1 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Integrated Security: Building The Self-Defending Network Bogdan Constantinescu Area Manager Romania & Rep. Moldova Cisco Systems Romania SECURITATEA SISTEMELOR INFORMATICE ŞI DE COMUNICAŢII 21 Septembrie 2004

222 Agenda Changes in Security Requirements Integrated Security & Self-Defending Networks Cisco Security Solutions

333 The Network as a Strategic Asset Customers Partners Suppliers Employees Improved Productivity Reduced Operational Costs Financial Performance Corporate Enterprises Small/Medium Businesses Service Providers

444 Intelligent Information Network Capabilities Security, IPC, Wireless Application Aware Management Modular Approach Security, IPC, Wireless Application Aware Management Modular Approach INTEGRATED High Availability Multilayer Security Virtual Services Scalable High Availability Multilayer Security Virtual Services Scalable RESILIENT Self-Provisioning Self-Optimizing Self-Defending Self-Provisioning Self-Optimizing Self-Defending ADAPTABLE

555 Business Continuity: Impact of Not Securing Your Network Cost—directly affects bottom line 494 organizations* reported overall financial losses totaling nearly 142 million. Credibility—end-user perception Can your end-user trust your network? Productivity—ability to use your system Downtime is lost time and revenue Viability—can ultimately affect your business Where will your company be in 1 year… 5 years? Liability—are you responsible? If you don’t take actions to stop outbound attacks, are you liable for damages inflicted on others? *

666 The Self Defending Network 666 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID

777 Security is a Systematic Process Vulnerabilities and Risk Assessment Architecture Design and Implementation Security Policy/ Procedures Deploy Security Policy Surveillance, Monitoring, Audit & Analysis Incident Response Corrective Action Forensic Analysis 777 Central Security Management Central Security Management

888 Evolution of Cisco Security Strategy 1990s Integrated security Routers Switches Appliances Endpoints FW + VPN + IDS…. Integrated management software Evolving advanced services Integrated security Routers Switches Appliances Endpoints FW + VPN + IDS…. Integrated management software Evolving advanced services Security appliances Enhanced router security Separate management software Security appliances Enhanced router security Separate management software Basic router security Command line interface Basic router security Command line interface 2003 End-point posture enforcement Network device protection Dynamic/Secure connectivity Dynamic communication between elements Automated threat response End-point posture enforcement Network device protection Dynamic/Secure connectivity Dynamic communication between elements Automated threat response Self-Defending Networks Self-Defending Networks 2004… Integrated Security Integrated Security Defense- In-Depth Point Products Basic Security Multiple technologies Multiple locations Multiple appliances Little/no integration Multiple technologies Multiple locations Multiple appliances Little/no integration

999 SYSTEM LEVEL SOLUTIONS EndpointsEndpoints NetworkNetwork ServicesServices SECURITY TECHNOLOGY INNOVATION SECURITY TECHNOLOGY INNOVATION Endpoint SecurityEndpoint Security Application FirewallApplication Firewall SSL VPNSSL VPN Network AnomalyNetwork Anomaly INTEGRATED SECURITY Secure Connectivity Threat Defense Trust & Identity Secure Connectivity Threat Defense Trust & Identity An initiative to dramatically improve the network’s ability to identify, prevent, and adapt to threats Self Defending Network Strategy Cisco strategy to dramatically improve the network’s ability to identify, prevent, and adapt to threats

10 Cisco Self-Defending Network - In Action End-point security enforcement Network Admission Control, Identity Based Network Services Network device protection Control Plane Policing, Auto-Secure, Switch/Router/WAP protection technologies. Dynamic/Secure connectivity Dynamic Multipoint VPN, VLAN Dynamic communication between elements Netflow, NBAR, Dynamic Intrusion Protection, ‘AreYouThere?’ Automatic response Cisco Security Agent, Network Anomaly Detection

11 Self-Defending Network Example Identity Based Networking Services 802.1x Authentication Challenge 802.1x Authentication Info Verify Login and Check with Policy DB Credentials Verified Login granted Send Policies Set port to enable set port vlan 10 VLAN 10 Engineering VLAN Switch applies policies and enables port. Login + Certificate Login Verified CiscoSecure ACS AAA Radius Server 802.1x Authentication Server Active Directory Login and Certificate Services 6500 SeriesAccess Points 4000 Series 3550/2950 Series 802.1x Capable Access Devices 802.1x Capable Client Secure Access In Action

12 Cisco Security Agent (CSA): Behavioral Protection From Attacks Target  Rapidly Mutating  Continual signature updates  Inaccurate  Most damaging Change very slowly Inspiration for CSA solution

13 Cisco Security Solutions 13

14 Cisco’s Integrated Network Security Solutions Threat Defense Defend the Edge: Integrated Network FW+IDS Detects and Prevents External Attacks Protect the Interior: Catalyst Integrated Security Protects Against Internal Attacks Guard the Endpoints: Cisco Security Agent (CSA) Protects Hosts Against Infection Trust and Identity Verify the User and Device: Identity-Based Networking/NAC Control Who/What Has Access Secure the Transport: IPSec VPN SSL VPN MPLS Protects Data/Voice Confidentiality Secure Comm. Intranet Internet

15 Cisco Integrated Network Security VPN 3002 VPN 3005 VPN 3015 VPN 3030 VPN 3080 VPN E 515E xxx 3700 CSS11500 SCA Secure Content Accelerator SCA Secure Content Accelerator Catalyst 6500 Remote Access VPN Appliances Remote Access VPN Appliances Intrusion Detection Appliances Intrusion Detection Appliances PIX Firewall VPN Appliances PIX Firewall VPN Appliances Site-to-Site VPN / Firewall Routers Site-to-Site VPN / Firewall Routers Content Switching, Filtering SSL Optimization Content Switching, Filtering SSL Optimization High Performance Switch Integrated Campus Security Solutions High Performance Switch Integrated Campus Security Solutions Content Engine Catalyst CSM & SSL Blades CSS115XX SSL Blade 800 SOHO 90 Now with AES Acceleration

16 First Routers in the Industry to Support IPS and DMVPN! 3800 Series 2800 Series 1800 Series FCS September 2004 FCS September 2004 FCS September 2004 Highest Density and Performance for Concurrent Services Embedded, Advanced Voice, Video, Data & Security Services Integrated Security & Data Substantial increase in price/performance! Extension into new markets! Greater service densities across the portfolio! Increased Value Extended to New Markets Cisco Integrated Services Routers Cisco 3800, 2800, and 1800 Series Performance and Services Density Enterprise Branch Office SMBSmall Branch

17 ManagementBuildingDistribution Core Edge ServerE-Commerce Corporate Internet VPN/Remote Access WAN ISP PSTN FR/ATM

18 Continually identify and mitigate risk Cisco Advanced Services for Network Security Assess and plan for a sound architecture and design Build in scalable, adaptable, easy-to- upgrade solutions Transparently integrate into the core network infrastructure  Security Posture Assessment  Network Security Design Review  Network Security Design Development  Network Security Implementation Plan Assistance  Network Security Implementation Engineering  Network Security Optimization

19 Trust Cisco to Provide Leadership The threats are here to stay, are changing, and we must evolveThe threats are here to stay, are changing, and we must evolve Our connected world is the target, not one piece or one companyOur connected world is the target, not one piece or one company Cisco remains committed to help protect our customersCisco remains committed to help protect our customers The threats are here to stay, are changing, and we must evolveThe threats are here to stay, are changing, and we must evolve Our connected world is the target, not one piece or one companyOur connected world is the target, not one piece or one company Cisco remains committed to help protect our customersCisco remains committed to help protect our customers Cisco Spent $300M on Security R&D (FY’03) We’re a Partner You Can Trust

20 More Information (Cisco router recommendation guide)

21