Bezpieczeństwo styku sieci korporacyjnej Kontrola dostępu do zasobów - Network Admission Control Agenda Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology. Wojciech Muras Cisco Business Partner

Agenda Agenda ASPEKTY BIZNESOWE DLA NAC PORFOLIO PRODUKTOWE NAC W AKCJI PRZYKŁADY WDROŻEŃ Agenda Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

Network Admission Control Aspekty biznesowe NAC Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

Dlaczego potrzebujemy NAC? Weryfikujemy ruch tylko na styku z siecią Internet Rezultat? 1. Znamy status partnera na styku z siecią Internet 2. Nie znamy statusu stacji końcowych w sieci LAN – brak mechanizmów weryfikacji

Dlaczego potrzebujemy NAC? Weryfikujemy status urządzeń w dostępie do sieci LAN Rezultat? Znamy podatność stacji końcowych na zagrożenia anty-X Wprowadzamy reguły ruchu wzg statusu stacji

Jak działa NAC? Zadanie NAC: Sprawdź status stacji i przydziel politykę na podstawie przeprowadzonej weryfikacji!!! ROZPOZNAJE Rozpoznaje: Użytkowników, urządzenia, role (gość, pracownik, partner, etc.) Sprawdza: Podatność urządzeń na ataki Wymusza: Wprowadzenie reguł ruchu WYMUSZA SPRAWDZA Rezultat: Tylko stacje spełniające politykę dopuszczamy do zasobów

Co sprawdza NAC? Zintegrowane rozwiązanie sprawdzające zgodność z polityką oraz zapewniające usługę remediation Skanowanie pod kątem bezpieczeństwa Podatność systemu operacyjnego: wersji hotfixów, wersje, servicepack - Obecność systemu antywisowego : wykrycia infekcji wirusów I robaków - Audyt sieciowy urządzeń w celu sprawdzenia portów usług i podatności na atak HIPS (CSA) Ochrona stacji przed zagrożeniami Anty-X Kwarantanna sieciowa  Izolacja urządzeń nizgodnych z policy od reszty sieci Identyfikacja urządzeń przekierowanych do kwarantanny na podstawie adresów MAC i IP Naprawa i Update Narzędzia sieciowe pozwalające na doprowadzenie hosta do stanu zgodności (zmniejszenie podatności na ataki i zagrożenia)

Network Admission Control Portfolio produktowe Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

NAC – dwie ścieżki produktowe NAC Framework: Integracja systemowa i aplikacyjna wielu urządzeń sieciowych Cisco Clean Access: Dedykowane urządzenia (NAC Appliance) dla realizacji zadań NAC Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology. Host Kontrola Decyzja

NAC Framework – możliwe scenariusze Host Kontrola Decyzja i zapobieganie Serwer katalogowy LAN ACS v4.0 Serwer anty wirusowy WAN Inne serwery Subject vs Enforcement vs. Decision LAN vs WAN vs Remote Serwer ratunkowy Użytkownik mobilny

NAC – dwie ścieżki produktowe NAC Framework: Integracja systemowa i aplikacyjna wielu urządzeń sieciowych Cisco Clean Access: Dedykowane urządzenia (NAC Appliance) dla realizacji zadań NAC Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology. Host Kontrola Decyzja

Cisco Clean Access – możliwe scenariusze In-band out-of-band VPN Subject vs Enforcement vs. Decision LAN vs WAN vs Remote

Aktualni Partnerzy Programu http://www. cisco

Network Admission Control NAC w akcji Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

Dotychczasowe mechanizmy kontroli Harnaś: “Zainstalowałem niezałatane Windows XP. Mam gigabitowy interfejs sieciowy, mocny procesor i wiele wirusów. W szczycie wygeneruje ruch dochodzący do 600-700Mbit/s, z czego większość będzie próbą zarażenia jak największej liczby innych hostów. Miłego dnia.” Tomek“Witam!” Harnaś: “Witojcie, To sem ja - handlowiec.” Dostęp zezwolony unrestricted access identity vs posture Marek: “Cześć, jestem administratorem” Anna: “Witam!”

Właściwe rozwiązanie: Cisco NAC Polityka: uwierzytelnienie Windows XP Service Pack 2 CTA 2.0 antywirus łatki Harnaś: handlowiec Windows 2000 brak Service Packa brak Antywirusa brak łatek Kwarantanna Serwer katalogowy network services with defined policy Serwer ratunkowy Serwer weryfikujący

NAC - perspektywa użytkownika CTA Popup Wystarczy 1 ping/DHCP/ARP do uwierzytelnienia hosta.

Network Admission Control Przykłady wdrożeń Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

NAC – wdrożenie w sektorze przemysłowym Cel projektu: - znajomość statusu stacji roboczych pod wzg. posiadanych aktualizacji OS oraz systemu antywirusowego, - wprowadzenie reguł dostępowych do zasobów na podstawie przeprowadzonej weryfikacji stacji roboczej, wykorzystanie istniejącej infrastruktury sieciowej Cisco Systems integracja z istniejącym systemem antywirusowym F-secure Sposób realizacji Korzyści -centralna informacja o statusie urządzeń mechanizm autentykacji i autoryzacji urządzeń rozszerzenie realizacji stategii bezpieczeństwa o weryfikację stacji A Firmowe centrum danych Oddziały WAN FR ACS 4.0 AV Server Portal WWW Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

NAC – wdrożenie w sektorze telekomunikacyjnym Cel projektu: - znajomość statusu stacji roboczych pod wzg. posiadanych aktualizacji OS oraz systemu antywirusowego, - wprowadzenie reguł dostępowych do zasobów na podstawie przeprowadzonej weryfikacji stacji roboczej, wykorzystanie istniejącej infrastruktury sieciowej Cisco Systems Implementacja reguł na styku z siecią komputerową – port Ethernet Sposób realizacji Korzyści - centralna informacja o statusie urządzeń - mechanizm autentykacji i autoryzacji urządzeń - rozszerzenie realizacji stategii bezpieczeństwa o weryfikację stacji ACS A AV PORTAL Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.

Podsumowanie Przeniesienie brzegu sieci do stacji końcowych Spójna polityka dla styku z siecią Internet, WLAN, WAN oraz dostępu z sieci LAN Niezależność od architektury sieciowej Subject vs Enforcement vs. Decision LAN vs WAN vs Remote

Network Admission Control Pytania… Pytania… Pytania… Pytania… Pytania… Pytania… Subject vs Enforcement vs. Decision LAN vs WAN vs Remote CISCO Business Partner wojciech.muras@netology.com.pl