WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30,...
-
date post
20-Dec-2015 -
Category
Documents
-
view
219 -
download
2
Transcript of WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30,...
![Page 1: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/1.jpg)
WIRELESS SECURITYDEFENSE
T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR
May 30, 200905/30/2009
![Page 2: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/2.jpg)
T-Bone & Tonic
Problem Overview
Corporate governance for wireless, wired access, and intranet security used to be governed separately, however, it can no longer be so for the following two reasons:
05/30/2009
1. Security threats need to be addressed on an enterprise wide-level
2. Mobility is a critical component of IT infrastructure access today
2
![Page 3: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/3.jpg)
T-Bone & Tonic
Increase in Corporate Mobility
05/30/2009F
Figure 1 Figure 2
3
![Page 4: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/4.jpg)
T-Bone & Tonic
Proposed Solution
• Cisco Wireless and Network Security Integration – Provides the architectural, design, and
implementation framework in deploying the Cisco Unified Network
– Enables an enterprise to deploy and enforce a common network security policy
– Consistent end-to-end policy enforcement as well as a highly effective threat detection and mitigation capability
– WLAN/LAN integrated and layered security protocol solution
05/30/2009
4
![Page 5: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/5.jpg)
T-Bone & Tonic
Integration Points
05/30/2009
5
![Page 6: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/6.jpg)
T-Bone & Tonic
Why use a Layered Approach?• 802.1x is the IEEE standard that provides the
layered approach• Initiate protection at layer 2 switches and layer 3
routers• Secure authentication of Wireless Access Points
with solid protocols such as WPA2-ENT with EAP-TLS
• Use a secure server to authenticate authorized users with Access Control Servers (Cisco, RADIUS)
• Educate users and administrators on properly securing the network
05/30/2009
6
![Page 7: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/7.jpg)
T-Bone & Tonic
Why Cisco?
• Cisco is unique in occupying 3 industry spaces:– Core Wired Networking products– Wireless Communications– Network Security
05/30/2009
7
![Page 8: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/8.jpg)
T-Bone & Tonic
The Cisco Unified Network
Cisco Unified Network is the marriage of the following 3 Cisco components:
• Cisco Secure Wireless Architecture• Cisco Campus Architecture• Cisco Branch Architecture
05/30/2009
8
![Page 9: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/9.jpg)
T-Bone & Tonic
Cisco Secure Wireless Architecture
05/30/2009
9
![Page 10: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/10.jpg)
T-Bone & Tonic
Cisco Secure Wireless Architecture• Cisco Unified Wireless Network• Cisco Security Agent (CSA)• Cisco Network Admission Control (NAC)
Appliance• Cisco Firewall• Cisco IPS• CS-MARS
05/30/2009
10
![Page 11: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/11.jpg)
T-Bone & Tonic
CS-MARS
• Cisco Security Monitoring, Analysis, and Reporting• Hardened Linux server that monitors the network using
SNMP, SSH, Telnet, Layer 2 & 3 switches and routers• Gathers 15,000 events per second• Cisco ContextCorrelation – Cisco defined rules that
monitor for events• Provides visualizations of network topology and “hot-
spots”• Presents administrators with timely per-device
commands so that threats can be contained quickly• Identifies “chokepoint” devices that can be used to
isolate threats
05/30/2009
11
![Page 12: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/12.jpg)
T-Bone & Tonic
CS-MARS Visualization
05/30/2009
12
![Page 13: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/13.jpg)
T-Bone & Tonic
NAC – Network Access Control• 4 Main Capabilities
– Securely Identify Devices and Users– Enforce Consistent Policy– Quarantine and Remediate– Configure and Manage
• Access is controlled from all entry points to the network – LAN, WLAN, VPN, Internet, Guest
• Can be used to tier access levels• Be careful with quarantine policies, isolate as much
as possible• Uses Cisco Trust Agent and Cisco Security Agent to
verify “security posture”05/30/2009
13
![Page 14: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/14.jpg)
T-Bone & Tonic
NAC - Overview
05/30/2009
14
![Page 15: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/15.jpg)
T-Bone & Tonic
CTA & CSA
• Cisco Trust Agent Components– Network clients– Network Access Devices– ACS – Secure Access Control Server
• Provides Posture Token – Healthy, Infected, Unknown, etc.
– Posture Validation Servers – Third Party – Optional
• Cisco Security Agent– Installed on Network Clients– Limits network access until user and device is
validated– Provides access to remediation areas only
05/30/2009
15
![Page 16: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/16.jpg)
T-Bone & Tonic
CSA – End User View
05/30/2009
16
![Page 17: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/17.jpg)
T-Bone & Tonic
Cisco Campus Architecture
• Provision proper network access to:– Data Centers– Servers– User Devices
• Provide the necessary internal routing and switching capabilities
05/30/2009
17
![Page 18: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/18.jpg)
T-Bone & Tonic
Campus - Illustrated
05/30/2009
18
![Page 19: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/19.jpg)
T-Bone & Tonic
Cisco Branch Architecture
• Branch Architecture ties together the different infrastructure, application and computing resources across various organizational divisions and hierarchies.
05/30/2009
19
![Page 20: WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.](https://reader031.fdocuments.us/reader031/viewer/2022032015/56649d4b5503460f94a28d58/html5/thumbnails/20.jpg)
T-Bone & Tonic
Branch - Illustrated
05/30/2009
20