Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Deep packet inspection wikipedia , lookup
Computer network wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Wireless security wikipedia , lookup
Network tap wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Airborne Networking wikipedia , lookup
Self-Defending Networks By Aseem Khan Adeeb Akhil Shahi Mohammed Sohail Saiprasad H Bevinakatti Cisco Self-Defending Network (CSDN) Concept A systems-based solution that allows entities to use their existing infrastructure in new ways to: • Reduce windows of vulnerability • Minimize the impact of attacks • Improve overall infrastructure availability and reliability Today’s Organizational Challenges Due to continued economic challenges organizations and employees need to be more productive. More and more employees need to work and communicate while mobile and not infect the company with viruses. (counter productive) Organizations need to better defend against threats, vulnerabilities, events and adopt a defense-in-depth strategy. Organizations need to maximize return on investment of their limited IT budgets to improve productivity, mobility, and secure the assets of the business. The Growing Need for Security Solutions Regulatory Compliance Data Loss A Systems Approach to Streamline IT Risk Management for Security and Compliance Malware Threat Capabilities Packet Forging/ Spoofing High Back Doors Stealth Diagnostics DDOS Sweepers Sniffers Exploiting Known Vulnerabilities Hijacking Sessions Sophistication of Hacker Tools Disabling Audits Self Replicating Code Technical Knowledge Required Password Cracking Password Guessing Low 1980 New Internet Worms 1990 2000 The Self Defending Network Self Defending Network Strategy Improve the network’s An initiative to dramatically ability improve the network’s ability totoidentify, and identify, prevent, prevent, and adapt threats adapt to to threats SECURITY TECHNOLOGY INNOVATION INTEGRATED SECURITY • Secure Connectivity • Threat Defense • Trust & Identity • • • • Endpoint Security Application Firewall SSL VPN Network Anomaly SYSTEM LEVEL SOLUTIONS • Endpoints • Network • Services Threat Defense Cisco’s Integrated Network Security Systems Defend the Edge: • Integrated Network FW+IDS Detects and Prevents External Attacks Protect the Interior: • Catalyst Integrated Security Protects Against Internal Attacks Guard the Endpoints: • Cisco Security Agent (CSA) Secure Comm. Trust and Identity Protects Hosts Against Infection Verify the User and Device: • Identity-Based Networking/NAC Control Who/What Has Access Secure the Transport: • • • IPSec VPN SSL VPN MPLS Protects Data/Voice Confidentiality Internet Intranet CSDN Concept (cont.) CSDN also helps create autonomous systems that can quickly react to an outbreak with little to no human intervention Why do we need CSDN’s? Evolution of networkEvolution of attacks on networks Traditional approachDefense-indepth • Proactive defense mechanisms CSDN approach • Adaptive defense mechanisms Why do we need CSDN’s? (cont.) Proactive defense mechanisms…not obsolete, simply inefficient in responding to breeches in network security Proactive solutions frontload defense mechanisms Proactive Defense Example Servers (e.g. web, e-mail, proxy) Internal Corp. Network DMZ Internet Outer Firewall Inner Firewall Development Network Why do we need CSDN’s? (cont.) Adaptive Solutions…focus isn’t solely on preventing network attacks Attempt to effectively: • Detect • Respond • Recover Little to no adverse effect on the network and its users Why do we need CSDN’s? (cont.) Key elements of an adaptive solution: • Remain active at all times • Perform unobtrusively • Minimize propagation of attacks • Quickly respond to as-yet unknown attacks Foundation of a CSDN 1. 2. 3. 4. 5. 6. Endpoint Protection Admission Control Infection Containment Intelligent Correlation and Incident Response Inline IDS and Anomaly Detection Application Security and Anti-X Defense Endpoint Protection You are only as strong as your weakest link One non-sanitized end-user system connected behind a robust, efficient defense can spell D-O-O-M for a network Cisco Security Agent • Point of presence on end user systems that enables efficient exchange of valuable network threat information as it occurs • Endpoint system virus, worm detection/protection Admission Control Not only core component of a CSDN, but incorporated into other technologies by over 30 industry-leading vendors Network Admission Control (NAC) assists in determining the level of access to grant an end-user system in accordance with the security policy when it initially joins the network NAC also assists in managing end-user system’s compliance with security patches and updates Infection Containment The ability to identify non-compliant systems or network attacks as they occur and react appropriately, minimizing the effect of the breech Potentially the #1 core component of a secure system belonging to a CSDN Intelligent Correlation and Incident Response Services that provide the ability to exchange: • • • • Event information Implications of an event occurring Necessary actions to take The appropriate nodes or systems to enforce actions in real-time These services aide in adapting to changes and countering attacks that are occurring in the network as they occur rather than after they occur Application Security and Anti-X Defense A menagerie of application layer security products that address the “ever-evolving” classes of threats which are not effectively addressed by traditional firewall and network IDS products Threat examples: • E-mail based SPAM and phishing • Spyware • Unauthorized peer-to-peer activity Summary New phraseology NOT a new technology Encompassing security solution that is proactive AND adaptive in nature that envelopes every level of network security rather than just specific layers Key difference in CSDN and traditional security solutions…ability of CSDN’s to communicate and share information among different security products employed within the CSDN Questions