Transcript Defense

Wireless and Network
Security Integration
Defense by Hi-5
Marc Hogue
Chris Jacobson
Alexandra Korol
Mark Ordonez
Jinjia Xi
Introduction
► Importance
of Integrated Network Security
 Example of disjointed solution
 Example of properly integrated solution
► Importance
to IT Leaders
Agenda
► Integrated
Solution Architecture
► Integrated Solution Components





Cisco Security Agent (CSA)
Cisco NAC Appliance
Cisco Firewall
Cisco IPS
CS-MARS
Cisco Unified Wireless Network
► Anytime,
anywhere access to information.
► Real-time access to instant messaging, e-mail,
and network resources.
► Mobility services, such as voice, guest access,
advanced security, and location.
► Modular architecture that supports 802.11n,
802.11a/b/g, and enterprise wireless mesh for
indoor and outdoor locations, while ensuring a
smooth migration path to future technologies
and services
Secure Wireless Architecture
► The
following five interconnected elements
work together to deliver a unified
enterprise-class wireless solution:





Client devices
Access points
Wireless controllers
Network management
Mobility services
Campus Architecture
High availability
► Access services
► Application optimization and protection services
► Virtualization services
► Security services
► Operational and management services
►
Branch Architecture
Cisco Unified Wireless Network
► Anytime,
anywhere access to information.
► Real-time access to instant messaging, e-mail,
and network resources.
► Mobility services, such as voice, guest access,
advanced security, and location.
► Modular architecture that supports 802.11n,
802.11a/b/g, and enterprise wireless mesh for
indoor and outdoor locations, while ensuring a
smooth migration path to future technologies
and services
Agenda
► Integrated
Solution Architecture
► Integrated Solution Components





Cisco Security Agent (CSA)
Cisco NAC Appliance
Cisco Firewall
Cisco IPS
CS-MARS
Where CSA Fits into Architecture
CSA
► CSA
is an endpoint security solution
► Single agent that provides:
 zero update attack protection
 data loss prevention
 signature based antivirus
► Two
Components:
 CSA MC
 CSA
Need for CSA
Threats and CSA Mitigation
Threats and CSA Mitigation
Prevent Wireless Ad hoc
Communications Module
► If
a wireless ad-hoc connection is active, all UDP
or TCP traffic over any active wireless ad-hoc
connection is denied, regardless of the application
or IP address.
► Alerts are logged and reported any time the rule
module is triggered
► Customization allows:
 User Query
 Test Deployment
Prevent Wireless if Ethernet Active
Module
► If
an Ethernet connection is active, all UDP or TCP
traffic over any active 802.11 wireless connection
is denied, regardless of the application or IP
address.
► An alert is logged and reported for each unique
instance that the rule module is triggered.
► Supports customization
 Customized user query as a rule action
 Customized rule module based on location
 Customized rule module in test mode
Location Aware Policy Enforcement
► Enforces
different security policies based on
the location of a mobile client
► Determines state of mobile client based on:
 System state conditions
 Network interface set characteristics
► CSA
location-aware policy may leverage any
of the standard CSA features
Roaming Force VPN Module
► If
the CSA MC is not reachable and a
network interface is active, all UDP or TCP
traffic over any active interface is denied,
regardless of the application or IP address,
with the exception of web traffic, which is
permitted for 300 seconds.
► Informs user that VPN connection is
required
► Message is logged
Agenda
► Integrated
Solution Architecture
► Integrated Solution Components





Cisco Security Agent (CSA)
Cisco NAC Appliance
Cisco Firewall
Cisco IPS
CS-MARS
Cisco NAC Appliance Overview
► Admission
Control and compliance
enforcement
► Features:




In-band or out-of-band deployment options
User authentication tools
Bandwidth and traffic filtering controls
Vulnerability assessment and remediation (also
referred to as posture assessment)


Network Scan
Clean Access Agent
NAC Architecture
Out-of-Band Modes
In-Band Modes
NAC Appliance Positioning:
Edge Deployment
NAC Appliance Positioning:
Centralized Deployment
NAC Authentication
authentication does not pass
through to NAC
► Authentication methods include:
► 802.1x/EAP
 Web authentication
 Clean Access Agent
 Single sign-on (SSO) with Clean Access Agent
with the following:


VPN RADIUS accounting
Active Directory
Authentication Process:
AD SSO
Posture Assessment Process
Remediation Process
Authenticated User
Agenda
► Integrated
Solution Architecture
► Integrated Solution Components





Cisco Security Agent (CSA)
Cisco NAC Appliance
Cisco Firewall
Cisco IPS
CS-MARS
Firewall Placement Options
Source: Cisco, Deploying Firewalls Throughout Your Organization
Why Placing Firewalls in Multiple
Network Segments?
► Provide
the first line of defense in network
security infrastructures
► Prevent access breaches at all key network
junctures
► Help organizations comply with the latest
corporate and industry governance mandates




Sarbanes-Oxley (SOX)
Gramm-Leach-Bliley (GLB)
Health Insurance Portability and Accountability Act (HIPAA)
Payment Card Industry Data Security Standard (PCI DSS)
Firewall Integration
►
Cisco Catalyst 6500
Wireless Services Module
(WiSM) and Cisco Firewall
Services Module (FWSM)
►
Cisco Catalyst 6500
Wireless Services Module
(WiSM) and Cisco Adaptive
Security Appliances (ASA)
►
2100 family WLCs with a
Cisco IOS firewall in an
ISR router
FWSM and ASA Modes of Operation
Routed Mode
Transparent Mode
High Availability Configuration
FWSM High Availability
ASA High Availability
WLC Deployments and IOS
Firewall
Agenda
► Integrated
Solution Architecture
► Integrated Solution Components





Cisco Security Agent (CSA)
Cisco NAC Appliance
Cisco Firewall
Cisco IPS
CS-MARS
IPS Threat Detection and Migration Roles
WLC and IPS Collaboration
► Cisco
WLC and IPS synchronization
► WLC enforcement of a Cisco IPS host
block
► Cisco IPS host block retraction
Example of WLC enforcement
Agenda
► Integrated
Solution Architecture
► Integrated Solution Components





Cisco Security Agent (CSA)
Cisco NAC Appliance
Cisco Firewall
Cisco IPS
CS-MARS
CS-MARS
► Cisco
Security Monitoring, Analysis and
Reporting System
► Monitor the network
► Detect and correlate anomalies
► Mitigate threats
Cross-Network
Anomaly
Detection and
Correlation
MARS is configured to
obtain the configurations
of other network
devices.
► Devices send events to
MARS via SNMP.
► Anomalies are detected
and correlated across all
devices.
►
Monitoring, Anomalies, & Mitigation
► Discover
Layer 3 devices on network
► Monitors
wired and wireless devices
 Entire network can be mapped
 Find MAC addresses, end-points, topology
 Unified monitoring provides complete picture
► Anomalies
can be correlated
► Mitigation
responses triggered using rules
 Complete view of anomalies (e.g. host names, MAC
addresses, IP addresses, ports, etc.)
 Rules can be further customized to extend MARS
Reporting
► MARS
provides reporting
 Detected events (e.g. DoS, probes, etc.)
 Distinguish between LAN and WLAN events
 Leverage reporting from other components
(e.g. WLC, WCS, etc.)
► Allows
detailed analysis of
 Events
 Threats
 Anomalies
Q&A