Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2002, Cisco Systems, Inc. All rights reserved. Cisco SAFE Networking For Higher Education Network Security Team Cisco Systems, inc.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2002, Cisco Systems, Inc. All rights reserved. Cisco SAFE Networking For Higher Education Network Security Team Cisco Systems, inc."— Presentation transcript:

1 © 2002, Cisco Systems, Inc. All rights reserved. Cisco SAFE Networking For Higher Education Network Security Team Cisco Systems, inc

2 Education Today We are educating our children more than ever before on the value of Technology.

3 The Challenge: To improve student academic achievement through the use of technology. The Solution: Teach children how to use the technological tools available to them and integrate that technology into the curriculum to improve student achievement. HOW TECHNOLOGY CAN WORK WELL IN SCHOOLS No Child Left Behind focuses on how teachers and students can use technology Previous federal programs focused on increasing access to more technology. In an effort to improve student achievement through the use of technology, U.S. Secretary of Education Rod Paige announced a new Enhancing Education Through Technology (ED Tech) initiative. The goals of Education Technology are to: Improve student academic achievement through the use of technology in elementary schools and secondary schools. Assist students to become technologically literate by the time they finish the eighth grade. Ensure that teachers are able to integrate technology into the curriculum to improve student achievement. Percentage of students who reported using a computer at school at least once a week, by grade. The Facts About...21st-Century Technology US Department Of Education No child left behind program

4 Technologies and Procedures to Prevent Student Access to Inappropriate Material on the Internet Among schools using technologies or procedures to prevent student access to inappropriate material on the Internet, 91 percent reported that teachers or other staff members monitored student Internet access. Eighty-seven percent used blocking or filtering software, 80 percent had a written contract that parents have to sign, 75 percent had a contract that students have to sign, 46 percent used monitoring software, 44 percent had honor codes, and 26 percent used their intranet 12. As these numbers suggest, most of the schools (96 percent) used more than one procedure or technology as part of their Internet use policy 12 Since 99 percent of public schools were connected to the Internet in 2001, most schools had the capability to make information available to parents and students directly via e-mail or through a Web site. This section presents key findings on the availability of school-sponsored e-mail addresses and on school Web sites. National Center for Education Statistics Office of Educational Research & Improvement, U.S. Dept. of EducationU.S. Dept. of Education

5 Security and the Evolving Enterprise Needs Sophistication of Hacker Tools 19901980 Packet Forging/ Spoofing Password Guessing Self Replicating Code Password Cracking Exploiting Known Vulnerabilities Disabling Audits Back Doors Hijacking Sessions Sweepers Sniffers Stealth Diagnostics Technical Knowledge Required High Low 2000

6

7 What’s the Impact of Not Properly Securing Your Network ? Cost—directly affects the school’s budget How do you budget for a system outage? Credibility—end-user perception Is the children’s information safe? Productivity—ability to use your system Downtime is lost time and productivity Viability—can ultimately affect your network What are the staffing requirements? Liability—are you responsible? If you don’t take actions to stop outbound attacks, are you liable for damages inflicted on others? * FBI and Computer Security Institute(CSI)―2002

8 © 2002, Cisco Systems, Inc. All rights reserved. Intrusion Prevention: Security Without Signatures Proactive Security for Desktops and Servers

9 © 2002, Cisco Systems, Inc. All rights reserved. “Signature-based detection methods, which are already showing signs of extreme strain under current malicious code trends, will not be able to keep up with the new set of malicious-code risks created by the pervasive adoption and use of Web services and active content.”  John Pescatore and Arabella Hallawell, Gartner Research Note, 8/31/01

10

11 OKENA Aggregates Multiple Endpoint Security Functions OKENA Conventional Distributed Firewall Block Incoming Network Requests Stateful Packet Analysis Detect /Block Port Scans Detect /Prevent Malicious Applications Detect/Prevent Known Buffer Overflows Detect/Prevent Unauthorized File Modification Operating System Lockdown Conventional Host-based IDS Detect/Prevent Unknown Buffer Overflows Block Outgoing Network Requests Detect /Block Network DoS Attacks X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X Desktop/Laptop Protection X X X X X X X X X X X X X X

12 OKENA Complements Traditional Desktop AV OKENA Anti-Virus Malicious Code Protection X X Stop Known Virus/Worm Propagation Stop Unknown Virus/Worm Propagation Scan/Detect Infected Files “Clean” Infected Files Identify Viruses/Worms by Name No Signature Updates Required Distributed Firewall Functionality Operating System Lockdown Correlates Events Across Endpoints X X X X X X X X X X X X X X X X X X

13 SECURE MONITOR and RESPOND TEST MANAGE and IMPROVE A Continual, Multistage Process Focused on Incremental Improvement Security Philosophy: The Security Wheel

14 Top Ten Security Policies Today 1.Have a policy on virus updates and scanning. 2.Email policy – size limit and attachments. 3.Remote Access – Who should have it and what type of access. 4.Client side software images – Understand what needs to be loaded. 5.Firewall rule sets – Understand applications and port calls. 6.URL filtering – Understand the pro’s of this system. 7.VLAN the network – Key to removing assets from public view. 8.Host based policy – Server hardening techniques combined with HIDS. 9.Wireless – Have a clear policy and standard on how to deploy wireless 10.Change control process for policy review.

15 Legacy Security Solutions Most security designed when networks were simple and static Primarily single-point products (access- control) with no network integration or intelligence Such legacy products are still seen as default security solutions (a “cure-all”) Today, there are serious drawbacks to relying on such “overlay” security to protect sophisticated networks and services

16 Internet connections have dramatically increased as a frequent point of attack (from 59% in 2000 to 70% in 2001.) Of those organizations reporting attacks, we learn:  27% say they don't know if there had been unauthorized access or misuse  21% reported from two to five incidents in one year  58% reported ten or more incidents in a single year – something isn’t working! Computer Security Institute & FBI Report March, 2002 Case in Point…

17 Trends / Predictions Security is going Mainstream Fundamental issue to e-education—not an afterthought Security is going to Main Street Every small school will be moving towards e-education Increased outsourcing of solutions and services Security extends everywhere The Classroom, remote students, and teachers The Bar will continue to be raised Criticality of e-education applications Increased regulation Organized Crime activities on the rise - Gambling Student information – higher target risk Security is going Mainstream Fundamental issue to e-education—not an afterthought Security is going to Main Street Every small school will be moving towards e-education Increased outsourcing of solutions and services Security extends everywhere The Classroom, remote students, and teachers The Bar will continue to be raised Criticality of e-education applications Increased regulation Organized Crime activities on the rise - Gambling Student information – higher target risk

18 © 2002, Cisco Systems, Inc. All rights reserved. 18 Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com Security Protection : IDS & Connection Solutions

19 Deploy Proven Technologies Firewalls – PIX 501, 506, 515, 525, 535, and FSM blade IDS – Network based intrusion systems Event correlation technology for SYSLOG reporting HIDS – Host based intrusion to protect the Kernel.eve

20 Cisco VPN 3000 Series Number of Users Encryption WAN Capability Performance Memory SEPs Upgradable Supports Dual PS Redundancy Site-to-Site Sessions 3005 3015 3030 3060 3080 100 1500 5000 10,000 SW HW Yes 4 Mb/s 50 Mb/s 100 Mb/s 32 MB 128 MB 256 MB 0 0 0 0 1 1 2 2 4 4 No Yes N/A No Yes No Yes 100 500 1000

21 Remote Access Wireless VPN Aironet Client Aironet Client Cisco VPN 3000 Client Mobile Certicom Client Main Office Internet Cisco VPN 30xx

22 PIX Firewall Product Line Overview Model Market MSRP Licensed Users Max VPN Peers Size (RU) Processor (MHz) RAM (MB) Max. Interfaces Failover Cleartext (Mbps) 3DES (Mbps) ROBO $1,695 Unlimited 25 1 300 32 2 10BaseT No 20 16 SMB $7,995 Unlimited 2,000 1 433 64 6 Yes 188 63 Enterprise $18,495 Unlimited 2,000 2 600 256 8 Yes 360 70 Ent.+, SP $59,000 Unlimited 2,000 3 1 GHz 1 GB 10 Yes 1.7 Gbps 95 SOHO $595 or $1195 10 or 50 5 < 1 133 16 1 10BT + 4 FE No 10 3 506E515E-UR525-UR535-UR501 GigEEnabled

23 Complements firewalls analyzing permitted traffic: shun sessions, send alarms back to central mgmt. console Watch for unauthorized activity in real time Implement in front of firewall to audit attacks against network Implement behind firewall approving traffic by firewall packets leaving corporate network IDS: Real Time Alerts

24 Overview – Intrusion Detection Drivers NAS DMZ Servers Data Center Users Internet Corporate Office Business Partner Intranet/Internal IDS Protects Data Centers and Critical Assets from Internal Threats Intranet/Internal IDS Protects Data Centers and Critical Assets from Internal Threats Internet IDS Complements FW and VPN by Monitoring Traffic for Malicious Activity Internet IDS Complements FW and VPN by Monitoring Traffic for Malicious Activity Extranet IDS Monitors Partner Traffic Where “Trust” is Implied But Not Assured Extranet IDS Monitors Partner Traffic Where “Trust” is Implied But Not Assured Remote Access IDS Hardens Perimeter Control by Monitoring Remote Users Remote Access IDS Hardens Perimeter Control by Monitoring Remote Users

25 Cisco IDS Solutions Cisco IOS firewall with IDS Embedded software solution WAN-based Cisco Secure IDS Dedicated IDS appliance High-performance Scalable Catalyst 6000 IDS Module Integrated security module Investment protection Linkage to host-based and application monitoring

26 Action Plan: Implementing a Process 1.Develop a comprehensive security policy Based on assessment of assets, threats, vulnerabilities 2.Implement it Focus on key exposures Build defense in depth Security and network experts engage In-source or out-source 3.Monitor and audit It’s what you don’t know... Be selective 4.React—according to plan Recovery needs to be rapid and organized Stick to the plan!!! 5.Repeat Cycle! Continuous improvement to address new threats

27 Prediction 2004... IT Security Focus of IT security will shift from the “Three As” (authentication, authorization, administration) to network continuity Physical and IT security will be integrated Focus of IT security will shift from the “Three As” (authentication, authorization, administration) to network continuity Physical and IT security will be integrated Prediction: Rationale: Higher ED’s are looking more into security as a operational requirement. Source: IDC 2002; * Security Authorization, Authentication, Administration

28 Cisco Security Directions Mission Educate you the client on security Strategy Embrace integration into e-education infrastructure and technology initiatives Provide most comprehensive security/ solution Utilize solutions and services ecosystems/partners Mission Educate you the client on security Strategy Embrace integration into e-education infrastructure and technology initiatives Provide most comprehensive security/ solution Utilize solutions and services ecosystems/partners

29 Integrates security and network issues Includes specific configurations for Cisco and partner solutions Based on existing, shipping capabilities Over 3,000 hours of lab testing Currently, five SAFE white papers: SAFE for Enterprise, SAFE for SMB, SAFE Blueprint for IP Telephony, Wireless LAN Security in Depth, Combating Internet Worms Integrates security and network issues Includes specific configurations for Cisco and partner solutions Based on existing, shipping capabilities Over 3,000 hours of lab testing Currently, five SAFE white papers: SAFE for Enterprise, SAFE for SMB, SAFE Blueprint for IP Telephony, Wireless LAN Security in Depth, Combating Internet Worms SAFE Security Blueprint

30 More Information www.cisco.com/go/security www.cisco.com/go/safe www.cisco.com/go/evpn www.cisco.com/go/securitypartners www.cisco.com/go/csec www.cisco.com/go/netpro www.cisco.com/go/securitytrng www.cert.org www.incidents.org www.infosecuritymag.com

31 Internet Vital to Core of education systems Security Fundamental to Health of Internet Attacks Increasing Dramatically – Targeted at New Network and Internet Services Security Must be Part of Network Infrastructure Partnership (education and Government) Critical to a Global Security Strategy Best Practices is the Security of the future Internet Vital to Core of education systems Security Fundamental to Health of Internet Attacks Increasing Dramatically – Targeted at New Network and Internet Services Security Must be Part of Network Infrastructure Partnership (education and Government) Critical to a Global Security Strategy Best Practices is the Security of the future In Summary...

32 32 © 2001, Cisco Systems, Inc. All rights reserved.

Download ppt "© 2002, Cisco Systems, Inc. All rights reserved. Cisco SAFE Networking For Higher Education Network Security Team Cisco Systems, inc."

Similar presentations

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
2 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. Security Technologies.

2 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. Security Technologies.
Chapter 12 Network Security.

Chapter 12 Network Security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
© 2002, Cisco Systems, Inc. All rights reserved. Secure Networking for Business Continuity.

© 2002, Cisco Systems, Inc. All rights reserved. Secure Networking for Business Continuity.

Similar presentations

Ads by Google