Cisco InfoSec Brochure
-
Upload
securitycrunch -
Category
Documents
-
view
1.282 -
download
1
description
Transcript of Cisco InfoSec Brochure
CiscoSecurity Agent
Network Admission Control (NAC)
Cisco ASA 5500
CiscoIOS Router Security
IronPort S-Series IronPort C-Series Cisco Secure ACS Cisco EPM
Firewall
VPN
IPS ACE WAF Cisco Catalyst 6500 Series Security Modules
CiscoSecurity Manager
CiscoSecurity MARS
Main Office
Branch OfficeMobile Worker
PrivateWAN
Internet
SecureWireless
Data Center
CiscoUnity®System
Cisco UnifiedCallManager
ApplicationServers
Cisco ASA 5500(may includeFirewall, IPS,
Content Security,VPN and
Secure UC)
Cisco ASA 5500(may includeFirewall, IPS,
Content Security,VPN and
Secure UC)
Cisco Catalyst 6500 SeriesFirewall Services Module
Cisco ASA 5500 Security
Appliance
Branch Firewallis included in Secure WAN Bundle
Cisco ASA 5500 Security
Appliance
Cisco IOSRouter
Security ASR RouterSecurity
PrivateWAN
Internet
Data Center
CiscoUnity®System
Cisco UnifiedCallManager
ApplicationServers
Main Office
Branch OfficeMobile Worker
SecureWireless
Cisco ASA5500 with IPS
PrivateWAN
Internet
Management:CiscoSecurity
Manager,CiscoSecurity MARS
Main Office
Branch OfficeMobile Worker
SecureWireless
Data Center
IPS
IPS
IPS
Branch Firewallis included in Secure WAN Bundle
Cisco IOSRouter
Security
ASR RouterSecurityPrivate
WAN
Internet
Data Center
CiscoUnity®System
Cisco UnifiedCallManager
ApplicationServers
Main Office
Branch OfficeMobile Worker
SecureWireless
Business Continuity Secure Voice Secure Mobility
Compliance
Secure Network Solutions
Advanced Firewall
ContentFiltering
IntrusionPrevention
802.1x Network FoundationProtection
Flexible PacketMatching
011111101010101
Network Admission Control
Integrated Threat Control
Secure Connectivity
GET VPN Easy VPN SSL VPN CCP NetFlow
Management and Instrumentation
IP SLARole-Based
AccessDMVPN
Mobile Workerwith Cisco
Security Agent
Desktops with Cisco Security
Agent
Desktops with Cisco Security Agent
PrivateWAN
Internet
Main Office
Branch OfficeMobile Worker
Data Center
Critical Servers with Cisco Security Agent
1. End user attempts to access a network
User is redirected to a login page
Network access is blocked until end user provides login information.
User login authenticated. Device validated to assess vulnerabilities and posture.
Device is noncompliant User is denied network access and device is assigned to a quarantine role.Device remediation takes place.
AuthenticationServer
2.
Wired
Wireless
VPN
IPsec/SSL
EmployeeGuestContractorPartnerStudent
Network Access Device
Cisco NAC Server
Quarantine
3a.
Device is compliant 3b.
Posture Assessment
Compliantwith correct login
Noncompliantor wrong login
Machine gets on “clean list”and is granted access to network.
Cisco NAC Manager
WCCP Router orLayer 4 Switch
Clients IronPort S-Series
Firewall
IntegratedAuthentication via LDAP
and Active Directory
Router
Router
Internet
Before IronPort After IronPort
EncryptionPlatform
Antispam
Antivirus
PolicyEnforcement
Mail Routing
Groupware
MTA
Users Users
Groupware
DLPScanner
DLP PolicyManager
Internet Internet
IronPort EmailSecurity Appliance
Firewall Firewall
DMZ Data Center
Web Client
Applications
NetworkFirewall
Cisco ACEApplication
Switch
Cisco ACEApplication
Switch
Cisco ACE WebApplication
Firewall
Cisco ACE WebApplicationFirewall
Web
-Ena
ble
d A
pp
licat
ions
Cisco ACE WebApplication
Manager
Portal
Internet
Main Office
Branch OfficeMobile Worker
PrivateWAN
Internet
SecureWireless
Data Center
CiscoUnity®System
Cisco UnifiedCallManager
ApplicationServers
Cisco ASA 5500with Content
Security Module
Cisco ASA 5500with Content
Security Module
CiscoSecurityMARS
Main Office
Branch OfficeMobile Worker
PrivateWAN
Internet
SecureWireless
Data Center
CiscoUnity®System
Cisco UnifiedCallManager
ApplicationServers
Main Office
Branch OfficeMobile Worker
PrivateWAN
Internet
SecureWireless
Data CenterApplicationServers
CiscoSecurityManager
Cisco SecureAccess ControlSystem (ACS)
Interact& Query
Integrate& Enforce
Report
MonitorProvision
AccessClient
Policy, DBPosture
NetworkEnforcement
Wireless Wired Remote
Main Office
Branch OfficeMobile Worker
PrivateWAN
Internet
SecureWireless
IPS
CiscoCatalyst6500 withServicesModules
VPNAcceleration
ContentSwitching
Stateful FirewallVirtualization ServicesApplication Firewall
Data Center
CiscoUnity®System
Cisco UnifiedCallManager
ApplicationServers
Cisco UnifiedCallManager
Cisco ASA5500 Series
Employee
Contractor
Sub-Contractor
Guest
Unknown
AA-LAN
AA-WLAN
AA-VPN
LAN
CiscoCatalyst Switch
Switch Policy Engine
CiscoCatalyst Switch
CiscoCatalyst Switch
CiscoCatalyst SwitchCisco Aironet WLAN
Access Points
Requirement 1Requirement 2Requirement 3
Requirement 4Requirement 5Requirement 6
Requirement 7Requirement 8Requirement 9
Requirement 10Requirement 11Requirement 12
Remote Location Internet Edge Main Office Network Management Center
Data Center
POSTerminal
StoreWorker PC
CSACiscoSecurityAgent (CSA)
CSA
CSA
CiscoSecurityManagementPOS Server
ASA 5500
ASA
ASA
ASA IPSSwitch
WAP1200
WAP
WirelessDevice
ISR
IronPort
7300Router
NCM/CAS
CS-MARS
AXGWAF
CSA AXG
WAN
NAC
ACS
Credit CardStorage E-commerce
6500Switch
RemoteEmployee
VPNRouters
Headend Management
CorporateCampus
CiscoCallManager
Wireless LAN
Internet
The Network Enables:
Cisco Catalyst6500 Series VPN
Cisco ASA5500 Security
Appliancewith IPsecand SSL
Cisco IOSRouter Securitywith Site-to-Site
and Remote-Access VPN
Secure ASRRouter
with VPN
PrivateWAN
Internet
Data Center
CiscoUnity®System
Cisco UnifiedCallManager
ApplicationServers
Main Office
Branch Office Mobile Worker
SecureWireless
Cisco Catalyst6500 Series VPN
Cisco ASA5500 Security
Appliancewith IPsecand SSL
Cisco IOSRouter Securitywith Site-to-Site
and Remote-Access VPN
PrivateWAN
Internet
Data Center
CiscoUnity®System
Cisco UnifiedCallManager
ApplicationServers
Main Office
Branch Office
Mobile Worker
SecureWireless
IPsec orSSL VPN
Branch Office
Cisco ASA 5500Security Appliancewith IPsec and SSL
Cisco IronPort S-series
and C-series
PrivateWAN
Internet
Main Office
Remote and Mobile Workers
Cisco SecurityManager
SecureWireless
Cisco Security MARS
NAC Appliance
CiscoSecurite ACS
Secure WAN Router with
Firewall
Wide AreaApplicationServer
VPNModule
FWSM IDS Module
Desktops with Cisco Security Agent
MDS 9000with SME
Desktopswith Cisco
SecurityAgent
ACEWAF/AXG
Serverswith Cisco
Security AgentCatalyst
6500
Guard
Detector
Content Switching