SlideShare a Scribd company logo

Enterprise Network Design and Deployment

Download as PPTX, PDF
Sandeep Yadav
Sandeep Yadav

The document discusses several Cisco network security products: - Identity Services Engine (ISE) provides context-aware access control and shares user data. - Intrusion Prevention System (IPS) detects and prevents various cyber attacks like denial of service. - Web Security Appliance (WSA) filters web traffic and scans for malware and data loss. - Access Control System (ACS) centralizes access policies for wireless, wired, and network devices. - Adaptive Security Appliance (ASA) provides firewall functionality, VPN access, and acts as an authentication proxy.

Technology
1 of 17
ISE IPS ACS JECRC University Enterprise Network Design and Deployment Sandeep Yadav 1202061074 ASA WSA WLC
ISE Controller A centralised security solution that automates context-aware access to network resources and shares contextual data Identity Profiling and Posture Networ k Resources Who What When Where How  Compliant ll ISE Role-Based Policy Access Guest Access BYOD Access Role-Based Access (Identity Services Engine) Guest / Users
ISE-Sponsor Portal
ISE-Guest Self Service 1 2 3
Initial Connection using PEAP Redirection to Android Market To install provisioning utility Provisioning Using Cisco Wi-Fi Setup Assistant Change of Authorization Future Connection using EAP-TLS Android Device Provisioning
WLC (Wireless Lan Controller) Wireless controllers centrally manage, secure, and configure access points throughout the organization. WLC
WSA (Web Security Appliance) WWW Web Reputation Web Filtering Application Visibility and Control Webpage Parallel AV Scanning File Reputation Data Loss Prevention Advance Malware Protection Cognitive Threat Analysis It combines Advanced Malware Protection (AMP), application visibility and control (AVC), acceptable-use policies, insightful reporting. We can address the challenges of securing and controlling web traffic.
ACS (Access Control System) • It offers central management of access policies for device administration and for wireless and wired 802.1X network access scenarios. • Receive support for two distinct protocols: RADIUS for network access control and TACACS+ for network device access control • Use multiple databases concurrently for maximum flexibility in enforcing access policy Supplicant IP Phone Endpoint Device Catalyst Switch Wireless Lan Controller Campus Network Nexus 7000 Protected Resources ACS AD
AAA • These AAA services provide a higher degree of scalability than line-level and privileged-EXEC authentication to networking components. • Unauthorized access in campus, dialup, and Internet environments creates the potential for network intruders to gain access to sensitive network equipment services and data • Using a Cisco AAA architecture enables consistent, systematic and scalable access security Cisco provides two ways of implementing AAA services for Cisco routers, network access servers • Self-contained AAA • Cisco Secure ACS Solution Engine Authentication Authorization and Accounting
AAA Protocols AAA Protocols TACACS+ RADIUS Layer 3 Protocols Encryption Standard Cisco Entire Body TCP/IP UDP/IP Password Only Open
ASA (Adaptive Security Appliance) • A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. • Firewalls have been a first line of defence in network security • They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet. Internal Network L3 Switch L3 Switch L3 Switch L3 Switch Inside Outside Outside Active Firewall Standby Firewall Failover Link TrunkTrunk
Foundational Functionality Stateful Firewalling VPN Capabilities Policy Enforcement Point for ISE Stateful Firewalling TCP Normalization TCP Intercept IP Options Inspection IP Fragmentation NAT Routing Access Control List
VPN Capabilities Diverse Endpoint Support Split Tunneling Capabilities Mobile and non-mobile devices Cisco and Non-Cisco devices Corporate and Sensitive info Personal and Generic info
IPS (Intrusion Prevention System) Intrusion prevention system is intended to prevent malicious events from occurring by preventing attacks as they are happening. There are a number of different attack types that can be prevented using an IPS including (among others): • Denial of Service • Distributed Denial of Service • Exploits (Various types) • Worms • Viruses Edge Device Firewall DMZ Inside IPS 2 IPS 1 Web Servers Application Database
Priority 1 Priority 2 Priority 3 Automatically correlates information from intrusion events with network assets to prioritize threat investigation Protects the Network more effectively
Blended Threats and attacks coming through multiple vectors are quickly identified Protects the Network more effectively
Thank You

Recommended

Sem cis ise
Sem cis iseSem cis ise
Sem cis iseLino Quivén
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEFast Lane Consulting and Education, Inc.
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Veena kakati
Veena kakatiVeena kakati
Veena kakativeena kakati
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)Robb Boyd
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsAnthony Daniel
 

Recommended

Sem cis ise
Sem cis iseSem cis ise
Sem cis iseLino Quivén
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEFast Lane Consulting and Education, Inc.
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Veena kakati
Veena kakatiVeena kakati
Veena kakativeena kakati
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)Robb Boyd
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsAnthony Daniel
 
Web application firewall
Web application firewallWeb application firewall
Web application firewallAju Thomas
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseRobb Boyd
 
CounterSnipe-v9.0
CounterSnipe-v9.0CounterSnipe-v9.0
CounterSnipe-v9.0Amar Rathore
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Canada
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and UpdateCisco Canada
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Cisco Russia
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteAntonio Fontes
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...BeyondTrust
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesKim Bookout
 
Institutional IT Security
Institutional IT SecurityInstitutional IT Security
Institutional IT SecurityCRISIL Limited
 
6 Steps to Secure Network Devices
6 Steps to Secure Network Devices6 Steps to Secure Network Devices
6 Steps to Secure Network DevicesLisa Kearney
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Jeff Suratt
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseBeyondTrust
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
Presentacion nac
Presentacion nacPresentacion nac
Presentacion nacAdriana Cardona
 
Security analyst
Security analystSecurity analyst
Security analystArjun Panwar
 
TechWiseTV Workshop: Q&A OpenDNS and AnyConnect
TechWiseTV Workshop: Q&A OpenDNS and AnyConnect TechWiseTV Workshop: Q&A OpenDNS and AnyConnect
TechWiseTV Workshop: Q&A OpenDNS and AnyConnect Robb Boyd
 
Brian Starr Cover Letter
Brian Starr Cover LetterBrian Starr Cover Letter
Brian Starr Cover LetterBrian Starr
 
DCI - Marcada para janeiro, implantação do bloco k pode ser adiada mais uma vez
DCI - Marcada para janeiro, implantação do bloco k pode ser adiada mais uma vezDCI - Marcada para janeiro, implantação do bloco k pode ser adiada mais uma vez
DCI - Marcada para janeiro, implantação do bloco k pode ser adiada mais uma vezGrounds - Expanding tax & financial limits
 
eTwinning - Diferences Routers and switch
eTwinning - Diferences Routers and switcheTwinning - Diferences Routers and switch
eTwinning - Diferences Routers and switchAgrupamento de Escolas da Batalha
 

More Related Content

What's hot

Web application firewall
Web application firewallWeb application firewall
Web application firewallAju Thomas
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseRobb Boyd
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Canada
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and UpdateCisco Canada
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Cisco Russia
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteAntonio Fontes
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...BeyondTrust
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesKim Bookout
 
Institutional IT Security
Institutional IT SecurityInstitutional IT Security
Institutional IT SecurityCRISIL Limited
 
6 Steps to Secure Network Devices
6 Steps to Secure Network Devices6 Steps to Secure Network Devices
6 Steps to Secure Network DevicesLisa Kearney
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Jeff Suratt
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseBeyondTrust
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
TechWiseTV Workshop: Q&A OpenDNS and AnyConnect
TechWiseTV Workshop: Q&A OpenDNS and AnyConnect TechWiseTV Workshop: Q&A OpenDNS and AnyConnect
TechWiseTV Workshop: Q&A OpenDNS and AnyConnect Robb Boyd
 
Brian Starr Cover Letter
Brian Starr Cover LetterBrian Starr Cover Letter
Brian Starr Cover LetterBrian Starr
 

What's hot (20)

Web application firewall
Web application firewallWeb application firewall
Web application firewall
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network License
 
CounterSnipe-v9.0
CounterSnipe-v9.0CounterSnipe-v9.0
CounterSnipe-v9.0
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynote
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challenges
 
Institutional IT Security
Institutional IT SecurityInstitutional IT Security
Institutional IT Security
 
6 Steps to Secure Network Devices
6 Steps to Secure Network Devices6 Steps to Secure Network Devices
6 Steps to Secure Network Devices
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers 
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your Enterprise
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
 
Presentacion nac
Presentacion nacPresentacion nac
Presentacion nac
 
Security analyst
Security analystSecurity analyst
Security analyst
 
TechWiseTV Workshop: Q&A OpenDNS and AnyConnect
TechWiseTV Workshop: Q&A OpenDNS and AnyConnect TechWiseTV Workshop: Q&A OpenDNS and AnyConnect
TechWiseTV Workshop: Q&A OpenDNS and AnyConnect
 
Brian Starr Cover Letter
Brian Starr Cover LetterBrian Starr Cover Letter
Brian Starr Cover Letter
 

Viewers also liked

DCI - Marcada para janeiro, implantação do bloco k pode ser adiada mais uma vez
DCI - Marcada para janeiro, implantação do bloco k pode ser adiada mais uma vezDCI - Marcada para janeiro, implantação do bloco k pode ser adiada mais uma vez
DCI - Marcada para janeiro, implantação do bloco k pode ser adiada mais uma vezGrounds - Expanding tax & financial limits
 
Networking Course in bangalore | CCNA training Institute
Networking Course in bangalore | CCNA training InstituteNetworking Course in bangalore | CCNA training Institute
Networking Course in bangalore | CCNA training InstituteNetworking Training
 
Day 8 1 introducing routing n
Day 8 1 introducing routing nDay 8 1 introducing routing n
Day 8 1 introducing routing nCYBERINTELLIGENTS
 
Unit i data structure FYCS MUMBAI UNIVERSITY SEM II
Unit i data structure FYCS MUMBAI UNIVERSITY SEM II Unit i data structure FYCS MUMBAI UNIVERSITY SEM II
Unit i data structure FYCS MUMBAI UNIVERSITY SEM II ajay pashankar
 
enterprise network design architecture
enterprise network design architectureenterprise network design architecture
enterprise network design architectureAmir Hossain
 
A primer on network devices
A primer on network devicesA primer on network devices
A primer on network devicesUC San Diego
 
networking device router,switches & bridges
networking device router,switches & bridgesnetworking device router,switches & bridges
networking device router,switches & bridgeskeyur Nandaniya
 
static and dynamic routing
static and dynamic routingstatic and dynamic routing
static and dynamic routingRoziq Bahtiar
 
Dynamic Routing
Dynamic RoutingDynamic Routing
Dynamic Routingtmavroidis
 
Networking Devices and Networking Topologies
Networking Devices and Networking TopologiesNetworking Devices and Networking Topologies
Networking Devices and Networking Topologiesmc aa
 
Ccna exploration network fundamentals
Ccna exploration network fundamentalsCcna exploration network fundamentals
Ccna exploration network fundamentalsIT Tech
 
Types of computer network
Types of computer networkTypes of computer network
Types of computer networkAmit Shaw
 
Chapter 06 - Routing
Chapter 06 - RoutingChapter 06 - Routing
Chapter 06 - Routingphanleson
 
6 network devices
6 network devices6 network devices
6 network devicesMuuluu
 
CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5Nil Menon
 
CCNA Network Services
CCNA Network ServicesCCNA Network Services
CCNA Network ServicesDsunte Wilson
 

Viewers also liked (20)

DCI - Marcada para janeiro, implantação do bloco k pode ser adiada mais uma vez
DCI - Marcada para janeiro, implantação do bloco k pode ser adiada mais uma vezDCI - Marcada para janeiro, implantação do bloco k pode ser adiada mais uma vez
DCI - Marcada para janeiro, implantação do bloco k pode ser adiada mais uma vez
 
eTwinning - Diferences Routers and switch
eTwinning - Diferences Routers and switcheTwinning - Diferences Routers and switch
eTwinning - Diferences Routers and switch
 
Ccna1v3.1 mod02
Ccna1v3.1 mod02 Ccna1v3.1 mod02
Ccna1v3.1 mod02
 
Networking Course in bangalore | CCNA training Institute
Networking Course in bangalore | CCNA training InstituteNetworking Course in bangalore | CCNA training Institute
Networking Course in bangalore | CCNA training Institute
 
Day 8 1 introducing routing n
Day 8 1 introducing routing nDay 8 1 introducing routing n
Day 8 1 introducing routing n
 
Unit i data structure FYCS MUMBAI UNIVERSITY SEM II
Unit i data structure FYCS MUMBAI UNIVERSITY SEM II Unit i data structure FYCS MUMBAI UNIVERSITY SEM II
Unit i data structure FYCS MUMBAI UNIVERSITY SEM II
 
enterprise network design architecture
enterprise network design architectureenterprise network design architecture
enterprise network design architecture
 
A primer on network devices
A primer on network devicesA primer on network devices
A primer on network devices
 
networking device router,switches & bridges
networking device router,switches & bridgesnetworking device router,switches & bridges
networking device router,switches & bridges
 
static and dynamic routing
static and dynamic routingstatic and dynamic routing
static and dynamic routing
 
Dynamic routing
Dynamic routingDynamic routing
Dynamic routing
 
Dynamic Routing
Dynamic RoutingDynamic Routing
Dynamic Routing
 
Networking Devices and Networking Topologies
Networking Devices and Networking TopologiesNetworking Devices and Networking Topologies
Networking Devices and Networking Topologies
 
Ccna exploration network fundamentals
Ccna exploration network fundamentalsCcna exploration network fundamentals
Ccna exploration network fundamentals
 
Types of computer network
Types of computer networkTypes of computer network
Types of computer network
 
Chapter 06 - Routing
Chapter 06 - RoutingChapter 06 - Routing
Chapter 06 - Routing
 
6 network devices
6 network devices6 network devices
6 network devices
 
CCNA Access Lists
CCNA Access ListsCCNA Access Lists
CCNA Access Lists
 
CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5
 
CCNA Network Services
CCNA Network ServicesCCNA Network Services
CCNA Network Services
 

Similar to Enterprise Network Design and Deployment

Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentationlaonap166
 
Security: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionSecurity: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionAmazon Web Services
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityHecrocro
 
ISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptxISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptxYaser330700
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
Ch13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security DevicesCh13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security Devicesphanleson
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkRobb Boyd
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Cisco Connect 2018 Thailand - Software defined access a transformational appr...
Cisco Connect 2018 Thailand - Software defined access a transformational appr...Cisco Connect 2018 Thailand - Software defined access a transformational appr...
Cisco Connect 2018 Thailand - Software defined access a transformational appr...NetworkCollaborators
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
From Cisco ACS to ISE
From Cisco ACS to ISE From Cisco ACS to ISE
From Cisco ACS to ISE Mahzad Zahedi
 
Monitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs MarsMonitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs Marsamit_monty
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...NetworkCollaborators
 

Similar to Enterprise Network Design and Deployment (20)

Firewall
FirewallFirewall
Firewall
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentation
 
Security: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionSecurity: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud Adoption
 
Pass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network SecurityPass4sure 640-554 Cisco IOS Network Security
Pass4sure 640-554 Cisco IOS Network Security
 
ISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptxISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptx
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
 
Fire walls
Fire wallsFire walls
Fire walls
 
Gradution Project
Gradution ProjectGradution Project
Gradution Project
 
Ch13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security DevicesCh13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security Devices
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your Network
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Network security
Network securityNetwork security
Network security
 
Network security
Network securityNetwork security
Network security
 
Cisco Connect 2018 Thailand - Software defined access a transformational appr...
Cisco Connect 2018 Thailand - Software defined access a transformational appr...Cisco Connect 2018 Thailand - Software defined access a transformational appr...
Cisco Connect 2018 Thailand - Software defined access a transformational appr...
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
From Cisco ACS to ISE
From Cisco ACS to ISE From Cisco ACS to ISE
From Cisco ACS to ISE
 
Monitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs MarsMonitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs Mars
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 

More from Sandeep Yadav

The magic to get rid of our limitations
The magic to get rid of our limitations The magic to get rid of our limitations
The magic to get rid of our limitations Sandeep Yadav
 
Network Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for EnterprisesNetwork Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for EnterprisesSandeep Yadav
 
Truenorth - Ibm’s brain like chip
Truenorth - Ibm’s brain like chipTruenorth - Ibm’s brain like chip
Truenorth - Ibm’s brain like chipSandeep Yadav
 

More from Sandeep Yadav (6)

The magic to get rid of our limitations
The magic to get rid of our limitations The magic to get rid of our limitations
The magic to get rid of our limitations
 
Network Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for EnterprisesNetwork Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for Enterprises
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
Robo brain
Robo brainRobo brain
Robo brain
 
Truenorth - Ibm’s brain like chip
Truenorth - Ibm’s brain like chipTruenorth - Ibm’s brain like chip
Truenorth - Ibm’s brain like chip
 
Cognitive computing
Cognitive computingCognitive computing
Cognitive computing
 

Recently uploaded

Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 

Recently uploaded (20)

Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 

Enterprise Network Design and Deployment

  • 1. ISE IPS ACS JECRC University Enterprise Network Design and Deployment Sandeep Yadav 1202061074 ASA WSA WLC
  • 2. ISE Controller A centralised security solution that automates context-aware access to network resources and shares contextual data Identity Profiling and Posture Networ k Resources Who What When Where How  Compliant ll ISE Role-Based Policy Access Guest Access BYOD Access Role-Based Access (Identity Services Engine) Guest / Users
  • 5. Initial Connection using PEAP Redirection to Android Market To install provisioning utility Provisioning Using Cisco Wi-Fi Setup Assistant Change of Authorization Future Connection using EAP-TLS Android Device Provisioning
  • 6. WLC (Wireless Lan Controller) Wireless controllers centrally manage, secure, and configure access points throughout the organization. WLC
  • 7. WSA (Web Security Appliance) WWW Web Reputation Web Filtering Application Visibility and Control Webpage Parallel AV Scanning File Reputation Data Loss Prevention Advance Malware Protection Cognitive Threat Analysis It combines Advanced Malware Protection (AMP), application visibility and control (AVC), acceptable-use policies, insightful reporting. We can address the challenges of securing and controlling web traffic.
  • 8. ACS (Access Control System) • It offers central management of access policies for device administration and for wireless and wired 802.1X network access scenarios. • Receive support for two distinct protocols: RADIUS for network access control and TACACS+ for network device access control • Use multiple databases concurrently for maximum flexibility in enforcing access policy Supplicant IP Phone Endpoint Device Catalyst Switch Wireless Lan Controller Campus Network Nexus 7000 Protected Resources ACS AD
  • 9. AAA • These AAA services provide a higher degree of scalability than line-level and privileged-EXEC authentication to networking components. • Unauthorized access in campus, dialup, and Internet environments creates the potential for network intruders to gain access to sensitive network equipment services and data • Using a Cisco AAA architecture enables consistent, systematic and scalable access security Cisco provides two ways of implementing AAA services for Cisco routers, network access servers • Self-contained AAA • Cisco Secure ACS Solution Engine Authentication Authorization and Accounting
  • 10. AAA Protocols AAA Protocols TACACS+ RADIUS Layer 3 Protocols Encryption Standard Cisco Entire Body TCP/IP UDP/IP Password Only Open
  • 11. ASA (Adaptive Security Appliance) • A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. • Firewalls have been a first line of defence in network security • They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet. Internal Network L3 Switch L3 Switch L3 Switch L3 Switch Inside Outside Outside Active Firewall Standby Firewall Failover Link TrunkTrunk
  • 12. Foundational Functionality Stateful Firewalling VPN Capabilities Policy Enforcement Point for ISE Stateful Firewalling TCP Normalization TCP Intercept IP Options Inspection IP Fragmentation NAT Routing Access Control List
  • 13. VPN Capabilities Diverse Endpoint Support Split Tunneling Capabilities Mobile and non-mobile devices Cisco and Non-Cisco devices Corporate and Sensitive info Personal and Generic info
  • 14. IPS (Intrusion Prevention System) Intrusion prevention system is intended to prevent malicious events from occurring by preventing attacks as they are happening. There are a number of different attack types that can be prevented using an IPS including (among others): • Denial of Service • Distributed Denial of Service • Exploits (Various types) • Worms • Viruses Edge Device Firewall DMZ Inside IPS 2 IPS 1 Web Servers Application Database
  • 15. Priority 1 Priority 2 Priority 3 Automatically correlates information from intrusion events with network assets to prioritize threat investigation Protects the Network more effectively
  • 16. Blended Threats and attacks coming through multiple vectors are quickly identified Protects the Network more effectively