Self - Defending Network: Assignment
Self - Defending Network: Assignment
Self - Defending Network: Assignment
ASSIGNMENT
Monika Nanda
C010328
INTRODUCTION Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password. Network security starts with authenticating the user, commonly with a username and a password. Since this requires just one detail authenticating the user name i.e. the password, which is something the user 'knows' this is sometimes termed one-factor authentication. With two-factor authentication, something the user 'has' is also used (e.g. a security token or 'dongle', an ATM card, or a mobile phone); and with threefactor authentication, something the user 'is' is also used (e.g. a fingerprint or retinal scan). Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network and traffic for unexpected (i.e. suspicious) content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high-level analysis. Communication between two hosts using a network may be encrypted to maintain privacy.
Monika Nanda C010328
Honeypots, essentially decoy network-accessible resources, may be deployed in a network as surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate purposes. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis may be used to further tighten security of the actual network being protected by the honeypot. A new generation of interactive business communication and collaboration technologies provides tremendous productivity and flexibility gains for organizations of all kinds. But this unprecedented connectivity also unleashes new, complex security risks, including: Increased exposure to security threatsUbiquitous access to Web-enabled applications and services enables users to work from anywhere, anytimebut also places businesses at risk anywhere, anytime. An eroding network perimeterThe traditional network barriers that separated trusted from untrusted and inside from outside are now disappearing. As more applications become directly accessible to remote users and systems, the concept of the network perimeter becomes increasingly vague and more difficult to protect. Evolving threatsInformation attacks of the past were largely an issue of cybervandalism, with hackers primarily looking for fame. Todays attacks are a profitdriven business, often controlled by organized crime. The modern attacker uses a patient, stealth approach to eventually achieve a successful attack. In addition, modern attackers often avoid technology defenses, using spam, phishing attacks, and fraudulent Web links to target an organizations weakest link: human beings. As security risks have evolved, so have organizations approaches to them. Where information security was once a technology issue, today it is a business issue representing a more significant cost and operational challenge, but a fundamental business enabler as well. More and more organizations are implementing formal programs to reduce IT risk, especially security and compliance risks. As regulatory compliance becomes a core requirement for organizations in more industries, businesses must develop new capabilities for controlling the kinds of information traversing their network, how that information is used, and who can access it. Organizations not only face the challenge of becoming compliant, but of staying compliant as the network continuously evolves with business needs.
Monika Nanda
C010328
Organizations are wrestling with information security demands that span many overarching business challenges such as complying with regulatory requirements, preventing data loss, and blocking malware. The problem is that dealing with these types of challenges requires a true security solutionnot just security products. To prevent data loss alone, for example, businesses need a combination of strong perimeter defenses, malware defenses, identity services, endpoint security, policy enforcement mechanisms, and security monitoring tools, as well as a strong plan for making them all work in concert. No single security product can provide all of these capabilities. So, todays businesses need security solutions that combine multiple bestof-breed products and approaches into a single, autonomous defense system. They need a truly holistic security solutions approach to network defense.
In the past, many businesses thought they had to make a choice when it came to security: They could use best-of-breed products that were effective against specific types of emerging threats but did not fully integrate into a pervasive defense system. Or, they could take a systems approach that assimilated point products that were good enough into an intelligent system architecture. For modern businesses, however, neither option is enough. To meet todays security challenges, businesses need both best-of-breed product capabilities and the ability to plan, design, integrate, and operate those capabilities as an overarching, autonomous system. Only one security vendor can provide such a solution: Cisco. The Cisco Self-Defending Network combines best-of-breed point technologies to address emerging threats, a systems approach built on Ciscos industry-leading product portfolio to autonomously respond to pervasive threats, and Ciscos differentiating security services portfolio to help make the solutions approach a reality. This unique, comprehensive approach to information security is helping businesses around the globe reduce IT security and compliance risk, enforce business policies, and protect critical assets, while lowering administrative burden and reducing total cost of ownership. Cisco offers the broadest and deepest product and services portfolios in the industry, with channel partners that are empowered to design and implement solutions customized to the unique requirements of any business. Building on a history of security innovation, Cisco provides a powerful suite of best-of-breed security products,
Monika Nanda C010328
including market-leading firewall, virtual private networking (VPN), and intrusion prevention system (IPS) technologies. These products have earned the praise of industry analysts and achieved numerous awards, and are used by organizations around the world to address the most challenging business and security needs. Likewise, Cisco security services enable organizations to follow a lifecycle methodology to design, implement, operate, and optimize secure networks that are resilient and reliable, and align technology investment with business strategy.
content, and application security services, and provide businesses with unprecedented visibility and control. The comprehensive Cisco Self-Defending Network strategy not only provides organizations with the state-of-the-art product capabilities they need to defend against the most serious emerging threats, but also provides a system that can continually adapt to the changing security landscape and autonomously respond to pervasive threats. And, it provides a range of services to help plan, deploy, operate, and optimize the secure system. Over the life of the network, collaboration among best-of-breed Cisco security products continually improves to provide better protection and reduce the time and effort required to achieve security objectives. Ultimately, these capabilities allow businesses to protect critical assets, enforce business policies, and reduce security compliance and IT risk, with less administrative burden and a lower total cost of ownership.
1. A secure network perimeter 2. Wireless and mobility 3. E-commerce, extranets, and conducting Web-based business 4. Viruses, worms, and the rate of propagation 5. Regulatory compliance Ideally, security enhancements should have a minimal impact on existing routing and switching infrastructure, segmentation and access control techniques, and the related organizational structures that support these systems. Four elements support this:
Monika Nanda
C010328
Presence: The network relies on the availability of certain controls within discrete nodes on the network, which look at identity, access control, data inspection, and communication security, as well as newer application-aware capabilities that handle peer-to-peer content, Web services, voice services, and dynamic mobile content. Context: Instead of focusing only on permissions at the time a user enters a network, it's more effective to grant or revoke permissions based on behavior and associated context for the duration of the user's connection with the network. Linkages: Traditionally, networks have established linkages between devices through routing protocols. In order to deal with the latest forms of threats and misuse, these linkages should extend all the way to the source and the destination of network traffic. Trust: In the past, trust has been tied primarily to the identity of a device or user. Recent advances have shown that secure systems must be augmented to include understanding the state or posture and location of a device. A Better Sense of Defense Corporate networks, and the attacks used to exploit them, are now so complex that no single mechanism can be relied upon to keep them secure. Integrated, adaptive, and collaborative security solutions provide proactive defenses. The key abilities of these adaptive defenses, which are built into the concept of a self-defending network include the following benefits:
1. Remain active at all times 2. Perform unobtrusively 3. Minimize propagation of attacks 4. Quickly respond to as-yet unknown attacks These capabilities can reduce windows of vulnerability, minimize the impact of attacks, and improve overall infrastructure availability and reliability. They also help create autonomous systems that can quickly react to an outbreak with little to no human intervention. Such a self-defending system should include the following elements:
Monika Nanda
C010328
Endpoint Protection: By detecting and preventing viruses and worms from gaining a foothold at an entry point (or endpoint), you can prevent them from propagating across a network. Admission Control: Allows you to determine what level of network access to grant to an endpoint based on its security posture, which is based on the security state of the operating system and associated applications. It also works as an on-demand vulnerability assessment and patch management tool. Infection Containment: Extend the security checks performed at the time of admission for the duration of the network connection. Intelligent Correlation and Incident Response: Provide services such as realtime correlation of events, quick assessment of the security impact of an event, the ability to decide what action to take, and the ability to identify the closest control point to implement a response. Application Security: To address new classes of threats, security software should provide granular traffic inspection services to critical network security enforcement points, thereby containing malicious traffic before it can be propagated across the network.
allowing it to respond to both known and unknown day-zero threats. Technologies such as Cisco Guard Distributed Denial of Service (DDoS) Mitigation, Cisco Anomaly Guard, and Cisco NetFlow Event Management products provide sophisticated capabilities to detect and dynamically respond to abnormal events such as DDoS attacks. CollaborativeCiscos commitment to collaboration among diverse network components helps organizations implement more pervasive protection and simplify security management. For example, if Cisco Security Agent detects suspicious activity on a host PC, it can communicate with the Cisco Security Monitoring, Analysis, and Response System (MARS). Cisco Security MARS then collaborates with the Cisco network IPS solution to closely monitor traffic flows to and from that endpoint and cut off any potential attack. To enhance policy enforcement, Cisco Security Manager allows organizations to configure policies through a centralized interface and push changes out across the entire environment. Cisco Unified Communications and wireless technologies are designed to draw on multiple components of these solutions to enforce security. These capabilities provide unparalleled network and endpoint protection, but they also serve as a powerful foundation for fulfilling the vision of the SelfDefending Network. With integrated, adaptive, and collaborative network and endpoint technologies, Cisco can: Transparently embed security services into the network Empower security teams to manage network security more efficiently, with fewer touch points Scale performance and services to customer needs Align security technology controls with business risk Deliver pervasive identity services Provide robust endpoint posture and policy assessment capabilities Improve business policy enforcement and compliance Provide strong protection against data leakage and loss
Ciscos commitment to building integrated, adaptive, and collaborative systems for network security has proven invaluable to organizations around the globe. To date, Cisco has shipped more than 1.5 million security appliances, more than 3 million switches with integrated security, and more than 500,000 Cisco Integrated Services Router security bundles. Indeed, Ciscos powerful combination of best-of-breed product capabilities, broad services portfolio, and
Monika Nanda C010328
an integrated systems approach has made Cisco the worldwide market leader in network security.
outbreaks, and botnets More easily meet regulatory compliance requirements for secure voice and data communications Reduce the expense of securing small offices, branch offices, and telecommuter environments Enforce corporate Web and content usage policies more efficiently and effectively Eliminate the vast majority of spam before it reaches mail servers and impedes employee productivity and network bandwidth Cisco and IronPort have been early leaders in content security and have a rich history of innovation in this area. Cisco was the first network technology provider to support content security in the network switching and routing fabric, and IronPort was the first to integrate data loss prevention capabilities for data in motion. IronPort has also pioneered multiple innovations in e-mail encryption and Web and application security. Today, Cisco is the market leader in e-mail security, with Cisco/IronPort solutions providing visibility into 25 percent of global e-mail traffic. Protecting Business Applications and Data: Application Security As business use of XML applications, Web services, and service-oriented architectures continues to grow, organizations need new tools for securing these applicationsboth from malicious external threats and from mistakes or abuse by legitimate users. In fact, Cisco research indicates that while the number of newly discovered operating system vulnerabilities has declined over the past several years, the number of application vulnerabilities has increased by doubledigit percentages annually. The Cisco Self-Defending Network includes best-of-breed application security technologies to provide: Layer-7 application protection for vulnerabilities in office and Web applications, Web servers, and application servers Role-based authorization for accessing applications Identity services that extend from the network to applications XML traffic validation and inspection Enhanced deep-packet inspection to identify application protocols
Monika Nanda
C010328
At the core of Ciscos application security strategy is the Cisco ACE Web Application Firewall. The technology provides comprehensive HTML and XML Web application traffic inspection to prevent application hacking, secure both custom and packaged applications, and address the full range of Web application threats. These capabilities protect organizations from attacks such as identity theft, data theft, application disruption, and targeted attacks, while simplifying compliance with regulatory requirements such as Payment Card Industry (PCI) data security standards. Ultimately, they allow businesses to take full advantage of modern Web communication and collaboration applications while protecting critical assets and reducing compliance and IT risk. Improving System Management and Control: Identity, Policy, and Reputation Even the strongest network and endpoint security, application security, and content security technologies cannot, on their own, address the full range of security challenges that modern organizations face. To provide comprehensive malware protection, prevent data leakage, and help ensure regulatory compliance across the enterprise, businesses need an intelligent overarching system management and control framework. They need tools to monitor the behavior of users and devices across the environment, provide end-to-end identity services, and enforce corporate policies. The Cisco Self-Defending Network includes a comprehensive suite of operational control and monitoring services to provide total security system management. Cisco Security Manager, for example, provides best-of-breed policy management tools to centrally configure and enforce corporate policies across the enterprise. Cisco Security MARS provides sophisticated security monitoring and threat analysis to help organizations correlate security event information across even the largest, most complex environments, and dynamically identify and respond to threats. When combined in a Cisco Self-Defending Network, these technologies allow businesses to: Automate many security functions to optimize resources and dramatically reduce the administrative burden Align monitoring and policy services into a single, enterprisewide system Employ reputation-based and behavior-based information across multiple security services to more rapidly and effectively respond to threats Maintain a comprehensive view of the environment to simplify regulatory compliance and IT risk management
Monika Nanda
C010328
CRITICAL ELEMENTS OF NETWORK SECURITY Cisco Integrated Network Security solutions incorporate three elements that Cisco believes are critical to effective network security.
Threat Defense System Threats todayboth known and unknowncontinue to become more destructive and frequent than in the past. Internal and external threats, such as worms, denial of service (DoS) attacks, man-in-the-middle attacks, and Trojan horses, have the ability to significantly affect business profitability. The Cisco Threat Defense System provides a strong defense against these known and unknown attacks. Appropriate security technologies along with advanced networking intelligence are required to effectively defend against attacks. To be most effective, these technologies must be implemented throughout the network, rather than just in point products or technologies because the source of an attack can start anywhere and instantly spread across all network resources. The Cisco Threat Defense System enhances security in the existing network infrastructure, adds comprehensive security on the endpoints (both server and desktops), and adds dedicated security technologies to networking devices and appliances, proactively defending the business, applications, users, and the network. The Threat Defense System protects businesses from operation disruption, lost revenue, and loss of reputation.
Monika Nanda
C010328