Tải bản đầy đủ

Lecture CCNA security partner - Chapter 7: Planning a Threat Control Strategy

Planning a Threat Control Strategy

© 2012 Cisco and/or its affiliates. All rights reserved.

1


Contents
In this chapter, we will
• Evaluate the current state of enterprise security in the presence of
evolving threats
• Describe design considerations for a threat protection strategy to
mitigate threats as part of a risk management strategy
• Describe how Cisco strategizes threat control and containment

© 2012 Cisco and/or its affiliates. All rights reserved.

2


Trends in Network Security Threats

Recent threat vectors include the following:

• Cognitive threats: social networks (likejacking)
• Smartphones, tablets, and consumer electronics exploits
• Widespread website compromises
• Disruption of critical infrastructure
• Virtualization exploits
• Memory scraping
• Hardware hacking

© 2012 Cisco and/or its affiliates. All rights reserved.

3


Trends in Network Security Threats
The following is a list of the specific trends that can be gathered from the
evolution of threats in information security:
•Insidious motivation, high impact
•Targeted, mutating, stealth threats
•Threats consistently focusing on the application layer
•Social engineering front and center
•Threats exploiting the borderless network

© 2012 Cisco and/or its affiliates. All rights reserved.

4


Threat Mitigation and Containment: Design
Fundamentals
The result of the recent trends in information security threats is the need
for an updated, carefully planned threat control and mitigation strategy,
and a revision of old design paradigms.

• Policies and process definition
• Mitigation technologies
• End-user awareness

© 2012 Cisco and/or its affiliates. All rights reserved.



5


Threat Control Design Guidelines
These new paradigms result in specific design guidelines for the threat
control and containment architecture:
• Stick to the basics
• Risk management
• Distributed security intelligence
• Security intelligence analysis
• Application layer visibility
• Incident response

© 2012 Cisco and/or its affiliates. All rights reserved.

6


Application Layer Visibility

© 2012 Cisco and/or its affiliates. All rights reserved.

7


Distributed Security Intelligence

Distributed Security Intelligence Using Telemetry

© 2012 Cisco and/or its affiliates. All rights reserved.

8


Security Intelligence Analysis

Security Information and Event Management (SIEM)

© 2012 Cisco and/or its affiliates. All rights reserved.

9


Cisco Threat Control and Containment
Categories

© 2012 Cisco and/or its affiliates. All rights reserved.

10


Integrated Approach to Threat Control
• Application Awareness
• Any alphanumeric character
• Modular Policy Framework (MPF)
• Network Based Application Recognition (NBAR)
• Flexible Packet Matching (FPM)
• Application-Specific Gateways
• Security Management

© 2012 Cisco and/or its affiliates. All rights reserved.

11


Cisco Security Intelligence Operations
Site

Cisco IronPort SenderBase Web Page
© 2012 Cisco and/or its affiliates. All rights reserved.

12


Cisco Threat Control and Containment Solutions
Fundamentals
Cisco Security Appliances
• Cisco ASA
• Hardware modules : Cisco catalyst 6500 ASA services module and

Cisco catalyst 6500 Firewall Services Module (FWSM)
• Cisco IOS Firewall
• Cisco Virtual Security Gateway (VSG)
The different firewalls listed above implement various access control
mechanisms for the new landscape of information security threats that are
described in this module:

• Zone-based firewall
• ACLs
• FPM
• AIC
• MPF
© 2012 Cisco and/or its affiliates. All rights reserved.

13


Cisco IPSs
• Cisco IPS 4200 Series Sensors
• Hardware Module : integrate into ASA, Catalyst 6500 and ISR
• Cisco IOS IPS

These IPSs implement various intrusion management solutions for the
new landscape of information security threats that are described in an
upcoming chapter:
• Rich set of detection mechanisms
• Signatures
• Anomaly detection
• Normalization
• Correlation

• Automatic signature updates
• Multiple deployment modes
© 2012 Cisco and/or its affiliates. All rights reserved.

• Inline

14


Threat Control Scenario for a Small
Business

© 2012 Cisco and/or its affiliates. All rights reserved.

15


Summary
The following are the main points conveyed in this chapter:

• Threat control and containment should distribute security intelligence,
improve incident analysis and correlation, and respond automatically.
• Cisco threat control and containment solutions provide multiple
deployment options: appliance, hardware module, software based, and
virtualized.
• Cisco threat control and containment is a solution for small, medium, and
large businesses.

© 2012 Cisco and/or its affiliates. All rights reserved.

16


Ref
• For additional information, refer to these Cisco.com resources:
• “Cisco Security Intelligence Operations,” http://

tools.cisco.com/security/center/home.x
• “Cisco 5500 Series Adaptive Security Appliances,” http://

www.cisco.com/en/US/products/ps6120/index.html

© 2012 Cisco and/or its affiliates. All rights reserved.

17


© 2012 Cisco and/or its affiliates. All rights reserved.

18



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay

×