Switching - Security Audit Systems

Download Report

Transcript Switching - Security Audit Systems

Technical and Operational
Benefits of Using
Cisco Powered Networks
Course Number
Presentation_ID
© 1999, Cisco Systems, Inc.
1
Internet Business Solutions
Create Competitive Advantage
• Higher customer
Employees
satisfaction
Customers
• Lower costs
• Competitive
agility
• Accelerated
time to market
• Higher employee
efficiency
© 1999, Cisco Systems, Inc.
Partners
Enterprise
Suppliers
Ubiquitous Connectivity
where the Business
Runs on the Network
2
New World Partnership for Success
Enterprises
and
End Users
Service
Providers
© 1999, Cisco Systems, Inc.
Cisco
Solutions
3
Cisco-Powered Service Providers
Support Enterprise Success
• Faster deployment of new-world
applications (especially with differing
QoS requirements)
• Easier technology migration
• Lower Total Cost of Ownership
• More reliable, scalable, and secure
© 1999, Cisco Systems, Inc.
4
“
What Is an End-to-End
Network Solution ?
An end-to-end network solution
is a common architecture
that provides a consistent set
of network services to all users and
managers of a network.
Enterprise
Network
© 1999, Cisco Systems, Inc.
Service Provider
Shared Network
”
Enterprise
Network
5
Cisco IOS®: Adding to
the Power of IP
IBM
Security
•Time-based and reflexive ACLs
•IPSec
•Cisco IOS Firewall
•TCP Intercept
•Cisco Database Connection
•DLSw enhancements
•DLSw+ SNA Type of Service
•Etc.
Release
12.0+
•Voice / Multimedia
Management
•ATM PVCs
•SNMP Manager
•CLI Search
•SNMPv3
•FR and ATM MIBS
•SA agent, NetFlow
•Voice-over-IP
•Q.SIG
•IP Multicast
•H.323 v2
•SGCP
Reliability
•HSRP over FEC
•APS/Sonet
Switching
•Cisco Express Forwarding
•NetFlow Services
•Tag Switching
•IEEE 802.1Q vLANs
•xDSL Subscriber support etc.
IP and Routing
•Easy IP/DHCP Server
•Triggered RIP
enhancements
•Mobile IP
•WCCPv2
•On-Demand Routing
•Tag VPNs
•OSPF Pacing
•IS-IS
•PIM version2
•mBGP
•PGM
•Stub EIGRP etc.
© 1999, Cisco Systems, Inc.
Quality-of-Service
Connectivity/Scalability
•L2TP
•PPP/FrameRelay
•ISDN Management
•L2F Load Sharing
•AO/DI
•NFAS/D channel
•L2F Stacking
•FastEther
Channel
etc.
•Committed Access Rate
•IP_ATM CoS
•Weighted RED
•NetFlow Policy Routing (NPR)
•BGP Policy Propagation
•Class-based Queuing
•GRE Precedence
•Per-Flow Queuing
•TCP Pacing
•Etc.
6
New Applications Mean
New Requirements
• Virtual Private Networks (VPN)
Access
Intranet
Extranet
• Voice over IP
• Group collaboration
(e.g.; shared calendars)
• Multimedia training and conferencing
© 1999, Cisco Systems, Inc.
7
VPNs and QoS Requirements
QoS Benefits for VPNs
• Make optimum use of
VPN WAN link(s)
SP Network Functions
• Adhere to SLA
CPE Functions
Throughput
Latency
Availability
Control congestion
• Packet classification
• Packet marking
• Provide data for service
• WAN bandwidth
level management
management
• Measurement
© 1999, Cisco Systems, Inc.
• Provide bandwidth and
priority to missioncritical applications
• Control non-mission-critical
applications
• Exploit the differentiated
services offered by
Cisco Powered Network
service providers
8
Access VPNs
Corporate
Intranet
POP
SP Network
Mobile Users, Telecommuters,
and Small Remote Offices
POP
Security
Server
• Outsourced remote access service
• Client-initiated or NAS-initiated
• Secure and prioritized
• Scalable bandwidth options
© 1999, Cisco Systems, Inc.
9
SLA Management for VPNs
CPE Router
SAA
SLA Measurement Using Cisco
Service Assurance Agent
• Provider Edge-to-Provider Edge
CPE Router
SAA
• CPE-to-Provider Edge
• CPE-to-CPE
T1/E1
Layer 3
IP
Network
SAA
SAA
FR Access
T1/E1
OC-x
ATM Link
SAA
CPE Router
SAA
CPE Router
© 1999, Cisco Systems, Inc.
SLA Measurement
between IP End-Points
on ATM Link
10
CiscoAssure
Application Aware Networking
Traffic Differentiation:
Performance
Application Detection
Load
Applications
Cost
User
L4 Port Number, Dynamic Port, URL, App. Client
Delay
Applied To:
Policy
Routing
Routing
© 1999, Cisco Systems, Inc.
URL
Encryption
CBAC
Security
Mission Critical
Delay
QoS
11
Cisco Service Assurance Agent
Increasing Service Value
HTTP
Voice
Jitter
DLSw
Packet
Loss
DNS/
DHCP
Path
Echo
Latency
Latency
TCP
UDP
ICMP
Cisco IOS-based
Service Assurance*
Agent
ToS
* Formerly known as RTR Agent
© 1999, Cisco Systems, Inc.
12
End-to-End Performance
Management
DNS,
DHCP, HTTP
SAA
Common
Network Services
Ping,
TCP, UDP
Network
Infrastructure
SAP, Oracle,
IBM MVS, etc
Network
Applications
CPE-to-CPE
SAA
Client
Agent
SAA
PE-to-PE
SAA
SAA
Client-to-Server
Enterprise
Network
SAA
Enterprise
Network
Cisco IOS-based
Service Assurance Agent
Acts as Both Source and
Responder
© 1999, Cisco Systems, Inc.
13
New World Ecosystem
of Partnerships
© 1999, Cisco Systems, Inc.
14
CSM Integrated Solution
SML/
BML
Customer
Care
Billing
Trouble
Ticketing
Performance
Management
NML
Planning
Netsys
Provisioning
CPC/CSRC
Monitoring
Info Center
Billing
Billing Center
Sub-Network Provisioning, Fault and Performance
(Voice, Video, Data)
EML
Sig. Unit
Manager
Transpath Switch
Controller
EMF
Cisco IOS
7XXX/4XXX
12xxx/38XX
EMF
Access
uBR/
ITCM
EMF
Voice
3600/
3810
5300/
5800
EMF
WAN
BPX/IGX/MGX
3rd Party Software
© 1999, Cisco Systems, Inc.
15
Cisco’s Carrier-Class Element
Management Framework
TMN M.3010-Based System
C++-Based API
CORBA-Based API
Common
EMS
Facilities
Config
ElementSpecific
Mediation
Inventory Topology Subscribers
6200(E)
DSLAM
GSR12xxx
MSR8540
IP
CORE
ATM
CORE
6400
VSC/
VoIP
Classes and
Containment
Events
Trees
Access
Path
GENERIC
Cisco IOS

DIAL/
POP
ELEMENTS
© 1999, Cisco Systems, Inc.
16
Concord’s Network Health
Service Level
Reports
Health
Reports
Trend
Reports
Report for Thu 1/15/98
Auto Range:
Custom
From: 09/04/1998
12:00 AM
01/15/1998
09/13/1
997
09/13/1
997
Router
and
LAN Stats.
WAN
Stats.
Access
Stats.
Element and L2/L3/Access Stats.
© 1999, Cisco Systems, Inc.
NetFlow
Collector
RMON
Probes
Traffic Flow Stats.
Exceptions
Reports
SA
Agent
Ping
MIB
Response Time/
Availability Stats.
18
Client-to-Server
SLA Management
• Concord’s PulseCheck Agent
Installs on Windows 95, 98, NT clients
• Measures response time and availability
from end-user’s perspective
• Measurements are observation-based
• Can be both Enterprise-and ASP-centric
Switch
Switch
SP
Router
Router
Server
Client
© 1999, Cisco Systems, Inc.
19
Cisco Access Manager
CAM Servers
Distributed POPs
RAID
Replicated
Database
System
Controller
Database
Server
Cisco
AS5300s
AccessPath
System
Controller
RAID
Database Server
System
Controller
Multiple
Web Clients
AS5800
AccessPath
© 1999, Cisco Systems, Inc.
System
Controller
LS3
Cisco
AS5300s
20
The Old World Is About Strings...
Class 5
Switch
Class 5
Switch
Class 5
Switch
Class 5
Switch
Class 5
Switch
Class 5
Switch
© 1999, Cisco Systems, Inc.
21
...The New World Is About Clouds
• Distributed Intelligence
• Architecturally agnostic
• Scalable
© 1999, Cisco Systems, Inc.
22
Intrinsic Availability
Strings fail if any
component fails
© 1999, Cisco Systems, Inc.
Clouds fail only if
everything fails
23
Transitional Challenges
• Routing ‘convergence’ times that support
all applications
• Rebuilding services around
a cloud architecture
• Legacy systems & applications (ATM
and MPLS play a key role)
© 1999, Cisco Systems, Inc.
24
Covering Security From A to Z
• AAA
(Authentication, Authorization, Accounting)
• IPSec for privacy, integrity, and authenticity
(can be router to router, or client-to-server; Cisco
implements transparently in network infrastructure)
• IKE (formerly ISAKMP-Oakley)
(works with Certificate Authority such as Entrust,
VeriSign, etc.; verifies identity with digital certificate
equivalent to an ID card)
• NetSonar
(maps networks, and identifies security vulnerabilities)
© 1999, Cisco Systems, Inc.
25
Cisco IOS Firewall Context-Based Access
Control (CBAC) Application Support
• Transparent support for
common TCP/UDP internet
services, including:
• Multimedia applications:
WWW, Telnet, SNMP, finger, etc.
VDOnet’s VDO Live
RealNetworks’ RealAudio
• FTP
Intel’s InternetVideo Phone
(H.323)
• TFTP
Microsoft’s NetMeeting
(H.323)
• SMTP
Xing Technologies’
Streamworks
• Java blocking
• BSD R-cmds
Whitepine’s CuSeeMe
• Oracle SQL Net
• Remote Procedure Call (RPC)
© 1999, Cisco Systems, Inc.
26
Network-Layer Security
Joe’s PC to HR Server
Encrypted
Joe’s PC
Mary’s PC
HR Server
All Other Traffic
Cleartext
E-Mail Server
• Traffic protected on a flow-by-flow basis between
specific hosts or subnets
• Media and interface independent
• Transparent to intermediate network devices
• Topology independent
© 1999, Cisco Systems, Inc.
27
Supporting You
Supporting The Network
• You have trouble enough recruiting and retaining
qualified networking staff for your own network
(although Cisco is always there to help)
• Cisco end-to-end support is even more effective
when using Cisco Powered Network service
providers
“
If you're listing the strengths of Cisco, you want to look at
its unbelievable reputation for service.
You don't get it if you don't understand this aspect of Cisco
is one of the top reasons the company succeeds.
Motley Fool; May ’99
© 1999, Cisco Systems, Inc.
”
28
Single Vendor Networks
Multiple Vendor Network
Other
41%
Primary Vendor Network
Savings
24%
Capital
23%
Other
27%
Support
36%
Capital
23%
Support
26%
A 24% Savings
Source: The Registry—average of several Enterprises
© 1999, Cisco Systems, Inc.
29
Adding Cisco Powered VPN
Cisco Enterprise Network
Enterprise with
Support
5%
Savings
24%
Other
27%
Capital
23%
Savings
60%
Support
26%
Other
35%
A 60% Savings on Dial Portion
© 1999, Cisco Systems, Inc.
30
Cisco Powered Network Impact
on Operations
Business Impact
Cost Impact
• Tighter integration
for new services and
applications
• Reduced total staffing
and operations cost
• Rapid application
deployment with
differentiated QoS
• Enhanced security
for partner and
customer Extranets
© 1999, Cisco Systems, Inc.
• Reduced end-to-end
downtime
• Less finger-pointing
and operations hassles
• Assured interoperability
and conflict resolution
31
Thank You
© 1999, Cisco Systems, Inc.
32
Presentation_ID
© 1999, Cisco Systems, Inc.
33