51
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco сигурносна решења за надгледање мрежа пословних корисника Татјана Бошковић, Channel SE [email protected]

Cisco sigurnosna resenja za nadgledanje mreza poslovnih korisnika.pdf

  • Upload
    dyndns

  • View
    12

  • Download
    1

Embed Size (px)

Citation preview

  • 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

    Cisco

    , Channel [email protected]

  • 2 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ?

    ? Cisco Security Manager Cisco CS-MARS CS-M CS-MARS ?

  • 3 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ?

  • 4 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ?

  • 5 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Patch-, ,

    Datacenter

  • 6 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Cisco Security Monitoring, Analysis and Response System (CS-MARS)

    Cisco Security Management

    a

    Cisco Security Manager(CS-M)

    o

    Provisioning

    A

    Cisco Secure Access Control Server (RBAC)

  • 7 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Cisco Security Manager

  • 8 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Cisco Security Manager

    , VPNs IPSs

    ASA, Cisco PIX Firewall, FWSM, Cisco IOSSoftware

    VPN-

    VPN wizard site-to-site, hub-and-spoke, full-mesh VPNs

    VPN, DMVPN, Easy VPN Devices

    Jumpstart : a

    :

    IPS-

    IPS

  • 9 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ,

    ?

    Site-to-site VPN

    SSH SSL

    Policy

    Policy

    Policy

  • 10 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Corporate Policy

    Data Center Policy

    ApplicationServer Policy

    inherit

    inherit

    Mandatory Rules:I-M1I-M2

    Default Rules:I-D1I-D2

    Mandatory Rules:II-M1II-M2

    Default Rules:II-D1II-D2

    Mandatory Rules:III-M1III-M2

    Default Rules:III-D1III-D2

    inherit Local Device Rules:L-1L-2

    default

    - - default

  • 11

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

  • 12

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ?

    Policy DeploymentNetwork

    OperationsPolicy Deployment

    Undo

    Security OperationsPolicy Definition Create/EditPolicy

    Review/Submit

    Approve/Commit

    Generate/Submit Job

    Rollback

    _, VPN IPS

    Approve Job Deploy

    Workflow ?

  • 13 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Cisco Secure Access Control System (ACS)

    Cisco Security Manager

    AAA

    Home Office

    Remote Access

    Cisco IOSSoftware

    Cisco PIXFirewall andCisco ASA

    (RBAC) ?

    CS-M Concepts

  • 14

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Cisco CS-MARS

  • 15

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Cisco Security MARS ,

    , ,

    Firewall Log IDS Event Server LogSwitch Log Firewall Cfg. AV AlertSwitch Cfg. NAT Cfg. App LogRouter Cfg. Netflow VA Scanner

  • 16 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Dec 5, 2007 1:06:34 [10.1.2.2] %FWSM-6-302015: Built outbound UDP connection 219025352 for inside:10.10.21.108/4664 (10.61.1.1/25572) to outside:144.254.6.144/1029 (144.254.6.144/1029)

    Dec 5, 2007 1:07:38 [10.1.2.2] %FWSM-6-302016: Teardown UDP connection 219025322 for inside:10.10.21.108/4660 to outside:144.254.6.144/1029 duration 0:02:03 bytes 64

    Dec 5, 2007 1:08:34 [10.1.2.2] %FWSM-6-302015: Built outbound UDP connection 219025330 for inside:10.10.21.108/4673 (10.61.1.1/25597) to outside:144.254.6.144/1029 (144.254.6.144/1029)

  • 17

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    CSAn-192.168.2.0/24

    nsSxtn-10.4.2.0/24

    ?

    HQ-NIDS-2

    Cloud 40

    HQ-FW-2

    HQ-WEB-1

    HQ-FW-1

    CSAHQ-FW-3

    Cloud 39

    HQ-SW-3

    HQ-WANEdge Router

    HQ-SW-1

    Cloud 4

    Cloud 42

    HQ-SW-4

    HQ Hub RouterCloud 5 n-10.1.7.0/24

    Cloud 2

    BR2-IQ-Router

    Cloud 16

    Cisco IPSSensor

    BR2-NIDS-10

    Cloud 14

    BR2 Host1

    Mgmt

    BR2-NIDS-3

    BR2-NIDS-4

    n-10.4.14.0/24

    pix506

    Cloud 27

    CP Module n-10.4.13.0/24

    n-10.4.15.0/24

    BR2-NIDS-9

    n-192.168.0/24

    ns25

    BR3-RW-1

    BR2-NIDS-8

    BR3Host1

    BR2-WAN-Edge-Router

    IPS2 HQ-SW-2

    CS-MARSDemo3 HQ-NIDS1

    BR2-NIDS-2

    BR2-NIDS-1 BR2-NIDS-

    CS-MARS

  • 18 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

  • 19 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ? CS-MARS

    2,694,083

    992,511

    249

    61

    - - -

  • 20 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

  • 21

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    CS-MARS ?

    ?

  • 22

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    CS-MARS

  • 23 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

  • 24

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ? ?

  • 25

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ()

  • 26 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Admin -> System Maintenance -> View the Audit Trail

    ?

  • 27

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ?

  • 28 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ? ()

  • 29 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    M

    A

    R

    S

    50 500 1000 3000 EPS

    Cisco Security MARS

    M

    A

    R

    S

    10000

    MARS 20R

    MARS 20

    MARS 50

    5000

    MARS 100E

    MARS 100

    MARS 110R

    MARS 110

    MARS 210

    MARS 200

    MARS GC2 & GC2R

    MARS GC & GCm

    7500 150004500EPS

    !MARS 25R

    MARS 25

    MARS 55

    150075050

    !

    1

    !

  • 30 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    CS-M CS-MARS

  • 31 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Cisco Security Manager / MARS

    security

  • 32 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Cisco Security Manager / MARS

    Cisco IPS

    Cisco Security Manager MARS

    Management

  • 33 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    IPS

  • 34 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    1

    :

    2 3

    4

  • 35 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    55

    :

  • 36 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ASA: Real-Time Match Flow

  • 37 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ASA: Real-Time Match Rule

    Hash code

    Hash code

  • 38 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    ASA:

    Show Event Historical Matching this Rule

    1

    2

  • 39 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    IPS - Real-Time

    1

    23

    4

    5

  • 40 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    IPS - Real-Time ()

    6

    7

  • 41

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    IPS ()

    8

    910

    11

    12

  • 42

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    IPS ()

  • 43 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    IPS

    1

    2

  • 44

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    IPS ()

    3

    4

  • 45

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    CS-M http://www.cisco.com/en/US/products/ps6498/index.html

    CS-MARShttp://www.cisco.com/en/US/products/ps6241/index.html

    CS-MARS http://ciscomars.blogspot.com/

    CS-MARS Google http://groups.google.com/group/cs-mars-ug?hl=en-GB

  • 46 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    CS CS-MARS , ...

  • 47

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

  • 48 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

  • 49 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

  • 50 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

    Cisco Networkers Barcelona26 29. 2009.

    !

    http://www.cisco.com/web/europe/cisco-networkers/2009/index.html

  • 51

    2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID