Network as a Sensor and Enforcer. Matthew Robertson - Technical Marketing Engineer
|
|
- Mariah Johnson
- 7 years ago
- Views:
Transcription
1
2 Network as a Sensor and Enforcer Matthew Robertson - Technical Marketing Engineer
3 Why are we here today?
4 Managing the Insider Threat
5 Insider Threats
6 About This Session: Building Security into the Network THIS SESSION: Bringing it all together Identity Services Engine StealthWatch Security Group Tags NetFlow The Cisco Network The Cisco Network
7 Building Security into the Network Identify and control policy, behaviour and threats SGT: Enforce Group Policy NetFlow: Transactional data ISE: Discover assets & direct policy StealthWatch: Transactional visibility & intelligence Context sharing and dynamic response
8 Agenda Introduction Understanding the Landscape Components of Network Visibility Enforce Policy Design and Model Policy Discover and Classify Assets Segmenting the Network Active Monitoring Policy NBAD Rapid Threat Containment Summary
9 About Me: Your Master Builder for Today Matt Robertson Security Technical Marketing Engineer Focused on Advanced Threat Author of 3 CVDs 8 years at Cisco: development, TME, Lancope Sorry, also Canadian
10 Agenda Introduction Understanding the Landscape Components of Network Visibility
11 Segmentation begins with visibility Who is on the network You can t protect what you can t see and what are they up to?
12 ISE: Identifying the Who Authentication (host supplied): User & Device Authentication MAC Authentication bypass Web portal Authenticated Session Table Attributes Profile (collected): Infrastructure provided (DHCP, HTTP, etc) Signature based
13 eth0/1 eth0/2 NetFlow: Identifying the what port port 80 Start Time Interface Src IP Src Dest IP Dest Proto Pkts Bytes SGT DGT TCP Flags Port Port Sent Sent 10:20: eth0/ TCP SYN,ACK,PSH 10:20: eth0/ TCP SYN,ACK,FIN
14 NetFlow = Transactional Visibility A single NetFlow Record provides a wealth of information Router# show flow monitor CYBER-MONITOR cache IPV4 SOURCE ADDRESS: IPV4 DESTINATION ADDRESS: TRNS SOURCE PORT: TRNS DESTINATION PORT: 443 INTERFACE INPUT: Gi0/0/0 FLOW CTS SOURCE GROUP TAG: 100 FLOW CTS DESTINATION GROUP TAG: 1010 IP TOS: 0x00 IP PROTOCOL: 6 ipv4 next hop address: tcp flags: 0x1A interface output: Gi0/1.20 counter bytes: 1482 counter packets: 23 timestamp first: 12:33: timestamp last: 12:33: ip dscp: 0x00 ip ttl min: 127 ip ttl max: 127 application name: nbar secure-http
15 Components for NetFlow Security Monitoring StealthWatch Management Console Management and reporting Up to 25 FlowCollectors Up 6 million fps globally StealthWatch FlowCollector Collect and analyse Up to 2000 sources Up to sustained 240,000 fps UDP Director UDP Packet copier Forward to multiple collection systems NetFlow Cisco Network Best Practice: Centralise collection globally StealthWatch FlowSensor (VE) Generate NetFlow data Additional contextual fields (ex. App, URL, SRT, RTT)
16 eth0/1 eth0/2 NetFlow Collection: Flow Stitching Uni-directional flow records port 1024 Start Time Interface Src IP Src Port Dest IP Dest Port Proto port 80 Pkts Sent Bytes Sent 10:20: eth0/ TCP :20: eth0/ TCP SGT DGT Start Time Client IP Client Port Server IP Server Port Proto Client Bytes Client Pkts Server Bytes Server Pkts Client SGT Server SGT Interfaces 10:20: TCP eth0/1 eth0/2 Bi-directional: Conversation flow record Allows easy visualisation and analysis
17 NetFlow Collection: De-duplication Start Time port 1024 Sw1 ASA port 80 Client IP Client Port Server IP Server Port Prot o Client Bytes Client Pkts Server Bytes Server Pkts App Client SGT Server SGT Exporter, Interface, Direction, Action 10:20: TCP HTTP Sw1, eth0, in Sw1, eth1, out Sw2, eth0, in Sw2, eth1, out ASA, eth1, in ASA, eth0, out, Permitted ASA eth0, in, Permitted ASA, eth1, out Sw3, eth1, in Sw3, eth0, out Sw1, eth1, in Sw1, eth0, out Sw2 Sw3
18 Adding Context and Situation Awareness Known Command & Control Servers NAT Events Application & URL Application User Identity URL & Username
19 Conversational Flow Record Who What Who When Where How More context Highly scalable (enterprise class) collection High compression => long term storage Months of data retention
20 Conversational Flow Record: Exporters Path the flow is taking through the network
21 NetFlow Analysis with StealthWatch: Discovery Identify business critical applications and services across the network Identify additional Indicators of Compromise (IoC) Policy & Segmentation Network Behaviour & Anomaly Detection (NBAD) Better understand / respond to an IOC: Audit trail of all host-to-host communication
22 Agenda Introduction Understanding the Landscape Components of Network Visibility Discover and Classify Assets Segmenting the Network
23 ISE as a Telemetry Source Maintain historical session table Correlate NetFlow to username Build User-centric reports Device/User Authentication Device Profiling StealthWatch Management Console syslog Cisco ISE Authenticated Session Table
24 Configuration: Logging on ISE 1 1. Create Remote Logging Target on ISE 2. Add Target to Logging Categories 2 Required Logging categories: Passed Authentications RADIUS Accounting Profiler Administrative and Operational Audit
25 Configuration: Add ISE to SMC 1. (Not Shown) Create Admin User on ISE 2. (Not Shown) Configure ISE or CA certificate on SMC 3. (Not Shown) Configure SMC or CA certificate on ISE 4. Add Cisco ISE nodes to SMC Configuration Order to add nodes: 1. Primary MnT 2. Secondary MnT 3. Any PSN s
26 StealthWatch-ISE Attribution Configuration Follow these guides Lancope published: Cisco published:
27 Locate Services and Applications Search for assets based on transactional data: Ex. Protocol (HTTP Servers, FTP Server, etc) Identify servers
28 Locate Assets Find hosts communicating on the network Pivot based on transactional data
29 Host Groups: Applied Situational Awareness Virtual container of multiple IP Addresses/ranges that have similar attributes Lab servers Best Practice: classify all known IP Addresses in one or more host groups
30 Classify Assets with Host Groups User defined Model any Process/Application
31 Understand Behaviour List of all hosts communicating with HTTP Servers
32 Understand Behaviour Complete list of all hosts communicating with HTTP Servers: who, what, when, where, how
33 Classify Applications Classify business critical applications
34 Model Business Critical Processes PCI Zone Map Overall system profile Inter-system relationships
35 Simplifying Segmentation with TrustSec Traditional Segmentation Static ACL Routing Redundancy DHCP Scope Address VLAN Enterprise Backbone VACL Aggregation Layer Access Layer TrustSec Micro/Macro Segmentation Central Policy Provisioning No Topology Change No VLAN Change DC Servers Enterprise Backbone DC Firewall / Switch Policy Access Layer ISE Non-Compliant Voice Employee Supplier BYOD Voice Non-Compliant Employee Supplier BYOD Quarantine VLAN Voice VLAN Data VLAN Guest VLAN Security Policy based on Topology High cost and complex maintenance BYOD VLAN Employee Tag Supplier Tag Non-Compliant Tag Voice VLAN Data VLAN Use existing topology and automate security policy to reduce OpEx
36 Network Segmentation with TrustSec Segmentation based on roles Not based on IP addresses, VLANs etc Role based on context AD, LDAP attributes, device type, location, time, access methods, etc Use Tagging technology To represent logical group (Classification) To enforce policy on switches, routers, firewalls Software Defined Policy managed centrally Policy provisioned automatically on demand Policy invoked anywhere on the network dynamically Security Group: Manager Username: johnd Group: Store Managers Location: Store Office Time: Business Hour AUTHORISED PERSONNEL ONLY Enforcement Switches Routers Firewall DC Switch Hypervisor SW Resource
37 What TrustSec Provides Software defined Network Segmentation Context-based Data Access Agile Security Policy Changes and Simpler Management Context based Service Chaining
38 TrustSec Functions Classification Propagation Enforcement 5 Employee 6 Supplier 8 Suspicious A B 8 5 Static Dynamic Inline SXP SGACL SG-FW WSA
39 TrustSec in Action Application Servers Network Database Servers Classification Propagation Enforcement
40 Cisco TrustSec Segmentation Suppliers Employee Non Compliant Suppliers Employee Non Compliant Policy Enterprise Backbone Regardless of topology or location, policy (Security Group Tag) stays with users, devices, and servers TrustSec simplifies ACL management for intra/inter-vlan traffic Supplier Policy Employee Non Compliant Voice Data Voice Data Voice Data
41 Campus Segmentation Segmented traffic based on classified group (SGT), not based on topology (VLAN, IP subnet) Micro-Segmentation with single policy (segment devices even in same VLAN) Suppliers Employee Non Compliant Suppliers Employee Non Compliant Filtered Access Supplier Employee Non Compliant
42 Agenda Introduction Understanding the Landscape Components of Network Visibility Design and Model Policy Discover and Classify Assets Segmenting the Network
43 Starting a TrustSec Design Discuss assets to protect Classification Mechanisms Policy Enforcement Points Propagation Methods Example: Cardholder Data, Medical Record, intellectual data Example: Dynamic, Static, etc. DC segmentation (DC virtual/ physical switches or virtual/physical Firewalls) User to DC access control (Identify capable switches or firewalls in the path) Inline Tagging SXP DM-VPN GET-VPN IPSec OTP etc..
44 Security Group Initial Considerations Unlike traditional segmentation/access control Adding dynamically assigned groups later with TrustSec should be easy No configuration impact on infrastructure Keep groups as simple as possible whilst still meeting policy requirements Should not be necessary to transfer complexity, e.g. extensive AD groups, into Security Groups Consider if all roles need a tag assigned? Remember that group membership may change
45 How to Tag Users / Devices? TrustSec decouples network topology and security policy to simplify access control and segmentation Classification process groups network resources into Security Groups User/Device/ Location Cisco Access Layer MAC PC Web Authentication Profiling MAB ISE IP-SGT NX-OS/ CIAC/ Hypervisors VLAN-SGT Port-SGT Data Centre/ Virtualisation 802.1X IOS/Routing Port Profile Address Pool-SGT IPv4 Subnet-SGT IPv6 Prefix-SGT IPv6 Prefix Learning IPv4 Prefix Learning Campus & VPN Access non-cisco & legacy environment Business Partners and Supplier Access Controls
46 Identify Where SGTs Need to be Assigned Dynamic Classification SVI (L3 Interface) to SGT L2 Port to SGT Campus Access Distribution Core DC Core DC Dist/Access Enterprise Backbone VLAN-SGT Mapping WLC FW Hypervisor SW Dynamic Classification Subnet-SGT VM (Port Profile) to SGT
47 Enabling Classifications If per-user authorisation is not in place Enabling VLAN, subnet, L3 Interface mappings can provide coarse classification initially Per-user authorisation and SXP can then override static classification Many systems may get Unknown SGT assignments initially Focus on the explicit classifications needed to meet policy Keeping classifications simple can mean days not weeks to enable
48 Deployment Approach Users connect to network, Monitor mode allows traffic regardless of authentication Authentication can be performed passively resulting in SGT assignments Monitor Mode Enterprise Network Catalyst Switches/WLC Classified traffic traverses the network allowing monitoring and validation that: SRC \ DST PCI Server (2000) Prod Server (1000) Dev Server (1010) Assets are correctly classified Traffic flows to assets are as predicted/expected Employees (100) Permit all Permit all Permit all PCI User (105) Permit all Permit all Permit all Unknown (0) Permit all Permit all Permit all
49 Configuring Inline Tagging cts manual config for inline tagging generally used cts dot1x alternative depends on AAA reachability - unless new critical auth feature used & timers set carefully interface TenGigabitEthernet1/5 cts manual policy static sgt 2 trusted Always shut and no shut interfaces after any cts manual or cts dot1x change C6K2T-CORE-1#sho cts interface brief Global Dot1x feature is Enabled Interface GigabitEthernet1/1: CTS is enabled, mode: MANUAL IFC state: OPEN Authentication Status: NOT APPLICABLE Peer identity: "unknown" Peer's advertised capabilities: "" Authorization Status: SUCCEEDED Peer SGT: 2:device_sgt Peer SGT assignment: Trusted SAP Status: NOT APPLICABLE Propagate SGT: Enabled Cache Info: Expiration : N/A Cache applied to link : NONE L3 IPM: disabled.
50 Creating The Policy Matrix Destination Group How do I know my policy works? How do I decide what protocols? How do I know if I am tagging? I can help here Source Group Action
51 SGT in NetFlow Fields Source Tag: Retrieved from the packet Destination Tag: Derived based on destination IP Address Switch Derived Source Tag: 4K Only: Value applied on the packet on egress SGT Table 6K only: export in NetFlow template data tables mapping Security Group Tags to Security Group Names SGACL Drop Record 6k only: Generate a flow record on a SGACL drop
52 SGT-NetFlow Device List Device First Release Source Tag Destination tag Switch- Derived SGT SGT Table SGACL Drop Record Catalyst 6500 (Sup2T) IOS 15.1(1)SY1 Yes (match) Yes (match) No Yes Yes (dedicated monitor) ISR, ASR, CSR IOS XE 3.13S Yes Yes No No No Catalyst 3850, 3650 IOS XE 3.7.1E IOS XE 3.6.3E* Yes (match) Yes (match) No No No Catalyst 4500 (Sup 7-E, 7L-E, 8-E) IOS XE 3.7.1E IOS XE 3.6.3E* Yes (collect) Yes (collect) Yes No No ASA No No No No NSEL Record StealthWatch FlowSensor 6.8 Yes No No No No
53 Considerations: 3850! Ingress: Source Tag Sources: Derived from packet header DGT Sources: Derived based on destination IP lookup SGACL enforcement must be enabled Trunk link only Egress: Source Tag Sources: Incoming packet header Port configured SGT IP to SGT mapping Destination Tag Sources: Derived based on destination IP lookup Requires SGACL enforcement to be enabled Trunk link only flow monitor cts-cyber-monitor-in exporter StealthWatch-FC cache timeout active 60 record cts-cyber-3k-in!! flow monitor cts-cyber-monitor-out exporter StealthWatch-FC cache timeout active 60 record cts-cyber-3k-out! interface GigabitEthernet1/0/1 ip flow monitor cts-cyber-monitor-in input ip flow monitor cts-cyber-monitor-out output! vlan configuration 100 ip flow monitor cts-cyber-monitor-in input ip flow monitor cts-cyber-monitor-out output!
54 Considerations: 3850! flow record cts-cyber-3k-in match datalink mac source address input match datalink mac destination address input match ipv4 tos match ipv4 ttl match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface input match flow direction match flow cts source group-tag match flow cts destination group-tag collect counter bytes long collect counter packets long collect timestamp absolute first collect timestamp absolute last!! flow record cts-cyber-3k-out match ipv4 tos match ipv4 ttl match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match flow direction match flow cts source group-tag match flow cts destination group-tag collect counter bytes long collect counter packets long collect timestamp absolute first collect timestamp absolute last!
55 Considerations: 4500 Sup 7-E, 7L-E, 8-E Source Tag: Packet header Maximum 12K distinct SRC-IP s Destination Tag: Derived based on destination IP Switch Derived Source Tag: SGT enforced on the packet from the switch Policy acquisition SGT in the packet SGT lookup on source IP Port SGT lookup SGT on packet at egress! flow record cts-cyber-4k match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface input match flow direction collect flow cts source group-tag collect flow cts destination group-tag collect flow cts switch derived-sgt collect transport tcp flags collect interface output collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last!
56 Considerations: 6500 Sup 2T TrustSec data table: Export SGT-SGN mapping in NetFlow template! flow record cts-cyber-6k match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match flow cts source group-tag match flow cts destination group-tag collect transport tcp flags collect interface output collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last! SGACL Drop: Flow record generated on a drop Requires dedicated Flow Monitor Source Tag: Packet header IP-SGT lookup Destination Tag: Derived based on destination IP lookup
57 Considerations: 6500 Sup2T SGACL Drop config: Exporter and monitor:! flow exporter ise destination source TenGigabitEthernet2/1 transport udp 9993 option cts-sgt-table timeout 10! flow monitor FNF_SGACL_DROP exporter ise record cts-record-ipv4! cts role-based ip flow monitor FNF_SGACL_DROP dropped! flow exporter CYBER_EXPORTER destination source TenGigabitEthernet2/1 transport udp 2055 option cts-sgt-table timeout 10! flow monitor CYBER_MONITOR exporter CYBER_EXPORTER cache timeout active 60 record cts-cyber-6k!
58 Considerations: ISR, ASR, CSR! flow record cts-cyber-ipv4 match ipv4 protocol match ipv4 source address match ipv4 destination address Source Tag: Packet header IP-SGT lookup Destination Tag: Destination IP lookup match transport source-port match transport destination-port match interface input match flow direction match flow cts source group-tag match flow cts destination group-tag collect routing next-hop address ipv4 collect ipv4 dscp collect ipv4 ttl minimum collect ipv4 ttl maximum collect transport tcp flags collect interface output collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last collect application name!
59 Modeling Policy in StealthWatch Custom event triggers on traffic condition Rule name and description Source Tag Destination Tag Trigger on traffic in both directions; Successful or unsuccessful
60 Modeling Policy in StealthWatch Create flow-based rules for all proposed policy elements Policy Violation alarm will trigger if condition is met. Simulating proposed drop.
61 Modeling Policy: Alarm Occurrence Alarm dashboard showing all Policy alarms Details of Employee to Productions Servers alarm occurrences
62 Modeled Policy: Flow Details How When Who Where What Who Yes Is this communication permissible? No Source Tag Destination Tag Tune Respond
63 Agenda Introduction Understanding the Landscape Components of Network Visibility Enforce Policy Design and Model Policy Discover and Classify Assets Segmenting the Network
64 Enabling Enforcement Enforcement may be enabled gradually per destination security group basis Initially use SGACLs with deny logging enabled (remove log later if not required) Keep default policy as permit and allow traffic unknown SGT during deployment SRC \ DST PCI Server (2000) Prod Server (1000) Dev Server (1010) Monitor Mode ISE Employees (100) Deny all Deny all Deny all PCI User (105) Permit all Permit all Deny all Unknown (0) Deny all Deny all Deny all PCI Server Production Server Catalyst Switches/WLC DC Switch Development Server
65 Centralised SGACL Management in ISE
66 Applying SGACL Policies in ISE (Tree view)
67 Applying SGACLs (ISE 2.0) SGACL_1 permit tcp dst eq 443 permit tcp dst eq 80 permit tcp dst eq 22 permit tcp dst eq 3389 permit tcp dst eq 135 permit tcp dst eq 136 permit tcp dst eq 137 permit tcp dst eq 138 permit tcp des eq 139 deny ip
68 SGT=3 SGT=4 SGT=5 SGACL Downloads New Servers provisioned, e.g. Prod Server & Dev Server Roles DC switches requests policies for assets they protect Policies downloaded & applied dynamically Prod_Servers Dev_Servers What this means: All controls centrally managed Security policies de-coupled from network No switch-specific security configs needed Wire-rate policy enforcement One place to audit network-wide policies Switches request policies for assets they protect SGACL Enforcement Prod_Server (SGT=7) Dev_Server (SGT=10) Switches pull down only the policies they need
69 Enabling Policy Enforcement in Switches After setting up SGT/SGACL in ISE, you can now enable SGACL Enforcement on network devices Devices need to be defined in ISE and provisioned to talk to ISE (omitted from these slides for brevity) Enabling SGACL Enforcement Globally and for VLAN Switch(config)#cts role-based enforcement Switch(config)#cts role-based enforcement vlan-list 40 If switches have SGT assignments they will download policy for the assets they are protecting As example - defining IP to SGT mapping for servers on a switch Switch(config)#cts role-based sgt-map sgt 5 Switch(config)#cts role-based sgt-map sgt 6 Switch(config)#cts role-based sgt-map sgt 7
70 Policy Enforcement on Firewalls: ASA SG-FW Security Group definitions from ISE Switches inform the ASA of Security Group membership Trigger FirePower services by SGT policies Can still use Network Object (Host, Range, Network (subnet), or FQDN) AND / OR the SGT
71 Agenda Introduction Understanding the Landscape Components of Network Visibility Enforce Policy Design and Model Policy Discover and Classify Assets Segmenting the Network Active Monitoring Policy NBAD
72 Active Monitoring
73 Segmentation Monitoring in StealthWatch Custom event triggers on traffic condition Rule name and description Source Tag Destination Tag Trigger on traffic in both directions; Successful or unsuccessful
74 Segmentation Monitoring with StealthWatch Alarm dashboard showing all Policy alarms
75 Segmentation Monitoring with StealthWatch PCI Zone Map Define communication policy between Zones Monitor for violations
76 StealthWatch NBAD Model Track and/or measure behaviour/activity Notification of security event generated Algorithm Security Event Alarm Suspicious behaviour observed or anomaly detected
77 Alarm Categories Each category accrues points.
78 Example Alarm Category: Concern Index Concern Index: Track hosts that appear to compromising network integrity Security events. Over 90 different algorithms.
79 StealthWatch: Alarms Alarms Indicate significant behaviour changes and policy violations Known and unknown attacks generate alarms Activity that falls outside the baseline, acceptable behaviour or established policies
80 Agenda Introduction Understanding the Landscape Components of Network Visibility Enforce Policy Design and Model Policy Discover and Classify Assets Segmenting the Network Active Monitoring Policy NBAD Rapid Threat Containment
81 Rapid Threat Containment: Managing the Threat
82 Quarantine from StealthWatch
83 ANC Quarantine: ISE Live Log EPSStatus check Security Group Assignment
84 WAIT! How did this dark magic happen?
85 Adaptive Network Control Extension of the endpoint monitoring and controlling capabilities Endpoint control based on IP or MAC address Three actions: Quarantine Unquarantine Shutdown wired access ports Enable a change of the authorisation state Through administrative action Without modification of the overall authorisation policy Supported in both wired and wireless environments
86 ANC Quarantine Flow 3. PAN issues quarantine instruction to MnT MnT 8. Quarantine check 2. StealthWatch issues quarantine instruction to PAN PAN 4. MnT instructs PSN to invoke a CoA PSN 5. Endpoint is disconnected through CoA 9. Quarantine profile applied 7. RADIUS request 1. Endpoint is connected 6. Endpoint reconnects and authenticates
87 Configuring ANC on ISE Enable ANC (EPS) Enabled by default on ISE Create Quarantine authorisation profile or Security Group 3. Create Quarantine Authorisation Policy 4. Manually quarantine or unquarantine Based on IP or MAC address
88 Exception Authorisation Policy Best Practice EPSStatus in Session Assign to SGT Suspicous_Investigate and Permit Access
89 Configuration of RTC with StealthWatch and ISE 3. Provision pxgrid client certificate 4. Configure pxgrid node connection 1. Enable pxgrid 2. Provision pxgrid server certificate pxgrid Node 5. Assign SMC to EPS Group in 6. Configure pxgrid node connection
90 Configuration of RTC with StealthWatch and ISE Follow these guides Lancope published: Cisco published: HowTo-101- Deploying_Lancope_StealthWatch_with_pxGrid.pdf
91 So now what?
92 Suspicous_Investigate Egress Policy Create an Egress Policy for the suspicious Security Group
93 SGACL Create meaningful SGACL for Suspicious hosts: Restrict applications and services Block access to Business Critical Processes Prevent access to Intellectual Property
94 SGT Based Policy Based Routing route-map native_demo permit 10 match security-group source tag Employee match security-group destination tag Critical_Asset set interface Tunnel1! route-map native_demo permit 20 match security-group source tag Suspicious match security-group destination tag Critical_Asset set interface Tunnel2! route-map native_demo permit 30 match security-group source tag Guest set vrf Guest Inspection Router Policy-based Routing based on SGT Router / Firewall Network A User B Suspicious Enterprise WAN User A Employee SGT-based VRF Selection VRF-GUEST User C Guest Available Today: Cisco IOS XE Release 3.16S (ASR 1000) as well as ASA5500-X (9.5.1)
95 FirePOWER Services Redirect Create service policy to forward suspicious traffic to FirePOWER Services
96 Agenda Introduction Understanding the Landscape Components of Network Visibility Enforce Policy Design and Model Policy Discover and Classify Assets Segmenting the Network Active Monitoring Policy NBAD Rapid Threat Containment Summary
97 Related Sessions: TECSEC-2666 TrustSec / NGFW and NGIPS Tuesday, March 8, 9:00 AM - 6:00 PM BRKSEC-2690 Deploying Security Group Tags Kevin Regan Wednesday, March 9, 4:30 PM 6:00 PM BRKSEC-3690 Advanced Security Group Tags Kevin Regan Friday, March 8, 8:45 AM 10:45 AM BRKCRS-2891 Enterprise Network Segmentation (with Cisco TrustSec) Hari Holla Wednesday, March 9, 4:30-6:00 PM BRKSEC-2653 Cyber Range Paul Qiu Wednesday, March 9, 4:30 PM 6:00 PM BRKSEC-2044 Building an Enterprise Access Control Architecture using ISE and TrustSec Hosuk Won Thursday, March 8, 8:30 AM 10:30 AM
98 Call to Action Visit the World of Solutions for: Security Zone: Identity Services Engine Cisco Cyber Threat Defence Solution Enterprise Networking Zone: Network as a Sensor / Enforcer Meet The Expert Matt Robertson: Thursday 12-2 pm More Reading:
99 Complete Your Online Session Evaluation Give us your feedback and receive a Cisco 2016 T-Shirt by completing the Overall Event Survey and 5 Session Evaluations. Directly from your mobile device on the Cisco Live Mobile App By visiting the Cisco Live Mobile Site Visit any Cisco Live Internet Station located throughout the venue T-Shirts can be collected Friday 11 March at Registration Learn online with Cisco Live! Visit us online after the conference for full access to session videos and presentations.
100 Key Takeaways The network is a key asset for threat detection and control NetFlow and Lancope StealthWatch provides visibility and intelligence TrustSec is used to dynamically (micro)segment the network
101 Q & A
102
103 Thank you
104
Network as an Sensor & Enforcer
Network as an Sensor & Enforcer Leveraging the network to control threats Jaromír Pilař jpilar@cisco.com May, 2016 Agenda Overview of Network as a Sensor and Enforcer Network as a Sensor Network as an
More informationNetwork as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats
Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Dragan Novaković Consulting Systems Engineer Security November 2015. New Networks Mean New Security Challenges
More informationCisco dan. 31. 3. 2016. Hotel Crowne Plaza Beograd, Srbija. www.ciscoday.com
Cisco dan 31. 3. 2016. Hotel Crowne Plaza Beograd, Srbija www.ciscoday.com Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting
More informationNetFlow Security Monitoring with Cisco Threat Defense Matthew Robertson, Security Technical Marketing Engineer BRKSEC-2073
NetFlow Security Monitoring with Cisco Threat Defense Matthew Robertson, Security Technical Marketing Engineer BRKSEC-2073 The world is full of obvious things which nobody by any chance observes. Sherlock
More informationThe Critical Role of Netflow/IPFIX Telemetry in the Next- Generation Network Security Infrastructure
The Critical Role of Netflow/IPFIX Telemetry in the Next- Generation Network Security Infrastructure Ken Kaminski, Technical Solutions Architect Northeast Cisco Systems CISSP, GAWN, GPEN, GCIA, GCFA, GMOB
More informationCisco EXAM - 500-451. Enterprise Network Unified Access Essentials. Buy Full Product. http://www.examskey.com/500-451.html
Cisco EXAM - 500-451 Enterprise Network Unified Access Essentials Buy Full Product http://www.examskey.com/500-451.html Examskey Cisco 500-451 exam demo product is here for you to test the quality of the
More informationCisco TrustSec for PCI Scope Reduction Verizon Assessment and Validation
Cisco TrustSec for PCI Scope Reduction Verizon Assessment and Validation CONTENTS Overview 3 Legacy Segmentation Challenges 3 TrustSec Security Group Tagging 3 Benefits of Segmentation with TrustSec 4
More informationAbout the Authors. About the Authors
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design Last Updated: March 3, 2014 About the Authors About the Authors Matt is a Technical Marketing Engineer at Lancope focused
More informationConfiguring Flexible NetFlow
CHAPTER 62 Note Flexible NetFlow is only supported on Supervisor Engine 7-E, Supervisor Engine 7L-E, and Catalyst 4500X. Flow is defined as a unique set of key fields attributes, which might include fields
More informationPassguide 500-451 35q
Passguide 500-451 35q Number: 500-451 Passing Score: 800 Time Limit: 120 min File Version: 18.5 Cisco 500-451 Cisco Unified Access Systems Engineer Exam 100% Valid in US, UK, Australia, India and Emirates.
More informationHUNTING ATTACKERS WITH NETWORK AUDIT TRAILS
HUNTING ATTACKERS WITH NETWORK AUDIT TRAILS Tom Cross tcross@lancope.com Charles Herring cherring@lancope.com 1 CREATING THE AUDIT TRAIL 2 Creating the Trail Logging Provides user and application details
More informationMDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series
MDM Integration with Cisco Identity Service Engine Secure Access How -To Guides Series Author: Aaron Woland Date: December 2012 Table of Contents Introduction.... 3 What Is the Cisco TrustSec System?...
More informationXenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series
XenMobile Integration with Cisco Identity Service Engine Secure Access How -To Guides Series Author: Aaron Woland Date: December 2012 Table of Contents Introduction... 3 What Is the Cisco TrustSec System?...
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationCisco TrustSec How-To Guide: Guest Services
Cisco TrustSec How-To Guide: Guest Services For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 2 Introduction...
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationCyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1
C b Th Cyber Threatt Defense D f S Solution l ti Moritz Wenz, Lancope 1 The Threat Landscape is evolving Enterprise Response Antivirus (Host-Based) IDS/IPS (Network Perimeter) Reputation (Global) and Sandboxing
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationThreat Defense with Enterprise Networks Vaibhav Katkade, Product Manager BRKCRS-1449
Threat Defense with Enterprise Networks Vaibhav Katkade, Product Manager BRKCRS-1449 Agenda Introduction The Network Infrastructure and Security Overview of Network as a Sensor & Enforcer Network as a
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationCisco TrustSec Solution Overview
Solution Overview Cisco TrustSec Solution Overview 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 10 Contents Introduction... 3 Solution Overview...
More information642 523 Securing Networks with PIX and ASA
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
More informationNetFlow/IPFIX Various Thoughts
NetFlow/IPFIX Various Thoughts Paul Aitken & Benoit Claise 3 rd NMRG Workshop on NetFlow/IPFIX Usage in Network Management, July 2010 1 B #1 Application Visibility Business Case NetFlow (L3/L4) DPI Application
More informationNetFlow-Lite offers network administrators and engineers the following capabilities:
Solution Overview Cisco NetFlow-Lite Introduction As networks become more complex and organizations enable more applications, traffic patterns become more diverse and unpredictable. Organizations require
More informationWiNG 5.X How To. Policy Based Routing Cache Redirection. Part No. TME-05-2012-01 Rev. A
WiNG 5.X How To Policy Based Routing Cache Redirection Part No. TME-05-2012-01 Rev. A MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered trademarks of Motorola Trademark
More informationTrustSec How-To Guide: On-boarding and Provisioning
TrustSec How-To Guide: On-boarding and Provisioning For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 2 Introduction...
More informationCisco TrustSec How-To Guide: Planning and Predeployment Checklists
Cisco TrustSec How-To Guide: Planning and Predeployment Checklists For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents...
More informationOn-boarding and Provisioning with Cisco Identity Services Engine
On-boarding and Provisioning with Cisco Identity Services Engine Secure Access How-To Guide Series Date: April 2012 Author: Imran Bashir Table of Contents Overview... 3 Scenario Overview... 4 Dual SSID
More informationImplementing and Configuring Cisco Identity Services Engine SISE v1.3; 5 Days; Instructor-led
Implementing and Configuring Cisco Identity Services Engine SISE v1.3; 5 Days; Instructor-led Course Description Implementing and Configuring Cisco Identity Services Engine (SISE) v1.3 is a 5-day ILT training
More informationIINS Implementing Cisco Network Security 3.0 (IINS)
IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationConfigure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example
Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example Document ID: 69632 Introduction Prerequisites Requirements Components Used Conventions Background Information Configure
More informationSecuring Networks with Cisco Routers and Switches (642-637)
Securing Networks with Cisco Routers and Switches (642-637) Exam Description: The 642-637 Securing Networks with Cisco Routers and Switches exam is the exam associated with the CCSP, CCNP Security, and
More informationIntroduction to Network Discovery and Identity
The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, page 1 Uses for Host, Application, and User Discovery and Identity
More informationIntroduction to Cisco IOS Flexible NetFlow
Introduction to Cisco IOS Flexible NetFlow Last updated: September 2008 The next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity
More informationFIREWALLS & CBAC. philip.heimer@hh.se
FIREWALLS & CBAC philip.heimer@hh.se Implementing a Firewall Personal software firewall a software that is installed on a single PC to protect only that PC All-in-one firewall can be a single device that
More informationCISCO IOS NETFLOW AND SECURITY
CISCO IOS NETFLOW AND SECURITY INTERNET TECHNOLOGIES DIVISION FEBRUARY 2005 1 Cisco IOS NetFlow NetFlow is a standard for acquiring IP network and operational data Benefits Understand the impact of network
More informationNetFlow Analytics for Splunk
NetFlow Analytics for Splunk User Manual Version 3.5.1 September, 2015 Copyright 2012-2015 NetFlow Logic Corporation. All rights reserved. Patents Pending. Contents Introduction... 3 Overview... 3 Installation...
More informationCisco IOS Flexible NetFlow Command Reference
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationInvisible attacks visible in your network. How to see and follow the tracks?
Invisible attacks visible in your network. How to see and follow the tracks? Jochen Belke - Regional Technical Director at Lancope, CISSP Mariusz Sawczuk - Manager of Technical Sales Support Team at Sevenet
More informationNetwork Management & Monitoring
Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationNetflow Overview. PacNOG 6 Nadi, Fiji
Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools
More informationConfiguring NetFlow-lite
CHAPTER 55 Note NetFlow-lite is only supported on Catalyst 4948E Ethernet Switch. This chapter describes how to configure NetFlow-lite on the Catalyst 4948E switch. NetFlow-lite provides traffic monitoring
More informationConfiguring the Transparent or Routed Firewall
5 CHAPTER This chapter describes how to set the firewall mode to routed or transparent, as well as how the firewall works in each firewall mode. This chapter also includes information about customizing
More informationConfiguring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER
CHAPTER 16 This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. This chapter includes the following sections: Information About NetFlow, page 16-1 Licensing Requirements
More informationCisco Networking Professional-6Months Project Based Training
Cisco Networking Professional-6Months Project Based Training Core Topics Cisco Certified Networking Associate (CCNA) 1. ICND1 2. ICND2 Cisco Certified Networking Professional (CCNP) 1. CCNP-ROUTE 2. CCNP-SWITCH
More informationConfiguring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER
CHAPTER 19 This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. This chapter includes the following sections: Information About NetFlow, page 19-1 Licensing Requirements
More informationNetFlow The De Facto Standard for Traffic Analytics
NetFlow The De Facto Standard for Traffic Analytics A Webinar on NetFlow and its uses in Enterprise Networks for Bandwidth and Traffic Analytics Don Thomas Jacob Technical Marketing Engineer ManageEngine
More informationApache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific
Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide
More informationChapter 9 Monitoring System Performance
Chapter 9 Monitoring System Performance This chapter describes the full set of system monitoring features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. You can be alerted to important
More informationCourse Contents CCNP (CISco certified network professional)
Course Contents CCNP (CISco certified network professional) CCNP Route (642-902) EIGRP Chapter: EIGRP Overview and Neighbor Relationships EIGRP Neighborships Neighborship over WANs EIGRP Topology, Routes,
More informationNetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com
NetFlow Tracker Overview Mike McGrath x ccie CTO mike@crannog-software.com 2006 Copyright Crannog Software www.crannog-software.com 1 Copyright Crannog Software www.crannog-software.com 2 LEVELS OF NETWORK
More informationPCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data
White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and
More informationIntelligent WAN 2.0 principles. Pero Gvozdenica, Systems Engineer, pero.gvozdenica@combis.hr Vedran Hafner, Systems Engineer, vehafner@cisco.
Intelligent WAN 2.0 principles Pero Gvozdenica, Systems Engineer, pero.gvozdenica@combis.hr Vedran Hafner, Systems Engineer, vehafner@cisco.com Then VS Now Intelligent WAN: Leveraging the Any Transport
More informationAbout the VM-Series Firewall
About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/
More informationGood MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series
Good MDM Integration with Cisco Identity Service Engine Secure Access How -To Guides Series Author: Imran Bashir Date: December 2012 Table of Contents Mobile Device Management (MDM)... 3 Overview... 3
More informationConfiguring NetFlow. Information About NetFlow. Send document comments to nexus1k-docfeedback@cisco.com. CHAPTER
CHAPTER 11 Use this chapter to configure NetFlow to characterize IP traffic based on its source, destination, timing, and application information, to assess network availability and performance. This chapter
More informationConfiguring NetFlow Secure Event Logging (NSEL)
75 CHAPTER This chapter describes how to configure NSEL, a security logging mechanism that is built on NetFlow Version 9 technology, and how to handle events and syslog messages through NSEL. The chapter
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationUnderstanding and Configuring NAT Tech Note PAN-OS 4.1
Understanding and Configuring NAT Tech Note PAN-OS 4.1 Revision C 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Scope... 3 Design Consideration... 3 Software requirement...
More informationCisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems
Cisco Prime Network Services Controller Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Agenda Cloud Networking Challenges Prime Network Services Controller L4-7 Services Solutions
More informationFirewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls
CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationUsing IPM to Measure Network Performance
CHAPTER 3 Using IPM to Measure Network Performance This chapter provides details on using IPM to measure latency, jitter, availability, packet loss, and errors. It includes the following sections: Measuring
More informationConfigure ISE Version 1.4 Posture with Microsoft WSUS
Configure ISE Version 1.4 Posture with Microsoft WSUS Document ID: 119214 Contributed by Michal Garcarz, Cisco TAC Engineer. Aug 03, 2015 Contents Introduction Prerequisites Requirements Components Used
More informationIPv6 First Hop Security Protecting Your IPv6 Access Network
IPv6 First Hop Security Protecting Your IPv6 Access Network What You Will Learn This paper provides a brief introduction to common security threats on IPv6 campus access networks and will explain the value
More informationReference to common tasks
APPENDIXA This section provides how-to information for common tasks that you need to know how to do before you can effectively work with the vcom Command Center. Creating and editing domains Working with
More informationInterconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0
Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0 COURSE OVERVIEW: Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0 is a five-day, instructor-led training course that teaches learners
More informationBuilding scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF
Building scalable IPSec infrastructure with MikroTik IPSec, L2TP/IPSec, OSPF Presenter information Tomas Kirnak Network design Security, wireless Servers Virtualization MikroTik Certified Trainer Atris,
More informationCT5760 Controller and Catalyst 3850 Switch Configuration Example
CT5760 Controller and Catalyst 3850 Switch Configuration Example Document ID: 116342 Contributed by Antoine KMEID and Serge Yasmine, Cisco TAC Engineers. Aug 13, 2013 Contents Introduction Prerequisites
More informationLab 4.5.2 Diagramming Intranet Traffic Flows
Lab 4.5.2 Diagramming Intranet Traffic Flows Objective Device Designation Device Name Address Subnet Mask Discovery Server Business Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1
More informationCourse Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.
Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols
More informationPersonal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address
NAT Introduction: Vidyo Conferencing in Firewall and NAT Deployments Vidyo Technical Note Section 1 The VidyoConferencing platform utilizes reflexive addressing to assist in setup of Vidyo calls. Reflexive
More informationVLANs. Application Note
VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static
More informationCisco IOS Software Release 15.0(1)SY1 New Features and Hardware Support
Product Bulletin Cisco IOS Software Release 15.0(1)SY1 New Features and Hardware Support PB696622 Cisco IOS Software Release 15.0(1)SY1 supports Cisco Catalyst 6500 Series Supervisor Engine 2T only. Release
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationJ-Flow on J Series Services Routers and Branch SRX Series Services Gateways
APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring
More informationNetwork Monitoring and Management NetFlow Overview
Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationCisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks
Cisco IT Article December 2013 End-to-End Security Policy Control Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks Identity Services Engine is an integral
More informationTake the NetFlow Challenge!
TM Scrutinizer NetFlow and sflow Analysis Scrutinizer is a NetFlow and sflow analyzer that provides another layer of cyber threat detection and incredibly detailed network utilization information about
More informationCCT vs. CCENT Skill Set Comparison
Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification
More informationAbout the Authors. Tom Hogue, Security Solutions Manager, Security Business Group, Cisco
Secure Data Center for Enterprise Threat Management with Passive Mode NextGen IPS Implementation Guide Last Updated: September 16, 2014 About the Authors About the Authors Tom Hogue, Security Solutions
More information2012 Best Practice Seminar. Presented by David Rawle
2012 Best Practice Seminar Presented by David Rawle Welcome Housekeeping Mobiles on Silent please Toilets are Fire exits are Agenda Introduction What's new R75.45 R75.40VS E80.40 with integrated management
More informationSet Up a VM-Series Firewall on the Citrix SDX Server
Set Up a VM-Series Firewall on the Citrix SDX Server Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa
More informationPortal Authentication Technology White Paper
Portal Authentication Technology White Paper Keywords: Portal, CAMS, security, authentication Abstract: Portal authentication is also called Web authentication. It authenticates users by username and password
More informationSymantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper Details: Introduction When computers in a private network connect to the Internet, they physically
More informationClassic IOS Firewall using CBACs. 2012 Cisco and/or its affiliates. All rights reserved. 1
Classic IOS Firewall using CBACs 2012 Cisco and/or its affiliates. All rights reserved. 1 Although CBAC serves as a good foundation for understanding the revolutionary path toward modern zone based firewalls,
More informationHUNTING ATTACKERS WITH NETWORK AUDIT TRAILS
HUNTING ATTACKERS WITH NETWORK AUDIT TRAILS John Pierce jpierce@lancope.com 1 CREATING THE AUDIT TRAIL 2 Network Auditing Basics Maximize Visibility Don t trust the host Store audit data in a central location
More informationFlow Analysis Versus Packet Analysis. What Should You Choose?
Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation
More informationIntroduction to Netflow
Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationCisco Expressway Basic Configuration
Cisco Expressway Basic Configuration Deployment Guide Cisco Expressway X8.1 D15060.03 August 2014 Contents Introduction 4 Example network deployment 5 Network elements 6 Internal network elements 6 DMZ
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationThreat Defense with Full NetFlow
White Paper Network as a Security Sensor Threat Defense with Full NetFlow Network Security and Netflow Historically IT organizations focused heavily on perimeter network security to protect their networks
More information100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)
100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.
More informationCisco Passguide 648-385 Exam Questions & Answers
Cisco Passguide 648-385 Exam Questions & Answers Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 34.1 http://www.gratisexam.com/ Cisco 648-385 Exam Questions & Answers Exam Name: CXFF
More informationCOURSE AGENDA. Lessons - CCNA. CCNA & CCNP - Online Course Agenda. Lesson 1: Internetworking. Lesson 2: Fundamentals of Networking
COURSE AGENDA CCNA & CCNP - Online Course Agenda Lessons - CCNA Lesson 1: Internetworking Internetworking models OSI Model Discuss the OSI Reference Model and its layers Purpose and function of different
More informationSession Border Controller
CHAPTER 13 This chapter describes the level of support that Cisco ANA provides for (SBC), as follows: Technology Description, page 13-1 Information Model Objects (IMOs), page 13-2 Vendor-Specific Inventory
More informationCisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More informationSwitch Configuration Required to Support Cisco ISE Functions
APPENDIXC Switch Configuration Required to Support Cisco ISE Functions To ensure Cisco ISE is able to interoperate with network switches and functions from Cisco ISE are successful across the network segment,
More informationSonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging
SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION:
More information