Download Presentation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
Document related concepts

Airborne Networking wikipedia , lookup

Net bias wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Network tap wikipedia , lookup

Wireless security wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Power over Ethernet wikipedia , lookup

Spanning Tree Protocol wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Computer security wikipedia , lookup

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

Cisco Systems wikipedia , lookup

Transcript 
PIX Firewall in
Enterprise Network
How Cisco IT Uses Firewalls to
Protect Cisco Internet Access
Locations
A Cisco on Cisco Case Study: Inside Cisco IT
Presentation_ID
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Public
1
Overview
ƒ Challenge
Protecting Cisco’s data and network from unauthorized users
ƒ Solution
Cisco IT deployed Cisco PIX 535 Security Appliance at six
small POPs worldwide
ƒ Results
Benefits of Cisco PIX Security Appliance
ƒ Next Steps
Fail over to Cisco PIX security appliances counterpart in other
locations
Presentation_ID
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Public
2
Challenge: Protecting Cisco’s data and
network from unauthorized users
ƒ Eliminating need for second set of access control lists
(ACLs)
Firewall does not remember original IP address, destination port,
and ID
ƒ Improve application availability for stateful failover
Two redundant Cisco routers in every point of presence (POP)
Failing packets passing primary router is dropped, resulting in
application delays for Cisco employees
Presentation_ID
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Public
3
Solution: Cisco IT deployed Cisco PIX
535 Security Appliance at six small POPs
worldwide
ƒ Provide robust network and application security:
Enforcing administrator-defined access control policies
Perform deep packet inspections and tracking the state of all
network communications
ƒ Ensure high performance even during peak traffic
times:
Offloading compute-intensive encryption from firewall processor
ƒ Provide up to 70 Mbps of Triple Data Encryption
Standard (3DES) VPN
Presentation_ID
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Public
4
Solution: Cisco IT deployed Cisco PIX
535 Security Appliance at six small POPs
worldwide (Contd.)
ƒ Provide an additional layer of security
Examine packet streams at Layers 4 – 7
Network-Based Application Recognition (NBAR) is used to
defend against the spreading for worms and viruses
Presentation_ID
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Public
5
Solution: Cisco IT equipped primary &
secondary redundant Cisco PIX Security
Appliances
ƒ If primary device fails,
ISP Network
then secondary knows
how many connections
ISP
Gateway
are currently in process
DMZ
Core
and transparently
Si
Content
Engine
takes control
Firewall
Default route
Si
Si
Campus Backbone Switches
Presentation_ID
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Public
6
Results: Benefits of Cisco PIX Security
Appliance
ƒ Configuration Time Cut by Half
Automatically allows the return traffic for both incoming and
outgoing ACLs and rules
ƒ Increases Security
Remembers the state of TCP, UDP, or Internet Message
Control Protocol (ICMP) flow
ƒ High Availability
If primary device fails, then second device takes control to
prevent lost packets
Performs Port Address Translation (PAT)
ƒ Reduced Rack Space Requirements
Presentation_ID
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Public
7
Next Steps: Fail over to Cisco PIX
security appliances counterpart in other
locations
ƒ Cisco IT looking for different advanced BGP features
ISP gateways to advertise conditional routes
ƒ With firewall services module (FWSM)
Same benefits will be extended to Cisco’s largest sites
Presentation_ID
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Public
8
To read the entire case study, or for additional Cisco IT case studies on a
variety of business solutions, visit Cisco on Cisco: Inside Cisco IT
www.cisco.com/go/ciscoit
Presentation_ID
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Public
9
Related documents
If your staff need to upgrade or re
If your staff need to upgrade or re
Cisco on Cisco Chevron Presentation
Cisco on Cisco Chevron Presentation
JOB DESCRIPTION NETWORK ADMINISTRATOR
JOB DESCRIPTION NETWORK ADMINISTRATOR
Research Scientist – Prague, Czech Republic Cisco Systems
Research Scientist – Prague, Czech Republic Cisco Systems
Cisco PWR-C45-1000AC= power supply unit (PWR
Cisco PWR-C45-1000AC= power supply unit (PWR
Career Highlights - University of the Pacific
Career Highlights - University of the Pacific
Cisco Marketing Velocity 2015 Workshops
Cisco Marketing Velocity 2015 Workshops
Course Overview
Course Overview
Network Engineer
Network Engineer
download
download