© 2002, cisco systems, inc. all rights reserved. secure networking for business continuity
TRANSCRIPT
Agenda
• Business Resilience
• Security Issues
• Legacy vs. Network Security
• Cisco’s SAFE Blueprint
• Cisco Security Development
• Predictions and Summary
• Business Resilience
• Security Issues
• Legacy vs. Network Security
• Cisco’s SAFE Blueprint
• Cisco Security Development
• Predictions and Summary
Drivers of the Internet RaceDrivers of the Internet Race
New Competition
New Competition
Organization StructureOrganization Structure
Profits,Cash Flow,Productivity
Profits,Cash Flow,Productivity
EmpoweredWorkforce
EmpoweredWorkforce
Educated LeadersEducated Leaders
Global Competition
Global Competition
Competitive AdvantageCompetitive Advantage
SurvivalSurvival
New RevenueNew Revenue
20022002
InternetEconomyInternet
Economy
E-LearningE-Learning
Workforce OptimizationWorkforce
Optimization
E-CommerceE-Commerce
Customer Care
Customer Care
Supply Chain
Supply Chain
Today’s Internet Business Environment
Individual Inconvenience
Broad Workforce Impact
Impact on Productivity
Flight Delay
Snow
Sick child
Earthquake
Virus/Worm
Hurricane
Accident Stops Traffic
Security Breach
Power Outage
Late to Meeting
DisasterNational Holiday
Dentist Appointment
Unanticipated Meeting with
Boss
Car Battery Won’t Start
Rain
War
Personal Vacation
Corrupted Data
CustomerCrisis
Move to New Office
New Product Release
Facing More Challenges Than Ever
Spectrum of DisruptionSpectrum of Disruption
What Would You Do If Your…
• Headquarters and data center were destroyed?
• Network that supported 5000 desktops and servers was ruined?
• Corporate employees were displaced?
• PBX phone communications were disrupted?
• 45 Branch offices were unable to access mission-critical applications?
The Makings of a Resilient Business
• Business Continuance
Synchronized data centers across a metro network ensured fast recovery
• Business Protection
Data and communications secured over public networks using VPN technology provided continued access
• Business Agility
IP telephony network enabled continuous voice communications
Instant offices in hotel rooms, using wireless and VPN technologies allowed key personnel to get back to work
Voice traffic rerouted over IP to alternate PSTN gateways in Europe, enabled communications with customers
Lehman Bros. Reopened for Business the Next Day
In the Event of Disruption, Can You …
• Ensure critical systems and networks are continuously available?
• Restore mission critical applications?
• Provide uninterrupted workforce productivity with a secure instant office?
How Much Down-Time Can You Afford?
• Revenue loss
• Customer dissatisfaction
• Lost productivity
• Brand dilution
• Legal liability
• Financial performance $1,107,274$1,107,274RetailRetail
$1,202,444$1,202,444InsuranceInsurance
$1,344,461$1,344,461Information TechnologyInformation Technology
$1,495,134$1,495,134Financial InstitutionsFinancial Institutions
$1,610.654$1,610.654ManufacturingManufacturing
$2,066,245$2,066,245TelecommunicationsTelecommunications
$2,817,846$2,817,846EnergyEnergy
Revenue/HourRevenue/HourIndustry SectorIndustry Sector
Source: Meta Group 11/2000
Achieving Stability in an Unpredictable World
Gartner, January 2002Gartner, January 2002
re·sil·ience (ri-zil’-yens)—Injecting security, protection and recovery into dispersed and far-flung organizations so that they can bounce back from any kind of setback, whether a natural disaster, a hostile economic change, a competitive onslaught, cyber-espionage or a terrorist attack.
re·sil·ience (ri-zil’-yens)—Injecting security, protection and recovery into dispersed and far-flung organizations so that they can bounce back from any kind of setback, whether a natural disaster, a hostile economic change, a competitive onslaught, cyber-espionage or a terrorist attack.
Business Resilience
Business Resilience Objectives
• Predictable performance
• Non-stop e-business
• Disaster recovery and asset protection
• Decentralized and mobilized resources
• Flexible communications
Networked Virtual Organizations are Agile
Supply ChainManagementE-Commerce E-Learning
Workforce Optimization
Customer Care
Security.... Critical Enabler for Business Resilience
• Requires Defense-in-Depth
• Requires multiple components
• Integration into e-business infrastructure
• Requires comprehensive blueprint
• Requires Defense-in-Depth
• Requires multiple components
• Integration into e-business infrastructure
• Requires comprehensive blueprint
Information TheftVirus Attacks
Information TheftVirus Attacks
Threats Increasing Security Awareness
Internet
Data InterceptionUnprotected Assets
Data InterceptionUnprotected Assets
Denial of ServiceUnauthorized Entry
Denial of ServiceUnauthorized Entry
“HomePage” Worm Crawling Around
the Globe - Information Week
White House SiteHit by AnotherDOS Attack
- Cnet News
Study: Sites Attacked 4,000
Times a Week -ZD News
Security and the Evolving Enterprise Needs
Sophistication of Hacker Tools
19901980
Packet Forging/ SpoofingPacket Forging/ Spoofing
Password GuessingPassword Guessing
Self Replicating CodeSelf Replicating Code
Password CrackingPassword Cracking
Exploiting Known Vulnerabilities
Exploiting Known Vulnerabilities
Disabling AuditsDisabling Audits
Back DoorsBack DoorsHijacking SessionsHijacking Sessions
SweepersSweepersSniffersSniffers
Stealth DiagnosticsStealth Diagnostics
Technical Knowledge Required
High
Low2000
% of Respondents ExperiencingThese Security Breaches
% of Respondents ExperiencingThese Security Breaches
0
20
40
60
80
100
Viruses &Worms
Web ServerAttacks
Denial ofService
PasswordAttacks
2000
2001
Outsider / External Breaches
80%80%
89%89%
24%24%
48%48%
37%37% 39%39%
25%25%21%21%
Source: Goldman Sachs
What’s the Impact of Not Properly Securing Your Network ?
• Cost—directly affects bottom line186 organizations* reported hack attempts totaling nearly $378 million. Average loss per respondent nearly $2,000,000
• Credibility—end-user perceptionCan your end-user trust your network?
• Productivity—ability to use your systemDowntime is lost time and revenue
• Viability—can ultimately affect your businessWhere will your company be in 1 year… 5 years?
• Liability—are you responsible?If you don’t take actions to stop outbound attacks, are you liable for damages inflicted on others?
* FBI and Computer Security Institute(CSI)―2001
It’s About “Business Continuity”
“ We security folks have got to stop treating security like it’s a separate problem from network management. Error detection, intrusion detection, and link outages – these are all aspects of the same network management problem.”
Marcus RanumCEO, Network Flight Recorder
One of the Fathers of the Modern Firewall
The Network of Five Years Ago
Closed NetworkClosed Network
Remote SiteRemote Site
PSTN
Frame RelayX.25
Leased Line
PSTN
Legacy Security Solutions
• Most security designed when networks were simple and static
• Primarily single-point products (access-control) with no network integration or intelligence
• Such legacy products are still seen as default security solutions (a “cure-all”)
• Today, there are serious drawbacks to relying on such “overlay” security to protect sophisticated networks and services
Internet connections have dramatically increased as a frequent point of attack (from 59% in 2000 to 70% in 2001.) Of those organizations reporting attacks, we learn:
27% say they don't know if there had been unauthorized access or misuse
21% reported from two to five incidents in one year
58% reported ten or more incidents in a single year – something isn’t working!
Computer Security Institute & FBI ReportMarch, 2001
Case in Point…
Code Red and Nimda Worm Impacts
• Rapid penetration and propagation through existing security solutions
• Extensive impact; expensive recovery
• Exploited existing and known vulnerabilities, and bypassed legacy security devices
• Could be prevented and mitigated
• Rapid penetration and propagation through existing security solutions
• Extensive impact; expensive recovery
• Exploited existing and known vulnerabilities, and bypassed legacy security devices
• Could be prevented and mitigated
Impact of Recent Worms
• Major Computer Company... Code Red/Nimda
$9 million for remediation
12,000 IT hours for Code Red
6,500 IT hours for Nimda
• Multibillion dollar financial institution... Nimda
75% of core routers down at any given time
Lost trading server for half day ($13 million impact)
Important Lesson Learned:
Security Needs to Be Designed and Implemented Around, In and Through the Network
Important Lesson Learned:
Security Needs to Be Designed and Implemented Around, In and Through the Network
Today’s Threats
• Attackers are taking advantage of complex networks and sophisticated Internet services
• In this environment, everything is a target: Routers, Switches, Hosts, Networks (local and remote), Applications, Operating Systems, Security Devices, Remote Users, Business Partners, Extranets, etc.
• Threats to today’s networks are not addressed by most legacy security products
• In fact, there is no single security device which can protect all of these targets
Prevent damage from indiscriminate cyber attacks e.g. worms and viruses
Technology EnablersBusiness Need
Protect business operations against directed attacks e.g. hackers, fraudsters
Complete Security System Complete Security System
Planning for Business Protection
What Customers WantA Network-based “Intelligent” Solution
• Integration of security into all processes
Bridge gap between Network Ops and Security Ops
• Security foundation for current technology
• Security foundation for new technology – no “fork-lift” upgrades
Integrated Voice, Video, and Data traffic
Support for Wireless and Remote Access
QoS for differentiated handling of network traffic
• Defense in depth
Build security into the network, not just the perimeter
• End-to-end networking solution
• Integration of security into all processes
Bridge gap between Network Ops and Security Ops
• Security foundation for current technology
• Security foundation for new technology – no “fork-lift” upgrades
Integrated Voice, Video, and Data traffic
Support for Wireless and Remote Access
QoS for differentiated handling of network traffic
• Defense in depth
Build security into the network, not just the perimeter
• End-to-end networking solution
Cisco Security Directions
Mission
• Accelerate deployment of security and e-business infrastructures
Strategy
• Embrace integration into e-business infrastructure and technology initiatives
• Provide most comprehensive security/VPN solution
• Utilize solutions and services ecosystems/partners
Mission
• Accelerate deployment of security and e-business infrastructures
Strategy
• Embrace integration into e-business infrastructure and technology initiatives
• Provide most comprehensive security/VPN solution
• Utilize solutions and services ecosystems/partners
An Integrated System-Wide Approach
• End-to-end coordinated network+security system approach
Defense in depthProtects hosts and networks
• Scalable system-wide security managementpolicy, configuration, administration, monitoringAppliance and Router Firewalls, IDS, VPNs
• Single point of contact for network and security technical assistance, support and professional services
Fast problem resolutionLower cost of ownership
• Integrates security and network issues
• Includes specific configurations for Cisco and partner solutions
• Based on existing, shipping capabilities
• Over 3,000 hours of lab testing
• Currently, five SAFE white papers:SAFE for Enterprise, SAFE for SMB, SAFE Blueprint for IP Telephony, Wireless LAN Security in Depth, Combating Internet Worms
• Integrates security and network issues
• Includes specific configurations for Cisco and partner solutions
• Based on existing, shipping capabilities
• Over 3,000 hours of lab testing
• Currently, five SAFE white papers:SAFE for Enterprise, SAFE for SMB, SAFE Blueprint for IP Telephony, Wireless LAN Security in Depth, Combating Internet Worms
SAFE Security Blueprint
ManagementManagement BuildingBuilding
DistributionDistribution
CoreCoreEdgeEdge
ServerServer
E-CommerceE-Commerce
Corporate InternetCorporate Internet
VPN/Remote AccessVPN/Remote Access
WANWAN
ISPISP
PSTNPSTN
FR/ATMFR/ATM
SAFE: Securing E-Business
To Edge Distribution
Module
To VPN/Remote Access Module
To ISP Module
Public Web Servers
ContentInspection
Servers
Cisco IDS Appliance
Cisco IOS
Router
Cisco PIX
Firewall
Inspect Outbound Traffic for unauthorized URLs
Stateful Packet FilteringBasic Layer 7 Filtering
Host DoS Mitigation
Spoof MitigationDDoS Rate-Limiting
Basic Filtering
Broad Layer 4–7 Analysis
SMTP Content Inspection
Host IDS for local attack mitigationFocused Layer 4–7 Analysis
SAFE: “Corporate Internet” Module
Deploy Security as an Integrated System
Secure TransportSecure TransportCard ReadersCard Readers
Security Room CCTVSecurity Room CCTV
Secured Doors and VaultsSecured Doors and VaultsSurveillance and AlarmsSurveillance and Alarms
Patrolling Security GuardPatrolling Security Guard
Firewalls and Router ACLsFirewalls and Router ACLsNetwork and Host-based
Intrusion DetectionNetwork and Host-based
Intrusion Detection ScannerScanner
Centralized Security and Policy Management
Centralized Security and Policy Management
Identity, AAA, Access Control Servers and
Certificate Authorities
Identity, AAA, Access Control Servers and
Certificate AuthoritiesEncryption and Virtual
Private Networks (VPN’s)Encryption and Virtual
Private Networks (VPN’s)
Identity SecureConnectivity
PerimeterSecurity
Security Monitoring
Security Management
Defense-in-Depth
FirewallsVPN IDS/Scanning Authentication Policy
• Integration – into network infrastructurecompatibility with network services
• Integration – functional interoperabilityintelligent interaction between elements
• Convergence – with other technology initiativesmobility/wireless, IP telephony, voice/video-enabled VPNs
Action Plan:Implementing a Process1. Develop a comprehensive security policy
Based on assessment of assets, threats, vulnerabilities
2. Implement itFocus on key exposuresBuild defense in depth Security and network experts engageIn-source or out-source
3. Monitor and auditIt’s what you don’t know...Be selective
4. React—according to planRecovery needs to be rapid and organizedInvolve partners—in advance
5. Repeat Cycle!Continuous improvement to address new threats
Trends / Predictions
• Security is going MainstreamFundamental to e-business—not an afterthought
• Security is going to Main StreetEvery small business will be an e-business
Increased outsourcing of solutions and services
• Security extends everywhereThe Internet home and the Mobile Office
• The Bar will continue to be raisedCriticality of e-business applications
Increased regulation
• Comprehensive solutions will winSecurity integrated into voice, video, wireless infrastructures
• Security is going MainstreamFundamental to e-business—not an afterthought
• Security is going to Main StreetEvery small business will be an e-business
Increased outsourcing of solutions and services
• Security extends everywhereThe Internet home and the Mobile Office
• The Bar will continue to be raisedCriticality of e-business applications
Increased regulation
• Comprehensive solutions will winSecurity integrated into voice, video, wireless infrastructures
Prediction 2002... IT Security
• Organizations rethinking security after September 11
• Focus of IT security will shift from the “Three As” (authentication, authorization, administration) to business continuity
• Physical and IT security will be integrated
• Organizations rethinking security after September 11
• Focus of IT security will shift from the “Three As” (authentication, authorization, administration) to business continuity
• Physical and IT security will be integrated
Prediction:
Rationale:
• Organizations will reset their IT security plans in 2002
• Organizations will reset their IT security plans in 2002
Source: IDC 2001; * Security Authorization, Authentication, AdministrationSource: IDC 2001; * Security Authorization, Authentication, Administration
Cisco’s Leadership Obligation
• Leading provider of networking equipment
• Leading provider of Security/VPN solutions
• SAFE network security blueprint brings networking and Security/VPN together
• Development efforts focused on network-intelligent Security/VPN solutions
• Strong partnership program around Security/VPN solutions
• Internet Vital to Core of Business/ Government
• Security Fundamental to Health of Internet
• Attacks Increasing Dramatically – Targeted at New Network and Internet Services
• Security Must be Part of Network Infrastructure
• Partnership (Business and Government) Critical to a Global Security Strategy
• We Want to Partner With You
• Internet Vital to Core of Business/ Government
• Security Fundamental to Health of Internet
• Attacks Increasing Dramatically – Targeted at New Network and Internet Services
• Security Must be Part of Network Infrastructure
• Partnership (Business and Government) Critical to a Global Security Strategy
• We Want to Partner With You
In Summary...
More Information
• www.cisco.com/go/security
• www.cisco.com/go/safe
• www.cisco.com/go/evpn
• www.cisco.com/go/securitypartners
• www.cisco.com/go/csec
• www.cisco.com/go/netpro
• www.cisco.com/go/securitytrng
• www.cert.org
• www.happyhacker.org
• www.infosecuritymag.com