1 Bezpieczeństwo styku sieci korporacyjnejKontrola dostępu do zasobów - Network Admission Control Agenda Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology. Wojciech Muras Cisco Business Partner
2 Agenda Agenda ASPEKTY BIZNESOWE DLA NAC PORFOLIO PRODUKTOWENAC W AKCJI PRZYKŁADY WDROŻEŃ Agenda Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.
3 Network Admission ControlAspekty biznesowe NAC Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.
4 Dlaczego potrzebujemy NAC?Weryfikujemy ruch tylko na styku z siecią Internet Rezultat? 1. Znamy status partnera na styku z siecią Internet 2. Nie znamy statusu stacji końcowych w sieci LAN – brak mechanizmów weryfikacji
5 Dlaczego potrzebujemy NAC?Weryfikujemy status urządzeń w dostępie do sieci LAN Rezultat? Znamy podatność stacji końcowych na zagrożenia anty-X Wprowadzamy reguły ruchu wzg statusu stacji
6 Jak działa NAC? Zadanie NAC: Sprawdź status stacji i przydziel politykę na podstawie przeprowadzonej weryfikacji!!! ROZPOZNAJE Rozpoznaje: Użytkowników, urządzenia, role (gość, pracownik, partner, etc.) Sprawdza: Podatność urządzeń na ataki Wymusza: Wprowadzenie reguł ruchu WYMUSZA SPRAWDZA Rezultat: Tylko stacje spełniające politykę dopuszczamy do zasobów
7 Co sprawdza NAC? Zintegrowane rozwiązanie sprawdzające zgodność z polityką oraz zapewniające usługę remediation Skanowanie pod kątem bezpieczeństwa Podatność systemu operacyjnego: wersji hotfixów, wersje, servicepack - Obecność systemu antywisowego : wykrycia infekcji wirusów I robaków - Audyt sieciowy urządzeń w celu sprawdzenia portów usług i podatności na atak HIPS (CSA) Ochrona stacji przed zagrożeniami Anty-X Kwarantanna sieciowa Izolacja urządzeń nizgodnych z policy od reszty sieci Identyfikacja urządzeń przekierowanych do kwarantanny na podstawie adresów MAC i IP Naprawa i Update Narzędzia sieciowe pozwalające na doprowadzenie hosta do stanu zgodności (zmniejszenie podatności na ataki i zagrożenia)
8 Network Admission ControlPortfolio produktowe Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.
9 NAC – dwie ścieżki produktoweNAC Framework: Integracja systemowa i aplikacyjna wielu urządzeń sieciowych Cisco Clean Access: Dedykowane urządzenia (NAC Appliance) dla realizacji zadań NAC Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology. Host Kontrola Decyzja
10 NAC Framework – możliwe scenariuszeHost Kontrola Decyzja i zapobieganie Serwer katalogowy LAN ACS v4.0 Serwer anty wirusowy WAN Inne serwery Subject vs Enforcement vs. Decision LAN vs WAN vs Remote Serwer ratunkowy Użytkownik mobilny
11 NAC – dwie ścieżki produktoweNAC Framework: Integracja systemowa i aplikacyjna wielu urządzeń sieciowych Cisco Clean Access: Dedykowane urządzenia (NAC Appliance) dla realizacji zadań NAC Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology. Host Kontrola Decyzja
12 Cisco Clean Access – możliwe scenariuszeIn-band out-of-band VPN Subject vs Enforcement vs. Decision LAN vs WAN vs Remote
13 Aktualni Partnerzy Programu http://www. cisco
14 Network Admission ControlNAC w akcji Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.
15 Dotychczasowe mechanizmy kontroliHarnaś: “Zainstalowałem niezałatane Windows XP. Mam gigabitowy interfejs sieciowy, mocny procesor i wiele wirusów. W szczycie wygeneruje ruch dochodzący do Mbit/s, z czego większość będzie próbą zarażenia jak największej liczby innych hostów. Miłego dnia.” Tomek“Witam!” Harnaś: “Witojcie, To sem ja - handlowiec.” Dostęp zezwolony unrestricted access identity vs posture Marek: “Cześć, jestem administratorem” Anna: “Witam!”
16 Właściwe rozwiązanie: Cisco NACPolityka: uwierzytelnienie Windows XP Service Pack 2 CTA 2.0 antywirus łatki Harnaś: handlowiec Windows 2000 brak Service Packa brak Antywirusa brak łatek Kwarantanna Serwer katalogowy network services with defined policy Serwer ratunkowy Serwer weryfikujący
17 NAC - perspektywa użytkownikaCTA Popup Wystarczy 1 ping/DHCP/ARP do uwierzytelnienia hosta.
18 Network Admission ControlPrzykłady wdrożeń Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.
19 NAC – wdrożenie w sektorze przemysłowymCel projektu: - znajomość statusu stacji roboczych pod wzg. posiadanych aktualizacji OS oraz systemu antywirusowego, - wprowadzenie reguł dostępowych do zasobów na podstawie przeprowadzonej weryfikacji stacji roboczej, wykorzystanie istniejącej infrastruktury sieciowej Cisco Systems integracja z istniejącym systemem antywirusowym F-secure Sposób realizacji Korzyści -centralna informacja o statusie urządzeń mechanizm autentykacji i autoryzacji urządzeń rozszerzenie realizacji stategii bezpieczeństwa o weryfikację stacji A Firmowe centrum danych Oddziały WAN FR ACS 4.0 AV Server Portal WWW Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.
20 NAC – wdrożenie w sektorze telekomunikacyjnymCel projektu: - znajomość statusu stacji roboczych pod wzg. posiadanych aktualizacji OS oraz systemu antywirusowego, - wprowadzenie reguł dostępowych do zasobów na podstawie przeprowadzonej weryfikacji stacji roboczej, wykorzystanie istniejącej infrastruktury sieciowej Cisco Systems Implementacja reguł na styku z siecią komputerową – port Ethernet Sposób realizacji Korzyści - centralna informacja o statusie urządzeń - mechanizm autentykacji i autoryzacji urządzeń - rozszerzenie realizacji stategii bezpieczeństwa o weryfikację stacji ACS A AV PORTAL Mission critical apps resided on mainframes Today , all biz processes/apps are interconnected. Where’s the boundary? So risks associated w/ having operational threats to Your business much higher because of this business connectivity. So more AT RISK. So let me tell you about how those risks HAVE increased. Business resilience will be our primary enterprise message going forward. The goal: redefine the playing field on availability and ultimately increase Cisco market share/revenue by showing customers the inherent resilience of the IP network. We want to move the conversation to IP and Cisco, showing the value in a network-enabled business and how that can help them increase profitability, productivity and speed operations. The key message is that business resilience is more than availability and reliability. It is the ability to recover from or adjust easily to disaster, change in the economy, business fluctuations, etc. Business resilience builds on application, communication and network resilience. We want to communicate the obvious benefits of the IP network in the wake of 9-11 in terms of ability to deal with physical and other crises, and discount the 5 9's FUD that the old world vendors have been hitting us with in the telephony space. Customers should walk away with the understanding of how an IP network is inherently more resilient. Business resilience is achieved through a distributed architecture, highly available platforms, security, intelligent services and performance, converged IP communications devices and applications--anytime, anywhere. Business process and integration, plus technology.
21 Podsumowanie Przeniesienie brzegu sieci do stacji końcowychSpójna polityka dla styku z siecią Internet, WLAN, WAN oraz dostępu z sieci LAN Niezależność od architektury sieciowej Subject vs Enforcement vs. Decision LAN vs WAN vs Remote
22 Network Admission ControlPytania… Pytania… Pytania… Pytania… Pytania… Pytania… Subject vs Enforcement vs. Decision LAN vs WAN vs Remote CISCO Business Partner