Pobieranie prezentacji. Proszę czekać

Pobieranie prezentacji. Proszę czekać

Bezpieczeństwo styku sieci korporacyjnej

OpublikowałKazia Popiołek Został zmieniony 10 lat temu

Podobne prezentacje

Prezentacja na temat: "Bezpieczeństwo styku sieci korporacyjnej"— Zapis prezentacji:

1 Bezpieczeństwo styku sieci korporacyjnej
Kontrola dostępu do zasobów - Network Admission Control Agenda Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology. Wojciech Muras Cisco Business Partner

2 Agenda Agenda ASPEKTY BIZNESOWE DLA NAC PORFOLIO PRODUKTOWE
NAC W AKCJI PRZYKŁADY WDROŻEŃ Agenda Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

3 Network Admission Control
Aspekty biznesowe NAC Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

4 Dlaczego potrzebujemy NAC?
Weryfikujemy ruch tylko na styku z siecią Internet Rezultat? 1. Znamy status partnera na styku z siecią Internet 2. Nie znamy statusu stacji końcowych w sieci LAN – brak mechanizmów weryfikacji

5 Dlaczego potrzebujemy NAC?
Weryfikujemy status urządzeń w dostępie do sieci LAN Rezultat? Znamy podatność stacji końcowych na zagrożenia anty-X Wprowadzamy reguły ruchu wzg statusu stacji

6 Jak działa NAC? Zadanie NAC: Sprawdź status stacji i przydziel politykę na podstawie przeprowadzonej weryfikacji!!! ROZPOZNAJE Rozpoznaje: Użytkowników, urządzenia, role (gość, pracownik, partner, etc.) Sprawdza: Podatność urządzeń na ataki Wymusza: Wprowadzenie reguł ruchu WYMUSZA SPRAWDZA Rezultat: Tylko stacje spełniające politykę dopuszczamy do zasobów

7 Co sprawdza NAC? Zintegrowane rozwiązanie sprawdzające zgodność z polityką oraz zapewniające usługę remediation Skanowanie pod kątem bezpieczeństwa Podatność systemu operacyjnego: wersji hotfixów, wersje, servicepack - Obecność systemu antywisowego : wykrycia infekcji wirusów I robaków - Audyt sieciowy urządzeń w celu sprawdzenia portów usług i podatności na atak HIPS (CSA) Ochrona stacji przed zagrożeniami Anty-X Kwarantanna sieciowa  Izolacja urządzeń nizgodnych z policy od reszty sieci Identyfikacja urządzeń przekierowanych do kwarantanny na podstawie adresów MAC i IP Naprawa i Update Narzędzia sieciowe pozwalające na doprowadzenie hosta do stanu zgodności (zmniejszenie podatności na ataki i zagrożenia)

8 Network Admission Control
Portfolio produktowe Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

9 NAC – dwie ścieżki produktowe
NAC Framework: Integracja systemowa i aplikacyjna wielu urządzeń sieciowych Cisco Clean Access: Dedykowane urządzenia (NAC Appliance) dla realizacji zadań NAC Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology. Host Kontrola Decyzja

10 NAC Framework – możliwe scenariusze
Host Kontrola Decyzja i zapobieganie Serwer katalogowy LAN ACS v4.0 Serwer anty wirusowy WAN Inne serwery Subject vs Enforcement vs. Decision LAN vs WAN vs Remote Serwer ratunkowy Użytkownik mobilny

11 NAC – dwie ścieżki produktowe
NAC Framework: Integracja systemowa i aplikacyjna wielu urządzeń sieciowych Cisco Clean Access: Dedykowane urządzenia (NAC Appliance) dla realizacji zadań NAC Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology. Host Kontrola Decyzja

12 Cisco Clean Access – możliwe scenariusze
In-band out-of-band VPN Subject vs Enforcement vs. Decision LAN vs WAN vs Remote

13 Aktualni Partnerzy Programu http://www. cisco

14 Network Admission Control
NAC w akcji Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

15 Dotychczasowe mechanizmy kontroli
Harnaś: “Zainstalowałem niezałatane Windows XP. Mam gigabitowy interfejs sieciowy, mocny procesor i wiele wirusów. W szczycie wygeneruje ruch dochodzący do Mbit/s, z czego większość będzie próbą zarażenia jak największej liczby innych hostów. Miłego dnia.” Tomek“Witam!” Harnaś: “Witojcie, To sem ja - handlowiec.” Dostęp zezwolony unrestricted access identity vs posture Marek: “Cześć, jestem administratorem” Anna: “Witam!”

16 Właściwe rozwiązanie: Cisco NAC
Polityka: uwierzytelnienie Windows XP Service Pack 2 CTA 2.0 antywirus łatki Harnaś: handlowiec Windows 2000 brak Service Packa brak Antywirusa brak łatek Kwarantanna Serwer katalogowy network services with defined policy Serwer ratunkowy Serwer weryfikujący

17 NAC - perspektywa użytkownika
CTA Popup Wystarczy 1 ping/DHCP/ARP do uwierzytelnienia hosta.

18 Network Admission Control
Przykłady wdrożeń Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

19 NAC – wdrożenie w sektorze przemysłowym
Cel projektu: - znajomość statusu stacji roboczych pod wzg. posiadanych aktualizacji OS oraz systemu antywirusowego, - wprowadzenie reguł dostępowych do zasobów na podstawie przeprowadzonej weryfikacji stacji roboczej, wykorzystanie istniejącej infrastruktury sieciowej Cisco Systems integracja z istniejącym systemem antywirusowym F-secure Sposób realizacji Korzyści -centralna informacja o statusie urządzeń mechanizm autentykacji i autoryzacji urządzeń rozszerzenie realizacji stategii bezpieczeństwa o weryfikację stacji A Firmowe centrum danych Oddziały WAN FR ACS 4.0 AV Server Portal WWW Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

20 NAC – wdrożenie w sektorze telekomunikacyjnym
Cel projektu: - znajomość statusu stacji roboczych pod wzg. posiadanych aktualizacji OS oraz systemu antywirusowego, - wprowadzenie reguł dostępowych do zasobów na podstawie przeprowadzonej weryfikacji stacji roboczej, wykorzystanie istniejącej infrastruktury sieciowej Cisco Systems Implementacja reguł na styku z siecią komputerową – port Ethernet Sposób realizacji Korzyści - centralna informacja o statusie urządzeń - mechanizm autentykacji i autoryzacji urządzeń - rozszerzenie realizacji stategii bezpieczeństwa o weryfikację stacji ACS A AV PORTAL Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

21 Podsumowanie Przeniesienie brzegu sieci do stacji końcowych
Spójna polityka dla styku z siecią Internet, WLAN, WAN oraz dostępu z sieci LAN Niezależność od architektury sieciowej Subject vs Enforcement vs. Decision LAN vs WAN vs Remote

22 Network Admission Control
Pytania… Pytania… Pytania… Pytania… Pytania… Pytania… Subject vs Enforcement vs. Decision LAN vs WAN vs Remote CISCO Business Partner

Pobierz ppt "Bezpieczeństwo styku sieci korporacyjnej"

Podobne prezentacje

ZAPORY SIECIOWE Firewall – ściana fizycznie oddzielająca silnik od pasażerów w samochodzie Sposób zabezpieczenia komputera/sieci przed osobami niepowołanymi.

ZAPORY SIECIOWE Firewall – ściana fizycznie oddzielająca silnik od pasażerów w samochodzie Sposób zabezpieczenia komputera/sieci przed osobami niepowołanymi.
Narzędzia do zarządzania i monitorowania sieci

Narzędzia do zarządzania i monitorowania sieci
WYBRANE ASPEKTY BEZPIECZEŃSTWA DANYCH BANKOWYCH

WYBRANE ASPEKTY BEZPIECZEŃSTWA DANYCH BANKOWYCH
Microsoft Windows 2000 dla Administratora. Podstawowe możliwości Wielojęzyczność Wielojęzyczność Usprawnienia interfejsu użytkownika Usprawnienia interfejsu.

Microsoft Windows 2000 dla Administratora. Podstawowe możliwości Wielojęzyczność Wielojęzyczność Usprawnienia interfejsu użytkownika Usprawnienia interfejsu.
Środowisko Windows 2000.

Środowisko Windows 2000.
16-11-2004 1 SIECI KOMPUTEROWE (SieKom) PIOTR MAJCHER WYŻSZA SZKOŁA ZARZĄDZANIA I MARKETINGU W SOCHACZEWIE PODSTAWOWE.

SIECI KOMPUTEROWE (SieKom) PIOTR MAJCHER WYŻSZA SZKOŁA ZARZĄDZANIA I MARKETINGU W SOCHACZEWIE PODSTAWOWE.
Budowanie polityk bezpieczeństwa w urządzeniach typu firewall

Budowanie polityk bezpieczeństwa w urządzeniach typu firewall
Tematyka prac magisterskich w Zakładzie Informatyki Stosowanej

Tematyka prac magisterskich w Zakładzie Informatyki Stosowanej
Sieci (1) Topologia sieci.

Sieci (1) Topologia sieci.
Temat: Doświadczenie z wdrożenia usług elektronicznych w województwie podlaskim w latach 2004-2006 na przykładzie Wojewódzkiego Centrum Zarządzania Siecią

Temat: Doświadczenie z wdrożenia usług elektronicznych w województwie podlaskim w latach na przykładzie Wojewódzkiego Centrum Zarządzania Siecią
Honorata Prokop, Izabela Ubowska

Honorata Prokop, Izabela Ubowska
PLANET ADW-4302 v2 Modem ADSL 2/2+, Router, Firewall, bezprzewodowy 802.11g.

PLANET ADW-4302 v2 Modem ADSL 2/2+, Router, Firewall, bezprzewodowy g.
PLANET ADE-3410, ADE-3400v2, ADE-4400v2 Modem Router A DSL 2/2+

PLANET ADE-3410, ADE-3400v2, ADE-4400v2 Modem Router A DSL 2/2+
Www.planet.pl SG-500 Bramka zabezpieczająca VPN Copyright © PLANET Technology Corporation. All rights reserved.

SG-500 Bramka zabezpieczająca VPN Copyright © PLANET Technology Corporation. All rights reserved.
PLANET WLS-1280 Bezprzewodowy przełącznik sieci LAN

PLANET WLS-1280 Bezprzewodowy przełącznik sieci LAN
„Migracja środowisk Novell NDS/eDirectory oraz Novell Groupwise do środowiska Microsoft Active Directory oraz Microsoft Exchange przy użyciu narzędzi Quest.

„Migracja środowisk Novell NDS/eDirectory oraz Novell Groupwise do środowiska Microsoft Active Directory oraz Microsoft Exchange przy użyciu narzędzi Quest.
Czym jest ISA 2004 Microsoft Internet Security and Acceleration Server 2004 jest zaawansowaną zapora filtrującą ruch w warstwie aplikacji. Razem z zaporą.

Czym jest ISA 2004 Microsoft Internet Security and Acceleration Server 2004 jest zaawansowaną zapora filtrującą ruch w warstwie aplikacji. Razem z zaporą.
Artur Szmigiel Paweł Zarębski Kl. III i

Artur Szmigiel Paweł Zarębski Kl. III i
Seminarium eduroam – UMK, 16-17.03.2006 Tomasz Wolniewicz UCI UMK Formalne aspekty eduroam Tomasz Wolniewicz UCI UMK.

Seminarium eduroam – UMK, Tomasz Wolniewicz UCI UMK Formalne aspekty eduroam Tomasz Wolniewicz UCI UMK.
Zarządzanie zmianami w systemie bezpieczeństwa - rozwiązania Check Point i partnerów OPSEC dr inż. Mariusz Stawowski mariusz.stawowski@clico.pl.

Zarządzanie zmianami w systemie bezpieczeństwa - rozwiązania Check Point i partnerów OPSEC dr inż. Mariusz Stawowski

Podobne prezentacje

Reklamy Google