Digital Imaging Guidelines

000000_1Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Cisco Security Solutions Cisco Security Solutions Overview Overview

David HettrickDavid HettrickAugust 16 2007August 16 2007

®

Partner Smart.™

®000000_2Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Is there a reason to be Paranoid?Is there a reason to be Paranoid?

YesYes

Often, selling security is easy Often, selling security is easy after a customer has had a after a customer has had a breach of some kindbreach of some kind

Suggestion is to be proactive Suggestion is to be proactive and warn of potential threats and warn of potential threats

Security will always be a trade-Security will always be a trade-off between Price and Comfort off between Price and Comfort Level Level


Types of ThreatsTypes of Threats Denial of Service (DoS) attacksDenial of Service (DoS) attacks IP SpoofingIP Spoofing PhishingPhishing SpywareSpyware MalwareMalware ReconnaissanceReconnaissance Unauthorized entry and data theftUnauthorized entry and data theft Viruses and WormsViruses and Worms And more…And more…


Cisco Firewall and VPN productsCisco Firewall and VPN products PIX- Firewall and VPNPIX- Firewall and VPN– Flagship firewall Flagship firewall

VPN Concentrator VPN Concentrator – Dedicated VPN applianceDedicated VPN appliance– Optimized for Remote AccessOptimized for Remote Access– (EOS August 2007)(EOS August 2007)

Both products are replaced by the Cisco ASA Both products are replaced by the Cisco ASA ApplianceAppliance– Built on PIX v7.0 CodeBuilt on PIX v7.0 Code– Feature equivalent to VPN ConcentratorFeature equivalent to VPN Concentrator– Higher PerformingHigher Performing


Adaptive Security AppliancesAdaptive Security Appliances

ASA5500 Adaptive Security AppliancesASA5500 Adaptive Security Appliances– Provide Firewall and IPSec/SSL VPNProvide Firewall and IPSec/SSL VPN

ASA5505 ~150MbpsASA5505 ~150Mbps ASA5510 ~300MbpsASA5510 ~300Mbps ASA5520 ~450MbpsASA5520 ~450Mbps ASA5540 ~650MbpsASA5540 ~650Mbps ASA5550 ~ 1200MbpsASA5550 ~ 1200Mbps

SSM Expansion SlotSSM Expansion Slot– 4 port Gigabit 10/100/1000 or SFP4 port Gigabit 10/100/1000 or SFP– AIP module for IPS/IDS AIP module for IPS/IDS

AIP-10AIP-10 AIP-20AIP-20

– CSC module for gateway anti-xCSC module for gateway anti-x Provides Anti-Virus and Anti-SpywareProvides Anti-Virus and Anti-Spyware Additional license to add URL/ContentAdditional license to add URL/Content filtering, Anti-Phishing, & Anti-Spamfiltering, Anti-Phishing, & Anti-Spam


Cisco ASA 5505 Adaptive Cisco ASA 5505 Adaptive Security ApplianceSecurity Appliance

Sleek, High PerformanceDesktop Design

Diskless Architecture for High Reliability

Expansion Slot forFuture Capabilities

Three USB v2.0 Ports forFuture Use (One in Front)

Console Port

Two Power over Ethernet (PoE)Ports for IP Phones, WiFi AccessPoints, Video Surveillance, etc.

Secure Lock Slot and SystemReset Button

8-port 10/100 Fully ConfigurableSwitch with VLAN Support

© 2004 Cisco Systems, Inc. All rights reserved.ASA 5500 Intro 666


ASA Advanced Intrusion ASA Advanced Intrusion Prevention Module (AIP)Prevention Module (AIP)

Feature equivalent to Cisco’s standalone IPS Feature equivalent to Cisco’s standalone IPS product (4200 series)product (4200 series)

Freedom to decide which traffic traversing the ASA Freedom to decide which traffic traversing the ASA is scanned for intrusion.is scanned for intrusion.

Ability to drop those packets and log them right at Ability to drop those packets and log them right at the ASAthe ASA


Dual ISP feature introductionDual ISP feature introduction

– Dual ISP support via object Dual ISP support via object trackingtracking feature feature

Main Office

Primary ISP1.1.1.1

Cisco ASAOutside 1.1.1.2

Backup 2.2.2.2

Secondary ISP2.2.2.1

•IOS sla tracking feature•Active/Standby routes•Uses ICMP to track the routes•Works on static address, DHCP and PPPoE•Fail Back feature when primary comes back


Simple installation and monitoring for the Cisco ASA 5500 family• Supports configuration of:

- Firewall - Remote Access VPN - Site to Site VPN - And all other ASA services

• Supports monitoring of: - Syslog (real-time) - Connections - Throughput & more!

Cisco Adaptive Security Device Cisco Adaptive Security Device Manager v5.2Manager v5.2


VPN Solutions: Easy VPNVPN Solutions: Easy VPN

Scaleable – Easily add remote sites with no changes to Easy Scaleable – Easily add remote sites with no changes to Easy VPN serverVPN server

IOS RoutersIOS Routers

PIX, ASA, CVPNPIX, ASA, CVPN

Internet Internet

Easy VPN ClientEasy VPN Client

Dynamic IPDynamic IP

Client Behind FirewallClient Behind Firewall

Easy VPN ServerEasy VPN Server

VPN TunnelVPN Tunnel


Network Based Intrusion ProductsNetwork Based Intrusion Products Based on SignaturesBased on Signatures

–IDS-4215, IPS-4240IDS-4215, IPS-4240–AIP module in ASAAIP module in ASA–NM-CIDS in RouterNM-CIDS in Router–IOS embedded IPSIOS embedded IPS

Watch for unauthorized activity in Watch for unauthorized activity in real timereal time

Implement in front of firewall to Implement in front of firewall to audit attacks against networkaudit attacks against network

Implement behind firewall Implement behind firewall approving traffic by firewall approving traffic by firewall packets leaving corporate packets leaving corporate networknetwork

Implement where key Servers Implement where key Servers residereside


What does Host based IPS do?What does Host based IPS do?

Day zero attack protection (virus, spyware, malware, Day zero attack protection (virus, spyware, malware, patch management)patch management)

Intercepts Operating System calls and compares them Intercepts Operating System calls and compares them to cached security policiesto cached security policies

Takes proactive approach to block malicious behavior Takes proactive approach to block malicious behavior on hoston host


Host Based Intrusion PreventionHost Based Intrusion PreventionCSA: Cisco Security AgentCSA: Cisco Security Agent

CSA Server Protection:• Host-based Intrusion Protection• Network Worm Protection• Web Server Protection• Security for other applications

CSA Desktop Protection:• Distributed Firewall• Day Zero Virus Protection• Security for other

applications

Anomaly Based

Create Your own Policies

Windows or Solaris


CSA ArchitectureCSA Architecture

CSA Manager (required)CSA Manager (required)

CSA ServersCSA Servers CSA DesktopsCSA Desktops CSA ProfilerCSA Profiler– Automates analysis of Applications activitiesAutomates analysis of Applications activities– Easily builds custom policiesEasily builds custom policies


Network Admission Control NACNetwork Admission Control NAC

Prevents vulnerable and non-compliant hosts from Prevents vulnerable and non-compliant hosts from impacting enterprise resilience, and it enables impacting enterprise resilience, and it enables customers to leverage their existing network and customers to leverage their existing network and infrastructure infrastructure

ComponentsComponents– Endpoint security with Cisco Trust AgentEndpoint security with Cisco Trust Agent– Network Access devices – routers, switches, CSACSNetwork Access devices – routers, switches, CSACS– Policy Server – Cisco Clean Access Server (CCA)Policy Server – Cisco Clean Access Server (CCA)– Management Server - Cisco Clean Access Manager Management Server - Cisco Clean Access Manager

(CCA)(CCA)


NAC Appliance OverviewNAC Appliance Overview

All-in-One Policy Complianceand Remediation Solution

AUTHENTICATE & AUTHORIZEAUTHENTICATE & AUTHORIZE Enforces authorization policies Enforces authorization policies

and privilegesand privileges Supports multiple user rolesSupports multiple user roles

SCAN & EVALUATESCAN & EVALUATE Agent scan for required versions Agent scan for required versions

of hotfixes, AV, and other of hotfixes, AV, and other softwaresoftware

Network scan for virus and worm Network scan for virus and worm infections and port vulnerabilitiesinfections and port vulnerabilities

QUARANTINEQUARANTINE Isolate non-compliant devices Isolate non-compliant devices

from rest of network from rest of network MAC and IP-based quarantine MAC and IP-based quarantine

effective at a per-user leveleffective at a per-user level

UPDATE & REMEDIATEUPDATE & REMEDIATE Network-based tools for Network-based tools for

vulnerability and threat vulnerability and threat remediationremediation

Help-desk integrationHelp-desk integration


Gathering information is easy. Gathering information is easy. Identifying real threats is challengingIdentifying real threats is challenging


MARS: Mitigation and Response MARS: Mitigation and Response SystemSystem

ApplianceAppliance Gathers information from all Security Devices and Gathers information from all Security Devices and

correlatescorrelates Allows for real time analysis of threatAllows for real time analysis of threat

– Network intelligenceNetwork intelligence– Context correlationContext correlation– Vector analysisVector analysis– Anomaly detectionAnomaly detection– Hotspot identificationHotspot identification– Automated mitigation capabilitiesAutomated mitigation capabilities

Not limited to Cisco DevicesNot limited to Cisco Devices– Microsoft ServersMicrosoft Servers– Common Security Products from other vendorsCommon Security Products from other vendors– Supports Netflow collectionSupports Netflow collection


Security: The Pervasive Add-onSecurity: The Pervasive Add-on

What this means is that with any product it What this means is that with any product it becomes a consideration to add securitybecomes a consideration to add security– By up selling the product itselfBy up selling the product itself

Change a Cisco2811 into a Cisco2811-SEC-K9Change a Cisco2811 into a Cisco2811-SEC-K9

– Or by adding on a new product to the solutionOr by adding on a new product to the solution Add Cisco Security Agent to those new web serversAdd Cisco Security Agent to those new web servers

– Also, sometimes it just needs to be discussed to Also, sometimes it just needs to be discussed to position the right solutionposition the right solution What are your security requirements for your wireless network?What are your security requirements for your wireless network?

000000_24Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Question and AnswerQuestion and Answer

Digital Imaging Guidelines

Documents

Transcript of Digital Imaging Guidelines