.à /¶#Ê-j òF $ $v - Global Home Page€¦ · ò"F"Î þ2Z Ú ¢.Z$ÿ% ú Training and Staffing...
Transcript of .à /¶#Ê-j òF $ $v - Global Home Page€¦ · ò"F"Î þ2Z Ú ¢.Z$ÿ% ú Training and Staffing...
Agenda
© 2008 Cisco Systems, Inc. All rights reserved. 2
© 2008 Cisco Systems, Inc. All rights reserved. 3
Threats Are Becoming Increasingly Difficult toIncreasingly Difficult to Detect and Mitigate
rity
Financial:Theft and Damage
reat
Sev
er
Fame:Viruses and Malware
Th
Notoriety:Notoriety:Basic Intrusions and Viruses
© 2008 Cisco Systems, Inc. All rights reserved. 4
1990 1995 2000 2005 2007 2010
Writers Middle Men Second-Stage Abusers
First-Stage Abusers End Value
Compromised
Tool Writers Hacker or Direct Attack
Fame
Malware Writers
Extortionist DDoS for Hire
Compromised Host and
Application
B t t C ti
Theft
Espionage
WormsMachine
Harvesting Spammer
Botnet Creation
Botnet Management
Espionage
Extortion
Viruses
T j Internal Theft
Information Harvesting Phisher
Pharmer/DNS
Management
Personal Information
Commercial Sales
Fraudulent
Spyware
Trojans Internal Theft Abuse of Privilege
Poisoning
Identity TheftInformation Brokerage
Fraudulent Sales
Click Fraud
© 2008 Cisco Systems, Inc. All rights reserved. 5
Electronic IP Leakage Financial Fraud
Source: 2007 CSI Survey
© 2008 Cisco Systems, Inc. All rights reserved. 6
Source: 2007 CSI Survey
, DDoS
© 2008 Cisco Systems, Inc. All rights reserved. 7
© 2008 Cisco Systems, Inc. All rights reserved. 8
Training and StaffingPolicy ImplementationPolicy ImplementationTraining and Staffing
Event Sharing and Collaboration
Configuration and ManagementConfiguration and ManagementEvent Sharing and Collaboration
NA A
Threat Intelligenceg
Threat Intelligence
Fi
Ne
IPsSG
a
Ho
AV G WA
ppFi
URSSSe
Mam Fi
NA
C
Firewall
Netw
ork IPS
IPsec VPN
Spam
Gatew
ay
Host IPS
AV Gatew
ay
Web
ApplicationFirew
all
UR
L Filter
SSL VPN
Security M
anage-m
ent
XML
Firewall
I t ti I t th N t k I f t t
NA
C
irewall
etwork
IPS
sec VPN
Spam
ateway
ost IPS
Gatew
ay
Web
plicationrew
all
RL Filter
SL VPN
ecurity anage-m
ent
XML
irewall
Integration Into the Network Infrastructure
© 2008 Cisco Systems, Inc. All rights reserved. 9
SDN
Integrated Adaptive CollaborativeIntegrated Adaptive Collaborative
NetworkSecurity
ApplicationSecurity
EndpointSecurity
ContentSecurity
Anti-VirusAnti-SpywareH-IPS
FirewallN-IDS / IPSRouter
Anti-PhisingContent FilteringEmail Security
XML F/WApplication F/W
H-IPSAccess Control
RouterSwitch
Email Security
T ffi C t l Vi P ti M l P ti A Att k P tiTraffic ControlWorm PreventionACLL2 Security
Virus PreventionHost ProtectionNetwork AdmissionControl
Malware PreventionURL FilteringAnti-SpamData Loss Prevention
App. Attack PreventionXML Packet Inspection
© 2008 Cisco Systems, Inc. All rights reserved. 10
Port 25 Port 80Content Security
Port 25 Port 80
Network Security
Locked the Network Doors, but E-Mail and Web Stayed Open
y
© 2008 Cisco Systems, Inc. All rights reserved. 11
Custom Web ApplicationsCustomized Packaged Applications
Internal and Third-Party Code75% Business Logic and Code
Operating
DatabaseServers
Operating
ApplicationServers
Operating
WebServers
Network
gSystemsSystems
gSystems
Network Firewall
IDS/IPS
“50% of enterprises and government agencies are using XML, Web services or SOA.” Source: Gartner
“XML accounted for 15% of internet traffic in 2005 By 2008 it is
“50% of enterprises and government agencies are using XML, Web services or SOA.” Source: Gartner
“XML accounted for 15% of internet traffic in 2005 By 2008 it is
© 2008 Cisco Systems, Inc. All rights reserved. 12
XML accounted for 15% of internet traffic in 2005. By 2008, it is expected to account for 50%.” Source: 451 Group
XML accounted for 15% of internet traffic in 2005. By 2008, it is expected to account for 50%.” Source: 451 Group
© 2008 Cisco Systems, Inc. All rights reserved. 13
0111111010101000100001000100111110
ACLFirewall
Application Recognition(NBAR)
N-IDS / IPS XML F/WApp. F/W
DDoS SolutionH-IPS
RFC2827uRPFCoPPN tfl
(NBAR)Flexible Packet Matching(FPM)F/W w/ App. EngineC t t S it
App. F/W H IPSEmail SecurityDNS Safeguard
NetflowL2 Security
Content Security
IPC /
Packet InspectionWorm App. Attack DDoS Protection
© 2008 Cisco Systems, Inc. All rights reserved. 14
TCP/UDP Malformed App.Prevention Protection Data LossPrevention
,
ApplicationInspection
ASA 5500 SeriesCat6K Sup32-PISAACE XML Firewall
Content
ACE Application Firewall
IronPort S Series (Web Security)ContentSecurity
IronPort S Series (Web Security)IronPort C Series (Email Security)
EndpointSecurity
NAC ApplianceCisco Security Agent (CSA)
DDoS AttackPrevention Guard and Detector
© 2008 Cisco Systems, Inc. All rights reserved. 15
© 2008 Cisco Systems, Inc. All rights reserved. 16
:
InternetGuard
ASA5500
D t t
DMZI P t
Detector
CSA
DMZIronPortS Series
ACE XML Fi ll
IronPortC Series
ACE XML FirewallACE App. Firewall
© 2008 Cisco Systems, Inc. All rights reserved. 17
Campus
: CSA
AccessSwitch Security
Access
Cat6K Sup32 PISA
Distribution
Cat6K Sup32-PISANBARFPM
NACA li
0111111010101000100001000100111110
Appliance
Core Switch Security
© 2008 Cisco Systems, Inc. All rights reserved. 18
:
CoreSwitch Security
AggregationXML FirewallApp. Firewall
Switch Security
Switch SecurityAccess
Switch Security
CSADetector
© 2008 Cisco Systems, Inc. All rights reserved. 19
© 2008 Cisco Systems, Inc. All rights reserved. 20
© 2008 Cisco Systems, Inc. All rights reserved. 21