Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS...
Transcript of Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS...
1© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Thomas Ludvik NæssHead of Cisco Security SalesNorth Europe
2© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Security Architecture
Consistent Identity-Aware Policy from Any Device to Data Center – Based on Business Needs
Policy Distribution and Intelligence Through the Network
Security Group Tagging Scales Context-Aware Enforcement
CISCO SOLUTION
POSTURE-BASED PERMISSIONS1. Permit/Deny based on policy2. Authorized devices tagged with policy3. Policy tags enforced by the network
VPN
Data Center
Virtual DC Machines
ALLOWED
DENIED
WHO
WHAT
WHERE
WHEN
HOW? ? ?
MACSec
3© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
4© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
5© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
6© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
7© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
TrustedWiFi
Authenticate User Fingerprint Device Apply Corporate Config Enterprise Apps Automatic Policies
8© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
WiFiTrusted
Apply defined policy profiles based on: Device Type User Location Application
Identity Services Engine
Mobile Device Management
Prime Management
802.11n Infrastructure• VideoStream• CleanAir, Client Link
9© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
TrustedWiFi
Electronic Medical Records
Mobile TelePresence
EmailInstant Messenger
YesNo
Access: FULL
10© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Is Mr. Allen’s lab work ready yet?
Not yet but i will let you know the moment it arrives
TrustedWiFi
Identity Services Engine
802.11n Infrastructure• VideoStream• CleanAir, Client Link
Prime Management
WAAS
BYOD
Internal Resources
Internet
Cisco Firewall
CleanAirClientLink
VideoStreamBandSelect
Cisco Access Point
Cisco WirelessLAN Controller
Identity Services Engine
NCS
Onboard, Authenticate, Identify, Policy, Posture
Content, Services, Policy Enforcement
Corporate Network
12© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Untrusted WiFi
Access: Limited
13© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Hotspot 2.0
802.11nInfrastructure
ScanSafeIronPort
Identity Services Engine
AnyConnect
WebExMobile 8
Internal Resources
Internet / WAN
Identity Services Engine
NCS
Corporate Network
Cisco ASA
3G / 4G
AnyConnect
Cisco ASR5K HLR/HSS
Licensed Access Network
Open / Walled Garden
SP Audio/Video Servers & Content
HomeMSP / MSO
Enterprise Access
WiFi
AnyConnect
Cisco ASR1K Cisco Access
Registrar
Unlicensed Access Network
Open / Walled Garden
SP Audio/Video Servers & Content
802.11uHotSpot 2.0
802.1x – EAP/SIMHotSpot 2.0
VPN
VPN
Identity / Policy
Content, Services, Policy Enforcement
15© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
16© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Electronic Medical Records
Mobile TelePresence
Instant Messenger
YesNo
3G/4G
Access: Limited
17© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Identity Services Engine
AnyConnect
3G/4G
ASR
18© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
CleanAirClientLink
VideoStreamBandSelect
Cisco Access Point
BYOD
Cisco WirelessLAN Controller
Internal Access
Internet / WAN
Identity Services Engine
NCS
Corporate Network
Internal Resources
Cisco ASA
3G / 4G
AnyConnect
Licensed Access Network
Cisco ASR5K HLR/HSS
Open / Walled Garden
SP Audio/Video Servers & Content
3G/4G SIM Authentication
VPN
VPN
Identity / Policy
Content, Services, Policy Enforcement
19© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Electronic Medical Records
Mobile TelePresence
Instant Messenger
YesNo
TrustedWiFi
Access: FULL
20© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
WebExMobile 8
802.11n Infrastructure
TrustedWiFi
Cisco Virtual Office
Bandwidth Priority
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28Cisco Confidential 28
• Improving workforce productivity
• Reducing operating costs with BYOD, Cloud….
• Providing Secure access to 3rd party organisations
• Reducing compliance risk
• Increasing agility of IT and ability to scale cost effectively
Rebecca JacobyCIO, Cisco
Cisco Confidential 29© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Security that means business
30© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID