Date post: | 24-Dec-2015 |
Category: |
Documents |
Upload: | felix-arnold-pitts |
View: | 212 times |
Download: | 0 times |
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved.
THIS IS THE POWER OFTHIS IS THE POWER OFCISCO SECURITY.CISCO SECURITY.
now.
222© 2003, Cisco Systems, Inc. All rights reserved.
End – to – End SecurityEnd – to – End Security
This presentation highlights how every device on a Cisco Powered Network can be locked down to perform Defense in Depth.
This multilayered approach presents an extremely difficult target to:
Hackers Unauthorized Access
Worms Rogue Devices
Viruses Spoofing Attacks
DoS / DDoS attacks
This presentation highlights how every device on a Cisco Powered Network can be locked down to perform Defense in Depth.
This multilayered approach presents an extremely difficult target to:
Hackers Unauthorized Access
Worms Rogue Devices
Viruses Spoofing Attacks
DoS / DDoS attacks
333© 2003, Cisco Systems, Inc. All rights reserved.
Threats Can be From Internal SourcesThreats Can be From Internal Sources
InternalMost expensive attacks come from inside (Up to 10x more costly)
Accidental:Misconfiguration
InternalMost expensive attacks come from inside (Up to 10x more costly)
Accidental:Misconfiguration
Source: CSI / FBI Security Study 2003
444© 2003, Cisco Systems, Inc. All rights reserved.
Threats Also Come from External SourcesThreats Also Come from External Sources
External78% of Attacks Come fromInternet Connection
(up from 57% in 1999)
External78% of Attacks Come fromInternet Connection
(up from 57% in 1999)
Source: CSI / FBI Security Study 2003
555© 2003, Cisco Systems, Inc. All rights reserved.
Threats Can Already Be Known to You…Threats Can Already Be Known to You…
KnownGood Security Practices AllowYou to Protect Yourself Against“Known” Threats
KnownGood Security Practices AllowYou to Protect Yourself Against“Known” Threats
666© 2003, Cisco Systems, Inc. All rights reserved.
Or Unknown …Or Unknown …
UnknownHow Can You Protect YourselfAgainst SomethingYou Don’t Know About
UnknownHow Can You Protect YourselfAgainst SomethingYou Don’t Know About
777© 2003, Cisco Systems, Inc. All rights reserved.
Threat from HackersThreat from Hackers
• 2,524 new vulnerabilities discovered in 2002
• Many recently discovered vulnerabilities remain highly viable targets for future threats
• “Blended threats” present the greatest risk
• Companies experience 30+ attacks per week
• 2000% increase (’99-’02) in financial losses from hacker-caused denial of service
$65.6M in reported cost (2002)
• 2,524 new vulnerabilities discovered in 2002
• Many recently discovered vulnerabilities remain highly viable targets for future threats
• “Blended threats” present the greatest risk
• Companies experience 30+ attacks per week
• 2000% increase (’99-’02) in financial losses from hacker-caused denial of service
$65.6M in reported cost (2002)
888© 2003, Cisco Systems, Inc. All rights reserved.
Threat from TheftThreat from Theft
• Theft of proprietary information causes greatest financial loss: $2.7M per incident (2003)
• 90% of respondents detected computer security breaches within last 12 monthsSource: CSI / FBI Security Study 2003
“The average amount of money, as a % of revenue, that companies spend on IT security is .0025 % or slightly less than they spend on coffee.”Richard ClarkeFormer Special Advisor to the President for Cyberspace Security
999© 2003, Cisco Systems, Inc. All rights reserved.
Threat EvolutionThreat Evolution
GlobalInfrastructur
eImpact
RegionalNetworks
MultipleNetworks
IndividualNetworks
IndividualComputer
GlobalInfrastructur
eImpact
RegionalNetworks
MultipleNetworks
IndividualNetworks
IndividualComputer
Target and Scope of Damage
Target and Scope of Damage
1st Gen• Boot viruses
1st Gen• Boot viruses
WeeksWeeks 2nd Gen• Macro viruses• Email • DoS• Limited
hacking
2nd Gen• Macro viruses• Email • DoS• Limited
hacking
DaysDays3rd Gen• Network DoS• Blended threat
(worm + virus+ trojan)
• Turbo worms • Widespread
system hacking
3rd Gen• Network DoS• Blended threat
(worm + virus+ trojan)
• Turbo worms • Widespread
system hacking
MinutesMinutes
Next Gen• Infrastructure
hacking • Flash threats• Massive
worm driven DDoS
• Damaging payload worms
Next Gen• Infrastructure
hacking • Flash threats• Massive
worm driven DDoS
• Damaging payload worms
SecondsSeconds
1980s1980s 1990s1990s TodayToday FutureFuture
101010© 2003, Cisco Systems, Inc. All rights reserved.
The Sapphire Worm or “Slammer”The Sapphire Worm or “Slammer”
2681111 0
• Infections doubled every 8.5 seconds
• Infected 75,000 hosts in first 11 minutes
• Caused network outages, cancelled airline flights and ATM failures
• Infections doubled every 8.5 seconds
• Infected 75,000 hosts in first 11 minutes
• Caused network outages, cancelled airline flights and ATM failures
Cisco Responded in 10
At Peak,Scanned 55 Million Hosts per Second
At Peak,Scanned 55 Million Hosts per Second
Minutes after ReleaseMinutes after Release
111111© 2003, Cisco Systems, Inc. All rights reserved.
How Cisco Stopped “Slammer”How Cisco Stopped “Slammer”
RESULT: No infections found within CiscoRESULT: No infections found within Cisco
00:0300:03 00:10 00:10 00:3000:3000:00 00:0600:06
SlammerlaunchedSlammerlaunched
“Unusual” traffic verifiedand triggered alarm
Anomaly detection technology identified “unusual” trafficAnomaly detection technology identified “unusual” traffic
Locked down the appropriate ports (inside and outside Cisco)
Corporate networks, internal nets, LANs etc
Vulnerability Scan of Cisco’s network
(200+ systems identified as vulnerable internally)
Cisco Security AgentStops Threat on Protected Hosts
00:00
121212© 2003, Cisco Systems, Inc. All rights reserved.
Security Paradigm is ChangingSecurity Paradigm is Changing
• Security is no longer a “product level” proposition. Security is tied directly to the business proposition
• Server and desktop management Increasing number of vulnerabilities Must scale to thousands in large Enterprises
• Legacy endpoint security TCO challenge Reactive products force deployment of multiple agents and management paradigms to update
• Day Zero Damage Rapidly propagating attacks (Slammer and Blaster) happen too fast for reactive products to handle - an automated security system is needed
• Security is no longer a “product level” proposition. Security is tied directly to the business proposition
• Server and desktop management Increasing number of vulnerabilities Must scale to thousands in large Enterprises
• Legacy endpoint security TCO challenge Reactive products force deployment of multiple agents and management paradigms to update
• Day Zero Damage Rapidly propagating attacks (Slammer and Blaster) happen too fast for reactive products to handle - an automated security system is needed
131313© 2003, Cisco Systems, Inc. All rights reserved.
Deploy Security as an Integrated SystemDeploy Security as an Integrated System
Secure TransportSecure TransportCard ReadersCard ReadersSecurity Room CCTVSecurity Room CCTV
Secured Doors and VaultsSecured Doors and VaultsSurveillance and AlarmsSurveillance and Alarms Patrolling Security GuardPatrolling Security Guard
Firewalls and Router ACLsFirewalls and Router ACLsNetwork and Host-based
Intrusion DetectionNetwork and Host-based
Intrusion Detection ScannerScanner
Centralized Security and Policy Management
Centralized Security and Policy Management
Identity, AAA, Access Control Servers and
Certificate Authorities
Identity, AAA, Access Control Servers and
Certificate Authorities
Encryption and Virtual Private Networks (VPN’s)
Encryption and Virtual Private Networks (VPN’s)
141414© 2003, Cisco Systems, Inc. All rights reserved.
Security is a Systematic ProcessSecurity is a Systematic Process
Vulnerabilities and Risk
Assessment
Vulnerabilities and Risk
Assessment
Architecture Design and
Implementation
Architecture Design and
Implementation
Security Policy/ Procedures
Security Policy/ Procedures
Deploy Security Policy
Deploy Security Policy
Surveillance, Monitoring, Audit &
Analysis
Surveillance, Monitoring, Audit &
Analysis
Incident ResponseIncident
Response
Corrective ActionCorrective Action
Forensic AnalysisForensic Analysis
© 2002, Cisco Systems, Inc. All rights reserved. 141414
Central SecurityManagement
Central SecurityManagement
151515© 2003, Cisco Systems, Inc. All rights reserved.
Cisco Security Strategy Evolution
Severity ofSecurity Threats
Severity ofSecurity Threats
1990s1990s 20002000 TodayToday FutureFuture
• Integrated security RoutersSwitchesAppliancesEndpoints
• FW + VPN + IDS• Anomoly detection• Integrated
management software
• Evolving advanced services
• Integrated security RoutersSwitchesAppliancesEndpoints
• FW + VPN + IDS• Anomoly detection• Integrated
management software
• Evolving advanced services
• Security appliances
• Enhanced router security
• Separate management software
• Security appliances
• Enhanced router security
• Separate management software
• End to End Protection
• Application oriented (per port basis)
• Security aware elements
• Self-protecting• Self-managing
• End to End Protection
• Application oriented (per port basis)
• Security aware elements
• Self-protecting• Self-managing
• Basic router security
• Command line interface
• Basic router security
• Command line interface
• End to End Protection
• Application oriented (per port basis)
• Security aware elements
• Self-protecting• Full suite of
advanced services
• End to End Protection
• Application oriented (per port basis)
• Security aware elements
• Self-protecting• Full suite of
advanced services
Intelligent Information Networks
Intelligent Information Networks
Fully Integrated Security
Fully Integrated Security
161616© 2003, Cisco Systems, Inc. All rights reserved.
Cisco Systems is the only vendor that can provide you security on
every point of your network
VPN
End-to-End SecurityEnd-to-End Security
171717© 2003, Cisco Systems, Inc. All rights reserved.