Transcript (CISCO) Self-Defending Networks

Self-Defending
Networks
By Aseem Khan
 Adeeb Akhil Shahi
 Mohammed Sohail
 Saiprasad H Bevinakatti
Cisco Self-Defending Network
(CSDN) Concept

A systems-based solution that allows
entities to use their existing
infrastructure in new ways to:
• Reduce windows of vulnerability
• Minimize the impact of attacks
• Improve overall infrastructure
availability and reliability
Today’s Organizational
Challenges




Due to continued economic challenges
organizations and employees need to be
more productive.
More and more employees need to work
and communicate while mobile and not
infect the company with viruses.
(counter productive)
Organizations need to better defend
against threats, vulnerabilities, events
and adopt a defense-in-depth strategy.
Organizations need to maximize return
on investment of their limited IT
budgets to improve productivity,
mobility, and secure the assets of the
business.
The Growing Need for
Security Solutions
Regulatory
Compliance
Data Loss
A Systems Approach to Streamline IT Risk
Management for Security and Compliance
Malware
Threat Capabilities
Packet Forging/
Spoofing
High
Back
Doors
Stealth Diagnostics
DDOS
Sweepers
Sniffers
Exploiting Known
Vulnerabilities
Hijacking
Sessions
Sophistication
of Hacker
Tools
Disabling
Audits
Self Replicating
Code
Technical
Knowledge
Required
Password
Cracking
Password
Guessing
Low
1980
New
Internet
Worms
1990
2000
The Self Defending
Network
Self Defending Network
Strategy
Improve the network’s
An initiative to dramatically
ability
improve the network’s ability
totoidentify,
and
identify, prevent,
prevent, and
adapt
threats
adapt to
to threats
SECURITY
TECHNOLOGY
INNOVATION
INTEGRATED
SECURITY
• Secure Connectivity
• Threat Defense
• Trust & Identity
•
•
•
•
Endpoint Security
Application Firewall
SSL VPN
Network Anomaly
SYSTEM LEVEL
SOLUTIONS
• Endpoints
• Network
• Services
Threat Defense
Cisco’s Integrated Network Security
Systems
Defend the Edge:
• Integrated Network FW+IDS
Detects and Prevents External Attacks
Protect the Interior:
• Catalyst Integrated Security
Protects Against Internal Attacks
Guard the Endpoints:
• Cisco Security Agent (CSA)
Secure
Comm.
Trust and
Identity
Protects Hosts Against Infection
Verify the User and Device:
• Identity-Based Networking/NAC
Control Who/What Has Access
Secure the Transport:
•
•
•
IPSec VPN
SSL VPN
MPLS
Protects Data/Voice Confidentiality
Internet
Intranet
CSDN Concept (cont.)

CSDN also helps create autonomous
systems that can quickly react to an
outbreak with little to no human
intervention
Why do we need CSDN’s?


Evolution of networkEvolution of
attacks on networks
Traditional approachDefense-indepth
• Proactive defense mechanisms

CSDN approach
• Adaptive defense mechanisms
Why do we need CSDN’s? (cont.)


Proactive defense mechanisms…not
obsolete, simply inefficient in
responding to breeches in network
security
Proactive solutions frontload
defense mechanisms
Proactive Defense Example
Servers (e.g. web, e-mail, proxy)
Internal
Corp.
Network
DMZ
Internet
Outer
Firewall
Inner
Firewall
Development
Network
Why do we need CSDN’s? (cont.)


Adaptive Solutions…focus isn’t solely
on preventing network attacks
Attempt to effectively:
• Detect
• Respond
• Recover

Little to no adverse effect on the
network and its users
Why do we need CSDN’s? (cont.)

Key elements of an adaptive
solution:
• Remain active at all times
• Perform unobtrusively
• Minimize propagation of attacks
• Quickly respond to as-yet unknown
attacks
Foundation of a CSDN
1.
2.
3.
4.
5.
6.
Endpoint Protection
Admission Control
Infection Containment
Intelligent Correlation and Incident
Response
Inline IDS and Anomaly Detection
Application Security and Anti-X
Defense
Endpoint Protection



You are only as strong as your weakest
link
One non-sanitized end-user system
connected behind a robust, efficient
defense can spell D-O-O-M for a network
Cisco Security Agent
• Point of presence on end user systems that
enables efficient exchange of valuable network
threat information as it occurs
• Endpoint system virus, worm
detection/protection
Admission Control



Not only core component of a CSDN, but
incorporated into other technologies by
over 30 industry-leading vendors
Network Admission Control (NAC) assists
in determining the level of access to grant
an end-user system in accordance with
the security policy when it initially joins
the network
NAC also assists in managing end-user
system’s compliance with security patches
and updates
Infection Containment


The ability to identify non-compliant
systems or network attacks as they
occur and react appropriately,
minimizing the effect of the breech
Potentially the #1 core component of
a secure system belonging to a
CSDN
Intelligent Correlation and Incident
Response

Services that provide the ability to
exchange:
•
•
•
•

Event information
Implications of an event occurring
Necessary actions to take
The appropriate nodes or systems to enforce
actions in real-time
These services aide in adapting to changes
and countering attacks that are occurring
in the network as they occur rather
than after they occur
Application Security and Anti-X
Defense


A menagerie of application layer
security products that address the
“ever-evolving” classes of threats
which are not effectively addressed
by traditional firewall and network
IDS products
Threat examples:
• E-mail based SPAM and phishing
• Spyware
• Unauthorized peer-to-peer activity
Summary



New phraseology NOT a new technology
Encompassing security solution that is
proactive AND adaptive in nature that
envelopes every level of network security
rather than just specific layers
Key difference in CSDN and traditional
security solutions…ability of CSDN’s to
communicate and share information
among different security products
employed within the CSDN
Questions