Upload
dyndns
View
11
Download
1
Embed Size (px)
Citation preview
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Cisco
, Channel [email protected]
2 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
?
? Cisco Security Manager Cisco CS-MARS CS-M CS-MARS ?
3 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
?
4 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
?
5 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Patch-, ,
Datacenter
6 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Cisco Security Monitoring, Analysis and Response System (CS-MARS)
Cisco Security Management
a
Cisco Security Manager(CS-M)
o
Provisioning
A
Cisco Secure Access Control Server (RBAC)
7 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Cisco Security Manager
8 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Cisco Security Manager
, VPNs IPSs
ASA, Cisco PIX Firewall, FWSM, Cisco IOSSoftware
VPN-
VPN wizard site-to-site, hub-and-spoke, full-mesh VPNs
VPN, DMVPN, Easy VPN Devices
Jumpstart : a
:
IPS-
IPS
9 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
,
?
Site-to-site VPN
SSH SSL
Policy
Policy
Policy
10 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Corporate Policy
Data Center Policy
ApplicationServer Policy
inherit
inherit
Mandatory Rules:I-M1I-M2
Default Rules:I-D1I-D2
Mandatory Rules:II-M1II-M2
Default Rules:II-D1II-D2
Mandatory Rules:III-M1III-M2
Default Rules:III-D1III-D2
inherit Local Device Rules:L-1L-2
default
- - default
11
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
12
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
?
Policy DeploymentNetwork
OperationsPolicy Deployment
Undo
Security OperationsPolicy Definition Create/EditPolicy
Review/Submit
Approve/Commit
Generate/Submit Job
Rollback
_, VPN IPS
Approve Job Deploy
Workflow ?
13 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Cisco Secure Access Control System (ACS)
Cisco Security Manager
AAA
Home Office
Remote Access
Cisco IOSSoftware
Cisco PIXFirewall andCisco ASA
(RBAC) ?
CS-M Concepts
14
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Cisco CS-MARS
15
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Cisco Security MARS ,
, ,
Firewall Log IDS Event Server LogSwitch Log Firewall Cfg. AV AlertSwitch Cfg. NAT Cfg. App LogRouter Cfg. Netflow VA Scanner
16 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Dec 5, 2007 1:06:34 [10.1.2.2] %FWSM-6-302015: Built outbound UDP connection 219025352 for inside:10.10.21.108/4664 (10.61.1.1/25572) to outside:144.254.6.144/1029 (144.254.6.144/1029)
Dec 5, 2007 1:07:38 [10.1.2.2] %FWSM-6-302016: Teardown UDP connection 219025322 for inside:10.10.21.108/4660 to outside:144.254.6.144/1029 duration 0:02:03 bytes 64
Dec 5, 2007 1:08:34 [10.1.2.2] %FWSM-6-302015: Built outbound UDP connection 219025330 for inside:10.10.21.108/4673 (10.61.1.1/25597) to outside:144.254.6.144/1029 (144.254.6.144/1029)
17
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
CSAn-192.168.2.0/24
nsSxtn-10.4.2.0/24
?
HQ-NIDS-2
Cloud 40
HQ-FW-2
HQ-WEB-1
HQ-FW-1
CSAHQ-FW-3
Cloud 39
HQ-SW-3
HQ-WANEdge Router
HQ-SW-1
Cloud 4
Cloud 42
HQ-SW-4
HQ Hub RouterCloud 5 n-10.1.7.0/24
Cloud 2
BR2-IQ-Router
Cloud 16
Cisco IPSSensor
BR2-NIDS-10
Cloud 14
BR2 Host1
Mgmt
BR2-NIDS-3
BR2-NIDS-4
n-10.4.14.0/24
pix506
Cloud 27
CP Module n-10.4.13.0/24
n-10.4.15.0/24
BR2-NIDS-9
n-192.168.0/24
ns25
BR3-RW-1
BR2-NIDS-8
BR3Host1
BR2-WAN-Edge-Router
IPS2 HQ-SW-2
CS-MARSDemo3 HQ-NIDS1
BR2-NIDS-2
BR2-NIDS-1 BR2-NIDS-
CS-MARS
18 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
19 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
? CS-MARS
2,694,083
992,511
249
61
- - -
20 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
21
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
CS-MARS ?
?
22
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
CS-MARS
23 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
24
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
? ?
25
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
()
26 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Admin -> System Maintenance -> View the Audit Trail
?
27
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
?
28 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
? ()
29 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
M
A
R
S
50 500 1000 3000 EPS
Cisco Security MARS
M
A
R
S
10000
MARS 20R
MARS 20
MARS 50
5000
MARS 100E
MARS 100
MARS 110R
MARS 110
MARS 210
MARS 200
MARS GC2 & GC2R
MARS GC & GCm
7500 150004500EPS
!MARS 25R
MARS 25
MARS 55
150075050
!
1
!
30 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
CS-M CS-MARS
31 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Cisco Security Manager / MARS
security
32 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Cisco Security Manager / MARS
Cisco IPS
Cisco Security Manager MARS
Management
33 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPS
34 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
1
:
2 3
4
35 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
55
:
36 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
ASA: Real-Time Match Flow
37 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
ASA: Real-Time Match Rule
Hash code
Hash code
38 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
ASA:
Show Event Historical Matching this Rule
1
2
39 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPS - Real-Time
1
23
4
5
40 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPS - Real-Time ()
6
7
41
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPS ()
8
910
11
12
42
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPS ()
43 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPS
1
2
44
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPS ()
3
4
45
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
CS-M http://www.cisco.com/en/US/products/ps6498/index.html
CS-MARShttp://www.cisco.com/en/US/products/ps6241/index.html
CS-MARS http://ciscomars.blogspot.com/
CS-MARS Google http://groups.google.com/group/cs-mars-ug?hl=en-GB
46 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
CS CS-MARS , ...
47
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
48 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
49 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
50 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Cisco Networkers Barcelona26 29. 2009.
!
http://www.cisco.com/web/europe/cisco-networkers/2009/index.html
51
2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID