Technology  Tunneled VPN  Multi-Point GRE Tunnel  IKEv1 and IKEv2  Tunneled VPN  Point to Point Tunnels  IKEv2 Only  Tunnel-less VPN  Group Protection  G-IKEv2 * Infrastructure Network  Public or Private Transport  Overlay Routing  Public or Private Transport  Overlay Routing  Private IP Transport  Flat/Non-Overlay IP Routing * Roadmap Item

11 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Thank you.Thank you.

Download ppt "© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Controlling Network Boundaries."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan. 2009 - July 2009) Department of.

Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan July 2009) Department of.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Agenda VPN tunnels Configuration of basic core network components Maintenance of Cisco devices Exercises & troubleshooting.

Agenda VPN tunnels Configuration of basic core network components Maintenance of Cisco devices Exercises & troubleshooting.
© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.

© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.
Kapitel 7: Securing Site-to-Site Connectivity

Kapitel 7: Securing Site-to-Site Connectivity
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 2: Teleworker Connectivity.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 2: Teleworker Connectivity.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity

CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity

Similar presentations

Ads by Google