Cisco IOS Advanced Firewall

Similar documents
Cisco IOS Firewall. Scenarios

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

IPS AIM for Cisco Integrated Services Routers

Deploying Firewalls Throughout Your Organization

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

(d-5273) CCIE Security v3.0 Written Exam Topics

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

CCIE Security Written Exam ( ) version 4.0

Cisco Easy VPN on Cisco IOS Software-Based Routers

Cisco Certified Security Professional (CCSP)

Cisco IPsec and SSL VPN Solutions Portfolio

SonicWALL PCI 1.1 Implementation Guide

Chapter 1 The Principles of Auditing 1

Unified Threat Management, Managed Security, and the Cloud Services Model

SonicWALL Unified Threat Management. Alvin Mann April 2009

Solution Brief. Secure and Assured Networking for Financial Services

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Cisco Intrusion Prevention System Advanced Integration Module for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

INTRODUCTION TO FIREWALL SECURITY

Implementing Cisco IOS Network Security v2.0 (IINS)

WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO

Securing Virtual Applications and Servers

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Chapter 9 Firewalls and Intrusion Prevention Systems

Cisco ACE 4710 Application Control Engine

Cisco ASA 5500 Series IPS Solution

Network Virtualization

Lucent VPN Firewall Security in x Wireless Networks

Managed Services: Taking Advantage of Managed Services in the High-End Enterprise

The Cisco ASA 5500 as a Superior Firewall Solution

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Cisco Small Business ISA500 Series Integrated Security Appliances

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

Cisco Wide Area Application Services (WAAS) Software Version 4.0

IP Telephony Management

Cisco Integrated Firewall Solutions

Network Virtualization Network Admission Control Deployment Guide

Cisco Virtual Office Express

Secure Cloud-Ready Data Centers Juniper Networks

Assuring Your Business Continuity

Networking for Caribbean Development

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Cisco ASA 5500 Series SSL / IPsec VPN Edition for the Enterprise

How To Protect Your Network From Attack From A Network Security Threat

Professional Profile Company Experience & Biography SixNet Consulting Group .SixNetConsulting

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Managing Enterprise Security with Cisco Security Manager

Cyberoam Next-Generation Security. 11 de Setembro de 2015

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Cisco ASA 5500 Series VPN Edition for the Enterprise

FIREWALLS & CBAC. philip.heimer@hh.se

Internet Content Provider Safeguards Customer Networks and Services

Cisco Certified Security Professional (CCSP) 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080

Deploying a Secure Wireless VoIP Solution in Healthcare

Firewall Defaults and Some Basic Rules

Best Practices for Outdoor Wireless Security

IBM. Vulnerability scanning and best practices

Cisco Router and Security Device Manager (SDM)

Securing Cisco Network Devices (SND)

Fortigate Features & Demo

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Astaro Gateway Software Applications

Results of Testing: Juniper Branch SRX Firewalls

Cisco Branch Routers Series Network Analysis Module

Cisco Advanced Services for Network Security

Huawei One Net Campus Network Solution

Cisco IPS AIM and IPS NME for Cisco 1841 and Cisco 2800, 2900, 3800 and 3900 Series Integrated Services Routers

Cisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions

Cisco Wireless Control System (WCS)

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

Network Security Features on the Cisco Integrated Services Routers

Network Access Security. Lesson 10

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

Cisco WAAS Express. Product Overview. Cisco WAAS Express Benefits. The Cisco WAAS Express Advantage

Firewall and UTM Solutions Guide

Cisco IWAN and Akamai Intelligent Platform : Maximize Your WAN Investment

Recommended IP Telephony Architecture

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

CISCO IOS NETWORK SECURITY (IINS)

Implementing Cisco IOS Network Security

CCIE Exam Certification CCIE Routing and Switching Exam Certification Guide dec-2009

IINS Implementing Cisco Network Security 3.0 (IINS)

Cisco Medical-Grade Network: Build a Secure Network for HIPAA Compliance

MANAGED SECURITY SERVICES

Session Border Controllers in Enterprise

Transcription:

Cisco IOS Advanced Firewall Integrated Threat Control for Router Security Solutions http://www.cisco.com/go/iosfirewall Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. 1

All-in-One Security for the WAN Only Cisco Security Routers Deliver All This Secure Network Solutions Business Continuity Secure Voice Secure Mobility Compliance Integrated Threat Control 011111101010101 Advanced Firewall URL Filtering Intrusion Prevention Flexible Packet Matching Network Admission Control IEEE 802.1x Network Foundation Protection Secure Connectivity Management and Instrumentation GET VPN DMVPN Easy VPN SSL VPN Role-Based SDM NetFlow IP SLA Access 2

Integrated Threat Control Overview Industry-Certified Security Embedded Within the Network Secure Internet access to the branch office without the need for additional devices Control worms, viruses, and adware and spyware right at the remote site; conserve WAN bandwidth Protect the router itself from hacking and DoS attacks Protect data, voice and video, wired and wireless, and WAN acceleration services Branch Office Branch Office Worm and Virus Prevention Attain Distributed Defense and Rapid Response to Worms and Viruses Control Wired and Wireless User Access and Noncompliant Devices Router Protection Automated Router Lockdown Router Availability During DoS Attack Hacker Worms Choking WAN 011111101010101 Illegal Surfing Internet Small Office and Telecommuter Corporate Office Secure Internet Advanced Layer 3 to 7 Firewall P2P and IM Control Web Use Control 3

Cisco IOS Firewall Benefits Integrated perimeter and branch defense using proven Cisco IOS Software routing, quality-of-service (QoS), voice, and wireless technologies Low total cost of ownership (TCO) through integration of firewall, IPS, and other security features on a popular networking platform Protection against network and application layer exploits and threats such as denial-of-service (DoS) attacks Compliance with requirements such as PCI, Sarbanes-Oxley, and HIPAA Ease of management and deployment Numerous WAN interface and density options on Cisco routers Green technology reduced power consumption and footprint because the existing router is used 4

Cisco IOS Firewall Overview Stateful firewall: Full Layer 3 through 7 deep packet inspection Flexible embedded application layer gateway (ALG): Dynamic protocol and application engines for seamless granular control Application inspection and control: Visibility into both control and data channels to help ensure protocol and application conformance Virtual firewall: Separation between virtual contexts, addressing overlapping IP addresses Intuitive GUI management: Easy policy setup and refinement with SDM and CSM Resiliency: High availability for users and applications with stateful firewall failover WAN interfaces: Most WAN and LAN interfaces Selected List of Recognized Protocols HTTP, HTTPS, and JAVA E-mail: POP, SMTP, IMAP, and Lotus P2P and IM (AIM, MSN, and Yahoo!) FTP, TFTP, and Telnet Voice: H.323, SIP, and SCCP Database: Oracle, SQL, and MYSQL Citrix: ICA and CitrixImaClient Multimedia: Apple and RealAudio IPSec VPN: GDOI and ISAKMP Microsoft: MSSQL and NetBIOS Tunneling: L2TP and PPTP 5

SIP Protection for Secure Unified Communications Enhance the Integrity and Availability of Cisco Unified Communications Session Initiation Protocol (SIP) (RFC 3261) inspection and granular access control for voice-over-ip (VoIP) traffic across branch networks Prevent unauthorized calls, call hijacking, any SIP protocol exploits, and related DoS attacks Remove malformed packets from reaching Cisco Unified Communications Manager at the head office Maintain high availability of mission-critical IP telephony calls while upholding high level of call experience IPsec VPN to HQ Cisco IOS Firewall Router 6

Cisco IOS Firewall: Common Deployments Scenarios Split tunnel: Remote branch, retail store, and clinic Division between VPN traffic to the LAN and direct public network connection for Internet traffic Virtual firewall: Retail chains Firewall between virtual contexts (VRFs) and to the WAN Segregation of networks for photo and pharmacy with overlapping IP addresses Internet for partners: Co-location WAN connection sharing between business partners Bank ATMs at retail store locations Direct Internet connection: Small office and managed firewall Internal firewall: International financial branches Between international or untrusted locations or segments, often for compliance requirements Transparent or routed environments Wireless to wired segments 7

Cisco IOS Firewall Deployment Case Study: National Retailer VRF Photo VRF PoS VRF Data Store Router Cisco Integrated Services Router IPSec Tunnel Internet Retail Store Head Office Photo Shop Head Office Photo kiosk a potential security threat at the store media card slots Support needed for overlapping address space Multiple partners co-located at the store Direct Internet access needed for partners PCI compliance requires retail stores to firewall wired and wireless and Packetover-SONET (PoS) segments Inter-VRF routing + firewall may be enabled for wired VPN Routing and Forwarding (VRF) and wireless VRF Cisco has its retail design guide certified through a third party (CyberTrust) 8

Cisco Security Router Certifications Routers FIPS 140-2, Level 2 Common Criteria IPSec (EAL4) cisco.com/go/securitycert Firewall (EAL4) Cisco 870 Series In progress Cisco 1800 Series In progress Cisco 2800 Series In progress Cisco 3800 Series In progress Cisco 7200 Series VAM2+ Cisco 7200 Series VSA In progress In progress --- Cisco 7301 VAM2+ In progress Cisco 7600 Series IPSec VPN SPA Cisco Catalyst 6500 Series IPSec VPN SPA In progress --- In progress --- Cisco 7600 Series In progress 9

Management and Instrumentation Overview Cisco Security Device Manager Quickest way to setup a device Quickest way to set up a device Configures all device parameters Wizards Ships to with configure device firewall, IPS, VPN, QoS, and wireless Ships with device Cisco Security Manager New solution for configuring routers, appliances, and switches New user-centered design New levels of scalability Cisco Security Monitoring, Analysis and Response System (MARS) Solution for monitoring and mitigation Uses control capabilities within infrastructure to eliminate attacks Visualizes attack paths Cisco IOS Instrumentation Industry leadership in instrumentation Feeds into Cisco Security MARS Partitioned access for network and security operations teams 10

Cisco Router and Security Device Manager (SDM) Web-based device management tool for Cisco routers that simplifies router deployments and helps troubleshoot complex network and VPN connectivity problems Zone-based firewall for granular policy control between virtual zones Application control and URL filtering unique on a per-rule basis 11

Cisco Security Manager State-of-the-art user interface Multiple views to suit administrator preferences Device, policy, and topology views Unified management of multiple security services Firewall, VPN, and intrusion prevention system (IPS) Supports Cisco Integrated Services Routers, ASA, PIX, IPS Sensors, and Catalyst Service Modules Topology View Policy View Device View 12

Cisco Security Monitoring, Analysis and Response System (MARS) Cisco Security MARS Know the battlefield : Mitigation and response turnkey system Gain network intelligence Use the network you have; correlate router s NetFlow (WAN data) with firewall, intrusion detection system (IDS), and switch data Build topology and traffic-flow model Know device configuration and enforcement abilities ContextCorrelation Correlates, reduces, and categorizes events and validates incidents Allows for response Firewall Log Switch Log IDS Event Firewall Config Server Log AV Alert Switch Config NAT Config App Log Router Config NetFlow VA Scanner Correlation. Isolated Events Sessions Rules Verify Reduction Valid Incidents 13

Cisco Services and Support Cisco and its partners provide a broad portfolio of security services that help you to: Protect privacy and integrity of information Achieve and maintain regulatory compliance, Protect your network investment, Optimize network operations, and Extend the power of your business by preparing your network for new applications For more information, visit http://www.cisco.com/en/us/products/svcs/ps2961/ps2952/serv_group_home.html. 14

Cisco IOS Firewall Summary Fundamental building block for defense-in-depth approach (Layers 3 to 7) Widely deployed fully stateful firewall Common criteria (EAL4) certified Low TCO Use network investment to deploy firewall at the branches Available as part of security bundles on Cisco Integrated Services Routers Critical for compliance conformity to PCI, Sarbanes-Oxley, and HIPAA 15

16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information