Securing Your Business Network Cisco Secure Solutions Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters Cisco Systems Europe s.a.r.l. Parc Evolic, Batiment L1/L2 16 Avenue du Quebec Villebon, BP 706 91961 Courtaboeuf Cedex France http://www-europe.cisco.com Tel: 33 1 69 18 61 00 Fax: 33 1 69 28 83 26 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883 Asia Headquarters Nihon Cisco Systems K.K. Fuji Building, 9th Floor 3-2-3 Marunouchi Chiyoda-ku, Tokyo 100 Japan http://www.cisco.com Tel: 81 3 5219 6250 Fax: 81 3 5219 6001 Cisco Systems has more than 200 offices in the following countries. Addresses, phone numbers, and fax numbers are listed on the Cisco Connection Online Web site at http://www.cisco.com/offices. Argentina Australia Austria Belgium Brazil Canada Chile China Colombia Costa Rica Croatia Czech Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong Hungary India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Copyright 1999 Cisco Systems, Inc. All rights reserved. Printed in the USA. PIX is a trademark; Cisco, Cisco IOS, Cisco Systems, the Cisco Systems logo, and IOS are registered trademarks of Cisco Systems, Inc. in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any of its resellers. (9908R) ETMG 9/99 LW Lit# 953442
IDENTITY PERIMETER SECURITY DATA PRIVACY SECURITY MONITORING POLICY MANAGEMENT Securing Your Business Network: Cisco Secure Solutions Each day, forward-thinking organizations reinvent how they do business gaining competitive advantage, creating new sources of revenue, and optimizing business processes by adopting Internet-based network solutions. Doing business on the Internet, like all business practices, entails risk. Without appropriate precautions, Internet connectivity could compromise the very information assets that make companies profitable and enable them to serve customers. Network security breaches can result in damaging losses, and concerns about information security sometimes prevent enterprises from implementing the Internet-based solutions they need to stay competitive. In today s dynamic business environment, this reluctance can quickly reduce a company s growth potential and erode its competitive position. Cisco is committed to helping you build secure networks because we understand that security isn t just an afterthought it s fundamental to the success of your business. 1 Driven by the rush to e-commerce, security is rapidly becoming a mission-critical component of corporate IT infrastructure. Ted Julian Forrester Research, 1999
Secure, Intelligent Networks The Cisco Secure Vision Our vision is simple: we empower Cisco customers to safely take advantage of the Internet economy. Cisco security offerings allow organizations to securely deploy mission-critical applications and networks to gain competitive advantage. The confidence that comes from knowing that company information assets are secure is the key that can unlock explosive new Internet business opportunities and dynamic growth. Many vendors can provide a base level of scalability, connectivity, and reliability for IP networks. Cisco, however, delivers the advanced, intelligent network services required for mission-critical enterprise networks and one of the most critical network services in the new Internet business environment is security. Because most networks are built on Cisco infrastructure, we are uniquely positioned to help you secure your network. That s why we continue to add security intelligence to your Cisco infrastructure in ways that are ubiquitous, integrated, and transparent. And that s why our customers have already made us the leader in perimeter network security. E-Commerce Savings in Billions (U.S. $) North America: $654 Europe: $431 Asia: $167 Estimated Total Worldwide E-Commerce Savings by 2002 $1.26 Trillion Source: Giga Information Group (7/99) PROFIT The Cisco Secure Solution Strategy Cisco already delivers the critical security solutions that make the Internet a safe and valuable business tool. Cisco achieves this through robust security capabilities embedded in the Cisco infrastructure as well as in security-specific appliances, software, and consulting services. Advanced security features, such as dynamic policy enforcement in response to attacks and misuse, provide real-time enterprise asset protection. Embedded software Growth of Worldwide Internet Commerce on the Web $B 1,400 $1,318 Business to Consumer 1,200 Business to Business 1,000 800 $734 600 $398 400 $218 200 $112 $16 $51 0 1997 1998 1999 2000 2001 2002 2003 Source: IDC (3/99) solutions, plus hardware-based accelerators for firewalling, encryption, and intrusion detection, transform your Cisco network into a scalable, reliable infrastructure. And by employing a policy-based management approach, Cisco makes it easy to define, enforce, and audit security for users and devices throughout your enterprise. Only Cisco Secure solutions ensure that your e-commerce infrastructure, your Virtual Private Network (VPN), and your supply chain network are protected. 3 Empowering Businesses to Safely Take Advantage of the Internet Economy POTENTIAL The bottom line pay-off for companies using e-commerce to improve business performance and lower costs will soon far outweigh revenues generated from sales over the internet. Andrew Bartels Analyst, Giga Information Group Giga Forecast: E-Commerce Cost Savings, July 26, 1999 SAVINGS
eliability Critical Elements of Network Security Cisco believes that effective network security incorporates five critical elements: Identity Identity is the accurate and positive identification of network users, hosts, applications, services, and resources. Standard Cisco Secure: A Family of Network Security Offerings Cisco award-winning security products and consulting services provide the building blocks for the network security solution that your business needs. Cisco Secure PIX Firewall The Cisco Secure PIX Firewall is the world's leading firewall, providing today s network customers with unmatched reliability, scalability, and functionality. Its integrated appliance design and innovative hybrid security architecture, including stateful and proxy firewalling as well as IPSec VPN capabilities, deliver the highest levels of security and performance. The PIX Firewall handles more simultaneous connections than any other firewall, yet its speed Perimeter Security is unsurpassed. Cisco Secure Integrated Software Cisco Secure Integrated Software, available for a wide range of Cisco routers and switches running Cisco IOS software, enriches the existing security capabilities in IOS software with robust firewall, intrusion detection, Data Encryption Standard (DES) encryption, and secure administration capabilities. This integrated security solution enables sophisticated policy enforcement throughout the network and leverages an organization s investment in Cisco infrastructure. Cisco Secure Integrated VPN Software Cisco Secure Integrated VPN software, also available for a wide range of platforms running IOS software, combines IPSec VPN enhancements with robust firewall, intrusion detection, and secure administration capabilities. The VPN software adds strong Triple DES encryption and authentication through digital certificates, onetime password tokens, and pre-shared keys to the baseline Cisco Secure Integrated Software. This Cisco IOS software-based solution fully supports remote access, intranet, and extranet VPN requirements. Identity Cisco Secure VPN Client The Cisco Secure VPN Client enables secure connectivity for remote access VPNs, including e-commerce, mobile user, and telecommuting applications. It provides Microsoft Windows 95/98 and NT 4.0 users with a complete implementation of IPSec standards, including support for DES and Triple DES encryption, and authentication through digital certificates, one-time password tokens, and pre-shared keys. Cisco Secure Scanner The Cisco Secure Scanner is an enterprise-class software scanner application that allows you to identify and fix network security holes before the hackers find them. Security Monitoring This product offers superior network vulnerability and system identification, innovative data management, flexible user-defined vulnerability rules, and comprehensive security reporting capabilities. The scanner allows users to proactively measure security, to quickly prioritize risks, then to know how to eliminate security vulnerabilities detected on the network. In today s dynamic network environments, the Cisco Secure Scanner is a necessity for every network or security administrator. Cisco Secure Intrusion Detection System The Cisco Secure Intrusion Detection System is the industry s first real-time, network intrusion detection system that can protect the network perimeter, extranets, and the increasingly vulnerable internal network. The system uses sensors, which are high-speed network appliances, analyze individual packets to detect suspicious activity. If the data stream in a network exhibits unauthorized activity or a network attack, the sensors can detect the misuse in real time, forward alarms to an administrator, and remove the offender from the network. technologies that enable identification include authentication protocols such as RADIUS and TACACS+, Kerberos, and one-time password tools. New technologies such as digital certificates, smart cards, and directory services are beginning to play increasingly important roles in identity solutions. Perimeter Security This element provides the means to control access to critical network applications, data, and services so that only legitimate users and information can pass through the network. Routers and switches with access control lists and stateful firewalling, as well as dedicated firewall appliances, provide this control. Complementary tools, including virus scanners and content filters, also help control network perimeters. Data Privacy When information must be protected from eavesdropping or tampering, the ability to provide authenticated, confidential communication on demand is crucial. Sometimes, data separation using tunneling technologies, such as generic routing encapsulation (GRE) or Layer 2 Tunneling Protocol (L2TP), provides effective data privacy. Often, however, additional privacy requirements call for the use of digital encryption technology and protocols such as IPSec. This added protection is especially important when implementing VPNs. Security Monitoring To ensure that a network remains secure, it s important to regularly test and monitor the state of security preparation. Network vulnerability scanners can proactively identify areas of weakness, and intrusion detection systems can monitor and reactively respond to security events as they occur. Using security monitoring solutions, organizations can obtain unprecedented visibility into both the network data stream and the security posture of the network. Policy Management As networks grow in size and complexity, the requirement for centralized policy management tools that leverage directory services grows as well. Sophisticated tools, ones that can define, distribute, enforce, and audit the state Data Privacy of security policy through browser-based user interfaces, enhance the usability and effectiveness of network security solutions.
VPNs are the primary enabler of the Internet connect remote users, suppliers, partners, VPN economy. There is no other way for an organization to securely and cost-effectively and customers. Richard Palmer Vice President, Marketing, Enterprise Line of Business, Cisco Systems, Inc. Cisco Secure Policy Manager The Cisco Secure Policy Manager is a scalable, comprehensive security management system for Cisco Secure products. Customers can define, distribute, enforce, and audit security policies for multiple PIX Firewalls from a central location. As the management cornerstone of the Cisco end-to-end security product line, Cisco Secure Policy Manager will support the Cisco IPSec VPN, user identity/authentication, intrusion detection, and vulnerability scanning technologies. from the perspective of a disgruntled employee or contractor. In a customer engagement, Cisco compiles, analyzes, and concisely presents its findings to the client, with operational-level recommendations to better secure the enterprise network and enable it to reach its full business potential. Cisco also offers Incident Control and Recovery services a short-notice emergency deployment to customer sites when a network has suffered an attack. Cisco works with the customer to restore the network to full operations as quickly as possible. Cisco Secure Solutions: Enabling the Next Wave of Internet Business From health care and manufacturing to retail and finance, organizations that run Internet-based applications on secure, reliable Cisco networks can take their business to new levels of service and a wider range of customers. VPNs, for example, are rapidly transforming communications for the Internet economy. VPNs can enable organizations to realize dramatic cost savings while extending their networks and selectively opening IT boundaries to accommodate remote sites, telecommuters, suppliers, partners, and customers. By using Cisco Secure solutions, Cisco VPNs provide the robust perimeter security, data privacy, and intrusion detection required for important Internet-based applications. It is also no secret that Internet-based retail and business-to-business e-commerce are growing at lightning speed. More and more retailers are selling their products and services on the Internet, enabling them to easily access new customers and markets. With Cisco Secure solutions, the information that passes between you and your customers including order information, credit authorizations, and user profiles receives the highest standards of protection, including advanced encryption and authentication. 7 Total, reliable security absolutely must Intranet VPN Low cost, tunneled connections with rich VPN services, like IPSec encryption and QoS, ensure reliable throughput Home Office Remote Access VPN Secure, scalable, encrypted tunnels run across a public network using client software Policy Management be our top priority when delivering next generation services across the Internet to POP Main Office Cisco Secure Consulting Services Cisco Secure Consulting Services provide customers with unparalleled network security expertise. With a thorough background in critical information protection operations in military and commercial environments, Cisco security engineers provide Security Posture Assessments. These engagements include the comprehensive security analysis of large-scale, distributed client networks both externally from the perspective of an outside hacker and internally our business partners and clients they expect nothing less. Jack Guinan President ProxyMed.com Extranet VPN Extends WANs to business partners Remote Office Business Partner POP Mobile Worker
Ecosystem Enabling the Internet Economy Cisco Security Ecosystem The security products, technologies, and services in the Cisco Secure family are fundamental elements of a successful network security solution. But a comprehensive approach to network security must address other areas as well, creating a security ecosystem that leverages the benefits delivered by the Cisco Secure product line. This ecosystem includes several important elements, such as interoperable third-party products, implementation services, customer support, and compatible service offerings. Cisco Security Associate Program The Cisco Security Associate Program is a testing and co-marketing program that validates the interoperability of complementary, third-party security solutions with the Cisco Secure family of products. The program is designed to evolve independent products into more effective security solutions and offer trusted and tested security implementations for Cisco customers. Cisco Security Specialization The Cisco Security Specialization Program recognizes Cisco channel partners who have developed the skills required to sell, design, install, and support Cisco network security solutions for customers. As Internet business solutions are rapidly adopted, Cisco security specialization partners can meet the growing demand for critical security implementation and support services. Cisco NetWorks Cisco NetWorks is a technology licensing program that incorporates Cisco Network Foundation technologies and other enabling technologies into next-generation network access devices, including IP phones and faxes, cable modems, set-top boxes, and residential gateways. Adding strong authentication and digital encryption to these devices further extends the reach of information security beyond enterprise network devices to the home. Cisco Powered Networks The service providers who display the Cisco Powered Network mark are telling you a lot about their services. They ve earned the right to display this mark by maintaining high levels of network quality and by building their services with Cisco equipment the same equipment on which virtually all Internet traffic travels today. The services provided, therefore, are reliable and secure. Cisco Customer Support The Cisco model for service and support is based on the understanding that leveraging the power of the Internet not only speeds the resolution of networking issues, but also enables customers to access critical information quickly, to educate themselves, and to work proactively to improve overall network performance. Cisco Connection Online (CCO) is the foundation of a suite of interactive networked applications that provide immediate, open access to Cisco information, resources, and systems. Through CCO, direct customers and partners have access to a variety of applications, including the Cisco Internet Technical Support (ITS) applications, which deliver comprehensive technical support solutions online. To help achieve maximum network uptime, technical assistance is available around the clock from our Technical Assistance Center networking engineers. Security Associates Cisco NetWorks Customer Support Security Specialization Cisco Powered Network Cisco: Building and Securing Your Network The Cisco vision for security empowering Cisco customers to safely take advantage of the Internet economy is what drives our commitment to your network security and to your long-term success. Today, Cisco delivers the security solutions that enable secure internetworking by embedding robust security capabilities in Cisco infrastructure and providing a broad range of security-specific appliances, software, and consulting services. Cisco Secure solutions enable your business to cost-effectively take advantage of the Internet economy with the confidence you need to explore next-generation opportunities and the explosive growth they bring. If you want to know more about Cisco Secure products, services, and solutions, visit our Web site at www.cisco.com/go/security, or call your Cisco sales representative.