22
Denis Donnelly Cybersecurity Specialist March 2018 Cybersecurity Strategy: An Integrated Approach It’s a matter of trust
Denis Donnelly
Cybersecurity SpecialistMarch 2018
Cybersecurity Strategy: An Integrated ApproachIt’s a matter of trust
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Can the Network Infrastructure be trusted?
2
Physical IsolationLocked Cabinets
Limited staff accessProprietary HW & SW
10 Years Ago Today
Risk
Physical Barriers Break Down
Staff Related Breaches Grow
Attackers are Professional
Nation-State Criminal Political Insider
Social Engineering Outsourcing
Internet Cloud Virtualization Open-Source
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
3BRKARC-1010
Chuck Robbins, CEO Cisco Systems
“Security is and will remain one of our absolute highest priorities.”
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
175+global government
certifications
150+Cisco product lines
with Trustworthy
Technologies
80+ Red Team
20 Research Partnerships in 5 countries
70,000+Employees
Sign Code
of Conduct
every year
14,
230
Security-specific
Enterprise
InfoSec/DP policies,
Audits
Security Advocates900+
35K+ Security Ninjas
Incident Responders100+
Mandatory Secure Development Lifecycle
Value Chain Security Program
Data Protection Program
Cisco Investment in Explicit Trust
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
A Security-Based
Culture
Verify Platform
Integrity
Protect the
Network
Building a Cyber-Resilient Network with Trustworthy Systems
Embedded Security Evidence of TrustBuilt for
Today’s
Threats
Security Expertise
& Innovation
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Trustworthy Systems Levels
Platform
Integrity
Protect
the NetworkISE StealthwatchIP Source Guard ACLs
uRPFDHCP Snooping Port Security
Device Level Attack Protection
Intrusion Detection TrustSec FnF
Security
Culture
PSIRT Advisories
Security Training
Product Security Baseline
Threat Modeling
Open Source Registration
Supply Chain Management
Solution Level Attack Protection
Counterfeit Protections
Runtime Defenses
Secure Boot
ModernCrypto
Image Signing
Hardware Trust Anchor
Secure DeviceOnboarding
OS Validation
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Secure Development Lifecycle (CSDL)
Perform
GAP
AnalysisRegister and
Update Third
Party Software
Identify and
Address
Security
ThreatsPreventSecurityAttacks
Detect
Security
Defects
ValidateRequirementsand Resiliency
Address risks: eliminate, mitigate,
manage
Eliminate preventable defect escapes
Use best-in-class security and data
protection/privacy tool sets
Integrate security & data protection /
privacy into build systems/workflow
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Third Party SoftwareFundamentals
Minimize exposure by
• Perform gap analysis
• Establish maintenance plan
• Verify no backdoors
• Address all known vulnerabilities before FCS
Manages third party security alerts
• Register components with in a centralized database
• Contract support for critical security fixes
Planned response to security issues
• Follow established maintenance plan
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security Awareness: Cisco Security Training
Practical application of security principles, techniques, and
implementation of role-specific CSDL elements; advanced
understanding of security concepts
Recognized security leader providing ongoing, significant contributions
internally at Cisco and externally in the industry
Lead on projects to improve product security; mentor other engineers
in increasing Security IQ
Familiarity with basic security vocabulary
and concepts; basic knowledge of Cisco
Secure Development Lifecycle
Drive change to improve trustworthiness; act upon the knowledge
within white and green belt
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Trustworthy Systems Levels
Platform
Integrity
Protect
the NetworkISE StealthwatchIP Source Guard ACLs
uRPFDHCP Snooping Port Security
Device Level Attack Protection
Intrusion Detection TrustSec FnF
Security
Culture
PSIRT Advisories
Security Training
Product Security Baseline
Threat Modeling
Open Source Registration
Supply Chain Management
Solution Level Attack Protection
Counterfeit Protections
Runtime Defenses
Secure Boot
ModernCrypto
Image Signing
Hardware Trust Anchor
Secure DeviceOnboarding
OS Validation
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Jai Vijayan, DARKReading.
Software Modification on Network Elements
“In a troubling new development, threat actors looking
for different ways to break into and remain undetected
on enterprise networks appear to have begun targeting
routers connecting businesses to the Internet.”
BRK 1
1
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
12
Image Signing: How It WorksSigning
01000101
110011Hash Function
Signing Hash With Cisco Private Key
Embed Signature to the Software
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
13
Image Signing: How It WorksVerification
Hash Function 01000101
110011
Verify Signature Hash With Cisco Public Key
01000101
110011
Hash is Compared to Verify Authenticity
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Attacking the Boot Sequence
BIOS
Fetch Firmware Instruction set
Operating System
Start-up Operating System
Changing the boot interface Booting from alternate device Bypassing Integrity checks Adding persistent code
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure Boot Starts from Protected Code
Firmware Instruction Set (Boot Code) must be protected against an unauthorized modification from outside
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Only authentic signed Cisco software boots up on a Cisco platform
The boot process stops if any step fails to authenticate
IOS “show software authenticity” command illustrates the results
Cisco Secure BootAnchors Secure Boot in Hardware to Create a Chain of Trust
Cisco Secure BootBoot Code Integrity Anchored in Hardware
Step 1
HardwareAnchor
Microloader
CPU
Microloader
Step 2
Microloaderchecks
bootloader
CPU
Bootloader
Step 3
Bootloaderchecks OS
CPU
OS
Step 4
OS launched
Software Authenticity:
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Trust Anchor Module (TAm)Hardware-based Trust Anchor
Anti-Theft & Anti-Tamper Chip Design
Built-In Crypto Functions
Immutable Identity with IEEE 802.1AR (Secure
UDI- X.509 cert)
Secure Storage for Certificates and Objects
Certifiable Entropy for Random Number Generation
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Counterfeiting is Real
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
*
*
How They Come Together: Cisco Secure Boot and Trust Anchor module Validating the Authenticity of Software Followed by Hardware
Step 1
Microloader
CPU
Microloader
Step 2
Microloaderchecks Bootloader
CPU
Bootloader
Step 3
Bootloaderchecks OS
CPU
OS
Step 4
OS launched
Trust Anchormodule
Step 5
Authenticity andlicense checks
CPU
OS
Trust Anchormodule
Step 6
Trust Anchor module providescritical services
CPU
OS
Software authenticity checkHardware authenticity check
* The first instructions that run on a CPU are either stored in immutable hardware so that they cannot be tampered with or are validated by the hardware
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Trustworthy SystemsSecure by Design
Evidence
of Trust
Holistic
ApproachSecurity Expertise
and Innovation
Built for
Today’s Threats
Organizations require a cyber-resilient network foundation for digitization
https://trust.cisco.com
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Q & A
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
