Your SlideShare is downloading. ×

John Gormally


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • When most people read about Internet hacking incidents, they get the impression that these are highly complex, technical attacks that takes a genius to create. Reality is that the really smart people first come up with these highly complex, technical attacks, but they share the information and the tools required to pull off the attack on the Internet. The “open sharing” of hacking information and tools allows individuals with minimal technical knowledge to duplicate the attack. Often, it is as easy as downloading the attack tool from the Internet and launching it against targets. You don’t need to know anything other than how to run the attack tool. The bottom line is that it doesn’t take a genius to successfully attack systems and networks, it just takes someone downloading attack tools.
  • The cost of not securing the network -         The “Forensic Challenge” allowed incident handlers around the world to examine an image of a compromised Red Hat Linux server – and identify both how it had been attacked and how to repair it ( www. projecthoneynet .org ). The Challenge found it took 34 hours to clean up and deal with the damage which an intruder had caused in half an hour. Based on an annual salary of $70,000, that represented a cleanup cost of over US$2000 for a single incident. If this was a real world server, it could be one of dozens, if not hundreds, of intrusions. -         A survey by the FBI and Computer Security Institute ( found that in 2001 the financial loss due to security breaches among 186 surveyed companies was nearly $378 million, compared to $266 million reported by 249 respondents in 2000. The average security breach cost was, therefore, approximately $2.0m in 2001, up from $1.0m in 2000. But this is only a fraction of the true cost…. -         Imagine a healthcare provider whose network has been penetrated, and patient information stolen. Or a financial institution that is breached with the loss of client account data. Both organizations would face litigation, and a huge loss of customer credibility and trust. This type of collateral damage can far outweigh any immediate financial loss caused by an attack. Deployment cost Against these potentially huge sums, the cost of deploying robust security is modest. Consider first the hardware component of a security solution: -         Protecting a branch office could be achieved for $10,000 -         A teleworkers home office could be secured for $500 -         An e-commerce web site could be protected for $25,000 These figures represent the typical hardware cost in deploying key security technologies - including firewalling, intrusion protection, virtual private networking, identity and management systems. Security hardware typically represents 10-20 % of the total security solution cost of ownership, with the balance represented by licensing, support and staffing costs. Even with this multiplier factored in, there is a rapid ROI benefit. One serious or publicized security breach can exceed the cost of proactive defense. Type of crime 1998 2000 Theft of proprietary information $ 33.6 $ 66.7 (20%) Financial fraud $ 11.2 $ 56.0 (11%) Virus $ 7.9 $ 29.2 (85%) Insider Net Abuse $ 3.7 $ 28.0 (79%) Sabotage $ 2.1 $ 27.1 (17%) Unauthorized access by insiders $ 50.6 $ 22.6 (71%) Laptop theft $ 5.3 $ 10.4 (60%) Denial of service $ 2.8 $ 8.2 (27%) System penetration by outsiders $ 1.6 $ 7.1 (25%) TOTAL $ 118.9M $ 256M
  • Relying on signatures for anything forces you to start at GAME OVER. Quite frankly, you CAN'T keep up with signatures, which is why the market is beginning to focus on non-signature security technologies. While there is a great deal of discussion over using signature names for forensic (post attack) analysis, the exponential increase in reported vulnerabilities suggests that there likely will NOT be a signature for a given attack. Even products that rely on signatures (e.g. Entercept) admit this, with technologies like "Classes of Attacks". But from a forensics point of view, all you're likely to see in the "Attack Class" alert is "Unknown buffer overflow attack".
  • So, Cisco is the leader in the firewall and VPN markets , and we think we’re also in a leadership position with regard to a few trends on the horizon . I thought it might be useful to let you know where we see the market headed in the next few years. Total solution providers will win: Security is going mainstream/ fundamental requirement of e-business/no longer an afterthought. More and more e-Businesses are requiring vendors to help them figure out how to integrate security services into the e-Business infrastructure. As I’ve shown you, there are many more access points to the network than ever before. Taking a point product approach, where your security solution can only protect a network from a single point on its perimeter, just isn’t adequate. As a result, there is a school of thought now that security must be comprehensive, yet simple, and as transparent as possible. We think businesses are starting to move away from point product vendors – those who only supply one or two pieces of the puzzle -- and they’re starting to favor security companies providing complete solutions. Winning security vendors will address each of the five key requirements for securing networks: secure connectivity, perimeter security, security monitoring, identity and management. Industry consolidation/partnering: As I’ve shown you, Cisco addresses the 5 key elements of security, and we’re well positioned to expand our market leadership. While several of our competitors have trumpeted the value of providing point products, we think they’re actually starting to recognize that the trend is toward total solutions. Check Point has started talking about “comprehensive security solutions,” as part of its Next-Generation marketing campaign. Although they’d done a very good job of adding functionality through partnerships, we’d argue that they are still miles away from putting any real meat on the marketing stick. In IDS, Internet Security Systems (ISS) recently acquired Network Ice, which makes Black Ice personal firewall software. It was a very logical move for them and shows that ISS is trying to follow Cisco’s lead in providing customers with complete solutions. Conclusion: So, going forward, I think you’re going to see a number of companies trying to offer the complete package by either acquiring technology or securing it through partnership. Some will succeed. Others won’t. And you are going to see many smaller security vendors either not getting it, or not knowing how to contend with it, and they will disappear altogether. More regulation: There is a lot of government interest in security issues, particularly as they relate to privacy. This is spreading to many areas of the Internet and networked organizations, and that’s only going to increase as hackers continue to compromise sensitive information. In addition to healthcare, government and banking, we expect to see the SEC taking interest in on-line and wireless trading Legislation will extend to protecting student privacy as well (already several bills in varying stages of review in Congress).
  • In addition to introducing the Cisco SAFE framework, Cisco is also announcing several new products and security ecosystem enhancements.
  • ABC corporation was able to use the existing routers to connect to the Internet [build] taking advantage of Cisco IOS Firewall that runs on the routers and decided to put a dedicated appliance firewall to protect the Main Office Network. [build] The PIX Firewall stateful failover system was implemented.
  • Napoleon once said, “planning is everything, the plan is nothing” It’s the process of planning and the execution that results from it that are important. In security, it’s not so much the development of the policy or plan – but the wheel of activities that follow. The key is to operationalize the process of continual implementation, monitoring, and reacting
  • Cisco is the right choice to provide your security and management tools. Not only are the products world class, but compatibility, single vendor savings and one point support benefits make Cisco the right choice. Security has evolved over the last two years from a niche market to a big company market. Small niche players can no longer devote the resources needed to be successful, and corporations can no longer trust security to a company that may not be in existence a year from now.
  • Transcript

    • 1. Cisco SAFE Networking For Higher Education Network Security Team Cisco Systems, inc
    • 2. Education Today We are educating our children more than ever before on the value of Technology.
    • 3.
      • The Challenge: To improve student academic achievement through the use of technology.
      • The Solution: Teach children how to use the technological tools available to them and integrate that technology into the curriculum to improve student achievement.
      • No Child Left Behind focuses on how teachers and students can use technology Previous federal programs focused on increasing access to more technology. In an effort to improve student achievement through the use of technology, U.S. Secretary of Education Rod Paige announced a new Enhancing Education Through Technology (ED Tech) initiative. The goals of Education Technology are to:
        • Improve student academic achievement through the use of technology in elementary schools and secondary schools.
        • Assist students to become technologically literate by the time they finish the eighth grade.
        • Ensure that teachers are able to integrate technology into the curriculum to improve student achievement.
      • Percentage of students who reported using a computer at school at least once a week, by grade.
      The Facts About...21st-Century Technology US Department Of Education No child left behind program
    • 4. Technologies and Procedures to Prevent Student Access to Inappropriate Material on the Internet
        • Among schools using technologies or procedures to prevent student access to inappropriate material on the Internet, 91 percent reported that teachers or other staff members monitored student Internet access .
      • Eighty-seven percent used blocking or filtering software, 80 percent had a written contract that parents have to sign, 75 percent had a contract that students have to sign, 46 percent used monitoring software, 44 percent had honor codes, and 26 percent used their intranet 12 . As these numbers suggest, most of the schools (96 percent) used more than one procedure or technology as part of their Internet use policy
      • Since 99 percent of public schools were connected to the Internet in 2001, most schools had the capability to make information available to parents and students directly via e-mail or through a Web site. This section presents key findings on the availability of school-sponsored e-mail addresses and on school Web sites.
      National Center for Education Statistics Office of Educational Research & Improvement, U.S. Dept. of Education
    • 5. Security and the Evolving Enterprise Needs Sophistication of Hacker Tools 1990 1980 Packet Forging/ Spoofing Password Guessing Self Replicating Code Password Cracking Exploiting Known Vulnerabilities Disabling Audits Back Doors Hijacking Sessions Sweepers Sniffers Stealth Diagnostics Technical Knowledge Required High Low 2000
    • 6.  
    • 7. What’s the Impact of Not Properly Securing Your Network ?
      • Cost — directly affects the school’s budget
        • How do you budget for a system outage?
      • Credibility — end-user perception
        • Is the children’s information safe?
      • Productivity — ability to use your system
        • Downtime is lost time and productivity
      • Viability — can ultimately affect your network
        • What are the staffing requirements?
      • Liability — are you responsible?
        • If you don’t take actions to stop outbound attacks, are you liable for damages inflicted on others?
      * FBI and Computer Security Institute(CSI) ― 2002
    • 8. Intrusion Prevention: Security Without Signatures Proactive Security for Desktops and Servers
    • 9. “ Signature-based detection methods, which are already showing signs of extreme strain under current malicious code trends, will not be able to keep up with the new set of malicious-code risks created by the pervasive adoption and use of Web services and active content.”  John Pescatore and Arabella Hallawell, Gartner Research Note, 8/31/01
    • 10.  
    • 11. OKENA Aggregates Multiple Endpoint Security Functions OKENA Conventional Distributed Firewall Block Incoming Network Requests Stateful Packet Analysis Detect /Block Port Scans Detect /Prevent Malicious Applications Detect/Prevent Known Buffer Overflows Detect/Prevent Unauthorized File Modification Operating System Lockdown Conventional Host-based IDS Detect/Prevent Unknown Buffer Overflows Block Outgoing Network Requests Detect /Block Network DoS Attacks X X X X X X X X X X X X X X X Desktop/Laptop Protection X X X X X X X
    • 12. OKENA Complements Traditional Desktop AV OKENA Anti-Virus Malicious Code Protection X Stop Known Virus/Worm Propagation Stop Unknown Virus/Worm Propagation Scan/Detect Infected Files “ Clean” Infected Files Identify Viruses/Worms by Name No Signature Updates Required Distributed Firewall Functionality Operating System Lockdown Correlates Events Across Endpoints X X X X X X X X X
    • 13. SECURE MONITOR and RESPOND TEST MANAGE and IMPROVE A Continual, Multistage Process Focused on Incremental Improvement Security Philosophy: The Security Wheel
    • 14. Top Ten Security Policies Today
      • Have a policy on virus updates and scanning.
      • Email policy – size limit and attachments.
      • Remote Access – Who should have it and what type of access.
      • Client side software images – Understand what needs to be loaded.
      • Firewall rule sets – Understand applications and port calls.
      • URL filtering – Understand the pro’s of this system.
      • VLAN the network – Key to removing assets from public view.
      • Host based policy – Server hardening techniques combined with HIDS.
      • Wireless – Have a clear policy and standard on how to deploy wireless
      • 10. Change control process for policy review.
    • 15. Legacy Security Solutions
      • Most security designed when networks were simple and static
      • Primarily single-point products (access-control) with no network integration or intelligence
      • Such legacy products are still seen as default security solutions (a “cure-all”)
      • Today, there are serious drawbacks to relying on such “overlay” security to protect sophisticated networks and services
    • 16.
        • Internet connections have dramatically increased as a frequent point of attack (from 59% in 2000 to 70% in 2001.)
        • Of those organizations reporting attacks, we learn:
        • 27% say they don't know if there had been unauthorized access or misuse
        • 21% reported from two to five incidents in one year
        • 58% reported ten or more incidents in a single year – something isn’t working!
        • Computer Security Institute & FBI Report
        • March, 2002
      Case in Point…
    • 17. Trends / Predictions
      • Security is going Mainstream
        • Fundamental issue to e-education—not an afterthought
      • Security is going to Main Street
        • Every small school will be moving towards e-education
        • Increased outsourcing of solutions and services
      • Security extends everywhere
        • The Classroom, remote students, and teachers
      • The Bar will continue to be raised
        • Criticality of e-education applications
        • Increased regulation
      • Organized Crime activities on the rise - Gambling
      • Student information – higher target risk
    • 18. Presentation_ID © 1999, Cisco Systems, Inc. Security Protection : IDS & Connection Solutions
    • 19. Deploy Proven Technologies
      • Firewalls – PIX 501, 506, 515, 525, 535, and FSM blade
      • IDS – Network based intrusion systems
      • Event correlation technology for SYSLOG reporting
      • HIDS – Host based intrusion to protect the Kernel.eve
    • 20. Cisco VPN 3000 Series Number of Users Encryption WAN Capability Performance Memory SEPs Upgradable Supports Dual PS Redundancy Site-to-Site Sessions 3005 3015 3030 3060 3080 100 100 1500 5000 10,000 SW SW HW HW HW Yes Yes Yes Yes Yes 4 Mb/s 4 Mb/s 50 Mb/s 100 Mb/s 100 Mb/s 32 MB 128 MB 128 MB 256 MB 256 MB 0 0 1 2 4 No Yes Yes Yes N/A No Yes Yes Yes Yes No Yes Yes Yes Yes 100 100 500 1000 1000
    • 21. Remote Access Wireless VPN Aironet Client Aironet Client Cisco VPN 3000 Client Mobile Certicom Client Main Office Internet Cisco VPN 30xx
    • 22. PIX Firewall Product Line Overview Model Market MSRP Licensed Users Max VPN Peers Size (RU) Processor (MHz) RAM (MB) Max. Interfaces Failover Cleartext (Mbps) 3DES (Mbps) ROBO $1,695 Unlimited 25 1 300 32 2 10BaseT No 20 16 SMB $7,995 Unlimited 2,000 1 433 64 6 Yes 188 63 Enterprise $18,495 Unlimited 2,000 2 600 256 8 Yes 360 70 Ent.+, SP $59,000 Unlimited 2,000 3 1 GHz 1 GB 10 Yes 1.7 Gbps 95 SOHO $595 or $1195 10 or 50 5 < 1 133 16 1 10BT + 4 FE No 10 3 506E 515E-UR 525-UR 535-UR 501 GigE Enabled
    • 23.
      • Complements firewalls analyzing permitted traffic: shun sessions, send alarms back to central mgmt. console
      • Watch for unauthorized activity in real time
      • Implement in front of firewall to audit attacks against network
      • Implement behind firewall approving traffic by firewall packets leaving corporate network
      IDS: Real Time Alerts
    • 24. Overview – Intrusion Detection Drivers NAS DMZ Servers Data Center Users Internet Corporate Office Business Partner Intranet/Internal IDS Protects Data Centers and Critical Assets from Internal Threats Internet IDS Complements FW and VPN by Monitoring Traffic for Malicious Activity Extranet IDS Monitors Partner Traffic Where “Trust” is Implied But Not Assured Remote Access IDS Hardens Perimeter Control by Monitoring Remote Users
    • 25. Cisco IDS Solutions
      • Cisco IOS firewall with IDS
        • Embedded software solution
        • WAN-based
      • Cisco Secure IDS
        • Dedicated IDS appliance
        • High-performance
        • Scalable
      • Catalyst 6000 IDS Module
        • Integrated security module
        • Investment protection
      • Linkage to host-based and application monitoring
    • 26. Action Plan: Implementing a Process
      • Develop a comprehensive security policy
        • Based on assessment of assets, threats, vulnerabilities
      • Implement it
        • Focus on key exposures
        • Build defense in depth
        • Security and network experts engage
        • In-source or out-source
      • Monitor and audit
        • It’s what you don’t know...
        • Be selective
      • React—according to plan
        • Recovery needs to be rapid and organized
        • Stick to the plan!!!
      • Repeat Cycle!
        • Continuous improvement to address new threats
    • 27. Prediction 2004... IT Security
      • Focus of IT security will shift from the “Three As” (authentication, authorization, administration) to network continuity
      • Physical and IT security will be integrated
      • Prediction:
      • Higher ED’s are looking more into security as a operational requirement.
      Source: IDC 2002; * Security Authorization, Authentication, Administration
    • 28. Cisco Security Directions
      • Mission
      • Educate you the client on security
      • Strategy
      • Embrace integration into e-education infrastructure and technology initiatives
      • Provide most comprehensive security/ solution
      • Utilize solutions and services ecosystems/partners
    • 29.
      • Integrates security and network issues
      • Includes specific configurations for Cisco and partner solutions
      • Based on existing, shipping capabilities
      • Over 3,000 hours of lab testing
      • Currently, five SAFE white papers:
      • SAFE for Enterprise, SAFE for SMB, SAFE Blueprint for IP Telephony, Wireless LAN Security in Depth, Combating Internet Worms
      SAFE Security Blueprint
    • 30. More Information
      • evpn
    • 31.
      • Internet Vital to Core of education systems
      • Security Fundamental to Health of Internet
      • Attacks Increasing Dramatically – Targeted at New Network and Internet Services
      • Security Must be Part of Network Infrastructure
      • Partnership (education and Government) Critical to a Global Security Strategy
      • Best Practices is the Security of the future
      In Summary...
    • 32. © 2001, Cisco Systems, Inc. All rights reserved.