Sigurnost i nadzor mrežnih rješenja u. Boris Senker, CCSP Mrežne tehnologije VERSO d.o.o. Ekspert za mrežne tehnologije

Transcription

1 Sigurnost i nadzor mrežnih rješenja u hotelijerstvu Boris Senker, CCSP Mrežne tehnologije VERSO d.o.o. Ekspert za mrežne tehnologije

2 Technologies Involved Data Centers and Applications Web Applications and Web Traffic Secure Payment Services LAN WAN Wireless Networks Multicast Networks Unified Communications

3 Cisco ASA 5500 Series Adaptive Security Appliances Overview

4 Cisco ASA 5500 Adaptive Security Appliances Delivering Leading Threat Defense and VPN Services Provides Converged Threat Defense, Flexible Secure Connectivity, Minimized Operation Costs, and Unique Adaptive Design to Combat Future Threats Market-Leading Firewall Services Integrates and extends the #1 deployed firewall technology from Cisco PIX Security Appliances Built upon the experience of over one million PIX deployed worldwide and 10+ years of innovation Market-Leading IPS Services Integrates and extends the #1 deployed IPS and IDS technology from the Cisco IPS 4200 Series Provides comprehensive security from directed attacks and many other threats Market-Leading VPN Services Integrates and extends the #1 deployed remote access VPN technology from Cisco VPN 3000 Concentrators and Cisco PIX Security Appliances, offering both SSL and IPsec VPN services Market-Leading Content Security Integrates and extends the #1 deployed gateway content security technology to protect from viruses, spyware, spam, phishing, and employee productivity impacting websites Market-Leading Secure Unified Communications Comprehensive access control, threat protection, network policies, service protection and voice/video confidentiality for real-time Unified Communications traffic

5 Cisco ASA 5500 Series Adaptive Security Appliances Solutions Ranging from Desktop to Data Center Cisco ASA 5500 Platforms Integrates, market-proven firewall, SSL/IPsec, IPS, and content security technologies Extensible multi-processor architecture delivers high concurrent services performance and significant investment protection Flexible management lowers cost of ownership Easy-to-use Web-based based user interface Numerous certifications and awards And much more ASA 5510 ASA 5550 ASA 5540 ASA 5520 ASA ASA ASA 5505 Teleworker Branch Office Internet Edge Campus Data Center

6 Wide-Range of Cisco ASA 5500 Series Security Service Modules (SSMs) IPS Security Services Module (AIP SSM) Content Security Services Module (CSC SSM) Provides full-featured IPS and IDS services for protection of critical network assets Available in two models: SSM-10 and SSM-20 Delivers up to 450 Mbps of IPS throughput Has thumbscrews for easy insertion/removal 10/100/1000 out-of-band management port Supported on ASA 5510, 5520, and 5540 Provides full-featured Anti-X services (anti-virus, anti-spyware, anti-spam, anti-phishing, URL filtering, and more) Available in two models SSM-10 and SSM-20 Anti-virus and anti-spyware services licensed by number of users, others optional add-on Supported on ASA 5510, 5520, and Port GE Services Module (4GE SSM) I/O module offers four copper 10/100/1000 ports in addition to four SFP ports for improved flexibility and network segmentation Customers can use up-to four ports total out of these eight ports, with the ability to mix and match copper and optical GE ports Supported on ASA 5510, 5520, and 5540

7 Application Inspection & Control Engines Provide Control over Application Usage & Network Access Application and protocol-aware inspection services provide strong application-layer security and detailed policy controls Perform conformance checking, state tracking, security checks, NAT/PAT, dynamic port allocation, and offer a wide range of controls for businesses to set application-layer policies Unified Communications SIP SCCP (Skinny) H.323 v1 4 GTP (3G Mobile Wireless MGCP TRP/RTCP/RTSP TAPI/JTAPI Over 30 Engine s Core Internet Protocols Database/OS Services ILS/LDAP Oracle/SQL*Net (V1/V2) Microsoft RPC/DCE RPC Microsoft Networking NFS RSH SunRPC/NIS+ X Windows (XDMCP) Specific Applications Microsoft Windows Messenger Microsoft NetMeeting Real Player Cisco IP Phones Cisco Softphones HTTP FTP TFTP SMTP/ESMTP DNS/EDNS ICMP TCP UDP Security Services IKE IPSec PPTP

8 Cisco IPS Offers Multi-Vector Threat Identification Delivers Broad Attack and Malware Protection Spyware/Adware Prevents installation of malware and blocks phone home communications Frees network bandwidth and controls the transmission of confidential data Network Worms & Viruses Stops the infection and propagation of malware Leverages internal development and partnership with Trend Micro Directed Attacks Controls corporate espionage Stops web defacing by preventing web attacks Prevents zombie, backdoor, and bot placement thus stopping automated attacks (e.g., denial of service (DoS) Traffic Cleansing Removes traffic ambiguities such as overwritten fragments, TCP segment overwrites, TTL discrepancies Simulates end host behavior to increase inspection accuracy

9 Content Security in the Cisco ASA 5500 Series Introducing the Content Security and Control Security Services Modules Comprehensive content security services on a single module Incorporates security technology from Trend Micro s award-winning InterScan VirusWall suite Seamless management and monitoring through Cisco ASDM, multi-device management with Trend TMCM Enables a single-box solution for all the needs of the SMB

10 Cisco ASA 5500 Content Security Delivering Comprehensive Protection and Control Threat Types Cisco ASA 5500 with CSC-SSM Protection NEW Anti-X Service Extensions Unauthorized Access Intrusions and Attacks Insecure Comms. Viruses Spyware Malware Phishing Spam Inappropriate URLs Identity Theft Offensive Content Granular Policy Controls Comprehensive Malware Protection Advanced Content Filtering Integrated Message Security Easy to Use Resource and Information Access Protection Hacker Protection Client Protection DDoS Protection Protected Communication Protected Web Browsing Protected File Exchange Unwanted Visitor Control Audit and Regulatory Assistance Non-work Related Web Sites Identity Protection

11 Comprehensive Secure Connectivity VPN Services for Any Access Scenario Client-based SSL or IPSec VPN Company Managed Desktop Partner Access Clientless SSL VPN Requires locked-down access to specific extranet resources and applications Remote access users require seamless, easy to use, access to corporate network resources Public Internet Clientless SSL VPN ASA 5500 Client-based SSL or IPSec VPN Public Kiosk Remote users may require lightweight access to and web-based applications from a public machine Company Managed Desktops at Home Day extenders and mobile employees require consistent LAN-like, full-network access, to corporate resources and applications

12 Innovative Security for Unified Communications Protect Cisco Communication Manager and IP Phones Protection Against Attacks On Unified Communications Call Control, Endpoints And Applications Cisco Security Agent (CSA) Cisco ASA with SSL VPN Cisco ASA with IPS and VPN Internet Cisco ASA with VPN WAN Ensure SIP, SCCP, H.323, MGCP requests conform to standards Prevent inappropriate SIP Methods from being sent to Communication Manager Network Rate Limit SIP Requests Policy enforcement of calls (whitelist, blacklist, caller/called party, SIP URI) Dynamic port opening for Cisco applications Enable only registered phones to make calls Enable inspection of encrypted phone calls

13 Integrated Services Routers

14 Choosing the Integrated Security Platform Preference for dedicated security devices LAN interfaces Adaptive Security Appliance Delivers latest threat mitigation innovations Most feature rich remote access VPN solution Dedicated functions ensure maximum software versioning simplicity Integrated Services Routers Preference for and familiarity with IOS-based devices LAN and WAN interfaces Delivers best of breed routing and QoS functionality Consolidates maximum network and security functions on single platform Most feature rich site-to-site VPN solution Leverage existing router investment

15 Cisco IOS Firewall Overview Stateful firewall: Full Layer 3 through 7 deep packet inspection Flexible embedded application layer gateway (ALG): Dynamic protocol and application engines for seamless granular control Application inspection and control: Visibility into both control and data channels to help ensure protocol and application conformance Virtual firewall: Separation between virtual contexts, addressing overlapping IP addresses Intuitive GUI management: Easy policy setup and refinement with SDM and CSM Resiliency: High availability for users and applications with stateful firewall failover WAN interfaces: Most WAN and LAN interfaces

16 Cisco IOS Firewall Benefits Integrated perimeter and branch defense using proven Cisco IOS Software routing, quality-of-service (QoS), voice, and wireless technologies Low total cost of ownership (TCO) through integration of firewall, IPS, and other security features on a popular networking platform Protection against network and application layer exploits and threats such as denial-of-service (DoS) attacks Compliance with requirements such as PCI, Sarbanes-Oxley, and HIPAA Ease of management and deployment Numerous WAN interface and density options on Cisco routers Green technology reduced power consumption and footprint because the existing router is used

17 Cisco IOS Intrusion Prevention (IPS) Distributed Defense Against Worms and Attacks Cisco IOS IPS stops attacks at the entry point, conserves WAN bandwidth, and protects the router and remote network from DoS attacks Integrated form factor makes it cost-effective and viable to deploy IPS in small and medium business and enterprise branch/telecommuter sites Supports a fully customizable subset of signatures sharing the same signature database available with Cisco IPS sensors and modules Allows custom signature sets and actions to react quickly to new threats

18 Intrusion Prevention System (IPS) Modules Advanced Integration Module and Network Module

19 Comparison: Cisco IOS IPS and Cisco IPS AIM

20 Intrusion Detection/Prevention Solutions

21 Cisco IPS Product Portfolio

22 Security Management Solutions

23 Cisco ASA 5500 Management Solutions Provide Scalable, Cost Optimized Options for Businesses Integrated Remote Management Capabilities ASA Adaptive Security Device Manager (ASDM) Intrusion Prevention IPS Device Manager (IDM), IPS Security Manager Express ISR- Security Device Manager (SDM) Cisco Security Manager (CS-Manager) Scalable management solution for wide range of Cisco security solutions including routers, switches, blades, and appliances Delivers centralized management of firewall, VPN, IPS/IDS, networking, and other services via flexible user interface Supports device grouping for simplified policy maintenance Provides role-based admin access and workflow capabilities Available on Windows (Linux version coming) Cisco Monitoring and Response Solution (CS-MARS) Family of high performance appliances designed to provide automated analysis of security event information to help identify, manage, and counter attacks Supports getting events from wide range of Cisco and 3 rd party solutions and also analyzes NetFlow for additional intelligence Offers event correlation, visualization, rules engine, and reporting

24 Cisco Security Manager Integrated Security Configuration Management State-of-the-art user interface Multiple views to suit administrator preferences Device, policy, and topology views Unified management of multiple security services Firewall, VPN, and intrusion prevention system (IPS) Supports Cisco Integrated Services Routers, ASA, PIX, IPS Sensors, and Catalyst Service Modules

25 Cisco Security Monitoring, Analysis and Response System (MARS) Cisco Security MARS Know the battlefield :Mitigation and response turnkey system Gain network intelligenceuse the network you have; correlate router s NetFlow (WAN data) with firewall, intrusion detection system (IDS), and switch databuild topology and traffic-flow model Know device configuration and enforcement abilities ContextCorrelation Correlates, reduces, and categorizes events and validates incidents Allows for responsevalid

26 Q&A