Security

greenpepperwhinnyΑσφάλεια

3 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

96 εμφανίσεις

Cisco Confidential

1

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Borderless
Networks

Enabling the Borderless Organisation

Mark Jackson, Technical Solutions Architect

m
arjacks@cisco.com


© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

2

Branch Office

Main Campus

Data Center

Viruses

Denial of

Service

Unauthorized
Access

System
Penetration

Telecom
Fraud

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

3

Cisco Self
-
Defending Network

Branch Office

Main Campus

Data Center

Integrated

Build security
into the network

Collaborative

Make security
work together
as a system

Adaptive

Adjust defenses
based on events
and real time info

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

4

Blurring the Borders:

Consumer ↔ Workforce
Employee ↔ Partner

Physical ↔ Virtual

Mobility

Workplace

Experience

Video

1.3 Billion New Networked
Mobile Devices in the

Next Three Years

Changing Way We Work

Video projected to quadruple IP
traffic by 2014 to 767 exabytes*

Mobile Devices

IT Resources

Anyone, Anything,
Anywhere, Anytime

Operational

Efficiency Program

Government ICT Strategy

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

5

IT Consumerisation

Mobile

Worker

Video/

Cloud

IaaS,SaaS

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

6

Information Security and
Assurance

Public Sector Network

Government Cloud

Shared Services

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

7

“The Public Service Network will allow
the delivery of services to any location
and, through standards, will enable
unified communications in terms of voice,
video and collaboration capabilities.”

“Developments in ICT mean it is now
possible for different teams, offices or
even organisations to share the same
ICT infrastructure.”

“…data sharing is an essential element of
joining up services and providing
personalisation. This means that there
must be effective, proportionate
management of information risk.”

“The need to continue to transform public
services and to use ICT to enable
transformation of the way the public
sector runs and operates has become
more pressing.”

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

8

Location

Device

Application

More Diverse Users
, Working from
More Places
, Using
More Devices
,
Accessing
More Diverse Applications
, and Passing
Sensitive Data

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

10

Enabling Mobility, Extending Security

Corporate Office

Branch Office

Local Data Center

SECURITY
and POLICY

Airport

Mobile User

Attackers

Partners

Citizens

Coffee Shop

Home Office

Always
-
On Integrated
Security and Policy

802.1X, TrustSec,
MACsec, MediaNet

Outside the Corp Environment

Inside the Corp Environment

CORP DMZ

BORDER

X

as a Service

Infrastructure

as a Service

Software

as a Service

Platform

as a Service

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

11

1

4

2

Who are you?

An 802.1x or a Network Admission Control
(NAC) appliance authenticates the user.

What service level do you receive?

The user is assigned services based on role
and policy ( job, location, device, etc.).

What are you doing?

The user

s identity, location, and access
history are used for compliance & reporting.

Where can you go?

Based on authentication data, the network
controls user access.

3

Enforces

Access

Policy

Identifies

Authorised

Users

Personalises

The

Network

Increases
Network

Visibility

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

12

SGTs

Current network access control segmentation methods (VLAN, ACL,
Subnet) are topology dependent and operationally intensive

Security Group Tags are topology independent and streamline the
deployment of role
-
based access control


Attribute based access control assigns an SGT to users, devices, or virtual
machines based on their role


Security Group ACLs (SGACLs) enforce access policy based on source and
destination SGT


Transport of SGTs is secured via NDAC & 802.1AE MACsec


This is an emerging technology, expanding in platform availability and adoption

SGACLs

Authz Rules

Indiv iduals

Resources

Authz Rules

Security Groups

Employee

Non
-
Europe
Employee

Security Groups

Destination

Internet

Confidential

Print/Copy

Access Rules

Access Rules

Source

Partners

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

13

Delivering a Platform to Enable Shared Services

D

D

D

D

D

D

D

D

D

V

V

V

V

V

V

V

V

V

Next
-
Generation Security

Single unified platform
enforcing policy

Duplicated Infrastructure,
increased cost and complexity

Shared Workspace
Environment

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

14

Network and Security Follows User

It Just Works

Next
-
Gen Unified Security


User/device identity


Posture validation


Integrated web security for always
-
on
security (hybrid)

Persistent Connectivity


Always
-
on connectivity


Optimal gateway selection


Automatic hotspot negotiation


Seamless connection hand
-
offs

Corporate
Office

Mobile
User

Home
Office

Secure,
Consistent
Access

Voice

Video

Apps

Data


Broad Mobile Support


Fixed and semi
-
fixed platforms


Mobile platforms

Wired

3G/Wi
-
Fi

Broadband

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

15

Choice

Diverse Endpoint Support
for Greater Flexibility

Acceptable Use

Access Control

Data Loss Prevention

Threat Prevention

Intranet

Corporate

File Sharing

Access Granted


AnyConnect Client

Security

Rich, Granular Security
Integrated into the network

Experience

Always
-
on Intelligent
Connection for Seamless

Experience and
Performance

WSA

ASA

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

16

Enabling Seamless Remote and Mobile Working

Secure Mobile Connectivity

Unmanaged Devices, Risk of

Data Loss, and Lack of Access

Mobile Government
Worker

Simple, Powerful Access


Anywhere, Any Device

Acceptable

Use

Access
Control

Data Loss
Prevention

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

17

Keep the
Bad Guys
Out

Firewall

Access

Intrusion

Prevention

Block Attacks

Content

Security

Email & Web

Self
-
Defending Network

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

18

Self
-
Defending Network

Enable

Secure
Borderless
Access


Firewall

Access

Intrusion

Prevention

Block Attacks

Content

Security

Email & Web

Policy & Identity

Trusted Access

Secure Mobility

Always On

Cloud Security

Hosted/Hybrid

New Security Requirements

Keep the
Bad Guys
Out

© 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

19

The Borderless
Organisation Needs
a Borderless
Network
Architecture.

1

Cisco Is Uniquely
Equipped to Deliver
That Architecture with
“Broad and Deep”
Network Innovation.

2

The Cisco
Borderless Network
delivers the Platform
to transform service
delivery.

3