1 © 2002, Cisco Systems, Inc. All rights reserved. CIBR Security technical solution customer Cisco...

1© 2002, Cisco Systems, Inc. All rights reserved.

CIBR Security technical solution customer

Cisco Security Solutions for Small and Medium Businesses

Make your e-business secure



Agenda

• Security solution overview

• Business issues and security

• Security features and benefits

• Tell us more about your security needs

• Measuring the success of your security deployment

• Importance of the network infrastructure in deploying security

• Example business scenario

• Example network blueprints

• URLs for additional information on security



Security — Solution Overview

• What is security?

A process, not a product

An integrated system

Security requires defense in depth, which includes:

Firewalls and router access control lists (ACLs)

Network and host-based intrusion detection

Scanners

Centralized security and policy management

Authentication, authorization, and accounting (AAA), access control servers and certificate authorities

Encryption and virtual private networks (VPNs)





Security is a Process

“Security is not a product; it’s a process. You can’t just add it to a system after the fact. It’s vital to understand the real threats to a system, design a security policy commensurate with those threats, and build in appropriate security countermeasures.”

Bruce Schneier “Secrets and Lies”


CIBR Security technical solution how to sell



The Cisco SMB Security Solution – Deploy Security as an Integrated System

Secure TransportSecure TransportCard ReadersCard Readers

Security Room CCTVSecurity Room CCTV

Secured Doors and VaultsSecured Doors and VaultsSurveillance and AlarmsSurveillance and Alarms

Patrolling Security GuardPatrolling Security Guard

Firewalls and Router ACLsFirewalls and Router ACLsNetwork and Host-based

Intrusion DetectionNetwork and Host-based

Intrusion Detection ScannerScanner

Centralized Security and Policy Management

Centralized Security and Policy Management

Identity, AAA, Access Control Servers and

Certificate Authorities

Identity, AAA, Access Control Servers and

Certificate AuthoritiesEncryption and Virtual

Private Networks (VPN’s)Encryption and Virtual

Private Networks (VPN’s)



Security for Internet Business Solutions

CIBR Security technical solution how to sell

6

Customer Care Workforce Optimization

Manufacturing and Distribution

Web Marketing

Web Communication

E-Commerce

Supply ChainManagement

E-Procurement

Salesforce Automation

Financial Management



Strategic Business Drivers for Security Solutions

• Do these issues influence your business?Damage to company image after a security breach

Legal liabilities resulting from a breach

Lost revenues resulting from a breach

Need for customer/supplier confidence in doing e-business with the company

Fear of theft

Fear of fraud

Loss of employee morale

Wireless security



Today’s Network Security Threats

• Everything is a target

• Internet attacks are on the rise (Computer Security Institute & FBI Report March, 2001)

• More and better hacker tools means more hackers

• Economic impact of Internet worms and viruses

• Theft of proprietary information

• Financial fraud

• Insider abuse

• Sabotage

• Unauthorized access by insiders (worse than by outsiders)

• Unauthorized access by outsiders

• Denial of service attacks



Impact of an Improperly Secured Network ($M)

2000200020002000

Theft of proprietary informationTheft of proprietary informationTheft of proprietary informationTheft of proprietary information $ 33.6M$ 33.6M$ 33.6M$ 33.6M

11.211.211.211.2

7.97.9 7.97.9

3.73.7 3.73.7

2.12.1 2.12.1

1998199819981998

2.82.82.82.8

$ 68.2M$ 68.2M$ 68.2M$ 68.2M

5.35.35.35.3

1.61.61.61.6

$ 66.7M$ 66.7M$ 66.7M$ 66.7M

56.056.056.056.0

29.229.2 29.229.2

28.028.028.028.0

27.127.127.127.1

8.28.28.28.2

$ 232.7M$ 232.7M$ 232.7M$ 232.7M

10.410.410.410.4

7.17.17.17.1

Financial fraudFinancial fraudFinancial fraudFinancial fraud

VirusVirusVirusVirus

Insider net abuseInsider net abuseInsider net abuseInsider net abuse

SabotageSabotageSabotageSabotage

Laptop theftLaptop theftLaptop theftLaptop theft

Denial of service attacksDenial of service attacksDenial of service attacksDenial of service attacks

System penetration by outsidersSystem penetration by outsidersSystem penetration by outsidersSystem penetration by outsiders

TotalTotalTotalTotal

Source: FBI 2000 Report on Computer Crime



The Pain Caused by Downtime

• Revenue loss

• Customer dissatisfaction

• Lost productivity

• Brand dilution

• Legal liability

• Financial performance

Source: Meta Group, November 2001

EnergyEnergyEnergyEnergy $2,817,846$2,817,846$2,817,846$2,817,846

CommunicationsCommunicationsCommunicationsCommunications $2,066,245$2,066,245$2,066,245$2,066,245

ManufacturingManufacturingManufacturingManufacturing $1,610,654$1,610,654$1,610,654$1,610,654

Financial institutionsFinancial institutionsFinancial institutionsFinancial institutions $1,495,134$1,495,134$1,495,134$1,495,134

Information technologyInformation technologyInformation technologyInformation technology $1,344,461$1,344,461$1,344,461$1,344,461

InsuranceInsuranceInsuranceInsurance $1,202,444$1,202,444$1,202,444$1,202,444

RetailRetailRetailRetail $1,107,274$1,107,274$1,107,274$1,107,274

Industry SectorIndustry SectorIndustry SectorIndustry Sector Lost Revenue Lost Revenue per Hourper Hour

Lost Revenue Lost Revenue per Hourper Hour



Features

• Secure connectivity

• Perimeter security

• Controlled access

• Surveillance and alarms

• Security monitoring

• Centralized security policy management

• Centralized security device management

• Identity

• Secure transport



Benefits

• Secure connectivity over public networks

• Restricted access to network resources

• Protection against network attack and misues

• Ability to find and close security holes before hackers find them

• Ability to identify users and what they are permitted to do on the network

• Simplified management of security policies and devices



Tell Us More

• In the event of disruption, can you:

Ensure critical systems and networks are continuously available?

Restore mission critical applications?

Provide uninterrupted workforce productivity with a secure instant office?

• What’s the impact of not properly securing your network in terms of cost? ...credibility? ...productivity? ...viability? ...liability?

• How much revenue loss caused by downtime can you afford? How much customer dissatisfaction caused by downtime can you afford? How much lost productivity? ...brand dilution? ...legal liability? ...reduced financial performance?



Security — Measuring Success

• Establish success metrics in advance

• Metrics to consider:

Revenue loss

Customer dissatisfaction

Lost productivity

Legal liability

Financial performance

Number of security incidents

Disruption of services

Unauthorized access

Information theft

Number and severity of virus attacks

Number and severity of Distributed Denial of Service (DDoS) attacks



SMB Security CharacteristicsSMB Security

CharacteristicsNetworking ImplicationsNetworking Implications

The Importance of the Network Infrastructure

Routers, firewalls, VPNsRouters, firewalls, VPNs

Access control lists (ACLs), firewalls Access control lists (ACLs), firewalls

AAA, access control servers (ACS), certificate authorities, public key infrastructure (PKI)

AAA, access control servers (ACS), certificate authorities, public key infrastructure (PKI)

Centralized security device and policy managementCentralized security device and policy management

Secure connectivitySecure connectivity

Security monitoringSecurity monitoring

Perimeter securityPerimeter security

IdentityIdentity

Security managementSecurity management

Network and host-based intrusion detection systems (IDS)Scanners

Network and host-based intrusion detection systems (IDS)Scanners





Security — Business Scenario

• Company: Southern California graphic design agency

• Challenge:

• Clients demand aggressive scheduling for their high-profile projects. Sending a job back and forth for repeated reviews and changes extended project completion time and exposed creative materials to the possibility of loss or damage. Need to offer the flexibility and capacity to accommodate a continually changing and growing community of partners and customers.

• Solution:• Adding VPN capability to its existing Cisco network enabled the agency to

exchange creative materials over the public Internet with the same level of security, manageability, and quality of service as a private network — at a fraction of the cost.

• Results:• Reduced courier charges by more than 75%• Reduced total turnaround time for projects• VPN access to select major accounts results in closer customer relationships• Mobile employees connect to the office network



SMB Security Deployment Blueprint – 100 Users or Fewer

InternetMain business location

Teleworker/remote access

Secure corporate servers

Web server

Catalyst stackable switch with Secure

LAN features

10/1

00 E

ther

net

Cisco broadband router with firewall and VPN

Desktops/laptops with Cisco VPN Client andthird-party anti-virus

software

DM

Z

LA

N

ISDN, cable, xDSL

Broadband access

modems

Desktops/laptops with third-party anti-virus software


WAN

Cisco® modular access router or cable

access router with IOS firewall and VPN

This network blueprint is intended to be an educational resource and a starting point in planning your network solution; it is not a final recommendation from Cisco. To determine the deployment most appropriate for your company we suggest you work with a Cisco representative, Cisco channel partner or a solutions provider.



SMB Security Deployment Blueprint – 100 Users or Fewer

InternetMain business location


Secure corporate servers

Web server

Cisco® 1700, 2600 or uBR925 with firewall and

VPN

Catalyst® 2950 with Secure LAN features

10/1

00 E

ther

net

Cisco 806 with firewall and VPNDesktops/laptops with

Cisco VPN Client andthird-party anti-virus

software

DM

Z

LA

N

ISDN, cable, xDSL

Broadband access

modems



WAN




SMB Security Deployment Blueprint – 100 to 500 Users

Internet

Main business location

Desktops/laptops with third-party anti-virus

software

Web server with Cisco IDS

10/1

00 E

ther

net

DM

Z

LA

N

ISDN, cable, xDSL

Desktops/laptops with third-party anti-

virus software

Catalyst switch with in-line power, with Secure

LAN features

Cisco Aironet Wireless Access Point

Fractional T1, T1, multi-T1 services

Cisco ACS using Remote Dial-In User Service (RADIUS)

SiSi

Cisco VPN concentrator

Cisco PIX firewall

Catalyst switch with Secure LAN features

Secure corporate servers with

Cisco IDS

Cisco PIX firewall

Broadband access modems

Cisco modular access router with IOS firewall and VPN

Branch office (fewer than 100 users)


LAN features


virus software


Cisco Aironet

NICs

WAN


Cisco modular access router with firewall and VPN


LAN features

Cisco access router or cable access router with IOS firewall and VPN


LAN features





Internet



software

10/1

00 E

ther

net

DM

Z

LA

N

ISDN, cable, xDSL


virus software

Catalyst 2950 with Secure LAN features

Catalyst 3524-PWR XL with Secure LAN

features

Cisco Aironet® 1200 Access Point


Cisco ACS using Remote Dial-In User Service (RADIUS)

SiSi

Cisco VPN 3005

Cisco PIX® 515

Catalyst 2950 with Secure LAN

features Catalyst 3550 or 4000 with Secure LAN features


Cisco IDS

Cisco PIX 501 with Firewall and VPN

Broadband access modems

Cisco uBR925, 803, or 827 with firewall and VPN

Cisco 1700 or 2600 with firewall and VPN



features


virus software

Cisco VPN 3002

Cisco Aironet

NICs

WAN


Cisco 2600/3700 with firewall and VPN






Internet



software


10/1

00 E

ther

net

DM

Z

LA

N

ISDN, cable, xDSL

Desktops/laptops with third-party

anti-virus software


LAN features

Catalyst switch with in-

line power

Cisco Aironet Access Point

SiSi


Cisco PIX firewall


LAN features


Cisco IDS

Cisco IP Phone

Cisco PIX firewall with firewall and VPN

Broadband access modem


virus software

Cisco modular access router or cable access router with firewall and VPN


Cisco IP Phone

Cisco Aironet Access Point

Cisco IP Phone

Catalyst switch with

in-line power

IP call processing

SiSi

WAN



Cisco ACS using RADIUS

Catalyst switch with Secure LAN features

Cisco modular access router or cable access router with firewall and VPN

Cisco modular access router with IOS firewall and VPN

Cisco modular access router with firewall and VPN






Internet



software10/1

00 E

ther

net

DM

Z

LA

N

ISDN, cable, xDSL

Desktops/laptops with third-party

anti-virus software

Catalyst 2950 with Secure LAN features

Catalyst 3524-PWR XL with Secure LAN

features

Cisco Aironet 1200 Access Point

SiSi

Cisco VPN 3005

Cisco PIX 515 or 525Cisco

2600/3700with firewall and VPN


features Catalyst 3550 or 4000 with Secure LAN features


Cisco IDS

Cisco 7490/7960 IP

Phone

Cisco PIX 501 with firewall and VPN

Broadband access modem


virus software

Cisco uBR925, 803, or 827 with firewall and VPN

Cisco uBR925, 803, or 827 with firewall

Cisco VPN 3002

Cisco 7905/7910 IP Phone

Cisco Aironet 1200 Access

Point

Cisco 7490/7960 IP Phone

Catalyst 3524-PWR XL with Secure

LAN features

IP call processing

Cisco 1700, 2600, or 3700 with firewall and VPN

SiSi

WAN



Cisco ACS using RADIUS






SMARTnet and SMARTnet Onsite

• What is SMARTnet/SMARTnet Onsite?

Cisco’s Technical Support Service, available direct and through resale

• What does it offer?

Operating system software updates (including IOS) -- major, minor, and maintenance releases

24x7x365 access to highly skilled networking personnel (TAC) via phone, email, and web

Access to Self Help technical repositories on-line

Advance parts replacement in as little as two hours

Onsite field engineers available in as little as two hours (OSS) to assist in hardware replacement



Why Cisco for SMB Security?

• No one knows your network, the Internet, or security better

• Compatibility with the installed Cisco base (80% of the Internet)

• Significant savings from a single-vendor solution

• Excellent quality, standards-based development, and certified products –

• Network intelligent, integrated security solutions

• Key partnerships and worldwide security industry leadership

• Market-leading solutions, services, and support



Important URLs

• Cisco security overview

• www.cisco.com/go/security

• Cisco SAFE documents

• www.cisco.com/go/safe

• VPN ROI calculator

• www.cisco.com/go/evpn

• Reseller support Web site

• www.cisco.com/go/vsec

• Cisco Secure Encyclopedia

• www.cisco.com/go/csec

• www.cisco.com/go/securitypartners

• www.cisco.com/go/netpro

• www.cisco.com/go/securitytrng

• www.cert.org

• www.happyhacker.org

• www.infosecuritymag.com



© 2001, Cisco Systems, Inc.

www.cisco.com/warp/public/779/smbiz/iroadmap/solutions.html

CIBR Security technical solution customer26

Date post:	18-Dec-2015
Category:	Documents
View:	215 times
Download:	1 times

1 © 2002, Cisco Systems, Inc. All rights reserved. CIBR Security technical solution customer Cisco...

Documents