Presentation is loading. Please wait.

Presentation is loading. Please wait.

Self-Defending Networks Self-Defending Networks By-  Aseem Khan  Adeeb Akhil Shahi  Mohammed Sohail  Saiprasad H Bevinakatti.

Published byFerdinand Franklin Modified over 8 years ago

Similar presentations

Presentation on theme: "Self-Defending Networks Self-Defending Networks By-  Aseem Khan  Adeeb Akhil Shahi  Mohammed Sohail  Saiprasad H Bevinakatti."— Presentation transcript:

1 Self-Defending Networks Self-Defending Networks By-  Aseem Khan  Adeeb Akhil Shahi  Mohammed Sohail  Saiprasad H Bevinakatti

2 Cisco Self-Defending Network (CSDN) Concept A systems-based solution that allows entities to use their existing infrastructure in new ways to: A systems-based solution that allows entities to use their existing infrastructure in new ways to: Reduce windows of vulnerabilityReduce windows of vulnerability Minimize the impact of attacksMinimize the impact of attacks Improve overall infrastructure availability and reliabilityImprove overall infrastructure availability and reliability

3 Today’s Organizational Challenges Due to continued economic challenges organizations and employees need to be more productive. Due to continued economic challenges organizations and employees need to be more productive. More and more employees need to work and communicate while mobile and not infect the company with viruses. (counter productive) More and more employees need to work and communicate while mobile and not infect the company with viruses. (counter productive) Organizations need to better defend against threats, vulnerabilities, events and adopt a defense-in-depth strategy. Organizations need to better defend against threats, vulnerabilities, events and adopt a defense-in-depth strategy. Organizations need to maximize return on investment of their limited IT budgets to improve productivity, mobility, and secure the assets of the business. Organizations need to maximize return on investment of their limited IT budgets to improve productivity, mobility, and secure the assets of the business.

4 The Growing Need for Security Solutions Data Loss Regulatory Compliance Malware A Systems Approach to Streamline IT Risk Management for Security and Compliance

5 Sophistication of Hacker Tools Packet Forging/ Spoofing 1990 1980 Password Guessing Self Replicating Code Password Cracking Back Doors Hijacking Sessions Sweepers Sniffers Stealth Diagnostics Technical Knowledge Required High Low 2000 DDOS New Internet Worms Threat Capabilities Disabling Audits Exploiting Known Vulnerabilities

6 The Self Defending Network

7 SYSTEM LEVEL SOLUTIONS EndpointsEndpoints NetworkNetwork ServicesServices SECURITY TECHNOLOGY INNOVATION SECURITY TECHNOLOGY INNOVATION Endpoint SecurityEndpoint Security Application FirewallApplication Firewall SSL VPNSSL VPN Network AnomalyNetwork Anomaly INTEGRATED SECURITY Secure Connectivity Threat Defense Trust & Identity Secure Connectivity Threat Defense Trust & Identity An initiative to dramatically improve the network’s ability to identify, prevent, and adapt to threats Self Defending Network Strategy Improve the network’s ability to identify, prevent, and adapt to threats

8 Cisco’s Integrated Network Security Systems Threat Defense Defend the Edge: Integrated Network FW+IDS Detects and Prevents External Attacks Protect the Interior: Catalyst Integrated Security Protects Against Internal Attacks Guard the Endpoints: Cisco Security Agent (CSA) Protects Hosts Against Infection Trust and Identity Verify the User and Device: Identity-Based Networking/NAC Control Who/What Has Access Secure the Transport: IPSec VPN SSL VPN MPLS Protects Data/Voice Confidentiality Secure Comm. Intranet Internet

9 CSDN Concept (cont.) CSDN also helps create autonomous systems that can quickly react to an outbreak with little to no human intervention CSDN also helps create autonomous systems that can quickly react to an outbreak with little to no human intervention

10 Why do we need CSDN’s? Evolution of network  Evolution of attacks on networks Evolution of network  Evolution of attacks on networks Traditional approach  Defense-in- depth Traditional approach  Defense-in- depth Proactive defense mechanismsProactive defense mechanisms CSDN approach CSDN approach Adaptive defense mechanismsAdaptive defense mechanisms

11 Why do we need CSDN’s? (cont.) Proactive defense mechanisms…not obsolete, simply inefficient in responding to breeches in network security Proactive defense mechanisms…not obsolete, simply inefficient in responding to breeches in network security Proactive solutions frontload defense mechanisms Proactive solutions frontload defense mechanisms

12 Proactive Defense Example Internet Outer Firewall DMZ Inner Firewall Internal Corp. Network Servers (e.g. web, e-mail, proxy) Development Network

13 Why do we need CSDN’s? (cont.) Adaptive Solutions…focus isn’t solely on preventing network attacks Adaptive Solutions…focus isn’t solely on preventing network attacks Attempt to effectively: Attempt to effectively: DetectDetect RespondRespond RecoverRecover Little to no adverse effect on the network and its users Little to no adverse effect on the network and its users

14 Why do we need CSDN’s? (cont.) Key elements of an adaptive solution: Key elements of an adaptive solution: Remain active at all timesRemain active at all times Perform unobtrusivelyPerform unobtrusively Minimize propagation of attacksMinimize propagation of attacks Quickly respond to as-yet unknown attacksQuickly respond to as-yet unknown attacks

15 Foundation of a CSDN 1. Endpoint Protection 2. Admission Control 3. Infection Containment 4. Intelligent Correlation and Incident Response 5. Inline IDS and Anomaly Detection 6. Application Security and Anti-X Defense

16 Endpoint Protection You are only as strong as your weakest link You are only as strong as your weakest link One non-sanitized end-user system connected behind a robust, efficient defense can spell D-O-O-M for a network One non-sanitized end-user system connected behind a robust, efficient defense can spell D-O-O-M for a network Cisco Security Agent Cisco Security Agent Point of presence on end user systems that enables efficient exchange of valuable network threat information as it occursPoint of presence on end user systems that enables efficient exchange of valuable network threat information as it occurs Endpoint system virus, worm detection/protectionEndpoint system virus, worm detection/protection

17 Admission Control Not only core component of a CSDN, but incorporated into other technologies by over 30 industry-leading vendors Not only core component of a CSDN, but incorporated into other technologies by over 30 industry-leading vendors Network Admission Control (NAC) assists in determining the level of access to grant an end-user system in accordance with the security policy when it initially joins the network Network Admission Control (NAC) assists in determining the level of access to grant an end-user system in accordance with the security policy when it initially joins the network NAC also assists in managing end-user system’s compliance with security patches and updates NAC also assists in managing end-user system’s compliance with security patches and updates

18 Infection Containment The ability to identify non-compliant systems or network attacks as they occur and react appropriately, minimizing the effect of the breech The ability to identify non-compliant systems or network attacks as they occur and react appropriately, minimizing the effect of the breech Potentially the #1 core component of a secure system belonging to a CSDN Potentially the #1 core component of a secure system belonging to a CSDN

19 Intelligent Correlation and Incident Response Services that provide the ability to exchange: Services that provide the ability to exchange: Event informationEvent information Implications of an event occurringImplications of an event occurring Necessary actions to takeNecessary actions to take The appropriate nodes or systems to enforce actions in real-timeThe appropriate nodes or systems to enforce actions in real-time These services aide in adapting to changes and countering attacks that are occurring in the network as they occur rather than after they occur These services aide in adapting to changes and countering attacks that are occurring in the network as they occur rather than after they occur

20 Application Security and Anti-X Defense A menagerie of application layer security products that address the “ever-evolving” classes of threats which are not effectively addressed by traditional firewall and network IDS products A menagerie of application layer security products that address the “ever-evolving” classes of threats which are not effectively addressed by traditional firewall and network IDS products Threat examples: Threat examples: E-mail based SPAM and phishingE-mail based SPAM and phishing SpywareSpyware Unauthorized peer-to-peer activityUnauthorized peer-to-peer activity

21 Summary New phraseology NOT a new technology New phraseology NOT a new technology Encompassing security solution that is proactive AND adaptive in nature that envelopes every level of network security rather than just specific layers Encompassing security solution that is proactive AND adaptive in nature that envelopes every level of network security rather than just specific layers Key difference in CSDN and traditional security solutions…ability of CSDN’s to communicate and share information among different security products employed within the CSDN Key difference in CSDN and traditional security solutions…ability of CSDN’s to communicate and share information among different security products employed within the CSDN

22 Questions

Download ppt "Self-Defending Networks Self-Defending Networks By-  Aseem Khan  Adeeb Akhil Shahi  Mohammed Sohail  Saiprasad H Bevinakatti."

Similar presentations

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Integrated Security: Building The Self-Defending Network Bogdan Constantinescu Area Manager Romania.

1 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Integrated Security: Building The Self-Defending Network Bogdan Constantinescu Area Manager Romania.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Increasing customer value through effective security risk management

Increasing customer value through effective security risk management
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Wireless Network Security

Wireless Network Security
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
© 2003, Cisco Systems, Inc. All rights reserved. 111 8426_07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Similar presentations

Ads by Google