Secured Unified Wireless - Cisco · detect over 120 different attack tools and techniques. Also, we...
Transcript of Secured Unified Wireless - Cisco · detect over 120 different attack tools and techniques. Also, we...
Secured Unified Wireless
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 1
Wireless
Ng Tock Hiong
Director, Systems Engineering
� Wireless Security Risks
� Self Defending Network – Secure Wireless
Unified Wireless Security FeaturesAdaptive Wireless Intrusion Prevention System (wIPS)Integrated Security Solutions
Agenda
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 2
SP1
Slide 2
SP1 we’ve moved away from ‘Secure Wireless” naming. And we have begun drawing strong distinction between CUWN-integrated security and the collaboration we can do with wired security. I;d suggest the following:
Wireless Security:Security Built-into the Cisco Unfied Wireless NetworkAdaptive Wireless IPS on the CUWNCollaboration between wired and wireless securityScott Pope, 11/18/2008
Evolution of Wireless Security Challenges
Late 90s. WLAN Technologies Were Proprietary and Provided Minimal Security Features. Security Threat Was Low
2001. WEP Is Easily Cracked by Researchers at Berkeley. Majority of Businesses and Consumers Leave Security Default “Off”; War Driving Expands. Rogue APs Emerge as Viable Business Threat
2001. Cisco Delivers
2004. Ratification of IEEE 802.11i for Robust WLAN Security. WPA and WPA2 Expand in Popularity
2007. Unified Wired and Wireless
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 3
1998
2000
2001 2004
2002 2007
2000. 802.11b Standard Ratification Included WEP for Basic Link Encryption Although Lacked Method for Authentication
2001. Cisco Delivers the LEAP Protocol for Mutual Authentication and Improves upon WEP Using CKIP. Many Rely on VPNs
Wired and Wireless Security with Integrated Wireless IPS. Management Frame Protection
Why Are Wireless LANs Prone to Attack?
� Increasing Wi-Fi Devices
Over 1.1 billion Wi-Fi devices will enter the market by 2011
New 802.11 and non-802.11 RF devices
� Confidential Data in “Open Air”
No physical barriers to RF intrusion
Physical SecurityWired Security
EnterpriseNetwork
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 4
� 802.11 is in Unlicensed Spectrum
Easy access to inexpensive technologies
Well documented and understood
� RF Spectrum is an asset to be managed
Lax security can lead to attacks, loss of data and regulatory and legal action
Wireless Access Outside of Physical/Wired Boundaries
Wireless WLAN Security ThreatsTop Attacks
Evil Twin/Honeypot APHACKER’S
AP
Connection to malicious AP
Reconnaissance
Seeking network vulnerabilities
HACKER
On-Wire Attacks Over-the-Air Attacks
Ad-hoc Wireless Bridge
Client-to-client backdoor access
HACKER
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 5
Denial of Service
DENIAL OFSERVICE
Service disruption
Cracking Tools
Sniffing and eavesdropping
HACKER
Non-802.11 Attacks
Backdoor access
BLUETOOTH AP RADARRF-JAMMERSBLUETOOTHMICROWAVEService disruption
Rogue Access Points
Backdoor network access
HACKER
Agenda� Wireless Security Risks
� Self Defending Network – Secure Wireless
Unified Wireless Security FeaturesAdaptive Wireless Intrusion Prevention System (wIPS)
Integrated Security Solutions
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 6
Agebda
Cisco Wireless Threat Control & Containment –Comprehensive Layer 1-7 Protection
Wired Intrusion Prevention CollaborationWired Intrusion Prevention CollaborationInappropriate Client ActivityInappropriate Client ActivityMalware Detection/MitigationMalware Detection/Mitigation
Layers 3-7
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 7
RF Spectrum AnalysisRF Spectrum AnalysisNonNon--802.11 Devices802.11 Devices
RF Airspace ProtectionRF Airspace Protection
Wireless Intrusion PreventionWireless Intrusion PreventionRogue Detection/ContainmentRogue Detection/Containment
Wireless Hacking/Intrusion DetectionWireless Hacking/Intrusion Detection
Layer 1
Layers 1-2
SP4
Slide 7
SP4 I;d use the following slide instead.Scott Pope, 11/18/2008
Overview
Cisco Wireless Security Overview
Built into the wireless
infrastructure
Hardened wireless core to prevent
attacks before they happen
Wired and wireless network security working
together
Integrated CollaborativeProactive
WIPS Access Control
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 8
Unified Wireless Network
WLAN Controllers Access Points RF Intelligence Mobility ServicesWCS
Self-Defending Network
WIPS
Clean RF
Management & Reporting
Access Control
Auth/Privacy
MFP
Automated Vulnerability Monitoring Unified Security
Management
Malware Mitigation
Posture Assessment
Infrastructure Authentication
Secure Wireless Solution Architecture
WCSASA 5500 w/
Internet
Guest Anchor Controller
Cisco Security Agent
Untr
uste
d
Public • Host intrusion prevention
• Endpoint malware mitigation
Endpoint Protection
Traffic and Access Control
Cisco Secure
ServiesClient
Cisco VPN Client
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 9
WCS
CS-MARS
ASA 5500 w/ IPS Module
Enterprise
Controller
NAC Appliance
NAC Manager
GuestSSC
WPA2802.1X MFP
CSA Server
Tru
ste
d
Wirele
ss
Wired
• Device posture assessment
• Dynamic, role-based network access and managed connectivity
• WLAN threat mitigation with IPS/IDS
Traffic and Access Control
• Strong user authentication
• Strong transport encryption
• RF Monitoring
• Secure Guest Access
WLAN Security Fundamentals
NGS
Unified Wireless Security Features
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 10
SP6
Slide 10
SP6 So I talk about rogues as part of Adaptive wIPS, as the market defines a wIPS solution as something that does rogue detection/mitigation. Up to you, though.Scott Pope, 11/18/2008
Protected Access
What are WPA and WPA2?
� Authentication and Encryption standards for Wi-Fi clients and APs
� 802.1X authentication
� WPA uses TKIP encryption
Gold
WPA2/802.11i•EAP•AES
Gold
WPA2/802.11i•EAP•AES
SilverSilver
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 11
� WPA uses TKIP encryption
� WPA2 uses AES encryption
Which should I use?
� Go for the Gold!
� Silver, if you have legacy clients
� Lead, if you absolutely have no other choice (i.e. ASDs)
Silver
WPA•EAP•TKIP
Silver
WPA•EAP•TKIP
Lead
dWEP (legacy)•EAP/LEAP
•VLANs + ACLs
Lead
dWEP (legacy)•EAP/LEAP
•VLANs + ACLs
User and Device Authentication
Authentication Server
User and device authentication maps identity to appropriate access to network services and resources
Only Cisco delivers an end-to-end authentication framework for wired and wireless
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 12
Cisco Secure ACS
SSC
Network Access
User and Device
Wired Switch Wireless Access Point
for wired and wireless
�The Cisco Secure Services Client is an 802.1X supplicant for wired & wireless networks
�Cisco supports all leading EAP types – and leads the industry with EAP-FAST
Secure Services Client
Protect the Network:Rogue Detection and Containment
802.11a Channel 153Rogue AP
ROGUES and AD-HOCs: Detected via intelligent on & off channel scanning
802.11g Channel 1
�On-channel attack detected
�Off channel rogue detected
�AP contains rogue client
�Off channel ad hoc net detected
�AP contains ad hoc net
� Integrated 24/7 RF monitoring to identify, locate and contain unauthorized wireless activity
� Proactive threat defense to ensure regulatory compliance
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 13
802.11a Channel 152Valid client
802.11g Channel 6Valid client
802.11g Channel 6Attacker
802.11a Channel 153Rogue client
802.11g Channel 1Ad Hoc client
802.11g Channel 1Ad Hoc client
RF Containment
�AP contains ad hoc net
Location-enabled
View Historical ReportAssess Attack(Identity, On/Off-Wire,
Location)
Detect Attack(Begin Analysis)
Alert and Contain(Generate Alarm)
1 2 3 4
Cisco Integrated Wireless IPS Detection and Mitigation Overview
Proactive RF Defense Integrated into the Cisco Unified Wireless Network
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 14
� Automated or manual mitigation
� Multiple rogues contained simultaneously
�On-channel attack detected
�Off channel attack detected
�AP contains rogue AP/client
�Off channel ad hoc net detected
�AP contains ad hoc net
�Attack locatedon map
SP8
Slide 14
SP8 I'd ditch this slide...it's really old. Please use the following...it provides a more comprehensive view of the system.Scott Pope, 11/18/2008
Mechanics of Rogue Detection and Mitigation
� WLAN system collects (via beacons and probe responses) and reports BSSID information
� System compares collected BSSID information versus authorized (i.e. managed AP) BSSID information
Over the Air Detection TechniqueOver the Air Detection Technique Wired-Side Tracing TechniquesWired-Side Tracing Techniques
� Rogue Wired Switchport Tracing
� Rogue Location Discovery Protocol
� Rogue Detector on wired trunks
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 15
� Unauthorized APs are flagged and reported
� Use of managed APs to disassociate clients from unauthorized AP and prevent further associations via 802.11 de-association frames
� Mitigation may be automated or manual
� Rogue Wired Switchport Disable
� Rogue client devices may be authenticated to a RADIUS (MAC address) database
Over the Air Mitigation TechniqueOver the Air Mitigation Technique Wired-Side Mitigation TechniquesWired-Side Mitigation Techniques
SP9
Slide 15
SP9 I find that a slide like this really helps people understand what all the different mechanisms are. what role they play, and when to deploy.Scott Pope, 11/18/2008
Wired-Side Tracing Techniques
�Secured APs
�Open APs
�NAT APs
SwitchportTracingSwitchportTracing
�Moderate1. AP hears rogue over air
2. Detecting AP advises of nearby switches
3. Trace starts on nearby switches
4. Results reported in order of probability
5. Administrator may disable port
How it Works What It Detects Accuracy
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 16
RLDPRLDP
RogueDetectorRogueDetector
�Open APs
�NAT APs
�100%1. AP hears rogue over air
2. Detecting AP connects as client to rogue AP
3. Detecting AP sends RLDP packet
4. If RLDP packet seen at WLC, then on wire
�High1. Place detector AP on trunk
2. Detector receives all rogue MACs from WLC
3. Detector AP matches rogue MACs from wired-side ARPs
�Secured APs
�Open APs
�NAT APs
SP10
Slide 16
SP10 Scott Pope 11/18/2008I find that a slide like this really helps people understand what all the different mechanisms are. what role they play, and when to deploy.Scott Pope, 11/18/2008
Management Frame Protection
� Wireless management frames are not authenticated, encrypted, or signed
� A common vector for exploits
� Insert a signature (Message Integrity Code/MIC) into the management frames
� Clients and APs use MIC to validate authenticity of management frame
� APs can instantly identify rogue/exploited management frames
Problem Solution
•Cisco security leadership and innovation•Proposed standard—IEEE 802.11w
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 17
MFP Protected
MFP Protected
AP BeaconsProbe Requests/Probe Responses
Associations/Re-associations Disassociations
Authentications/De-authentications
Action Management Frames
Features
• Provides network-wide security health summary
• Proactively monitors entire wireless network
• WLCs, APs and
• management interfaces
• Identifies vulnerabilities in:
• Encryption
Automated Wireless Security Vulnerability Assessment (v5.1)
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 18
• Encryption
• User/network auth
• Threat mitigation
• Management
Benefits
• Reduces configuration errors by recommending optimal security settings
• Increases awareness of potential security issues
Adaptive wIPS Threat Detection and Mitigation
Rogue AP/Clients AdHoc Connections
CrackingRecon
DoS
Over-the-Air AttacksTh
rea
ts
Device Inventory Analysis
Signatures & Anomaly Detection
Network Traffic Analysis
Detection
Accurate Threat Detection, Efficient and Scalable MitigationAccurate Threat Detection, Efficient and Scalable Mitigation
On/Off Channel Scanning
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 19
Cla
ss
ific
ati
on
DetectDetect ClassifyClassify MitigateMitigateNotify
Log
Notify
Log
Report
Archive
Report
Archive
No
tifi
ca
tio
n
Mit
iga
tio
n
Ma
na
ge
me
nt•Default Tuning
Profiles
•Customizable Event Auto-Classification
•Wired-Side Tracing
•Physical Location
•Unified WCS Security Dashboard
•Flexible Staff Notification
•Device Location
•Wired Port Disable
•Over-the-Air Mitigation
•Auto or Manual
•Uses all APs for superior scale
•Role-based with Audit Trails
•Customizable Event Reporting
•PCI Reporting
•Full Event Forensics
How is this different than controller IDS?
� wIPS Access Points can detect over 45 different signatures and tools
–Controller IDS does 17 today
� wIPS provides forensics (packet capture) abilities
� wIPS on MSE provides centralized database for attack
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 20
� wIPS on MSE provides centralized database for attack correlation and alarm archival
� wIPS provides an attack encyclopedia
SP14
Slide 20
SP14 45 is incorrect. We have 45 signatures. Each of these signatures can detect multiple attack toosl and techniques. As such, we can detect over 120 different attack tools and techniques.
Also, we have:
GUI-based signature tuning
12 system-default configuration profiles based on customer vertical and site characteristics
Anomaly detectionScott Pope, 11/18/2008
Adaptive wIPS – One Alarm per Attack
MSE
Adaptive wIPSController IDS
WCS WCS
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 21
MSE
Controller IDS has no correlation
Over-the-Air Attack Techniques and ToolsExamples of Attacks Detected
Network Profiling and Reconnaissance
Authentication and Encryption Cracking
�Honeypot AP�Netstumbler
�Dictionary attacks�AirSnarf�Hotspotter�WEPCrack
�Kismet�Wellenreiter
�Excessive device error �Excessive multicast/broadcast
�ASLEAP�EAP-based attacks�CoWPAtty�Chop-Chop
�Airckrack�Airsnort�PSPF violation�WEP Attack
�Illegal frame types�Excessive association retries�Excessive auth retries�LEAPCracker
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 22
Man-in-the-Middle
Denial of Service
�MAC/IP Spoofing�Fake AP
�Malformed 802.11 frames�FATA-Jack, AirJack�Fragmentation attacks�Excessive authentication�De-auth attacks�Association attacks�CTS attacks
�RTS attacks
�Excessive device bandwidth
�Fake DHCP server�Pre-standard APs (a,b,g,n)
�EAPOL attacks�Probe-response�Resource management�RF Jamming�Michael�Queensland�Virtual carrier
�Big NAV
�Power-save attacks
�Microwave interference�Bluetooth interference�Radar interference�Other non-802.11 interference �Device error-rate exceeded�Interfering APs �Co-channel interference
�VoWLAN-based attacks
�Excessive roaming
�Evil Twin AP�ARP Request Replay Attack
wIPS Components
� wIPS Monitor Mode AP – attack detection (scanning at 250ms per channel)
� Controller – manages wIPS APs, forwards wIPS data to MSE
Over-the-Air DetectionOver-the-Air Detection
wIPS AP ManagementwIPS AP Management
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 23
forwards wIPS data to MSE
� MSE with wIPS Service – attack archival and alarm aggregation
� WCS – centralized configuration and monitoring
Monitoring, ReportingMonitoring, Reporting
wIPS AP ManagementwIPS AP Management
Complex Attack Analysis, Forensics, EventsComplex Attack Analysis, Forensics, Events
WCS
wIPS System Communication
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 24
wIPS - Access Point Engine
AAAA.AAAA.AAAA
3
2
11. Authentication2. Association
3. Passing Data
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 25
wIPS AP
Device Database
AAAA.AAAA.AAAA – AP
BBBB.BBBB.BBBB – Client
BBBB.BBBB.BBBB
802.11 State Machine
Attack Library
wIPS – AP Detection Logic
00:1F:3B:1A:A2:01
3
2
1
1. Authenticated
2. Associated3. Passing Data1. Authentication?3. Passing Data
2. Association?
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 26
wIPS AP
Device Database
00:1F:3B:1A:A2:01 – AP
00:1F:3B:7C:A2:13 – Client
00:1F:3B:7C:A2:13
802.11 State Machine
00:1F:3B:7C:A2:13 Spoofed MAC
Attack Library
wIPS – Mobility Services Engine
wIPS AP 00:55:9A:6A:34:01– AP
00:1F:3B:1A:A2:01 – AP
Attack Database
8/20/2008 – 17:09 – Spoof MAC
8/22/2008 – 10:24 – DoS Attack
8/24/2008 – 12:07 – DoS Attack3
2
1
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 27
wIPS MSE
wIPS AP
System-wide Device Database
00:1F:3B:1A:A2:01 – AP
00:1F:3B:7C:A2:13 – Client
Anomaly Detection Engine
Forensics Database
3
2
1
wIPS Alarm Flow
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 28
� 1. Attack Launched against ‘infrastructure device’
� 2. Detected on AP
� Communicated via CAPWAP to WLC
� 3. Passed transparently to MSE via NMSP
� 4. Logged into wIPS Database on MSE
� Sent to WCS via SNMP trap
� 5. Displayed on WCS
wIPS Alarms on Security Dashboard
wIPS Denial of Service
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 29
AlarmsServiceAlarms
Category
wIPS AlarmsUnder‘Security’Category
Alarms
wIPS Penetration Alarms
wIPS Example Alarm
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 30
� Click ‘Help’ for more info on the attack
wIPS Integrated Attack Encyclopedia
� Available for each alarm
� Accessible from the wIPS
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 31
from the wIPS Profile page or by clicking ‘Help’ on each attack alarm
Forensics
� User configurable per attack
� Captured the first time the attack is detected
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 32
� A .cap capture of packets
–Opened by Wireshark, Omnipeek, etc.
� Stored on the MSE
–Can be requested by WCS on-demand
Agenda� Wireless Security Risks
� Self Defending Network – Secure Wireless
Unified Wireless Security FeaturesAdaptive Wireless Intrusion Prevention System (wIPS)
Integrated Security Solutions
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 33
Agenda
Simple, Secure Client Connectivity
• Deploying and Managing a Common Security Profile Across an Increasingly Diverse Array of Wireless Clients
Business Challenge
Cisco Unified
Wireless NetworkEnd-to-End
IBNS
End-to-End
NAC
Solution• A single 802.1X authentication
supplicant for wired and wireless devices
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 34
SSC
Wireless Network IBNS NAC
Secure ACS
� Management Frame Protection
� Fast Secure Roaming
� LEAP and EAP-FAST
� Integrated VPN Client
devices
Simplified management
Improved security
Lower total cost of ownership (TCO)
• Encryption of management frames
• Products:
Cisco Secure Services Client
Cisco Secure ACS
Cisco Compatible Extensions
Endpoint Protection
• User desktop is the weakest link – prime entry point for hackers and malware
• Provide zero-day malware Solution
Business Challenge• Ad-Hoc Connection
Attempt
• Traffic Sniffing
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 35
• Provide zero-day malware protection and wireless client control with CSA (Cisco Security Agent)
• Disable wireless NIC when wired NIC is active
• Connection restrictions – by SSID, encryption type, ad-hoc
• Require VPN connection when out of the office
W-NIC Disabled
�Ad-Hoc Disabled
�SSID Allowed
�VPN Established
�Malware Disabled & Contained
�Wireless NIC Disabled
�Malware Disabled & Contained
CSA
L2 IDS
Unified IDS/IPS
Malicious traffic
Client
Shun
• Authorized user’s laptop infected with worm or virus
• IDS/IPS sensor monitors traffic Solution
Business Challenge
Unified Wired and Wireless IDS/IPS
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 36
EnterpriseIntranetEnterpriseIntranet
Wired IDS
Application
Inspection/Control
• IDS/IPS sensor monitors traffic with application inspection and control (Layer 7) to identify and triggers shun event
• The network blocks the MAC address of compromised wireless client
• Integration of wired and wireless security
L3-7 IDS
Client Validation and Posture Assessment
Authenticate and Authorize
� Enforces authorization policies and privileges
Scan and Evaluate
� Agent and network scan for required versions and infections
• Identify Who Is on the Network and Enforce Granular Policies to Prevent Exposure to Viruses and “Malware”
Business Challenge
Solution• Ensures wireless client is ‘up-to-
date’ with latest security policies
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 37
Quarantine and Enforce
� Isolate non-compliant devices from rest of network
Update and Remediate
� Network-based tools for
remediation of threats and
vulnerabilities
required versions and infectionsdate’ with latest security policies
• Quarantines and fixes any wireless client that is non-compliant
• Enforces differentiated policies and network services based on user role
• Products:
NAC Appliance
WLAN Controller
Wireless and CS MARS: WLC code 4.2 and above with MARS 5.3.2 and 6.0.1� Device Discovery:
�Add WLC’s IPs in MARS
�Initiate MARS Discovery to WLCs to Learn APs
� Event parsing:�SNMP Trap from WLC to MARS
�MARS Parses SNMP Trap and Presents “Event Type” and “AP Name” in MARS Incident Table
CS MARS
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 38
Branch Office
Corporate Office
LAN
in MARS Incident Table
� Event Manipulation:�MARS Searches Raw SNMP Message to Create Incidents
� Mitigation Assistance: �MARS Suggests Mitigation Actions (WLC and AP) in Common MARS Format
� Real-time Notification:�MARS Performs Incident Notification Based on Current MARS Framework
� Report and Query:�MARS Performs Reporting Based on Current MARS Framework
WiSM
LAN
Summary
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 39
Key Takeaways
� Leverage the Cisco Unified Wireless security features
802.1X/EAP, WPA/WPA2/802.11i, CCX
Management Frame Protection (MFP), Wireless IDS/IPS features of the WLC, Wireless Control System (WCS), Cisco Secure Services Client (CSSC)
� Integrate and extend the general network security elements according to your network risk assessment and security policies
CSA: General client endpoint protection, location-aware policies, simultaneous wired and wireless, wireless ad-hoc, upstream QoS policy enforcement
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 40
Cisco NAC Appliance Integration: WLAN client security policy compliance through assessment and remediation
Cisco Firewall Integration: Fully featured, highly scalable firewalls for enhanced policy enforcement
CS MARS: Cross-network anomaly visibility, detection, correlation and mitigation
Cisco WLC and IPS Integration: Automated threat mitigation with enforcement by the WLC on the access edge
� Leverage the design guides
Lots of detailed information, including step-by-step configuration
www.cisco.com/go/cvd
Q and A
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 41
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 42