Presentation is loading. Please wait.

Presentation is loading. Please wait.

000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Published byHoward Lambert Modified over 8 years ago

Similar presentations

Presentation on theme: "000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission."— Presentation transcript:

1 000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Cisco Security Solutions Overview David Hettrick August 16 2007 ® PartnerSmart. ™

2 ® 000000_2 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Is there a reason to be Paranoid?  Yes  Often, selling security is easy after a customer has had a breach of some kind  Suggestion is to be proactive and warn of potential threats  Security will always be a trade- off between Price and Comfort Level

3 ® 000000_3 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Types of Threats  Denial of Service (DoS) attacks  IP Spoofing  Phishing  Spyware  Malware  Reconnaissance  Unauthorized entry and data theft  Viruses and Worms  And more…

4 ® 000000_4 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Cisco Firewall and VPN products  PIX- Firewall and VPN – Flagship firewall  VPN Concentrator – Dedicated VPN appliance – Optimized for Remote Access – (EOS August 2007)  Both products are replaced by the Cisco ASA Appliance – Built on PIX v7.0 Code – Feature equivalent to VPN Concentrator – Higher Performing

5 ® 000000_5 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Adaptive Security Appliances  ASA5500 Adaptive Security Appliances – Provide Firewall and IPSec/SSL VPN  ASA5505 ~150Mbps  ASA5510 ~300Mbps  ASA5520 ~450Mbps  ASA5540 ~650Mbps  ASA5550 ~ 1200Mbps  SSM Expansion Slot – 4 port Gigabit 10/100/1000 or SFP – AIP module for IPS/IDS  AIP-10  AIP-20 – CSC module for gateway anti-x  Provides Anti-Virus and Anti-Spyware  Additional license to add URL/Content filtering, Anti-Phishing, & Anti-Spam filtering, Anti-Phishing, & Anti-Spam

6 ® 000000_6 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Cisco ASA 5505 Adaptive Security Appliance Sleek, High Performance Desktop Design Diskless Architecture for High Reliability Expansion Slot for Future Capabilities Expansion Slot for Future Capabilities Three USB v2.0 Ports for Future Use (One in Front) Console Port Two Power over Ethernet (PoE) Ports for IP Phones, WiFi Access Points, Video Surveillance, etc. Secure Lock Slot and System Reset Button 8-port 10/100 Fully Configurable Switch with VLAN Support © 2004 Cisco Systems, Inc. All rights reserved. ASA 5500 Intro 666

7 ® 000000_7 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Content Security and Control SSM Product Details CSC SSM-10  50 User  100 User  250 User  500 User  Base Services: – File-based Anti-Virus and malware filtering; Anti-Spyware  Plus License: – Anti-Spam, Content Filtering, Anti- Phishing, URL Filtering & Blocking Cisco ASA 5500 Series Content Security and Control Module (CSC SSM) CSC SSM-20  500 User  750 User  1,000 User Platforms / Subscription Levels Feature Sets

8 ® 000000_8 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. ASA Advanced Intrusion Prevention Module (AIP)  Feature equivalent to Cisco’s standalone IPS product (4200 series)  Freedom to decide which traffic traversing the ASA is scanned for intrusion.  Ability to drop those packets and log them right at the ASA

9 ® 000000_9 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Dual ISP feature introduction – Dual ISP support via object tracking feature Main Office Primary ISP 1.1.1.1 Cisco ASA Outside 1.1.1.2 Backup 2.2.2.2 Secondary ISP 2.2.2.1 IOS sla tracking feature Active/Standby routes Uses ICMP to track the routes Works on static address, DHCP and PPPoE Fail Back feature when primary comes back

10 ® 000000_10 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Simple installation and monitoring for the Cisco ASA 5500 family Supports configuration of: - Firewall - Remote Access VPN - Site to Site VPN - And all other ASA services Supports monitoring of: - Syslog (real-time) - Connections - Throughput & more! Cisco Adaptive Security Device Manager v5.2

11 ® 000000_11 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. VPN Solutions: Easy VPN  Scaleable – Easily add remote sites with no changes to Easy VPN server  IOS Routers  PIX, ASA, CVPN Internet Easy VPN Client Dynamic IP Client Behind Firewall Easy VPN Server VPN Tunnel

12 ® 000000_12 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Network Based Intrusion Products  Based on Signatures – IDS-4215, IPS-4240 – AIP module in ASA – NM-CIDS in Router – IOS embedded IPS  Watch for unauthorized activity in real time  Implement in front of firewall to audit attacks against network  Implement behind firewall approving traffic by firewall packets leaving corporate network  Implement where key Servers reside

13 ® 000000_13 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. What does Host based IPS do?  Day zero attack protection (virus, spyware, malware, patch management)  Intercepts Operating System calls and compares them to cached security policies  Takes proactive approach to block malicious behavior on host

14 ® 000000_14 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Host Based Intrusion Prevention CSA: Cisco Security Agent CSA Server Protection: Host-based Intrusion Protection Network Worm Protection Web Server Protection Security for other applications CSA Desktop Protection: Distributed Firewall Day Zero Virus Protection Security for other applications Anomaly Based Create Your own Policies Windows or Solaris

15 ® 000000_15 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. CSA Architecture  CSA Manager (required)  CSA Servers  CSA Desktops  CSA Profiler – Automates analysis of Applications activities – Easily builds custom policies

16 ® 000000_16 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Network Admission Control NAC  Prevents vulnerable and non-compliant hosts from impacting enterprise resilience, and it enables customers to leverage their existing network and infrastructure  Components – Endpoint security with Cisco Trust Agent – Network Access devices – routers, switches, CSACS – Policy Server – Cisco Clean Access Server (CCA) – Management Server - Cisco Clean Access Manager (CCA)

17 ® 000000_17 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. NAC Appliance Overview All-in-One Policy Compliance and Remediation Solution AUTHENTICATE & AUTHORIZE  Enforces authorization policies and privileges  Supports multiple user roles SCAN & EVALUATE  Agent scan for required versions of hotfixes, AV, and other software  Network scan for virus and worm infections and port vulnerabilities QUARANTINE  Isolate non-compliant devices from rest of network  MAC and IP-based quarantine effective at a per-user level UPDATE & REMEDIATE  Network-based tools for vulnerability and threat remediation  Help-desk integration

18 ® 000000_18 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

19 ® 000000_19 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

20 ® 000000_20 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

21 ® 000000_21 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Gathering information is easy. Identifying real threats is challenging

22 ® 000000_22 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. MARS: Mitigation and Response System  Appliance  Gathers information from all Security Devices and correlates  Allows for real time analysis of threat – Network intelligence – Context correlation – Vector analysis – Anomaly detection – Hotspot identification – Automated mitigation capabilities  Not limited to Cisco Devices – Microsoft Servers – Common Security Products from other vendors – Supports Netflow collection

23 ® 000000_23 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Security: The Pervasive Add-on  What this means is that with any product it becomes a consideration to add security – By up selling the product itself  Change a Cisco2811 into a Cisco2811-SEC-K9 – Or by adding on a new product to the solution  Add Cisco Security Agent to those new web servers – Also, sometimes it just needs to be discussed to position the right solution  What are your security requirements for your wireless network?

24 000000_24 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Question and Answer

Download ppt "000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission."

Similar presentations

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, 26.4.2012 Jan Křístek Tomáš Chott.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, Jan Křístek Tomáš Chott.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.
Chapter 12 Network Security.

Chapter 12 Network Security.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.

© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Information Security in Real Business

Information Security in Real Business
Wireless Network Security

Wireless Network Security
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
© 2003, Cisco Systems, Inc. All rights reserved. 111 8426_07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Department Of Computer Engineering

Department Of Computer Engineering

Similar presentations

Ads by Google