© 2006 Cisco Systems, Inc. All rights reserved. SND v Introduction to Network Security Policies Building Cisco Self-Defending Networks

© 2006 Cisco Systems, Inc. All rights reserved. SND v Outline Overview Changing Threats and Challenges Building a Cisco Self-Defending Network Adaptive Threat Defense Cisco Integrated Security Portfolio Summary

© 2006 Cisco Systems, Inc. All rights reserved. SND v Threat Evolution Global Infrastructure Impact Regional Networks Multiple Networks Individual Networks Individual Computer Target and Scope of Damage 2nd Generation Macro viruses DoS Limited hacking Days 1990s Weeks 1980s 1st Generation Boot viruses Minutes Today 3rd Generation Network DoS Blended threat (worm + virus + Trojan) Turbo worms Widespread system hacking Seconds Future Next Generation Infrastructure hacking Flash threats Massive worm drives DDoS Damaging payload, viruses, and worms The WAN infrastructure must be an intelligent point of defense. The time from knowledge of vulnerability to release of exploit is shrinking.

© 2006 Cisco Systems, Inc. All rights reserved. SND v Port 80 Applications Blur the Network Perimeter Networks face vulnerabilities through port 80: Perimeter security is no longer enough. Port 80 opens previously closed networks to partners through business-to-business extranets, retail outlet connections, and home- based employees. What was previously controlled (trusted) is now uncontrolled (untrusted). Noncompliant devices are a conduit for attack. Multihomed devices (wireless and mobile) have blurred the perimeter. Port 80 is open on firewalls to allow growing web application traffic requirements. 43% 55% 43% Internet IM traffic Rich media Web-enabled apps Web services Internet access Port 80 98%

© 2006 Cisco Systems, Inc. All rights reserved. SND v The SQL Slammer Worm: 30 Minutes After Release Saturation point was reached within 2 hours of the start of infection. Infections doubled every 8.5 seconds. SQL spread 100 times faster than Code Red. At peak, SQL scanned 55 million hosts per second. The number of hosts infected was between 250,000 and 300,000. Internet connectivity was affected worldwide.

© 2006 Cisco Systems, Inc. All rights reserved. SND v Service providers noted significant bandwidth consumption at peering points. The average packet loss at the height of the infection was 20 percent. South Korea lost almost all Internet service. ATMs around the world were shutdown. Airline ticketing systems were overwhelmed. Network Effects of the SQL Slammer Worm

© 2006 Cisco Systems, Inc. All rights reserved. SND v Cisco Self-Defending Network Strategy The Cisco defense-in-depth strategy improves the ability of the network to identify, prevent, and adapt to threats. There are three pillars: –Secure connectivity VPN solutions including VPN concentrators, VPN- enabled routers, and firewall VPNs –Threat defense Appliance and Cisco IOS-based firewalls Cisco intrusion detection and prevention systems –Trust and identity NAC, Cisco Secure ACS, and 802.1x technology

© 2006 Cisco Systems, Inc. All rights reserved. SND v Evolving a Cisco Self-Defending Network Phase II: Collaborative security systems Security becomes a network-wide system: endpoints + network + policies Multiple services and devices working in coordination to thwart attacks with active management NAC and IBNS Phase III: Adaptive Threat Defense Mutual awareness among security services and network intelligence Increased security effectiveness enables proactive response Consolidated services improve operations efficiency Application recognition and inspection for secure application delivery and optimization Phase I: Integrated security Making every network element a point of defense Secure connectivity (Voice and Video Enabled VPN, Dynamic Multiport VPN), threat defense, trust, and identity Network foundation protection

© 2006 Cisco Systems, Inc. All rights reserved. SND v Evolving a Cisco Self-Defending Network (Cont.) Phase II: Collaborative security systems NAC, NFP, VoIP, wireless, and service virtualization Phase III: Adaptive Threat Defense Application inspection and control, real-time worm, virus, spyware prevention, peer-to-peer and instant messaging control Phase I: Integrated security Firewalls, intrusion prevention, and secure connectivity

© 2006 Cisco Systems, Inc. All rights reserved. SND v ATD Products, Services, and Architecture Example Application Inspection, Use Enforcement, Web Control Application Security Access Control, Packet Inspection Firewall Services CSA NAC Quarantine VLAN Cisco Router Firewall CSA VPN Access VPN Cisco DDoS CSA Cisco Router Cisco Catalyst Switch Catalyst Switch Identity-Based Networking Cisco IPS Application Intelligence, Content Inspection, Virus Mitigation IPS and Antivirus Services Malware and Content Defense, Anomaly Detection Anti-X Defenses Identity, Virtualization, QoS Segmentation, Traffic Visibility Network Intelligence Traffic and Admission Control, Proactive Response Containment and Control Cisco PIX

© 2006 Cisco Systems, Inc. All rights reserved. SND v Cisco Integrated Security Portfolio Site-to-Site VPN Firewall Routers Cisco Security Appliances Remote Access VPN and VPN Clients Intrusion Detection and Prevention Systems Endpoint Protection Software Cisco Catalyst 6500 Series Service Modules Security Management Cisco 800 Series Routers Cisco 1700 Cisco 2600 Series Routers Cisco 3600 Series Routers Cisco 7xxx Cisco 3700 Series Routers Cisco SOHO 90 Cisco PIX 500 Series Security Appliances Cisco VPN 3000 Series Concentrators Network Sensor Firewall SensorRouter Sensors Cisco ASA 5500 Series Adaptive Security Appliances Identity Cisco Security Agent Network Admission Control Solutions Cisco Secure Access Control Server Firewall Module VPN Module IDS Module SSL Module Cisco IP Solution Center Security Management Cisco Threat Response Technology

© 2006 Cisco Systems, Inc. All rights reserved. SND v Cisco Self-Defending Network INTEGRATED SECURITY ADAPTIVE THREAT DEFENSE COLLABORATIVE SECURITY (NAC) Encrypted LAN-WAN Communications SSL VPN Firewalls and Intrusion Detection Cisco Security Agent Network Admission Control Quarantine VLAN (Remediation) Network Infection Containment IPsec VPN Antivirus Agent Cisco Trust Agent

© 2006 Cisco Systems, Inc. All rights reserved. SND v Summary Changing threats and challenges demand a new approach to network security. Cisco Self-Defending Networks can be built on existing infrastructure over three evolving phases. ATD dynamically addresses threats at multiple layers and enables tighter control of traffic, endpoints, users, and applications. ATD simplifies architectural designs and lowers operational costs. The Cisco integrated security portfolio provides solutions to all security needs.

© 2006 Cisco Systems, Inc. All rights reserved. SND v