Académique Documents
Professionnel Documents
Culture Documents
Networks
By-
Aseem Khan
Adeeb Akhil Shahi
Mohammed Sohail
Saiprasad H
Bevinakatti
Cisco Self-Defending Network
(CSDN) Concept
A systems-based solution that allows
entities to use their existing
infrastructure in new ways to:
• Reduce windows of vulnerability
• Minimize the impact of attacks
• Improve overall infrastructure
availability and reliability
Today’s Organizational
Challenges
Due to continued economic challenges
organizations and employees need to be
more productive.
More and more employees need to work
and communicate while mobile and not
infect the company with viruses.
(counter productive)
Organizations need to better defend
against threats, vulnerabilities, events
and adopt a defense-in-depth strategy.
Organizations need to maximize return
on investment of their limited IT
budgets to improve productivity,
mobility, and secure the assets of the
business.
The Growing Need for Security
Solutions
Regulatory Data Loss
Compliance
Malware
Threat Capabilities
Packet Forging/
New
Spoofing Internet
High Stealth Diagnostics Worms
DDOS
Back Sweepers Sophistication
Doors
Sniffers of Hacker
Exploiting Known
Vulnerabilities Hijacking Tools
Sessions
Disabling
Audits
Self Replicating
Code
Password Technical
Cracking
Knowledge
Required
Password
Guessing
• Identity-Based Networking/NAC
Control Who/What Has Access
• IPSec VPN
• SSL VPN
• MPLS
Protects Data/Voice Confidentiality
CSDN Concept (cont.)
CSDN also helps create autonomous
systems that can quickly react to an
outbreak with little to no human
intervention
Why do we need CSDN’s?
Evolution of networkEvolution of
attacks on networks
Traditional approachDefense-in-
depth
• Proactive defense mechanisms
CSDN approach
• Adaptive defense mechanisms
Why do we need CSDN’s? (cont.)
Proactive defense mechanisms…not
obsolete, simply inefficient in
responding to breeches in network
security
Proactive solutions frontload
defense mechanisms
Proactive Defense Example
Internal
Internet DMZ Corp.
Network
Outer Inner
Firewall Firewall
Development
Network
Why do we need CSDN’s? (cont.)
Adaptive Solutions…focus isn’t solely
on preventing network attacks
Attempt to effectively:
• Detect
• Respond
• Recover
Little to no adverse effect on the
network and its users
Why do we need CSDN’s? (cont.)
Key elements of an adaptive
solution:
• Remain active at all times
• Perform unobtrusively
• Minimize propagation of attacks
• Quickly respond to as-yet unknown
attacks
Foundation of a CSDN
1. Endpoint Protection
2. Admission Control
3. Infection Containment
4. Intelligent Correlation and Incident
Response
5. Inline IDS and Anomaly Detection
6. Application Security and Anti-X
Defense
Endpoint Protection
You are only as strong as your weakest
link
One non-sanitized end-user system
connected behind a robust, efficient
defense can spell D-O-O-M for a network
Cisco Security Agent
• Point of presence on end user systems that
enables efficient exchange of valuable network
threat information as it occurs
• Endpoint system virus, worm
detection/protection
Admission Control
Not only core component of a CSDN, but
incorporated into other technologies by
over 30 industry-leading vendors
Network Admission Control (NAC) assists
in determining the level of access to grant
an end-user system in accordance with
the security policy when it initially joins
the network
NAC also assists in managing end-user
system’s compliance with security patches
and updates
Infection Containment
The ability to identify non-compliant
systems or network attacks as they
occur and react appropriately,
minimizing the effect of the breech
Potentially the #1 core component of
a secure system belonging to a
CSDN
Intelligent Correlation and Incident
Response
Services that provide the ability to exchange:
• Event information
• Implications of an event occurring
• Necessary actions to take
• The appropriate nodes or systems to enforce
actions in real-time
These services aide in adapting to changes
and countering attacks that are occurring in
the network as they occur rather than after
they occur
Application Security and Anti-X
Defense
A menagerie of application layer
security products that address the
“ever-evolving” classes of threats
which are not effectively addressed by
traditional firewall and network IDS
products
Threat examples:
• E-mail based SPAM and phishing
• Spyware
• Unauthorized peer-to-peer activity
Summary
New phraseology NOT a new technology
Encompassing security solution that is
proactive AND adaptive in nature that
envelopes every level of network security
rather than just specific layers
Key difference in CSDN and traditional
security solutions…ability of CSDN’s to
communicate and share information
among different security products
employed within the CSDN
Questions