230 likes | 376 Vues
Security Directions Secure Switching. WLAN coverage. FW/IDS/IPS. Internet. Mobile user. What’s Pushing Security at the Edge of the Network. 1. Battle front is “everywhere” Mobility has broken down the traditional perimeter The network infrastructure must be part of the defense system
E N D
WLAN coverage FW/IDS/IPS Internet Mobile user What’s Pushing Security at the Edge of the Network 1 Battle front is “everywhere” • Mobility has broken down the traditional perimeter • The network infrastructure must be part of the defense system • The network must offer state of the art network level protection Time between exploit and signature definition increases • Users out of corporate environment at increased risk • Day-zero protection emerging requirement • Network Infrastructure can authenticate users/stations and observe traffic patterns User-aware security required by law • SoX, Hippa and other federal regulation mandate to keep track of user activity and resources access • The network infrastructure is user-aware and is ideally positioned to keep logs of user activities 2 Signature Published Vulnerability Announced Exploit released Compliance with government regulations HIPPA, SOX,.. 3
Potential Market to be Addressed • Infonetics – Revenue (in $M) per Network Access Control Device Type • Current Analysis (Joel Connover) – “Next wave of LAN switch technology” • Customer Study • 7% of ports are ports in Visitor Area, 25% of LAN ports are used by non-employees (contractors, consultants,..) • 50% of Enterprises consider employees as un-trusted (from IT security stand point) • $3.75B Market potential
Product Line Segmentation Platforms – Appliance and Workgroup Switch Feature Set: 802.1x, MAC, Web, MSFT DS Snooping Authentication Client based and self install HIC User profile-based Authorization (with Stateful FW) Advanced (application specific, slow infection detection) behavioral anomaly detection Signature based intrusion detection Granular Quarantining (down to infection vector shut down, user applications up) User activity logging (or abnormal user activity logging) Advanced OS-1000Sec OS-2400Sec OS-6850Sec Baseline OS-6600* OS-6800 OS-6850 OS-7000 OS-9000 Feature Set (current): 802.1x, MAC Authentication Symantec HIC VLAN-based ACL Authorization Limited L2/L3/L4 Intrusion Detection Quarantine Manager Integration Additions in 6.3: Web Authentication InfoExpress HIC (self install) User profile-based Auth. Basic Statistical Detection
OmniSwitch Security AppliancesNetwork Positioning GUI-based LAN tracking, incident reports, and policy setting OmniVista 2500 (Topology, traps, Syslog) Data Center OmniVista Security Manager LAN Core OmniSwitch 2400 Security Appliance Transparent Deployment OmniSwitch 1000 Security Appliance Transparent deployment, with per-user and per-application controls Access Layer
OmniSwitch Security AppliancesAppliance Overview 10/100 out-of-band management port OS-2400-SA Dual build-in Power Supplies (AC or DC) RS-232 Console Compact Flash slot 10 Gbps Secured Throughput 20 GigE ports (SFP connectors) 10 Gig in / 10 Gig out 4 GigE ports (SFP connectors) Port mirroring / HA synchro OS-1000-SA 5 Gbps Secured Throughput 8 GigE ports (SFP connectors) 4 Gig in / 10 Gig out 2 GigE ports (SFP connectors) Port mirroring / HA synchro
Network Admission Control • Authentication • Transparent to employees (snooping of 802.1x / Domain Server Auth.) • Captive Portal for guests • Validate by address • Whitelists, trusted DHCP servers, block static IP • Posture check • Dissolvable agent for managed, unmanaged devices • Customizable remediation • Automatically learn user’s role • Query AD upon login event (802.1x, MAC, Capt.Portal, kerberos, DS) • RADIUS VSA • Multiple Authentication server attribute combined to get user role
User Access Control • Easy LAN segmentation • Coarse – guests vs. employees • Granular – finance vs. operations / john doe in finance vs. CFO • Role-based control • To resources, applications, transactions (ftp user/file name, http URL/content, CIFS user/file name) • Universal policy • Regardless of medium, location (L2, L3 connectivity), device • Incremental deployment • Guests, VPN, wireless, conference rooms
Threat Control • Malware containment • Behavior-based algorithms (signature based in future) • Does not require any learning • Trigger on spikes in connection rates, ratio of failed connections – by application • Containment policies • Block user traffic – FW based quarantine • Block mis-behaving application, all other applications unaffected • Syslog to OV Quarantine Manager to configure other network areas • Protection against misuse of printers, VoIP • Whitelist devices • By protocol – only SIP to call manager • By destination – only phones reach call manager
Visibility • Dashboards • Actionable information • Incident response • All activity resolved to the user • Easy drill-down • Full app decode/heuristic identification • Auditing • Control mechanism • Logical configured separation • Historical data on flows, tied to the user
The Cisco NAC and Quarantine deployment model DISTRIBUTION CORE DATA CENTER OPS CENTER ACCESS CLIENT CiscoWorks LMS (LAN Switches) Active Directory Cat 6500 Cat4k/3k 802.1x Cisco Security Manager (FW / IPS) ACS (Cisco RADIUS) FW Blade IDS Blade Cisco MARS (Quarantining)
The Cisco Clean Access and Quarantine Deployment model DISTRIBUTION CORE DATA CENTER OPS CENTER ACCESS CLIENT CiscoWorks LMS Cat 6500 Cat4k/3k Active Directory 802.1x Cisco Security Manager FW Blade ACS (Cisco RADIUS) IDS Blade Cisco MARS Clean Access Manager Clean Access Appliance
Alcatel Security Solution DISTRIBUTION CORE DATA CENTER OPS CENTER ACCESS CLIENT OS-68xx OS-9xxx Active Directory OmniVista w/QM OS-xxxx-SA Captive Portal & Client-less HIC LANSightManager
Alcatel Security Solution – In a Cisco Network DISTRIBUTION CORE DATA CENTER OPS CENTER ACCESS CLIENT CiscoWorks LMS Cat 6500 Cat4k/3k Active Directory OS-xxxx-SA 802.1x or Captive Portal Client-less HIC LANSightManager
Alcatel Security Solution – Security and Edge Refresh DISTRIBUTION CORE DATA CENTER OPS CENTER ACCESS CLIENT CiscoWorks LMS Cat 6500 OS-6900 Active Directory 802.1x, MAC, or Captive Portal Client-less HIC OmniVista