• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Digital Imaging Guidelines
 

Digital Imaging Guidelines

on

  • 572 views

 

Statistics

Views

Total Views
572
Views on SlideShare
572
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • You only have to look as far as your Inbox and see the spam or put a PC on the internet for a few hours without any anti-virus or anti-spyware. Short of disconnecting yourself from the outside world, there is no 100% security solution.
  • ASA5505 – 150 Mbps firewall throughput, up to 10 VPN peers – Upgradeable to 25 VPN peers ASA5510 - 300 Mbps firewall throughput, up to 250 VPN peers ASA5520 - 450 Mbps firewall throughput, up to 750 VPN peers ASA5540 - 650 Mbps firewall throughput, up to 5000 VPN peers ASA5550 - 1200 Mbps firewall throughput, up to 5000 VPN peers
  • Day Zero attacks Rapidly propagating attacks (Slammer and Nimda) evade signature recognition to attack and proliferate through servers and desktops Patch Management Increasing # of vulnerabilities makes the task of patching systems an ‘update race’ without end Security maintenance in enterprises must scale to thousands of endpoints Current point product challenges These inherently reactive products (HIDS, PFW etc.) have failed to address the problem Point products force deployment of multiple agents and management paradigms With a policy-based system like CSA, multiple problems can be solved depending on how the policies are configured. The 3 major solution areas where Cisco Security Agent can address e-business requirements are in: Distributed Firewalls for desktops and laptops, that also provide added-value security like application sandboxing for web desktop applications like browsers, email clients, and instant messengers. Hardening for servers, including a host IDS with full prevention and file integrity enforcement (like Tripwire). Web server protection, preventing web server programs like IIS or Apache from being exploited against you. This “Agent Consolidation” provides an incredible Return On Investment for customers Desktop/Server hardening File System/OS Lockdown and Baseline Controlled registry access Buffer Overflow and network attack protection Desktop Distributed Firewall Personal Firewall + IDS + Application Sandbox 21 Application security policies IIS, SQL Server, DHCP, DNS, Microsoft Office, Instant Messenger, Cisco Call Manager, Cisco VMS, MS Exchange

Digital Imaging Guidelines Digital Imaging Guidelines Presentation Transcript

  • Cisco Security Solutions Overview David Hettrick August 16 2007 Partner Smart. ™ ®
  • Is there a reason to be Paranoid?
    • Yes
    • Often, selling security is easy after a customer has had a breach of some kind
    • Suggestion is to be proactive and warn of potential threats
    • Security will always be a trade-off between Price and Comfort Level
  • Types of Threats
    • Denial of Service (DoS) attacks
    • IP Spoofing
    • Phishing
    • Spyware
    • Malware
    • Reconnaissance
    • Unauthorized entry and data theft
    • Viruses and Worms
    • And more…
  • Cisco Firewall and VPN products
    • PIX- Firewall and VPN
      • Flagship firewall
    • VPN Concentrator
      • Dedicated VPN appliance
      • Optimized for Remote Access
      • (EOS August 2007)
    • Both products are replaced by the Cisco ASA Appliance
      • Built on PIX v7.0 Code
      • Feature equivalent to VPN Concentrator
      • Higher Performing
  • Adaptive Security Appliances
    • ASA5500 Adaptive Security Appliances
      • Provide Firewall and IPSec/SSL VPN
        • ASA5505 ~150Mbps
        • ASA5510 ~300Mbps
        • ASA5520 ~450Mbps
        • ASA5540 ~650Mbps
        • ASA5550 ~ 1200Mbps
    • SSM Expansion Slot
      • 4 port Gigabit 10/100/1000 or SFP
      • AIP module for IPS/IDS
        • AIP-10
        • AIP-20
      • CSC module for gateway anti-x
        • Provides Anti-Virus and Anti-Spyware
        • Additional license to add URL/Content
        • filtering, Anti-Phishing, & Anti-Spam
  • Cisco ASA 5505 Adaptive Security Appliance © 2004 Cisco Systems, Inc. All rights reserved. ASA 5500 Intro Sleek, High Performance Desktop Design Diskless Architecture for High Reliability Expansion Slot for Future Capabilities Three USB v2.0 Ports for Future Use (One in Front) Console Port Two Power over Ethernet (PoE) Ports for IP Phones, WiFi Access Points, Video Surveillance, etc. Secure Lock Slot and System Reset Button 8-port 10/100 Fully Configurable Switch with VLAN Support
  • Content Security and Control SSM Product Details
    • CSC SSM-10
    • 50 User
    • 100 User
    • 250 User
    • 500 User
    • Base Services:
      • File-based Anti-Virus and malware filtering; Anti-Spyware
    • Plus License:
      • Anti-Spam, Content Filtering, Anti-Phishing, URL Filtering & Blocking
    Cisco ASA 5500 Series Content Security and Control Module (CSC SSM)
    • CSC SSM-20
    • 500 User
    • 750 User
    • 1,000 User
    Platforms / Subscription Levels Feature Sets
  • ASA Advanced Intrusion Prevention Module (AIP)
    • Feature equivalent to Cisco’s standalone IPS product (4200 series)
    • Freedom to decide which traffic traversing the ASA is scanned for intrusion.
    • Ability to drop those packets and log them right at the ASA
  • Dual ISP feature introduction
      • Dual ISP support via object tracking feature
    • IOS sla tracking feature
    • Active/Standby routes
    • Uses ICMP to track the routes
    • Works on static address, DHCP and PPPoE
    • Fail Back feature when primary comes back
    Main Office Primary ISP 1.1.1.1 Cisco ASA Outside 1.1.1.2 Backup 2.2.2.2 Secondary ISP 2.2.2.1
  • Cisco Adaptive Security Device Manager v5.2
    • Simple installation and monitoring for the Cisco ASA 5500 family
    • Supports configuration of:
    • - Firewall - Remote Access VPN - Site to Site VPN - And all other ASA services
    • Supports monitoring of: - Syslog (real-time) - Connections - Throughput & more!
  • VPN Solutions: Easy VPN
    • Scaleable – Easily add remote sites with no changes to Easy VPN server
    • IOS Routers
    • PIX, ASA, CVPN
    Internet Easy VPN Client Dynamic IP Client Behind Firewall Easy VPN Server VPN Tunnel
  • Network Based Intrusion Products
    • Based on Signatures
      • IDS-4215, IPS-4240
      • AIP module in ASA
      • NM-CIDS in Router
      • IOS embedded IPS
    • Watch for unauthorized activity in real time
    • Implement in front of firewall to audit attacks against network
    • Implement behind firewall approving traffic by firewall packets leaving corporate network
    • Implement where key Servers reside
  • What does Host based IPS do?
    • Day zero attack protection (virus, spyware, malware, patch management)
    • Intercepts Operating System calls and compares them to cached security policies
    • Takes proactive approach to block malicious behavior on host
  • Host Based Intrusion Prevention CSA: Cisco Security Agent
    • CSA Server Protection:
    • Host-based Intrusion Protection
    • Network Worm Protection
    • Web Server Protection
    • Security for other applications
    • CSA Desktop Protection:
    • Distributed Firewall
    • Day Zero Virus Protection
    • Security for other applications
    Anomaly Based Create Your own Policies Windows or Solaris
  • CSA Architecture
    • CSA Manager (required)
    • CSA Servers
    • CSA Desktops
    • CSA Profiler
      • Automates analysis of Applications activities
      • Easily builds custom policies
  • Network Admission Control NAC
    • Prevents vulnerable and non-compliant hosts from impacting enterprise resilience, and it enables customers to leverage their existing network and infrastructure
    • Components
      • Endpoint security with Cisco Trust Agent
      • Network Access devices – routers, switches, CSACS
      • Policy Server – Cisco Clean Access Server (CCA)
      • Management Server - Cisco Clean Access Manager (CCA)
  • NAC Appliance Overview All-in-One Policy Compliance and Remediation Solution
    • AUTHENTICATE & AUTHORIZE
    • Enforces authorization policies and privileges
    • Supports multiple user roles
    • SCAN & EVALUATE
    • Agent scan for required versions of hotfixes, AV, and other software
    • Network scan for virus and worm infections and port vulnerabilities
    • QUARANTINE
    • Isolate non-compliant devices from rest of network
    • MAC and IP-based quarantine effective at a per-user level
    • UPDATE & REMEDIATE
    • Network-based tools for vulnerability and threat remediation
    • Help-desk integration
  •  
  •  
  •  
  • Gathering information is easy. Identifying real threats is challenging
  • MARS: Mitigation and Response System
    • Appliance
    • Gathers information from all Security Devices and correlates
    • Allows for real time analysis of threat
      • Network intelligence
      • Context correlation
      • Vector analysis
      • Anomaly detection
      • Hotspot identification
      • Automated mitigation capabilities
    • Not limited to Cisco Devices
      • Microsoft Servers
      • Common Security Products from other vendors
      • Supports Netflow collection
  • Security: The Pervasive Add-on
    • What this means is that with any product it becomes a consideration to add security
      • By up selling the product itself
        • Change a Cisco2811 into a Cisco2811-SEC-K9
      • Or by adding on a new product to the solution
        • Add Cisco Security Agent to those new web servers
      • Also, sometimes it just needs to be discussed to position the right solution
        • What are your security requirements for your wireless network?
  • Question and Answer