Self-Defending Networks
description
Transcript of Self-Defending Networks
Self-Defending Self-Defending NetworksNetworks
By-By- Aseem Khan Aseem Khan Adeeb Akhil Shahi Adeeb Akhil Shahi Mohammed SohailMohammed Sohail Saiprasad H BevinakattiSaiprasad H Bevinakatti
Cisco Self-Defending Network Cisco Self-Defending Network (CSDN) Concept(CSDN) Concept
A systems-based solution that allows A systems-based solution that allows entities to use their existing entities to use their existing infrastructure in infrastructure in new waysnew ways to: to:• Reduce windows of vulnerabilityReduce windows of vulnerability• Minimize the impact of attacksMinimize the impact of attacks• Improve overall infrastructure Improve overall infrastructure
availability and reliabilityavailability and reliability
Today’s Organizational Today’s Organizational ChallengesChallenges
Due to continued economic Due to continued economic challenges organizations and challenges organizations and employees need to be more employees need to be more productive.productive.
More and more employees need to More and more employees need to work and communicate while mobile work and communicate while mobile and and not infectnot infect the company with the company with viruses. (counter productive)viruses. (counter productive)
Organizations need to better defend Organizations need to better defend against threats, vulnerabilities, events against threats, vulnerabilities, events and adopt a defense-in-depth and adopt a defense-in-depth strategy.strategy.
Organizations need to maximize Organizations need to maximize return on investment of their limited return on investment of their limited IT budgets to improve productivity, IT budgets to improve productivity, mobility, and secure the assets of the mobility, and secure the assets of the business.business.
The Growing Need for Security Solutions
Data LossRegulatoryCompliance
Malware
A Systems Approach to Streamline IT Risk Management for Security and ComplianceA Systems Approach to Streamline IT Risk Management for Security and Compliance
Sophistication of Hacker Tools
Packet Forging/ Spoofing
19901980
Password Guessing
Self Replicating Code
Password Cracking
Back Doors
Hijacking Sessions
Sweepers
Sniffers
Stealth Diagnostics
Technical Knowledge Required
High
Low 2000
DDOS
NewInternet Worms
Threat Capabilities
Disabling Audits
Exploiting Known Vulnerabilities
SYSTEM LEVEL SYSTEM LEVEL SOLUTIONSSOLUTIONS
• EndpointsEndpoints
• NetworkNetwork
• ServicesServices
SECURITY TECHNOLOGYINNOVATION
SECURITY TECHNOLOGYINNOVATION
• Endpoint SecurityEndpoint Security• Application FirewallApplication Firewall• SSL VPNSSL VPN• Network AnomalyNetwork Anomaly
INTEGRATED SECURITY
INTEGRATED SECURITY
• Secure Connectivity• Threat Defense• Trust & Identity
• Secure Connectivity• Threat Defense• Trust & Identity
An initiative to dramatically improve the network’s ability to identify, prevent, and adapt
to threats
An initiative to dramatically improve the network’s ability to identify, prevent, and adapt
to threats
Self Defending Network Strategy
Improve the network’s ability to identify, prevent,
and adapt to threats
Improve the network’s ability to identify, prevent,
and adapt to threats
Cisco’s Integrated Network Security Cisco’s Integrated Network Security SystemsSystems
Thr
eat
Def
ense
Defend the Edge:• Integrated Network FW+IDS
Detects and Prevents External Attacks
Protect the Interior: • Catalyst Integrated Security
Protects Against Internal Attacks
Guard the Endpoints:• Cisco Security Agent (CSA)
Protects Hosts Against Infection
Tru
st a
nd
Iden
tity Verify the User and Device:
• Identity-Based Networking/NACControl Who/What Has Access
Secure the Transport:• IPSec VPN• SSL VPN• MPLS
Protects Data/Voice Confidentiality
Sec
ure
Com
m.
IntranetInternet
CSDN Concept (cont.)CSDN Concept (cont.)
CSDN also helps create autonomous CSDN also helps create autonomous systems that can quickly react to an systems that can quickly react to an outbreak with little to no human outbreak with little to no human interventionintervention
Why do we need CSDN’s?Why do we need CSDN’s?
Evolution of networkEvolution of networkEvolution of Evolution of attacks on networksattacks on networks
Traditional approachTraditional approachDefense-in-Defense-in-depthdepth• Proactive defense mechanismsProactive defense mechanisms
CSDN approachCSDN approach• Adaptive defense mechanismsAdaptive defense mechanisms
Why do we need CSDN’s? (cont.)Why do we need CSDN’s? (cont.)
Proactive defense mechanisms…not Proactive defense mechanisms…not obsolete, simply inefficient in obsolete, simply inefficient in responding to breeches in network responding to breeches in network securitysecurity
Proactive solutions Proactive solutions frontloadfrontload defense mechanismsdefense mechanisms
Proactive Defense ExampleProactive Defense Example
Internet
Outer Firewall
DMZ
Inner Firewall
InternalCorp.
Network
Servers (e.g. web, e-mail, proxy)
DevelopmentNetwork
Why do we need CSDN’s? (cont.)Why do we need CSDN’s? (cont.)
Adaptive Solutions…focus isn’t solely Adaptive Solutions…focus isn’t solely on preventing network attackson preventing network attacks
Attempt to effectively:Attempt to effectively:• DetectDetect• RespondRespond• RecoverRecover
Little to no adverse effect on the Little to no adverse effect on the network and its usersnetwork and its users
Why do we need CSDN’s? (cont.)Why do we need CSDN’s? (cont.)
Key elements of an adaptive Key elements of an adaptive solution:solution:• Remain active at all timesRemain active at all times• Perform unobtrusivelyPerform unobtrusively• Minimize propagation of attacksMinimize propagation of attacks• Quickly respond to as-yet unknown Quickly respond to as-yet unknown
attacksattacks
Foundation of a CSDNFoundation of a CSDN
1.1. Endpoint ProtectionEndpoint Protection
2.2. Admission ControlAdmission Control
3.3. Infection ContainmentInfection Containment
4.4. Intelligent Correlation and Incident Intelligent Correlation and Incident ResponseResponse
5.5. Inline IDS and Anomaly DetectionInline IDS and Anomaly Detection
6.6. Application Security and Anti-X Application Security and Anti-X DefenseDefense
Endpoint ProtectionEndpoint Protection
You are only as strong as your weakest You are only as strong as your weakest linklink
One non-sanitized end-user system One non-sanitized end-user system connected behind a robust, efficient connected behind a robust, efficient defense can spell D-O-O-M for a networkdefense can spell D-O-O-M for a network
Cisco Security AgentCisco Security Agent• Point of presence on end user systems that Point of presence on end user systems that
enables efficient exchange of valuable network enables efficient exchange of valuable network threat information as it occursthreat information as it occurs
• Endpoint system virus, worm Endpoint system virus, worm detection/protectiondetection/protection
Admission ControlAdmission Control
Not only core component of a CSDN, but Not only core component of a CSDN, but incorporated into other technologies by incorporated into other technologies by over 30 industry-leading vendorsover 30 industry-leading vendors
Network Admission Control (NAC) assists Network Admission Control (NAC) assists in determining the level of access to grant in determining the level of access to grant an end-user system in accordance with the an end-user system in accordance with the security policy when it initially joins the security policy when it initially joins the networknetwork
NAC also assists in managing end-user NAC also assists in managing end-user system’s compliance with security patches system’s compliance with security patches and updatesand updates
Infection ContainmentInfection Containment
The ability to identify non-compliant The ability to identify non-compliant systems or network attacks as they systems or network attacks as they occur and react appropriately, occur and react appropriately, minimizing the effect of the breechminimizing the effect of the breech
Potentially the #1 core component of Potentially the #1 core component of a secure system belonging to a CSDNa secure system belonging to a CSDN
Intelligent Correlation and Incident Intelligent Correlation and Incident ResponseResponse
Services that provide the ability to Services that provide the ability to exchange:exchange:• Event informationEvent information• Implications of an event occurringImplications of an event occurring• Necessary actions to takeNecessary actions to take• The appropriate nodes or systems to enforce The appropriate nodes or systems to enforce
actions in real-timeactions in real-time These services aide in adapting to changes These services aide in adapting to changes
and countering attacks that are occurring in and countering attacks that are occurring in the network the network as they occur rather than as they occur rather than after they occurafter they occur
Application Security and Anti-X Application Security and Anti-X DefenseDefense
A menagerie of application layer A menagerie of application layer security products that address the security products that address the “ever-evolving” classes of threats “ever-evolving” classes of threats which are not effectively addressed which are not effectively addressed by traditional firewall and network by traditional firewall and network IDS productsIDS products
Threat examples:Threat examples:• E-mail based SPAM and phishingE-mail based SPAM and phishing• SpywareSpyware• Unauthorized peer-to-peer activityUnauthorized peer-to-peer activity
SummarySummary
New phraseology NOT a new technologyNew phraseology NOT a new technology Encompassing security solution that is Encompassing security solution that is
proactive AND adaptive in nature that proactive AND adaptive in nature that envelopes every level of network security envelopes every level of network security rather than just specific layersrather than just specific layers
Key difference in CSDN and traditional Key difference in CSDN and traditional security solutions…ability of CSDN’s to security solutions…ability of CSDN’s to communicate and share information communicate and share information among different security products among different security products employed within the CSDNemployed within the CSDN