You are on page 1of 56

Secure Enterprise Design

BRKSEC-2000

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2

© 2008, Cisco Systems, Inc. All rights reserved. 1
14339_04_2008_c1.scr
Agenda

ƒ Basic Security Principles
Network Security Is a System
Everything Is a Potential Target and Weapon
Strive for Operational Simplicity
Security Through Obscurity Is Not Secure
Confidentiality Is Not the Same as Security

ƒ Enterprise Security Policy Design
ƒ Design Principles
ƒ Case Study/Example
ƒ Conclusion
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3

Network Security Is a System

ƒ Firewall + AV ≠ Network Security
ƒ Network security is not something you can just buy
Technology will assist
Policy, Operations, and Design are more important

ƒ Network security system:
A collection of network-connected devices, technologies,
and best practices that work in complementary ways to
provide security to information assets

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4

© 2008, Cisco Systems, Inc. All rights reserved. 2
14339_04_2008_c1.scr
Cisco Self-Defending Network

Integrated Collaborative Adaptive
Enabling every Collaboration among Proactive security
element to be a point the services and technologies that
of defense and policy devices throughout automatically prevent
enforcement the network to thwart threats
attacks

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5

Evolution of Security Challenges
Target and Damage

GLOBAL Seconds
Infrastructure
Impact Next Gen

REGIONAL
Networks Minutes
3rd Gen
MULTIPLE Days
Networks

Weeks 2nd Gen
INDIVIDUAL
Networks 1st Gen

INDIVIDUAL
Computer
1980s 1990s Today Future
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6

© 2008, Cisco Systems, Inc. All rights reserved. 3
14339_04_2008_c1.scr
Evolution of Security Challenges

Broad Outbreaks Targeted Attacks
ƒ Broad Scope ƒ Narrow scope
ƒ IT Burden ƒ Business Loss
ƒ User Challenges ƒ User Transparent
But… But…
ƒ Require Automated Processes ƒ Nearly invisible
ƒ User Self-reliance ƒ Little user knowledge

Productivity Impact Potential Damage
Intrusion Prevention
Anti-Virus
Behavioral Analysis
L3/L4 Firewall
App Gateway
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7

Simple Real-World Example: Virus/Worm
What Devices Assist in Stopping Attacks?
ƒ IPS (host/network, anomaly/signature-based)
ƒ Antivirus (host/network)

Traditional stateful firewalls do little to stem the tide

WWW SMTP

AV
HIPS
Internal
Host AV
Internet
WAN
Stateful
Router
Firewall
Internet Campus
Network
ISP Anomaly NIPS
Router Detection
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8

© 2008, Cisco Systems, Inc. All rights reserved. 4
14339_04_2008_c1.scr
Anything Is a Potential Target or Weapon

ƒ Hosts are preferred target for worms and viruses
Large number of attacks target user hosts
Compromised hosts become launch points (botnets)

ƒ But there are other high-value alternative targets:
Infrastructure devices: routers, switches
Support services: DHCP servers, DNS servers
Endpoints: management stations, IP phones
Infrastructure: network capacity
Security devices: IDS/IPS

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9

For Example
How Can a Router Be a Weapon?
ƒ Disable interfaces = DoS
ƒ Change ACLs = change access policy and DoS
ƒ Alter routing tables = change access policy and DoS
ƒ Packet generator = DoS
ƒ Serve false addresses = DoS and
Man-in-the-Middle (MitM)

Internet LAN

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10

© 2008, Cisco Systems, Inc. All rights reserved. 5
14339_04_2008_c1.scr
For Example
How Can an IDS/IPS Be a Weapon?
ƒ If shunning is implemented (not recommended):
ƒ You can spoof attack signature from root nameservers
ƒ This will cause the IDS/IPS to shun rootservers
ƒ Target will slowly lose reachability to the internet
over time

Internet LAN

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11

Strive for Operational Simplicity

ƒ Network ops is critical to security system design
How will your system hold up under attack?
Do you have the tools you need to respond effectively?

ƒ Good management tools
Ensure manageability when under attack
Excellent visibility of threats

ƒ Good operational processes
Ensure late night changes won’t cripple security
Monitor tools, respond to threats

ƒ Operational simplicity helps reduce down time

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12

© 2008, Cisco Systems, Inc. All rights reserved. 6
14339_04_2008_c1.scr
Aggregation vs. Segmentation
NIPS
VPN GW

Extranet
Server
SSL FW Router Extranet
Offload Client

Which meets your
business needs?

Extranet Extranet
Server Client
Security-Enabled Switch
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13

Security Through Obscurity “Isn’t”

ƒ Too many secrets is bad for security
Good crypto algorithms are secure because they are public
The only “secret” is the key itself

ƒ Security design should follow the same principles
Avoid security relying on secrets
(i.e., running insecure web servers on obscure TCP ports,
hiding your FW manufacturer, etc.)

ƒ However, don’t advertise details of your security
(if obscurity is low cost…use it)
Security shouldn’t be affected by publication of your security
architecture, but don’t post Visio drawings on your website

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14

© 2008, Cisco Systems, Inc. All rights reserved. 7
14339_04_2008_c1.scr
Confidentiality Is Not the Same
as Security
ƒ What is confidentiality?
Protecting information to ensure it is only disclosed to authorized audiences
ƒ What is security?
Protecting systems, resources, information from unintended and unauthorized
access or misuse
ƒ Example: encrypted e-commerce with partners and customers
E-commerce data is “protected” by SSL Encryption
Compromised endpoint attacks server through SSL connection
NIPS and Firewalls can not see attack
HIPS, PVLANs, and host security required to protect servers
SSL

Customer
Internet
E-Comm
Svr
Mail Svr
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15

Agenda

ƒ Basic Security Principles
ƒ Policy Design Process
Overall Lifecycle
Business Goals and Risk Analysis
Open vs. Closed Policies
Security Is Not an Add-On

ƒ Design Principles
ƒ Best Practice Designs
ƒ Case Studies
ƒ Conclusion
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16

© 2008, Cisco Systems, Inc. All rights reserved. 8
14339_04_2008_c1.scr
Overall Security Lifecycle
A Security System Is One Part of a System Lifecycle
ƒ Business needs
What does your organization
want to do with the network? Business Risk
Needs Analysis
ƒ Risk analysis
What is the risk and cost balance?
ƒ Security policy Security Policy
Define policies, standards,
guidelines to address business Policies, Guidelines, Standards
needs and risk?
ƒ Industry best practices
Industry
Use reliable, well-understood, Security
and recommended security Best
System
best practices? Practices
ƒ Security operations
Incident response, monitoring, Security Operations
maintaining, and compliance Incident Res, Monandmaint,
auditing Comply Audit

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17

Formulating a Security Policy

Business Risk
Requirements Analysis

Regulatory Cost
Requirements Analysis

Security Policy

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18

© 2008, Cisco Systems, Inc. All rights reserved. 9
14339_04_2008_c1.scr
Business Goals and Risk Analysis

ƒ Effective security policies require clear understanding
of business goals and good risk analysis
ƒ Business needs often come first
Your business shouldn’t halt due to security concerns
Security should protect assets, and accommodate
business goals
Security often conflicts with ease of use and flexibility.

ƒ Risk analysis is understanding two key elements:
The cost/benefit of your security system
How attack techniques play out in your environment

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19

Open vs. Closed Policies

ƒ Open policy
“Yes you can, unless explicitly denied”
Popular in communal and academic environments
Generally used by service and transport providers

ƒ Closed policy
“No you can’t, unless explicitly permitted”
Popular in enterprise and business environments

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20

© 2008, Cisco Systems, Inc. All rights reserved. 10
14339_04_2008_c1.scr
Agenda

ƒ Basic Security Principles
ƒ Policy Design Process
ƒ Design Principles
General Design Principles
Mapping Technology to Security Requirements

ƒ Case Study/Example
ƒ Conclusion

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21

Domains of Trust (Zones)

1stcase.com 2ndcase.com
Internal External
Internal WAN WAN Servers

Internet
External Internet
Servers
Labs

Employees VPN
VPN
Remote Remote
Access Access
Labs Employees

Domains of Trust segment communities by policy

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22

© 2008, Cisco Systems, Inc. All rights reserved. 11
14339_04_2008_c1.scr
Purpose of Domains of Trust
ƒ Risk defines policy
Importance to the business
Likelihood of being attacked
ƒ Security Domains based on like “policy”
Network segments have different trust levels
Consistent security controls within a segment
Define trust relationships between segments
ƒ Gradient of trust differentiate domains
Trust gradient may be minor or extreme
Gradient determines security measures
ƒ Choke points control trust between segments
Commonly a network firewall or access control
ƒ Domains of trust are key to good network security design
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23

Sample Domains of Trust
Private Public

Production Lab

HQ Public Branch
ƒ Steep gradient =
high risk
ƒ Considerable
safeguards ƒ Lesser gradient =
Advanced Firewalling low risk
ƒ Considerable safeguards
Flow-based inspection ƒ Basic safeguards
between corporate and public
Misuse detection (IPS) Basic access control
Constant monitoring Casual monitoring
ƒ Protect data transiting
steep gradients
Communication security
Auth, confidentiality, integrity

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24

© 2008, Cisco Systems, Inc. All rights reserved. 12
14339_04_2008_c1.scr
Enterprise Security Zones—Logical

Mail DNS Finance

Internet Corporate
ISP DMZ Dev
Access Core

Web Ops
Apps

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25

Enterprise Security Zones—Physical

DNS Email Finance

VLAN20 VLAN21 VLAN10

Internet Trunk Trunk Dev
VLAN11

VLAN22 VLAN12

Web Ops
Apps

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26

© 2008, Cisco Systems, Inc. All rights reserved. 13
14339_04_2008_c1.scr
Agenda

ƒ Basic Security Principles
ƒ Policy Design Process
ƒ Design Principles
General Design Principles
Mapping Technology to Security Requirements

ƒ Case Study/Example
ƒ Conclusion

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27

Classic Perimeter Model

Firewall/VPN

Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28

© 2008, Cisco Systems, Inc. All rights reserved. 14
14339_04_2008_c1.scr
Cisco ASA 5500 Series Adaptive
Security Appliances
New
• Integrated firewall, SSL/IPsec, IPS, Content Security
• Multi-processor architecture for high services
performance and investment protection New
• Flexible management options ASA 5580-40
• Simple Web-based user interface
Cisco ASA 5500 Platforms

• Numerous certifications and awards ASA 5580-20
• And much more…

ASA 5550

ASA 5540

ASA 5520

ASA 5510

ASA 5505

Branch Internet Campus Data
Teleworker
Office Edge Segmentation Center
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29

Versatile Remote Application Access

ƒ SSL/VPN
AnyConnect Remote Access
Web VPN Portal Supply Partner

ƒ IPSec Branch Office

Remote Access
Site to Site
Public
Hourly Employee Internet
IPSec VPN
SSL VPN

Employee at Home

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30

© 2008, Cisco Systems, Inc. All rights reserved. 15
14339_04_2008_c1.scr
So Aren’t I Safe Already?

Firewall/VPN

Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31

6 Pillars to Shore Up Security

Firewall/VPN

Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32

© 2008, Cisco Systems, Inc. All rights reserved. 16
14339_04_2008_c1.scr
Pillar 1
Infrastructure Security

Infrastructure Firewall/VPN

Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33

Common Security Threats in the LAN
Stolen Passwords username: dan
password: grades

Network
Administrator

username: dan
password: grades Unauthorized User

Unauthorized Copying Bringing Down the Network

Confidential
Plan
Unauthorized User

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34

© 2008, Cisco Systems, Inc. All rights reserved. 17
14339_04_2008_c1.scr
Infrastructure Protection Technologies

ƒ Control Plane ƒ STP root guard
Policing (CoPP)
ƒ CLI AAA
ƒ Infrastructure ACLs
ƒ SSH
ƒ Anti-spoofing
ƒ SNMPv3
RFC2827
ƒ Rate-limiters
uRPF
Dynamic ARP inspection ƒ Resource schedulers
DHCP snooping ƒ MD5 authentication
ƒ BPDU guard

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 35

Controlling Unauthorized
Network Expansion

ƒ Problem:
Individuals can add
unauthorized devices
to network

ƒ Solution:
Port security limits
MAC addresses
allowed on network
ports to only one
device at a time

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36

© 2008, Cisco Systems, Inc. All rights reserved. 18
14339_04_2008_c1.scr
Control Plane Policing (CoPP)

ƒ Secure routers against DoS attacks
ƒ Apply QoS to processor switched packets
ƒ Divide required protocols into priority groups
Management Routing Management
ICMP IPv6 …..
SNMP, Telnet Updates SSH, SSL
Input Output
Control Plane
to the Control from the Control
Plane Plane
Control Plane Silent Mode
Policing (Prevent Recon)
(Alleviating DoS) Processor
Switched
Packets
Output Packet
Packet Buffer
Buffer
Incoming Locally
Packets Switched Packets

CEF/FIB Lookup
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37

Routing Protocol Security

ƒ Routers are prone to multiple attacks
Traffic redirection, black holes, DoS, unauthorized
prefix origination

ƒ Routers compromises can be disastrous
Hardening is critical

ƒ Prefix filtering prevents bogus advertisements
Define what routing prefixes are allowed from specific locations

ƒ Message authentication via MD5 should be done
Supported in RIPv2, OSPF, BGP, EIGRP, IS-IS
Prevents malicious and accidental attacks

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38

© 2008, Cisco Systems, Inc. All rights reserved. 19
14339_04_2008_c1.scr
Management Channel Security
OOB Mgmt Net

Servers Inband, Clear
Management
Segment Inband, Secure

OOB, Secure

Management

Users
ƒ In-band in the clear ƒ Out-of-band management
Telnet, HTTP, FTP Strongest security
TFTP, SNMPv2c Beware topology aware mngt systems

ƒ In-band secured ƒ Hybrid
SSH, SSL, IPSec, Combination of methods listed above
SNMPv3, SFTP, SCP Based on proximity, scale, device type

Always Use AAA When Possible
Protect Command and Control from Resource Starvation Attacks
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 39

Pillar 2
Network Identity

Firewall/VPN
Infrastructure

Identity

Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40

© 2008, Cisco Systems, Inc. All rights reserved. 20
14339_04_2008_c1.scr
Identity-Based Network Services
802.1x
Answering the Questions:
ƒ Who are you?
ƒ Where are you?
ƒ How are you
connected?
ƒ What can you do?

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41

Preventing Unwanted Access
Confidential
Plan

ƒ Problem:
Unauthorized users
connect to network and
Unauthorized
download confidential
User documents

ƒ Solution:
Confidential
802.1x Security Plan 802.1x with Cisco Access
Control Server (ACS)
authenticates user

Unauthorized Cisco ACS
User Server

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 42

© 2008, Cisco Systems, Inc. All rights reserved. 21
14339_04_2008_c1.scr
802.1x Protocol
802.1x
EAPoL RADIUS

Host Attempt Access RADIUS/
AAA Server
RADIUS
LAN Credential
Connectivity Assessment
Established Performed

Apply Policy to Port
Request Credentials

Send Credentials Forward Credentials to ACS Server

Accept/Reject Authentication Result

Policy Instructions
(Dynamic VLAN)

Authenticate Client to Auth Server via Extensible Authentication Protocol (EAP)
Switch is Intermediary, but aware of conversation
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43

Pillar 3
Posture Assessment

Firewall/VPN
Infrastructure

Posture
Identity

Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44

© 2008, Cisco Systems, Inc. All rights reserved. 22
14339_04_2008_c1.scr
Posture Assessment
Before Allowing Access, NAC

Recognize
Recognize
User, device, role

Enforce
Evaluate
Identify vulnerabilities

Enforce
Evaluate
Quarantine and Remediate
before network access

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45

Posture Assessment Use Cases

Managed LAN Unmanaged/
Users Guest LAN Users

Customer
Business
Issues

Wireless LAN VPN/Remote/
Users WAN Users

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46

© 2008, Cisco Systems, Inc. All rights reserved. 23
14339_04_2008_c1.scr
Posture Assessment Design

ƒ Client Traffic inline before
posture assessment
ƒ Traffic Inline or
Out-of-band after
ƒ Potential traffic controls:
Filters
Bandwidth
VLAD retag per role
User time-outs

ƒ Hubs, Access Points,
Unsupported Switches
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 47

NAC Deployment Flexibility
Border
Router Intranet

Firewall
NAC Appliance
NAC Appliance Routed or
Bridged Central Bridged Central
Deployment Switch Deployment
Switch

Core

NAC Appliance
Edge Deployment

Authentication
NAC Appliance Server
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public Manager 48

© 2008, Cisco Systems, Inc. All rights reserved. 24
14339_04_2008_c1.scr
Pillar 4
Management

Infrastructure Firewall/VPN

Management
Posture
Identity

Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49

Cisco Security Management Suite

Configuration Monitoring

Identity Analysis

Auditing Mitigation

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50

© 2008, Cisco Systems, Inc. All rights reserved. 25
14339_04_2008_c1.scr
Cisco Security Management Suite

Configuration Monitoring

Identity Analysis

Auditing Mitigation

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51

Cisco Security Manager
ƒ Manage Cisco security device configurations
Routers, ASA, FWSM, PIX, IPS
ƒ Multiple views into devices and policies
Device, Policy, Topology
ƒ Delivers policy scalability with security service management
FW, VPN, IPS management with comprehensive security
platform controls
ƒ Power tools
FlexConfig, Config diff viewer, Rule analysis, ACL hit counts
ƒ Flexible architecture for unique provisioning capabilities
Designed to support new and evolving security technologies
ƒ Integration with other value-add components
Syslog correlation with CS-MARS
BRKSEC-2000
Role-based access control (RBAC) with Cisco \ACS
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 52

© 2008, Cisco Systems, Inc. All rights reserved. 26
14339_04_2008_c1.scr
CSM: Device/Policy/Topology Views

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53

Cisco Security Management Suite

Configuration Monitoring

Identity Analysis

Auditing Mitigation

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54

© 2008, Cisco Systems, Inc. All rights reserved. 27
14339_04_2008_c1.scr
CS-MARS

ƒ Capture multiple sources of data…

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55

CS-MARS

ƒ Feed into Correlation Engine…

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56

© 2008, Cisco Systems, Inc. All rights reserved. 28
14339_04_2008_c1.scr
Critical Data Reduction

2,694,083 Events

992,511 Sessions

249 Incidents

61 High Severity
Incidents
Tremendous Data Reduction

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57

NetFlow Telemetry
Cisco Cisco and Partners Partners

Network Planning

Accounting/Billing
Router: Collector:
• Cache creation • Collection
• Data export • Filtering
• Aggregation • Aggregation
Applications:
• Storage
• File system management Data Presentation
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58

© 2008, Cisco Systems, Inc. All rights reserved. 29
14339_04_2008_c1.scr
Cisco Security Management Suite

Configuration Monitoring

Identity Analysis

Auditing Mitigation

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59

Access Control System (ACS)

ƒ Key Scenarios
Device Administration
Remote Access
Wireless and 802.1x CiscoWorks

ƒ Compliance Features
ACS AD/LDAP
Authentication policy
(e.g. require complex
password)
Authorization enforcement Posture/Audit

(e.g. network access, device
command authorization)
Audit logging
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 60

© 2008, Cisco Systems, Inc. All rights reserved. 30
14339_04_2008_c1.scr
Pillar 5
Intrusion Detection/Protection

Infrastructure Firewall/VPN

Management
Posture
Identity

IPS
Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61

Network IPS

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62

© 2008, Cisco Systems, Inc. All rights reserved. 31
14339_04_2008_c1.scr
Network-Based IDS: The Sensor

Network Link to the
Management Console

IP Address

Passive Interface
No IP Address
Monitoring the Network
Data Capture

Data Flow

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63

Network-Based IPS: The Sensor

Network Link to the
Management Console

Management Interface
IP Address

Data Flow
Transparent Interfaces
No IP Address

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64

© 2008, Cisco Systems, Inc. All rights reserved. 32
14339_04_2008_c1.scr
Distributed IPS Solutions

Signature Updates

Central Signature
File Management Cisco IPS
Appliance
Corporate
Office

WAN

Regional Office

Branch Office

Telecommuter Small Satellite Office

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 65

Accurate Prevention Technologies
Risk Rating Provides Threat Context

Event How urgent is Decision support
Severity the threat? balances attack urgency
+ with business risk
Signature How prone to
Fidelity false positive?

Attack
+
Is attack relevant to
Relevancy host being attacked?
+
Asset Value How critical is this
of Target destination host?

RISK Drives
Mitigation
RATING Policy

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 66

© 2008, Cisco Systems, Inc. All rights reserved. 33
14339_04_2008_c1.scr
Accurate Prevention Technologies
Meta Event Generator Delivers Advanced Correlation
On-box correlation allows adaptation to new threats in
real-time without user intervention

Risk Rating ƒ Links lower risk
A + B + C + D = WORM! DROP events into a high risk
Event D-
Worm meta-event, triggering
High
Stopped! prevention actions
ƒ Models attack
Event A
Event B
Event D Behavior by
Medium
Correlating:
Event type
Event C
Low Time span

Time: 0 2 4 6 8 10
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67

Host Based IPS

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68

© 2008, Cisco Systems, Inc. All rights reserved. 34
14339_04_2008_c1.scr
Behavioral Host Intrusion Prevention
ƒ Intercept OS calls
ƒ Invokes allow/deny
response
ƒ Monitor system calls:
File system
Network
Registry
Execution

ƒ “Zero Update” architecture

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 69

Malicious Behavior
• Ping addresses 0Rapidly mutating
• Scan ports 0Continual
• Guess passwords signature
• Guess mail users updates
• Mail attachments 0Inaccurate
• Buffer overflows
Probe • ActiveX controls
1 • Network installs
• Compressed messages
2 Penetrate • Backdoors
Target 3 Persist • Create new files
• Modify existing files
4 Propagate • Weaken registry
5 • Mail copy of attack security settings
Paralyze • Install new services
• Web connection
• IRC • Register trap doors
• Delete files • FTP
• Modify files • Infect file shares
• Drill security hole 0Most damaging
• Crash computer
• Denial of service
9 Changes very slowly
• Steal secrets 9 Inspiration for the
CSA solution
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 70

© 2008, Cisco Systems, Inc. All rights reserved. 35
14339_04_2008_c1.scr
CSA in Action: Protection Against Zotob
and Variants (B through G)

TCP/445 via
Null session
Buffer Overflow
against uPNP service

Executable in System folder
Modifies registry and HOSTS
Downloads files via TFTP
Connects to IRC

Starts Command shell for FTP, TFTP 1171
300 threads scan for other systems to infect

Deletes registry keys and files
Terminates processes

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 71

Pillar 6
Application Security

Firewall/VPN
Infrastructure

Management

Application
Posture
Identity

IPS

Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 72

© 2008, Cisco Systems, Inc. All rights reserved. 36
14339_04_2008_c1.scr
IronPort Perimeter Security Appliances

Internet
IronPort
SenderBase

EMAIL WEB
Security Security
Appliance Appliance

Security
MANAGEMENT
Appliance

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 73

IronPort SenderBase®
Data Makes the Difference
150 Parameters
Threat Prevention in Realtime
• Complaint Reports
• Spam Traps
• Message
Composition Data
• Global Volume Data
• URL Lists SenderBase Data Analysis/ SenderBase
Data Security Modeling Reputation Scores
• Compromised
Host Lists -10 to +10
• Web Crawlers
• IP Blacklists
& Whitelists
• Additional Data

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 74

© 2008, Cisco Systems, Inc. All rights reserved. 37
14339_04_2008_c1.scr
IronPort Reputation Filters Stop
80% of Hostile Mail at the Door…

ƒ Known good
is delivered

Reputation Anti-Spam ƒ Suspicious is
Filtering Engine throttled &
spam filtered
Incoming Mail
Good, Bad, and “Grey” ƒ Known bad is
or Unknown Email deleted/tagged

ƒ IronPort uses identity and reputation to apply policy
ƒ Sophisticated response to sophisticated threats

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 75

Web Traffic: Clear and Present Risks
The Circle of Risk

Malware & 35-40% of Web usage is
AUP violations non-business related
(Source: IDC Research)

Web
Traffic

75%+ of enterprises infected
with spyware & malware
(Source: IDC Research)

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 76

© 2008, Cisco Systems, Inc. All rights reserved. 38
14339_04_2008_c1.scr
Web Traffic
The Long Tail Gets Longer

“Big Head + Long Tail”
• ~110 Million sites
• ~10–12 Billion Web Pages
50%
Predictable traffic, • Growing at 35–40% annually
well known domains
Traffic Volume

50%
Growing fast,
Big harbors spyware
Head
& malware
Long Tail

# of Sites
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 77

IronPort S-Series
Addressing the Entire Spectrum of Web Traffic

Solution:
AUP URL Filtering
Traffic Volume

Solution:
IronPort Web Reputation Filters
Big Signature-based Anti-Malware
Head Protection
Long Tail

# of Sites
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 78

© 2008, Cisco Systems, Inc. All rights reserved. 39
14339_04_2008_c1.scr
Closing the Application-Network Gap
ƒ Deploy
Service Virtualization
Mainframe Connectivity
Application Infrastructure
ƒ Secure
XML Firewall and DoS
Access Control Integration
Problem Diagnosis/SLA
Management
Rich Enterprise Policy Mgt
ƒ Scale
Application Aware Load Balancing
Bandwidth Compression
XML Processing Offload
Network Infrastructure

Simplify, Secure and Scale Web Services Deployment
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 79

Firewall/VPN
Infrastructure

Management

Application
Posture
Identity

IPS

Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 80

© 2008, Cisco Systems, Inc. All rights reserved. 40
14339_04_2008_c1.scr
Agenda

ƒ Basic Security Principles
ƒ Policy Design Process
ƒ Design Principles
ƒ Best Practice Designs
Internet Edge
Campus
Data Center

ƒ Case Study/Example
ƒ Conclusion

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 81

Enterprise Network
End Points

Si Si Si Si Si Si

Si Si

Si Si
Si Si
Si Si

WAN Data Center Internet

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 82

© 2008, Cisco Systems, Inc. All rights reserved. 41
14339_04_2008_c1.scr
What Needs to Be Applied?

ƒ Access control and identity:
At trust domain perimeters
In front of endpoints or resources
ƒ Threat detection and mitigation:
Throughout the network and in front of key high-value assets
ƒ Infrastructure protection:
On all infrastructure devices
ƒ Application security:
In front of key high-value application resources
ƒ Security management:
Throughout the network, to all devices
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 83

Agenda

ƒ Basic Security Principles
ƒ Policy Design Process
ƒ Design Principles
ƒ Best Practice Designs
Internet Edge
Campus
Data Center

ƒ Case Study/Example
ƒ Conclusion

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 84

© 2008, Cisco Systems, Inc. All rights reserved. 42
14339_04_2008_c1.scr
Enterprise Internet Edge
VPN
ƒ ASA5500
Dist
Firewall
ƒ Firewall Services Module
ƒ ASA5500
DMZ ƒ IOS Firewall

Firewall/VPN

Infrastructure

Management

Application
Posture
Identity

IPS
Internet

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 85

Enterprise Internet Edge
Infrastructure
ƒ SNMP v3 – All
Dist
ƒ AAA – All
ƒ CoPP – All
ƒ SSH – All
DMZ ƒ RFC2827 – All
ƒ IGP/EGP MD5 – All

Firewall/VPN
Infrastructure

Management

Application
Posture
Identity

IPS

Internet

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 86

© 2008, Cisco Systems, Inc. All rights reserved. 43
14339_04_2008_c1.scr
Enterprise Internet Edge
Posture
ƒ NAC appliance
Dist
Identity
ƒ AAA
VPN
Proxy Authentication
DMZ

Firewall/VPN

Infrastructure

Management

Application
Posture
Identity

IPS
Internet

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 87

Enterprise Internet Edge
Management
ƒ SDEE
Dist
ƒ NetFlow
ƒ Syslog – All
ƒ SNMPv3 – All
DMZ ƒ SSH – All

Firewall/VPN
Infrastructure

Management

Application
Posture
Identity

IPS

Internet

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 88

© 2008, Cisco Systems, Inc. All rights reserved. 44
14339_04_2008_c1.scr
Enterprise Internet Edge
IPS
ƒ IPS 4200
Dist
ƒ Integrated IPS
ƒ CSA

DMZ

Firewall/VPN

Infrastructure

Management

Application
Posture
Identity

IPS
Internet

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 89

Enterprise Internet Edge
Application
ƒ Ironport C Series
Dist
ƒ Ironport S Series
ƒ Ace XML Gateway

DMZ

Firewall/VPN
Infrastructure

Management

Application
Posture
Identity

IPS

Internet

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 90

© 2008, Cisco Systems, Inc. All rights reserved. 45
14339_04_2008_c1.scr
Agenda

ƒ Basic Security Principles
ƒ Policy Design Process
ƒ Design Principles
ƒ Best Practice Designs
Internet Edge
Campus
Data Center

ƒ Case Study/Example
ƒ Conclusion

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 91

Enterprise Campus Network
Firewall

Access
ƒ ACLs
ƒ Firewall Services Module

Si Si
Dist

Core Firewall/VPN
Si Si
Infrastructure

Management

Application
Posture
Identity

IPS

Mngt

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 92

© 2008, Cisco Systems, Inc. All rights reserved. 46
14339_04_2008_c1.scr
Enterprise Campus Network
Infrastructure
ƒ L2 security features
Access
ƒ AAA – All
ƒ SSH – All
ƒ SNMP v3 – All
Dist
Si Si
ƒ CoPP
ƒ uRPF
ƒ IGP/EGP MD5
Core Firewall/VPN
Si Si

Infrastructure

Management

Application
Posture
Identity

IPS
Mngt

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 93

Enterprise Campus Network
Identity

Access
ƒ 802.1x
ƒ NAC Appliance
Posture
Si Si
ƒ NAC Appliance
Dist

Core Firewall/VPN
Si Si
Infrastructure

Management

Application
Posture
Identity

IPS

Mngt

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 94

© 2008, Cisco Systems, Inc. All rights reserved. 47
14339_04_2008_c1.scr
Enterprise Campus Network
Management

Access
ƒ Syslog – All
ƒ Netflow – All
ƒ SNMPv3 – All
Si Si
ƒ MARS
Dist
ƒ CSM
ƒ NAC Manager

Core Firewall/VPN
Si Si

Infrastructure

Management

Application
Posture
Identity

IPS
Mngt

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 95

Enterprise Campus Network
IPS

Access
ƒ CSA
ƒ IPS 4200

Si Si
Dist

Core Firewall/VPN
Si Si
Infrastructure

Management

Application
Posture
Identity

IPS

Mngt

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 96

© 2008, Cisco Systems, Inc. All rights reserved. 48
14339_04_2008_c1.scr
Agenda

ƒ Basic Security Principles
ƒ Policy Design Process
ƒ Design Principles
ƒ Best Practice Designs
Internet Edge
Campus
Data Center

ƒ Case Study/Example
ƒ Conclusion

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 97

Enterprise Datacenter Network
Firewall
Si Si ƒ Firewall Services Module
Core
ƒ ACLs
ƒ WAAS
ƒ ACE

Agg

Firewall/VPN

Core
Infrastructure

Access
Management

Application
Posture
Identity

IPS

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 98

© 2008, Cisco Systems, Inc. All rights reserved. 49
14339_04_2008_c1.scr
Enterprise Datacenter Network
Infrastructure
Si Si ƒ CoPP
Core ƒ uRPF
ƒ IGP/EGP MD5
ƒ AAA – All
ƒ SNMP v3 – All
Agg ƒ SSH – All
ƒ L2 security features
Firewall/VPN

Core

Infrastructure
Access

Management

Application
Posture
Identity

IPS
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 99

Enterprise Datacenter Network
Management
Si Si ƒ NetFlow
Core
ƒ Syslog – All
ƒ SNMPv3 – All
ƒ MARS

Agg

Firewall/VPN

Core
Infrastructure

Access
Management

Application
Posture
Identity

IPS

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 100

© 2008, Cisco Systems, Inc. All rights reserved. 50
14339_04_2008_c1.scr
Enterprise Datacenter Network
IPS
Si Si ƒ IPS 4200
Core
ƒ CSA

Agg

Firewall/VPN

Core

Infrastructure
Access

Management

Application
Posture
Identity

IPS
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 101

Enterprise Datacenter Network
Application
Si Si ƒ Ace XML Gateway
Core

Agg

Firewall/VPN

Core
Infrastructure

Access
Management

Application
Posture
Identity

IPS

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 102

© 2008, Cisco Systems, Inc. All rights reserved. 51
14339_04_2008_c1.scr
Agenda

ƒ Basic Security Principles
ƒ Policy Design Process
ƒ Design Principles
ƒ Best Practice Designs
ƒ Case Studies/Examples
Educational Environment Campus
Financial Environment Campus
Manufacturing Environment Campus

ƒ Conclusion

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 103

Campus Case Study: Educational
NAC Role
Assignment
ƒ Little control of endpoint posture
ƒ Must provide access to various
L2 platforms
Core
Access Security ƒ Must control rogue network devices

ACLs ƒ Firewall/VPN
FWSM
ƒ Infrastructure
Dist IPSM ƒ Identity
MD5
NetFlow, ƒ Posture
Syslog, ƒ Management
SNMPv3
ƒ IPS
Core Firewall/VPN

Si Si
Infrastructure

Management

Application
Posture
Identity

IPS

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 104

© 2008, Cisco Systems, Inc. All rights reserved. 52
14339_04_2008_c1.scr
Campus Case Study: Financial
NAC Role/
CSA
Posture
ƒ Full control of endpoint posture
L2 ƒ Mixed endpoint platforms
Security
Core
Access ƒ Regulatory concerns

ACLs
ƒ Firewall/VPN
FWSM
ƒ Infrastructure
Dist IPSM
MD5 ƒ Identity
NetFlow,
Syslog, ƒ Posture
SNMPv3 ƒ Management
Core ƒ IPS Firewall/VPN

Si Si

Infrastructure

Management

Application
Posture
Identity

IPS
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 105

Campus Case Study: Manufacturing
NAC Role/
Profiler
ƒ Full control of endpoint posture
L2 ƒ Support “dumb” endpoints (e.g..
Security manufacturing equipment/robots)
Core
Access
ƒ Mixed endpoint platforms
NAC
Appliance ACLs
FWSM ƒ Firewall/VPN
ƒ Infrastructure
Dist IPSM
MD5 ƒ Identity
NetFlow,
Syslog, ƒ Posture
SNMPv3
ƒ Management
Core ƒ IPS Firewall/VPN

Si Si
Infrastructure

Management

Application
Posture
Identity

IPS

BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 106

© 2008, Cisco Systems, Inc. All rights reserved. 53
14339_04_2008_c1.scr
Conclusion

ƒ Summary
Network security is a system
Must incorporate business needs, security policy, best
practices, risk analysis

ƒ Food for thought
Sample designs are a useful start, but every network is unique
New technologies may enhance security, but best practices
take time to develop
Thoroughly understand the problems
Fully understand how available tools work
Apply the tools as necessary

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 107

Related Sessions
ƒ Identity and Access Control
SEC-2005 Deploying 802.1X
SEC-2007 Deploying Cisco IOS Security
SEC-2020 Firewall Design and Deployment
SEC-2041 Deploying Cisco Network Admission Control Appliance
ƒ Infrastructure Protection
SEC-2002 Understanding and Preventing Layer 2 Attacks
SEC-2101 Service Provider and Large Network Core Infrastructure Best Practices
SEC-2105 Router Security Strategies: Securing IP Network Traffic Planes
ƒ Threat Detection and Mitigation
SEC-2030 Deploying Network-Based Intrusion Prevention Systems
SEC-2031 Understanding Host-Based Threat Mitigation Techniques
ƒ Security Management
SEC-2006 Inside the Perimeter: 6 Steps to Improving your Security Monitoring
SEC-2009 Cisco Security Manager (CSM) and CS-MARS Integration and Deployment
SEC-3009 Operational firewall and IPS management using CSM and MARS

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 108

© 2008, Cisco Systems, Inc. All rights reserved. 54
14339_04_2008_c1.scr
Q and A

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 109

Recommended Reading

ƒ Continue your Cisco Live
learning experience with further
reading from Cisco Press
ƒ Check the Recommended
Reading flyer for suggested
books

Available Onsite at the Cisco Company Store
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 110

© 2008, Cisco Systems, Inc. All rights reserved. 55
14339_04_2008_c1.scr
Complete Your Online
Session Evaluation
ƒ Give us your feedback and you could win Don’t forget to activate
fabulous prizes. Winners announced daily. your Cisco Live virtual
account for access to
ƒ Receive 20 Passport points for each session all session material
evaluation you complete. on-demand and return
for our live virtual event
ƒ Complete your session evaluation online now in October 2008.
(open a browser through our wireless network Go to the Collaboration
to access our portal) or visit one of the Internet Zone in World of
stations throughout the Convention Center. Solutions or visit
www.cisco-live.com.

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 111

BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 112

© 2008, Cisco Systems, Inc. All rights reserved. 56
14339_04_2008_c1.scr