1. © 2002, Cisco Systems, Inc. All rights reserved. Secure Networking for Business Continuity

2. Agenda Business Resilience Security Issues Legacy vs. Network Security Cisco’s SAFE Blueprint Cisco Security Development Predictions and Summary Business Resilience Security Issues Legacy vs. Network Security Cisco’s SAFE Blueprint Cisco Security Development Predictions and Summary

3. Drivers of the Internet Race New Competition Organization Structure Profits, Cash Flow, Productivity Empowered Workforce Educated Leaders Global Competition Competitive Advantage Survival New Revenue 2002 Internet Economy

4. E-Learning Workforce Optimization E-Commerce Customer Care Supply Chain Today’s Internet Business Environment

5. Individual Inconvenience Broad Workforce Impact Impact on Productivity Flight Delay Snow Sick child Earthquake Virus/Worm Hurricane Accident Stops Traffic Security Breach Power Outage Late to Meeting Disaster National Holiday Dentist Appointment Unanticipated Meeting with Boss Car Battery Won’t Start Rain War Personal Vacation Corrupted Data Customer Crisis Move to New Office New Product Release Facing More Challenges Than Ever Spectrum of Disruption

6. What Would You Do If Your… Headquarters and data center were destroyed? Network that supported 5000 desktops and servers was ruined? Corporate employees were displaced? PBX phone communications were disrupted? 45 Branch offices were unable to access mission-critical applications?

7. The Makings of a Resilient Business Business Continuance Synchronized data centers across a metro network ensured fast recovery Business Protection Data and communications secured over public networks using VPN technology provided continued access Business Agility IP telephony network enabled continuous voice communications Instant offices in hotel rooms, using wireless and VPN technologies allowed key personnel to get back to work Voice traffic rerouted over IP to alternate PSTN gateways in Europe, enabled communications with customers Lehman Bros. Reopened for Business the Next Day

8. In the Event of Disruption, Can You … Ensure critical systems and networks are continuously available? Restore mission critical applications? Provide uninterrupted workforce productivity with a secure instant office?

9. How Much Down-Time Can You Afford? Revenue loss Customer dissatisfaction Lost productivity Brand dilution Legal liability Financial performance $1,107,274 Retail $1,202,444 Insurance $1,344,461 Information Technology $1,495,134 Financial Institutions $1,610.654 Manufacturing $2,066,245 Telecommunications $2,817,846 Energy Revenue/Hour Industry Sector Source: Meta Group 11/2000

10. Achieving Stability in an Unpredictable World Gartner, January 2002 re·sil·ience (ri-zil’-yens)— Injecting security, protection and recovery into dispersed and far-flung organizations so that they can bounce back from any kind of setback, whether a natural disaster, a hostile economic change, a competitive onslaught, cyber-espionage or a terrorist attack. Business Resilience

11. Business Resilience Objectives Predictable performance Non-stop e-business Disaster recovery and asset protection Decentralized and mobilized resources Flexible communications Networked Virtual Organizations are Agile

12. Supply Chain Management E-Commerce E-Learning Workforce Optimization Customer Care Security.... Critical Enabler for Business Resilience Requires Defense-in-Depth Requires multiple components Integration into e-business infrastructure Requires comprehensive blueprint Requires Defense-in-Depth Requires multiple components Integration into e-business infrastructure Requires comprehensive blueprint

13. Information Theft Virus Attacks Information Theft Virus Attacks Threats Increasing Security Awareness Internet Data Interception Unprotected Assets Data Interception Unprotected Assets Denial of Service Unauthorized Entry Denial of Service Unauthorized Entry “HomePage” Worm Crawling Around the Globe - Information Week White House Site Hit by Another DOS Attack - Cnet News Study: Sites Attacked 4,000 Times a Week -ZD News

14. Security and the Evolving Enterprise Needs Sophistication of Hacker Tools 19901980 Packet Forging/ Spoofing Password Guessing Self Replicating Code Password Cracking Exploiting Known Vulnerabilities Disabling Audits Back Doors Hijacking Sessions Sweepers Sniffers Stealth Diagnostics Technical Knowledge Required High Low 2000

15. % of Respondents Experiencing These Security Breaches Outsider / External Breaches 80% 89% 24% 48% 37% 39% 25% 21% Source: Goldman Sachs

16. What’s the Impact of Not Properly Securing Your Network ? Cost—directly affects bottom line 186 organizations* reported hack attempts totaling nearly $378 million. Average loss per respondent nearly $2,000,000 Credibility—end-user perception Can your end-user trust your network? Productivity—ability to use your system Downtime is lost time and revenue Viability—can ultimately affect your business Where will your company be in 1 year… 5 years? Liability—are you responsible? If you don’t take actions to stop outbound attacks, are you liable for damages inflicted on others? * FBI and Computer Security Institute(CSI)―2001

17. It’s About “Business Continuity” “ We security folks have got to stop treating security like it’s a separate problem from network management. Error detection, intrusion detection, and link outages – these are all aspects of the same network management problem.” Marcus Ranum CEO, Network Flight Recorder One of the Fathers of the Modern Firewall

18. The Network of Five Years Ago Closed Network Remote Site PSTN Frame Relay X.25 Leased Line PSTN

19. Legacy Security Solutions Most security designed when networks were simple and static Primarily single-point products (access- control) with no network integration or intelligence Such legacy products are still seen as default security solutions (a “cure-all”) Today, there are serious drawbacks to relying on such “overlay” security to protect sophisticated networks and services

20. Internet connections have dramatically increased as a frequent point of attack (from 59% in 2000 to 70% in 2001.) Of those organizations reporting attacks, we learn:  27% say they don't know if there had been unauthorized access or misuse  21% reported from two to five incidents in one year  58% reported ten or more incidents in a single year – something isn’t working! Computer Security Institute & FBI Report March, 2001 Case in Point…

21. Code Red and Nimda Worm Impacts Rapid penetration and propagation through existing security solutions Extensive impact; expensive recovery Exploited existing and known vulnerabilities, and bypassed legacy security devices Could be prevented and mitigated Rapid penetration and propagation through existing security solutions Extensive impact; expensive recovery Exploited existing and known vulnerabilities, and bypassed legacy security devices Could be prevented and mitigated

22. Impact of Recent Worms Major Computer Company... Code Red/Nimda $9 million for remediation 12,000 IT hours for Code Red 6,500 IT hours for Nimda Multibillion dollar financial institution... Nimda 75% of core routers down at any given time Lost trading server for half day ($13 million impact) Important Lesson Learned: Security Needs to Be Designed and Implemented Around, In and Through the Network Important Lesson Learned: Security Needs to Be Designed and Implemented Around, In and Through the Network

23. The Network Today

24. Today’s Threats Attackers are taking advantage of complex networks and sophisticated Internet services In this environment, everything is a target: Routers, Switches, Hosts, Networks (local and remote), Applications, Operating Systems, Security Devices, Remote Users, Business Partners, Extranets, etc. Threats to today’s networks are not addressed by most legacy security products In fact, there is no single security device which can protect all of these targets

25. Prevent damage from indiscriminate cyber attacks e.g. worms and viruses Technology Enablers Business Need Protect business operations against directed attacks e.g. hackers, fraudsters Complete Security System Planning for Business Protection

26. What Customers Want A Network-based “Intelligent” Solution Integration of security into all processes Bridge gap between Network Ops and Security Ops Security foundation for current technology Security foundation for new technology – no “fork-lift” upgrades Integrated Voice, Video, and Data traffic Support for Wireless and Remote Access QoS for differentiated handling of network traffic Defense in depth Build security into the network, not just the perimeter End-to-end networking solution Integration of security into all processes Bridge gap between Network Ops and Security Ops Security foundation for current technology Security foundation for new technology – no “fork-lift” upgrades Integrated Voice, Video, and Data traffic Support for Wireless and Remote Access QoS for differentiated handling of network traffic Defense in depth Build security into the network, not just the perimeter End-to-end networking solution

27. Cisco Security Directions Mission Accelerate deployment of security and e-business infrastructures Strategy Embrace integration into e-business infrastructure and technology initiatives Provide most comprehensive security/ VPN solution Utilize solutions and services ecosystems/partners Mission Accelerate deployment of security and e-business infrastructures Strategy Embrace integration into e-business infrastructure and technology initiatives Provide most comprehensive security/ VPN solution Utilize solutions and services ecosystems/partners

28. An Integrated System-Wide Approach End-to-end coordinated network+security system approach Defense in depth Protects hosts and networks Scalable system-wide security management policy, configuration, administration, monitoring Appliance and Router Firewalls, IDS, VPNs Single point of contact for network and security technical assistance, support and professional services Fast problem resolution Lower cost of ownership

29. Integrates security and network issues Includes specific configurations for Cisco and partner solutions Based on existing, shipping capabilities Over 3,000 hours of lab testing Currently, five SAFE white papers: SAFE for Enterprise, SAFE for SMB, SAFE Blueprint for IP Telephony, Wireless LAN Security in Depth, Combating Internet Worms Integrates security and network issues Includes specific configurations for Cisco and partner solutions Based on existing, shipping capabilities Over 3,000 hours of lab testing Currently, five SAFE white papers: SAFE for Enterprise, SAFE for SMB, SAFE Blueprint for IP Telephony, Wireless LAN Security in Depth, Combating Internet Worms SAFE Security Blueprint

30. ManagementBuildingDistribution Core Edge ServerE-Commerce Corporate Internet VPN/Remote Access WAN ISP PSTN FR/ATM SAFE: Securing E-Business

31. To Edge Distribution Module To VPN/Remote Access Module To ISP Module Public Web Servers Content Inspection Servers Cisco IDS Appliance Cisco IOS Router Cisco PIX Firewall Inspect Outbound Traffic for unauthorized URLs Stateful Packet Filtering Basic Layer 7 Filtering Host DoS Mitigation Spoof Mitigation DDoS Rate-Limiting Basic Filtering Broad Layer 4–7 Analysis SMTP Content Inspection Host IDS for local attack mitigation Focused Layer 4–7 Analysis SAFE: “Corporate Internet” Module

32. Deploy Security as an Integrated System Secure Transport Card Readers Security Room CCTV Secured Doors and Vaults Surveillance and Alarms Patrolling Security Guard Firewalls and Router ACLs Network and Host-based Intrusion Detection Scanner Centralized Security and Policy Management Identity, AAA, Access Control Servers and Certificate Authorities Encryption and Virtual Private Networks (VPN’s)

33. Identity Secure Connectivity Perimeter Security Monitoring Security Management Defense-in-Depth Firewalls VPN IDS/Scanning Authentication Policy Integration – into network infrastructure compatibility with network services Integration – functional interoperability intelligent interaction between elements Convergence – with other technology initiatives mobility/wireless, IP telephony, voice/video-enabled VPNs

34. Action Plan: Implementing a Process 1.Develop a comprehensive security policy Based on assessment of assets, threats, vulnerabilities 2.Implement it Focus on key exposures Build defense in depth Security and network experts engage In-source or out-source 3.Monitor and audit It’s what you don’t know... Be selective 4.React—according to plan Recovery needs to be rapid and organized Involve partners—in advance 5.Repeat Cycle! Continuous improvement to address new threats

35. Trends / Predictions Security is going Mainstream Fundamental to e-business—not an afterthought Security is going to Main Street Every small business will be an e-business Increased outsourcing of solutions and services Security extends everywhere The Internet home and the Mobile Office The Bar will continue to be raised Criticality of e-business applications Increased regulation Comprehensive solutions will win Security integrated into voice, video, wireless infrastructures Security is going Mainstream Fundamental to e-business—not an afterthought Security is going to Main Street Every small business will be an e-business Increased outsourcing of solutions and services Security extends everywhere The Internet home and the Mobile Office The Bar will continue to be raised Criticality of e-business applications Increased regulation Comprehensive solutions will win Security integrated into voice, video, wireless infrastructures

36. Prediction 2002... IT Security Organizations rethinking security after September 11 Focus of IT security will shift from the “Three As” (authentication, authorization, administration) to business continuity Physical and IT security will be integrated Organizations rethinking security after September 11 Focus of IT security will shift from the “Three As” (authentication, authorization, administration) to business continuity Physical and IT security will be integrated Prediction: Rationale: Organizations will reset their IT security plans in 2002 Source: IDC 2001; * Security Authorization, Authentication, Administration

37. Cisco’s Leadership Obligation Leading provider of networking equipment Leading provider of Security/VPN solutions SAFE network security blueprint brings networking and Security/VPN together Development efforts focused on network- intelligent Security/VPN solutions Strong partnership program around Security/VPN solutions

38. Internet Vital to Core of Business/ Government Security Fundamental to Health of Internet Attacks Increasing Dramatically – Targeted at New Network and Internet Services Security Must be Part of Network Infrastructure Partnership (Business and Government) Critical to a Global Security Strategy We Want to Partner With You Internet Vital to Core of Business/ Government Security Fundamental to Health of Internet Attacks Increasing Dramatically – Targeted at New Network and Internet Services Security Must be Part of Network Infrastructure Partnership (Business and Government) Critical to a Global Security Strategy We Want to Partner With You In Summary...

39. More Information www.cisco.com/go/security www.cisco.com/go/safe www.cisco.com/go/evpn www.cisco.com/go/securitypartners www.cisco.com/go/csec www.cisco.com/go/netpro www.cisco.com/go/securitytrng www.cert.org www.happyhacker.org www.infosecuritymag.com

40. 40 © 2001, Cisco Systems, Inc. All rights reserved.