Self-Defending

Networks
By-
 Aseem Khan
 Adeeb Akhil Shahi
 Mohammed Sohail
 Saiprasad H
Bevinakatti
 Cisco Self-Defending Network
(CSDN) Concept
 A systems-based solution that allows
entities to use their existing
infrastructure in new ways to:
• Reduce windows of vulnerability
• Minimize the impact of attacks
• Improve overall infrastructure
availability and reliability
 Today’s Organizational
Challenges
 Due to continued economic challenges
organizations and employees need to be
more productive.
 More and more employees need to work
and communicate while mobile and not
infect the company with viruses.
(counter productive)
 Organizations need to better defend
against threats, vulnerabilities, events
and adopt a defense-in-depth strategy.
 Organizations need to maximize return
on investment of their limited IT
budgets to improve productivity,
mobility, and secure the assets of the
business.
 The Growing Need for Security
Solutions
Regulatory Data Loss
Compliance

A Systems Approach to Streamline IT Risk

Management for Security and Compliance

Malware
 Threat Capabilities
Packet Forging/
New
Spoofing Internet
High Stealth Diagnostics Worms
DDOS
Back Sweepers Sophistication
Doors
Sniffers of Hacker
Exploiting Known
Vulnerabilities Hijacking Tools
Sessions
Disabling
Audits
Self Replicating
Code
Password Technical
Cracking
Knowledge
Required
Password
Guessing

Low 1980 1990 2000

The Self Defending
Network
 Self Defending Network
Strategy

Improve the network’s

An initiative to dramatically
ability
improve the network’s ability
to identify, prevent,to
and adapt to threats
identify, prevent, and adapt
to threats
SECURITY
INTEGRATED TECHNOLOGY SYSTEM LEVEL
SECURITY INNOVATION SOLUTIONS
• Secure Connectivity • Endpoint Security • Endpoints
• Threat Defense • Application Firewall • Network
• SSL VPN
• Trust & Identity • • Services
Network Anomaly
 Cisco’s Integrated Network Security
Systems
Defend the Edge:
Threat Defense

• Integrated Network FW+IDS

Detects and Prevents External Attacks
Internet Intranet

Protect the Interior:

• Catalyst Integrated Security
Protects Against Internal Attacks

Guard the Endpoints:

• Cisco Security Agent (CSA)
Protects Hosts Against Infection
Trust and

Verify the User and Device:

Identity

• Identity-Based Networking/NAC
Control Who/What Has Access

Secure the Transport:

Comm.
Secure

• IPSec VPN
• SSL VPN
• MPLS
Protects Data/Voice Confidentiality
 CSDN Concept (cont.)
 CSDN also helps create autonomous
systems that can quickly react to an
outbreak with little to no human
intervention
 Why do we need CSDN’s?
 Evolution of networkEvolution of
attacks on networks
 Traditional approachDefense-in-
depth
• Proactive defense mechanisms
 CSDN approach
• Adaptive defense mechanisms
 Why do we need CSDN’s? (cont.)
 Proactive defense mechanisms…not
obsolete, simply inefficient in
responding to breeches in network
security
 Proactive solutions frontload
defense mechanisms
 Proactive Defense Example

Servers (e.g. web, e-mail, proxy)

Internal
Internet DMZ Corp.
Network

Outer Inner
Firewall Firewall

Development
Network
 Why do we need CSDN’s? (cont.)
 Adaptive Solutions…focus isn’t solely
on preventing network attacks
 Attempt to effectively:
• Detect
• Respond
• Recover
 Little to no adverse effect on the
network and its users
 Why do we need CSDN’s? (cont.)
 Key elements of an adaptive
solution:
• Remain active at all times
• Perform unobtrusively
• Minimize propagation of attacks
• Quickly respond to as-yet unknown
attacks
 Foundation of a CSDN
1. Endpoint Protection
2. Admission Control
3. Infection Containment
4. Intelligent Correlation and Incident
Response
5. Inline IDS and Anomaly Detection
6. Application Security and Anti-X
Defense
 Endpoint Protection
 You are only as strong as your weakest
link
 One non-sanitized end-user system
connected behind a robust, efficient
defense can spell D-O-O-M for a network
 Cisco Security Agent
• Point of presence on end user systems that
enables efficient exchange of valuable network
threat information as it occurs
• Endpoint system virus, worm
detection/protection
 Admission Control
 Not only core component of a CSDN, but
incorporated into other technologies by
over 30 industry-leading vendors
 Network Admission Control (NAC) assists
in determining the level of access to grant
an end-user system in accordance with
the security policy when it initially joins
the network
 NAC also assists in managing end-user
system’s compliance with security patches
and updates
 Infection Containment
 The ability to identify non-compliant
systems or network attacks as they
occur and react appropriately,
minimizing the effect of the breech
 Potentially the #1 core component of
a secure system belonging to a
CSDN
 Intelligent Correlation and Incident
Response
 Services that provide the ability to exchange:
• Event information
• Implications of an event occurring
• Necessary actions to take
• The appropriate nodes or systems to enforce
actions in real-time
 These services aide in adapting to changes
and countering attacks that are occurring in
the network as they occur rather than after
they occur
 Application Security and Anti-X
Defense
 A menagerie of application layer
security products that address the
“ever-evolving” classes of threats
which are not effectively addressed by
traditional firewall and network IDS
products
 Threat examples:
• E-mail based SPAM and phishing
• Spyware
• Unauthorized peer-to-peer activity
 Summary
 New phraseology NOT a new technology
 Encompassing security solution that is
proactive AND adaptive in nature that
envelopes every level of network security
rather than just specific layers
 Key difference in CSDN and traditional
security solutions…ability of CSDN’s to
communicate and share information
among different security products
employed within the CSDN
Questions