Self-Defending Networks Self-Defending Networks By-  Aseem Khan  Adeeb Akhil Shahi  Mohammed Sohail  Saiprasad H Bevinakatti

Cisco Self-Defending Network (CSDN) Concept A systems-based solution that allows entities to use their existing infrastructure in new ways to: A systems-based solution that allows entities to use their existing infrastructure in new ways to: Reduce windows of vulnerabilityReduce windows of vulnerability Minimize the impact of attacksMinimize the impact of attacks Improve overall infrastructure availability and reliabilityImprove overall infrastructure availability and reliability

Today’s Organizational Challenges Due to continued economic challenges organizations and employees need to be more productive. Due to continued economic challenges organizations and employees need to be more productive. More and more employees need to work and communicate while mobile and not infect the company with viruses. (counter productive) More and more employees need to work and communicate while mobile and not infect the company with viruses. (counter productive) Organizations need to better defend against threats, vulnerabilities, events and adopt a defense-in-depth strategy. Organizations need to better defend against threats, vulnerabilities, events and adopt a defense-in-depth strategy. Organizations need to maximize return on investment of their limited IT budgets to improve productivity, mobility, and secure the assets of the business. Organizations need to maximize return on investment of their limited IT budgets to improve productivity, mobility, and secure the assets of the business.

The Growing Need for Security Solutions Data Loss Regulatory Compliance Malware A Systems Approach to Streamline IT Risk Management for Security and Compliance

Sophistication of Hacker Tools Packet Forging/ Spoofing Password Guessing Self Replicating Code Password Cracking Back Doors Hijacking Sessions Sweepers Sniffers Stealth Diagnostics Technical Knowledge Required High Low 2000 DDOS New Internet Worms Threat Capabilities Disabling Audits Exploiting Known Vulnerabilities

The Self Defending Network

SYSTEM LEVEL SOLUTIONS EndpointsEndpoints NetworkNetwork ServicesServices SECURITY TECHNOLOGY INNOVATION SECURITY TECHNOLOGY INNOVATION Endpoint SecurityEndpoint Security Application FirewallApplication Firewall SSL VPNSSL VPN Network AnomalyNetwork Anomaly INTEGRATED SECURITY Secure Connectivity Threat Defense Trust & Identity Secure Connectivity Threat Defense Trust & Identity An initiative to dramatically improve the network’s ability to identify, prevent, and adapt to threats Self Defending Network Strategy Improve the network’s ability to identify, prevent, and adapt to threats

Cisco’s Integrated Network Security Systems Threat Defense Defend the Edge: Integrated Network FW+IDS Detects and Prevents External Attacks Protect the Interior: Catalyst Integrated Security Protects Against Internal Attacks Guard the Endpoints: Cisco Security Agent (CSA) Protects Hosts Against Infection Trust and Identity Verify the User and Device: Identity-Based Networking/NAC Control Who/What Has Access Secure the Transport: IPSec VPN SSL VPN MPLS Protects Data/Voice Confidentiality Secure Comm. Intranet Internet

CSDN Concept (cont.) CSDN also helps create autonomous systems that can quickly react to an outbreak with little to no human intervention CSDN also helps create autonomous systems that can quickly react to an outbreak with little to no human intervention

Why do we need CSDN’s? Evolution of network  Evolution of attacks on networks Evolution of network  Evolution of attacks on networks Traditional approach  Defense-in- depth Traditional approach  Defense-in- depth Proactive defense mechanismsProactive defense mechanisms CSDN approach CSDN approach Adaptive defense mechanismsAdaptive defense mechanisms

Why do we need CSDN’s? (cont.) Proactive defense mechanisms…not obsolete, simply inefficient in responding to breeches in network security Proactive defense mechanisms…not obsolete, simply inefficient in responding to breeches in network security Proactive solutions frontload defense mechanisms Proactive solutions frontload defense mechanisms

Proactive Defense Example Internet Outer Firewall DMZ Inner Firewall Internal Corp. Network Servers (e.g. web, , proxy) Development Network

Why do we need CSDN’s? (cont.) Adaptive Solutions…focus isn’t solely on preventing network attacks Adaptive Solutions…focus isn’t solely on preventing network attacks Attempt to effectively: Attempt to effectively: DetectDetect RespondRespond RecoverRecover Little to no adverse effect on the network and its users Little to no adverse effect on the network and its users

Why do we need CSDN’s? (cont.) Key elements of an adaptive solution: Key elements of an adaptive solution: Remain active at all timesRemain active at all times Perform unobtrusivelyPerform unobtrusively Minimize propagation of attacksMinimize propagation of attacks Quickly respond to as-yet unknown attacksQuickly respond to as-yet unknown attacks

Foundation of a CSDN 1. Endpoint Protection 2. Admission Control 3. Infection Containment 4. Intelligent Correlation and Incident Response 5. Inline IDS and Anomaly Detection 6. Application Security and Anti-X Defense

Endpoint Protection You are only as strong as your weakest link You are only as strong as your weakest link One non-sanitized end-user system connected behind a robust, efficient defense can spell D-O-O-M for a network One non-sanitized end-user system connected behind a robust, efficient defense can spell D-O-O-M for a network Cisco Security Agent Cisco Security Agent Point of presence on end user systems that enables efficient exchange of valuable network threat information as it occursPoint of presence on end user systems that enables efficient exchange of valuable network threat information as it occurs Endpoint system virus, worm detection/protectionEndpoint system virus, worm detection/protection

Admission Control Not only core component of a CSDN, but incorporated into other technologies by over 30 industry-leading vendors Not only core component of a CSDN, but incorporated into other technologies by over 30 industry-leading vendors Network Admission Control (NAC) assists in determining the level of access to grant an end-user system in accordance with the security policy when it initially joins the network Network Admission Control (NAC) assists in determining the level of access to grant an end-user system in accordance with the security policy when it initially joins the network NAC also assists in managing end-user system’s compliance with security patches and updates NAC also assists in managing end-user system’s compliance with security patches and updates

Infection Containment The ability to identify non-compliant systems or network attacks as they occur and react appropriately, minimizing the effect of the breech The ability to identify non-compliant systems or network attacks as they occur and react appropriately, minimizing the effect of the breech Potentially the #1 core component of a secure system belonging to a CSDN Potentially the #1 core component of a secure system belonging to a CSDN

Intelligent Correlation and Incident Response Services that provide the ability to exchange: Services that provide the ability to exchange: Event informationEvent information Implications of an event occurringImplications of an event occurring Necessary actions to takeNecessary actions to take The appropriate nodes or systems to enforce actions in real-timeThe appropriate nodes or systems to enforce actions in real-time These services aide in adapting to changes and countering attacks that are occurring in the network as they occur rather than after they occur These services aide in adapting to changes and countering attacks that are occurring in the network as they occur rather than after they occur

Application Security and Anti-X Defense A menagerie of application layer security products that address the “ever-evolving” classes of threats which are not effectively addressed by traditional firewall and network IDS products A menagerie of application layer security products that address the “ever-evolving” classes of threats which are not effectively addressed by traditional firewall and network IDS products Threat examples: Threat examples: based SPAM and phishing based SPAM and phishing SpywareSpyware Unauthorized peer-to-peer activityUnauthorized peer-to-peer activity

Summary New phraseology NOT a new technology New phraseology NOT a new technology Encompassing security solution that is proactive AND adaptive in nature that envelopes every level of network security rather than just specific layers Encompassing security solution that is proactive AND adaptive in nature that envelopes every level of network security rather than just specific layers Key difference in CSDN and traditional security solutions…ability of CSDN’s to communicate and share information among different security products employed within the CSDN Key difference in CSDN and traditional security solutions…ability of CSDN’s to communicate and share information among different security products employed within the CSDN

Questions