ccmigration_09186a008033a3b4
-
Upload
guest66dc5f -
Category
Technology
-
view
637 -
download
0
Transcript of ccmigration_09186a008033a3b4
![Page 1: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/1.jpg)
111© 2002 Cisco Systems, Inc. All rights reserved.
![Page 2: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/2.jpg)
2© 2003 Cisco Systems, Inc. All rights reserved.
Cisco Advanced Services
Delivering a Secure Network
![Page 3: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/3.jpg)
333© 2003 Cisco Systems, Inc. All rights reserved.
The Need to Outpace and Outsmart Threats
0
5000
10000
15000
20000
25000
1988 1990 1992 1994 1996 1998 2000
Intrusions
Source: CERT, Carnegie Mellon University
Sweepers
Disabling Audits
Packet Forging/ Spoofing
Password GuessingPassword Guessing
Self-replicating Code
Self-replicating Code Password
CrackingPassword Cracking
Exploiting Known VulnerabilitiesExploiting Known Vulnerabilities
Back Doors Sniffers
Stealth Diagnostics
DDOS
Sophistication Sophistication of Hacker Toolsof Hacker Tools
Internet Worms
Technical Technical Knowledge Knowledge Required of Required of
HackerHacker
![Page 4: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/4.jpg)
444© 2003 Cisco Systems, Inc. All rights reserved.
CIO and CSO Security Challenge
Budget
Cost
Applications
Pressure on Pressure on resources, security resources, security requirements, and requirements, and
budgetbudget
• Protect the business from security threats
• Improve security staff productivity
• Reduce total cost of ownership for security infrastructure
Dol
lars
Time
![Page 5: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/5.jpg)
555© 2003 Cisco Systems, Inc. All rights reserved.
Network Security is Integral to Business Protection
Supply ChainManagementE-Commerce E-Learning
Workforce Optimization
Customer Care
• Protect business operations against directed attacks
• Prevent damage from worms and viruses
• Deploy consistent security policy
![Page 6: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/6.jpg)
666© 2003 Cisco Systems, Inc. All rights reserved.
Cisco Services Portfolio
TechnicalSupport Services
TechnicalSupport Services
AdvancedServices
AdvancedAdvancedServicesServices
AdvisoryServices
Networked Virtual Organization
Investment Protection
Vision to Reality
Network to Application
Device to Network
Accelerate Customer SuccessAccelerate Customer Success
Speed of Migration
Investment Optimization
![Page 7: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/7.jpg)
777© 2003 Cisco Systems, Inc. All rights reserved.
Value of Cisco Advanced Servicesfor Network Security
Cisco Trusted Advisor: Expertise in network Cisco Trusted Advisor: Expertise in network security assessment, architecture, design, security assessment, architecture, design,
implementation, and optimizationimplementation, and optimization
• Deep security expertise
• Leading best practices
• Specialized tools and methodology
• Large network security architecture experience
Technical Support ServicesTechnical Support Services
Advanced Services Advanced Services Network SecurityNetwork Security
Advisory Services
![Page 8: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/8.jpg)
888© 2003 Cisco Systems, Inc. All rights reserved.
Cisco Advanced ServicesDelivering Business Benefits
• Assure service availability
• Improve response to disruption
• Reduce overhead of security operations
• Optimize investment in network infrastructure
• Simplify integration and standardize operations
Advanced Services
for Network Security
Plan, Design, Implement,
Operate, and Optimize ProductivityProductivity
Lower TCOLower TCO
BusinessProtectionBusinessProtection
![Page 9: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/9.jpg)
999© 2003 Cisco Systems, Inc. All rights reserved.
Advanced Services for Network SecurityDelivery Capabilities
ProcessProcess• Proven, repeatable methodologies• Leading best practices across the security life cycle• Expertise in vulnerability research, identification, and resolution
ToolsTools• Specialized network security assessment tools• Award-winning Cisco Technical Assistance Center Website• Comprehensive best practices documentation
PeoplePeople• CCIE® (networking) and CCSP™ (security) certified • Large enterprise and government or military backgrounds • Advanced technology expertise (IP telephony, wireless, storage) • Advisors to the Cisco® Product Security Incident Response Team
PartnersPartners• Specialized services and technology• Integration with Cisco security technology• Global reach
![Page 10: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/10.jpg)
101010© 2003 Cisco Systems, Inc. All rights reserved.
An Architectural Approach Is Required
Internet Data CenterInternet Data Center
• Protect the network at all points • Reduce risk by deploying diverse security
components• Ensure secure connectivity of diverse traffic
and user access
AccessManage security to support policy
AccessManage security to support policy
VPN/AccessAuthentication services
VPN/AccessAuthentication services
DistributionRestrict access and manage propagation
DistributionRestrict access and manage propagation
Remote OfficeSecure VPN connectivity and data privacy
Remote OfficeSecure VPN connectivity and data privacy
Mobile Office, TelecommuterSecure VPN connectivity
Mobile Office, TelecommuterSecure VPN connectivity
CoreSecure perimeter with firewalls
CoreSecure perimeter with firewalls
Data CenterDetect and react to intrusion
Data CenterDetect and react to intrusion
Internet
PSTN
![Page 11: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/11.jpg)
111111© 2003 Cisco Systems, Inc. All rights reserved.
Service Offerings Across the Security Life Cycle
Continually identify and mitigate risk
Assess and plan for a sound architecture and design
Build in scalable, adaptable, easy-to-upgrade solutions
Transparently integrate into the core network infrastructure
Security Posture Assessment
Network Security Architecture ReviewIP Telephony Security Review
Network Security Design Review
Network Security Design Development
Network Security Implementation Plan Review
Network Security Implementation Engineering
Cisco Security Agent Implementation
NAC Implementation
Riverhead Implementation
Network Security Optimization
![Page 12: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/12.jpg)
121212© 2003 Cisco Systems, Inc. All rights reserved.
Security Posture Assessment—Establish a Baseline
• Analyze existing security vulnerabilities
• Validate security policy and procedures
• Report unauthorized data and system access
• Provide recommendations to prevent exploitation
• Perform trending analysis over repeated SPAs
![Page 13: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/13.jpg)
131313© 2003 Cisco Systems, Inc. All rights reserved.
Security Posture Assessment—A Comprehensive Approach
• Baseline to identify active hosts, operating systems, and services
• Targeting to identify all network vulnerabilities
• Exploitation to manually confirm vulnerabilities
• Data intelligence and threat analysis against requirements and best practices
InternalInternalSimulated Simulated
AttackAttack
PerimeterPerimeterPenetration Penetration
TestTest
RemoteRemoteExploitationExploitation
![Page 14: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/14.jpg)
141414© 2003 Cisco Systems, Inc. All rights reserved.
Security Posture Assessment
InternalInternalAssessmentAssessment
ExternalExternalAssessmentAssessment
Internet
Enterprise Network
DialupDialupAssessmentAssessment
Wireless Wireless AssessmentAssessment
WAN
![Page 15: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/15.jpg)
151515© 2003 Cisco Systems, Inc. All rights reserved.
Security Posture Assessment—Sample Results and FindingsArchitectural weaknesses
66 Class A networks supporting 100,000 employees on the internalnetwork (for example, one Class A network supports 16,777,214 hosts)
Access control vulnerabilities
External remote access connections to critical hosts on the internal network due to an unauthorized rogue modem
Network control and auditing weaknesses
Identified 16 unknown, unauthenticated high-speed Internet connections for a large enterprise with several global divisions
Detection and response weaknesses
Five weeks of intensive attacks undetected due to lack of logging, monitoring, and employee awareness
Incomplete policy configuration
Firewall configured with no policy rules for 13 months
Use of default passwords
Standardized vendor passwords on network devices Example: all Cisco routers configured to use “cisco” as the user ID and password
Weak passwords Joe, null, or easily guessed passwords allowing access to critical or sensitive hosts
Example: Over 140,000 user ID and password pairs for an online financial institution were captured unencrypted, stored on a vulnerable host that was accessible from the Internet
![Page 16: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/16.jpg)
161616© 2003 Cisco Systems, Inc. All rights reserved.
Security Posture Assessment—Communicating Results
The SPA Report
• Executive SummaryMetrics for baseline studies, trending, and budget review
• Assessment AnalysisVulnerabilities discovered and data analysis
• Best Practices and Strategy
Recommendations for mitigating risk
![Page 17: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/17.jpg)
171717© 2003 Cisco Systems, Inc. All rights reserved.
SPA Case Study—Fortune 125 Insurance Company
RequirementsRequirements
• Protection of client financial portfolios• Compliance with GLBA requirements• No disruption of production financial systems• Working knowledge of European privacy laws
• Protection of client financial portfolios• Compliance with GLBA requirements• No disruption of production financial systems• Working knowledge of European privacy laws
• Identified employees with unauthorized access to management information
• Identified extensive external vulnerabilities• Improved skills of internal staff who participated in
war games
• Identified employees with unauthorized access to management information
• Identified extensive external vulnerabilities• Improved skills of internal staff who participated in
war games
ScopeScope
ResultsResults
• External posture assessment to identify vulnerabilities that allow outsiders to compromise client records
• Internal posture assessment to identify unauthorized employee access to sensitive information
• External posture assessment to identify vulnerabilities that allow outsiders to compromise client records
• Internal posture assessment to identify unauthorized employee access to sensitive information
![Page 18: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/18.jpg)
181818© 2003 Cisco Systems, Inc. All rights reserved.
• Maintain an optimized security implementation
• Ensure fast recovery in case of disruption
• Reduce operating costs of security administration
• Avoid implementation problems
• Prepare for future deployment initiatives
• Identify deviations from best practices and policy
Network Security Design Benefits
![Page 19: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/19.jpg)
191919© 2003 Cisco Systems, Inc. All rights reserved.
Applying Best Practices for Business Results
© 2002, Cisco Systems, Inc. All rights reserved. 34
ManagementManagement BuildingBuilding
DistributionDistribution
CoreCoreEdgeEdge
ServerServer
EE--CommerceCommerce
Corporate InternetCorporate Internet
VPN/Remote AccessVPN/Remote Access
WANWAN
ISPISP
PSTNPSTN
FR/ATMFR/ATM
CERT®
![Page 20: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/20.jpg)
202020© 2003 Cisco Systems, Inc. All rights reserved.
Tailoring SAFE from Cisco to Your Environment
Best Practice Security Blueprints for Implementing Integrated Network Security
Best Practice Security Blueprints for Implementing Integrated Network Security
Available Blueprints
Enterprise
Small Business
IPSec VPNs
Voice
Wireless
E-Commerce
Layer 2 Networks
UpdateUpdate
UpdateUpdate
NewNew
© 2002, Cisco Systems, Inc. All rights reserved. 34
ManagementManagement BuildingBuilding
DistributionDistribution
CoreCoreEdgeEdge
ServerServer
EE--CommerceCommerce
Corporate InternetCorporate Internet
VPN/Remote AccessVPN/Remote Access
WANWAN
ISPISP
PSTNPSTN
FR/ATMFR/ATM
![Page 21: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/21.jpg)
212121© 2003 Cisco Systems, Inc. All rights reserved.
Designing an End-to-End Secure Network Infrastructure
Secure the Infrastructure
Secure the Secure the InfrastructureInfrastructureCampus router and switch security
Data center system and server security
Firewall policy, placement, and design
VPN and dialup remote access
Secure WAN connections
Corporate extranet security
Monitor and Respond
Monitor and Monitor and RespondRespond
Manage and Improve
Manage and Manage and ImproveImprove
Intrusion detection policy, placement and design
Internet access monitoring
Network attack mitigation
Security and network management policy, placement and design
![Page 22: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/22.jpg)
222222© 2003 Cisco Systems, Inc. All rights reserved.
Network Security Design Review
• Review network security architecture and design
Perimeter security, remote access, IDS, firewalls, VPNs, e-commerce, etc.
• Identify architecture and design vulnerabilities
• Prioritize security requirements for network devices
• Recommend improvements to topology, components, functions, and features
• Recommend tools for managing network security
![Page 23: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/23.jpg)
232323© 2003 Cisco Systems, Inc. All rights reserved.
Network Security Design Development
• Identify and analyze network infrastructure vulnerabilities
• Define network security topology, components, and functions
Perimeter security, remote access, IDS, firewalls, VPNs, e-commerce, etc.
• Specify hardware and software requirements
• Develop sample configurations for protocols, policy, and features
• Recommend tools for managing network security
![Page 24: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/24.jpg)
242424© 2003 Cisco Systems, Inc. All rights reserved.
Network Security Design Development Methodology
Customer InputCustomer Input
Network Services and Business Process
Network Device Configuration
Network Topology, Design, Inventory
Security Policy, Goals and Requirements
• Understand security business goals, objectives, and requirements
• Identify threats to critical assets• Map security requirements to
network architecture • Define security topology,
components, and functions• Deliver impact analysis of new
requirements • Provide preliminary and final gap
analysis • Deliver architecture/design
document with network diagrams
Cisco MethodologyCisco Methodology
![Page 25: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/25.jpg)
252525© 2003 Cisco Systems, Inc. All rights reserved.
Corp HQ
Data Center & Internal Firewalls
Internet Access
ASP
Server Farm Firewalls
Regional Office
Internal Firewalls
Internet Access
Telecommuter
Home Access
Small Business/Branch Office
Internal Firewalls
Perimeter Security Architecture and Design
InternetInternet
ServiceProvider Sample Firewall Policy Checklist
As restrictive and simple as possible
Authorization process for firewall changes
Governed by separation of duties for approval and workflow
Combines firewall tools to balance policy with throughput requirements
Audit log for firewall administration
Robust back-out and configuration management
Test frequently with penetration tests and policy audits
![Page 26: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/26.jpg)
262626© 2003 Cisco Systems, Inc. All rights reserved.
User Authentication and Authorization Design
PSTNAuthenticate Remote Site
Terminate IPSec
Authenticate Remote Site
Terminate IPSec
Focused Layer 4–7 Analysis
Focused Layer 4–7 Analysis
Allow only IPSec TrafficAllow only
IPSec Traffic
Broad Layer 4–7 AnalysisBroad Layer 4–7 Analysis
Stateful Packet Filtering Basic Layer 7 Filtering
Stateful Packet Filtering Basic Layer 7 Filtering
Authenticate Users Terminate IPSec
Authenticate Users Terminate IPSec
Authenticate Users Terminate
Analog Dial
Authenticate Users Terminate
Analog Dial
Remote Access VPN
Traditional Dial Access Servers
Site-to-Site VPN
![Page 27: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/27.jpg)
272727© 2003 Cisco Systems, Inc. All rights reserved.
PSTNAuthenticate Remote Site
Terminate IPSec
Authenticate Remote Site
Terminate IPSec
Focused Layer 4–7 Analysis
Focused Layer 4–7 Analysis
Allow only IPSec TrafficAllow only
IPSec Traffic
Broad Layer 4–7 AnalysisBroad Layer 4–7 Analysis
Stateful Packet Filtering Basic Layer 7 Filtering
Stateful Packet Filtering Basic Layer 7 Filtering
Authenticate Users Terminate IPSec
Authenticate Users Terminate IPSec
Authenticate Users Terminate
Analog Dial
Authenticate Users Terminate
Analog Dial
Remote Access VPN
Traditional Dial Access Servers
Site-to-Site VPN
Individual user authentication Strong authentication using OTP or certificatesNo split tunneling to limit attacksTriple DES unless prevented by export lawsIngress filtering limited to IKE and ESP protocols
Tunnels terminated in front of firewall
Identification and accreditation of all dialup servicesIndividual accountabilityStrong authentication for remote users
User access logging
Termination of network links on firewalled DMZsEncryption of access from the InternetStrong authentication for access from the internetLimit communication session to authorized hosts and services
VPN Dialup Corporate Extranet
User Authentication and Authorization—Sample Best Practices
![Page 28: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/28.jpg)
282828© 2003 Cisco Systems, Inc. All rights reserved.
Intrusion Detection Architecture and Design
NASDMZ Servers
Data Center
Users
InternetCorporate
Office
Business Partner
Intranet/Internal Intranet/Internal IDSIDSProtects data centers and critical assets from internal threats
Internet IDSInternet IDSComplements firewall and VPN by monitoring traffic for malicious activity
Extranet IDSExtranet IDSMonitors partner traffic where “trust”is implied but not assured
Remote Access Remote Access IDSIDSHardens perimeter control by monitoring remote users
Sample IDS Best PracticesTest different intrusion profiles and alert/response methods
Determine location and interoperability with network management consoles
Tune for the environment to manage false alarms
Test a combination of HIDS and NIDS positioning
Test frequently with penetration tests and policy audits
![Page 29: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/29.jpg)
292929© 2003 Cisco Systems, Inc. All rights reserved.
Data Center Network Security Design
N-Tier Applications
Mainframe OperationsIP
Communications
Front End Network
IP Layer 2/3
DB ServersDB Servers
Application ServersApplication Servers
Web ServersWeb Servers
Data CenterData Center
Data InterceptionUnprotected Assets
Data InterceptionUnprotected Assets
Information TheftInformation TheftDenial of Service
Unauthorized Entry Denial of Service
Unauthorized Entry Sample Data Center Security Best Practices
Endpoint protection of hosts, servers and desktops
Network-based intrusion detection for threat monitoring, analysis and prevention
Firewalls for filtering traffic
VPNs for secure communications between data centers
Identity servers for strong authentication
Management and monitoring of security devices, services and network activity
![Page 30: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/30.jpg)
303030© 2003 Cisco Systems, Inc. All rights reserved.
Architecture and Design Case Study—U.S. Government Institution
RequirementsRequirements
• Provided design recommendations prior to a major infrastructure upgrade
• Customer implemented firewall and VPN design in less time, with less costly redesign
• Provided design recommendations prior to a major infrastructure upgrade
• Customer implemented firewall and VPN design in less time, with less costly redesign
ScopeScope
ResultsResults
• Firewall and IPSec VPN design and configuration review for conformance with SAFE from Cisco®
• Security Design Review to identify nonconformance with security policy and Cisco best practices
• Firewall and IPSec VPN design and configuration review for conformance with SAFE from Cisco®
• Security Design Review to identify nonconformance with security policy and Cisco best practices
• Provide security architecture and design recommendations based on national security policy
• Augment limited in-house expertise• Identify vulnerabilities on a classified network
• Provide security architecture and design recommendations based on national security policy
• Augment limited in-house expertise• Identify vulnerabilities on a classified network
![Page 31: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/31.jpg)
313131© 2003 Cisco Systems, Inc. All rights reserved.
Network Security Implementation Plan Review
• Understand the objectives, scope, and constraints of the deployment
• Analyze requirements for solution deployment, integration and management
• Review implementation plans including tasks, milestones, resources and schedule
• Analyze network staging, test, and installation plans, including topology, configurations, test scripts, and acceptance criteria
• Analyze and recommend hardware and software changes
![Page 32: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/32.jpg)
323232© 2003 Cisco Systems, Inc. All rights reserved.
Network Security Implementation Engineering
• Analyze solution test, installation, and integration strategy
• Develop implementation plan including tasks, milestones, and schedule
• Develop network staging plan including topology, configurations, test scripts, and acceptance criteria
• Analyze and recommend hardware and software changes
• Provide custom installation, configuration, testing, tuning and integration
• Deliver hands-on education and remote deployment support
![Page 33: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/33.jpg)
333333© 2003 Cisco Systems, Inc. All rights reserved.
Cisco Security Agent Implementation Service
Continually improve intrusion prevention solution
Assess and plan for a sound CSA architecture and design
Build scalable, adaptable, easy-to-upgrade CSA solutions
Integrate CSA into the network infrastructure and application environment
Develop Deployment Strategy and Plan
Identify Requirements and Deliver a Design Specification
Deliver Limited Deployment With Custom Policies that Meet Solution Requirements
Provide Ongoing Support for Enterprise Deployment
![Page 34: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/34.jpg)
343434© 2003 Cisco Systems, Inc. All rights reserved.
NAC Implementation Service
Continually improve network admission control solution
Plan for a sound NAC architecture and design
Build scalable, adaptable, easy-to-upgrade NAC solution
Integrate NAC into the network infrastructure
Assess network operations and infrastructure to determine NAC readiness. Install and test a limited deployment.
Deliver NAC design specification detailing topology, device configurations, HW/SW upgrades, and management.
Develop a deployment plan and provide onsite installation of a corporate-wide implementation.
Provide ongoing/periodic consultation to optimize NAC for reliability, efficiency and scalability.
![Page 35: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/35.jpg)
353535© 2003 Cisco Systems, Inc. All rights reserved.
Network Security Optimization
• Define criteria for network security optimization
• Collect and analyze data for trends and exceptions
• Review network security component placement and configuration
• Provide recommendations for network and security component tuning
• Deliver impact analysis of new software, features and configuration
• Analyze and notify staff of network security advisories
![Page 36: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/36.jpg)
363636© 2003 Cisco Systems, Inc. All rights reserved.
Cisco Services DeliveringCustomer Satisfaction
World Class Partners
Advisory Services
Technical Support ServicesTechnical Support Services
Advanced Services Advanced Services Network SecurityNetwork Security
Advisory Services
![Page 37: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/37.jpg)
373737© 2003 Cisco Systems, Inc. All rights reserved.
Cisco Advanced Services Deliver a Secure Network
Lower TCOOptimize investment
in secure network infrastructure
Lower TCOLower TCOOptimize investment
in secure network infrastructure
ProductivitySimplify and
standardize operations
ProductivityProductivitySimplify and
standardize operations
Customer BenefitsCustomer BenefitsDelivered Uniquely by Cisco®Delivered Uniquely by Cisco®
SecureCorporate Network
SecureCorporate Network
Kno
wle
dge
Tran
sfer
Kno
wle
dge
Tran
sferPeoplePeople
ProcessProcess
ToolsTools
PartnersPartners Bes
t Pra
ctic
esB
est P
ract
ices
Business ProtectionReduce risk to
business assets
Business ProtectionBusiness ProtectionReduce risk to
business assets
![Page 38: ccmigration_09186a008033a3b4](https://reader036.fdocuments.us/reader036/viewer/2022081400/5553a9e2b4c905d4448b47c8/html5/thumbnails/38.jpg)
Presentation_ID 38© 2001, Cisco Systems, Inc. All rights reserved.