View
215
Download
1
Tags:
Embed Size (px)
Citation preview
1© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Cisco Security Solutions for Small and Medium Businesses
Make your e-business secure
222© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Agenda
• Security solution overview
• Business issues and security
• Security features and benefits
• Tell us more about your security needs
• Measuring the success of your security deployment
• Importance of the network infrastructure in deploying security
• Example business scenario
• Example network blueprints
• URLs for additional information on security
333© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Security — Solution Overview
• What is security?
A process, not a product
An integrated system
Security requires defense in depth, which includes:
Firewalls and router access control lists (ACLs)
Network and host-based intrusion detection
Scanners
Centralized security and policy management
Authentication, authorization, and accounting (AAA), access control servers and certificate authorities
Encryption and virtual private networks (VPNs)
3© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
444© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Security is a Process
“Security is not a product; it’s a process. You can’t just add it to a system after the fact. It’s vital to understand the real threats to a system, design a security policy commensurate with those threats, and build in appropriate security countermeasures.”
Bruce Schneier “Secrets and Lies”
4© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution how to sell
555© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
The Cisco SMB Security Solution – Deploy Security as an Integrated System
Secure TransportSecure TransportCard ReadersCard Readers
Security Room CCTVSecurity Room CCTV
Secured Doors and VaultsSecured Doors and VaultsSurveillance and AlarmsSurveillance and Alarms
Patrolling Security GuardPatrolling Security Guard
Firewalls and Router ACLsFirewalls and Router ACLsNetwork and Host-based
Intrusion DetectionNetwork and Host-based
Intrusion Detection ScannerScanner
Centralized Security and Policy Management
Centralized Security and Policy Management
Identity, AAA, Access Control Servers and
Certificate Authorities
Identity, AAA, Access Control Servers and
Certificate AuthoritiesEncryption and Virtual
Private Networks (VPN’s)Encryption and Virtual
Private Networks (VPN’s)
666© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Security for Internet Business Solutions
CIBR Security technical solution how to sell
6
Customer Care Workforce Optimization
Manufacturing and Distribution
Web Marketing
Web Communication
E-Commerce
Supply ChainManagement
E-Procurement
Salesforce Automation
Financial Management
777© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Strategic Business Drivers for Security Solutions
• Do these issues influence your business?Damage to company image after a security breach
Legal liabilities resulting from a breach
Lost revenues resulting from a breach
Need for customer/supplier confidence in doing e-business with the company
Fear of theft
Fear of fraud
Loss of employee morale
Wireless security
888© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Today’s Network Security Threats
• Everything is a target
• Internet attacks are on the rise (Computer Security Institute & FBI Report March, 2001)
• More and better hacker tools means more hackers
• Economic impact of Internet worms and viruses
• Theft of proprietary information
• Financial fraud
• Insider abuse
• Sabotage
• Unauthorized access by insiders (worse than by outsiders)
• Unauthorized access by outsiders
• Denial of service attacks
999© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Impact of an Improperly Secured Network ($M)
2000200020002000
Theft of proprietary informationTheft of proprietary informationTheft of proprietary informationTheft of proprietary information $ 33.6M$ 33.6M$ 33.6M$ 33.6M
11.211.211.211.2
7.97.9 7.97.9
3.73.7 3.73.7
2.12.1 2.12.1
1998199819981998
2.82.82.82.8
$ 68.2M$ 68.2M$ 68.2M$ 68.2M
5.35.35.35.3
1.61.61.61.6
$ 66.7M$ 66.7M$ 66.7M$ 66.7M
56.056.056.056.0
29.229.2 29.229.2
28.028.028.028.0
27.127.127.127.1
8.28.28.28.2
$ 232.7M$ 232.7M$ 232.7M$ 232.7M
10.410.410.410.4
7.17.17.17.1
Financial fraudFinancial fraudFinancial fraudFinancial fraud
VirusVirusVirusVirus
Insider net abuseInsider net abuseInsider net abuseInsider net abuse
SabotageSabotageSabotageSabotage
Laptop theftLaptop theftLaptop theftLaptop theft
Denial of service attacksDenial of service attacksDenial of service attacksDenial of service attacks
System penetration by outsidersSystem penetration by outsidersSystem penetration by outsidersSystem penetration by outsiders
TotalTotalTotalTotal
Source: FBI 2000 Report on Computer Crime
101010© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
The Pain Caused by Downtime
• Revenue loss
• Customer dissatisfaction
• Lost productivity
• Brand dilution
• Legal liability
• Financial performance
Source: Meta Group, November 2001
EnergyEnergyEnergyEnergy $2,817,846$2,817,846$2,817,846$2,817,846
CommunicationsCommunicationsCommunicationsCommunications $2,066,245$2,066,245$2,066,245$2,066,245
ManufacturingManufacturingManufacturingManufacturing $1,610,654$1,610,654$1,610,654$1,610,654
Financial institutionsFinancial institutionsFinancial institutionsFinancial institutions $1,495,134$1,495,134$1,495,134$1,495,134
Information technologyInformation technologyInformation technologyInformation technology $1,344,461$1,344,461$1,344,461$1,344,461
InsuranceInsuranceInsuranceInsurance $1,202,444$1,202,444$1,202,444$1,202,444
RetailRetailRetailRetail $1,107,274$1,107,274$1,107,274$1,107,274
Industry SectorIndustry SectorIndustry SectorIndustry Sector Lost Revenue Lost Revenue per Hourper Hour
Lost Revenue Lost Revenue per Hourper Hour
111111© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Features
• Secure connectivity
• Perimeter security
• Controlled access
• Surveillance and alarms
• Security monitoring
• Centralized security policy management
• Centralized security device management
• Identity
• Secure transport
121212© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Benefits
• Secure connectivity over public networks
• Restricted access to network resources
• Protection against network attack and misues
• Ability to find and close security holes before hackers find them
• Ability to identify users and what they are permitted to do on the network
• Simplified management of security policies and devices
131313© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Tell Us More
• In the event of disruption, can you:
Ensure critical systems and networks are continuously available?
Restore mission critical applications?
Provide uninterrupted workforce productivity with a secure instant office?
• What’s the impact of not properly securing your network in terms of cost? ...credibility? ...productivity? ...viability? ...liability?
• How much revenue loss caused by downtime can you afford? How much customer dissatisfaction caused by downtime can you afford? How much lost productivity? ...brand dilution? ...legal liability? ...reduced financial performance?
141414© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Security — Measuring Success
• Establish success metrics in advance
• Metrics to consider:
Revenue loss
Customer dissatisfaction
Lost productivity
Legal liability
Financial performance
Number of security incidents
Disruption of services
Unauthorized access
Information theft
Number and severity of virus attacks
Number and severity of Distributed Denial of Service (DDoS) attacks
151515© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
SMB Security CharacteristicsSMB Security
CharacteristicsNetworking ImplicationsNetworking Implications
The Importance of the Network Infrastructure
Routers, firewalls, VPNsRouters, firewalls, VPNs
Access control lists (ACLs), firewalls Access control lists (ACLs), firewalls
AAA, access control servers (ACS), certificate authorities, public key infrastructure (PKI)
AAA, access control servers (ACS), certificate authorities, public key infrastructure (PKI)
Centralized security device and policy managementCentralized security device and policy management
Secure connectivitySecure connectivity
Security monitoringSecurity monitoring
Perimeter securityPerimeter security
IdentityIdentity
Security managementSecurity management
Network and host-based intrusion detection systems (IDS)Scanners
Network and host-based intrusion detection systems (IDS)Scanners
15© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
161616© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Security — Business Scenario
• Company: Southern California graphic design agency
• Challenge:
• Clients demand aggressive scheduling for their high-profile projects. Sending a job back and forth for repeated reviews and changes extended project completion time and exposed creative materials to the possibility of loss or damage. Need to offer the flexibility and capacity to accommodate a continually changing and growing community of partners and customers.
• Solution:• Adding VPN capability to its existing Cisco network enabled the agency to
exchange creative materials over the public Internet with the same level of security, manageability, and quality of service as a private network — at a fraction of the cost.
• Results:• Reduced courier charges by more than 75%• Reduced total turnaround time for projects• VPN access to select major accounts results in closer customer relationships• Mobile employees connect to the office network
171717© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
SMB Security Deployment Blueprint – 100 Users or Fewer
InternetMain business location
Teleworker/remote access
Secure corporate servers
Web server
Catalyst stackable switch with Secure
LAN features
10/1
00 E
ther
net
Cisco broadband router with firewall and VPN
Desktops/laptops with Cisco VPN Client andthird-party anti-virus
software
DM
Z
LA
N
ISDN, cable, xDSL
Broadband access
modems
Desktops/laptops with third-party anti-virus software
Desktops/laptops with third-party anti-virus software
WAN
Cisco® modular access router or cable
access router with IOS firewall and VPN
This network blueprint is intended to be an educational resource and a starting point in planning your network solution; it is not a final recommendation from Cisco. To determine the deployment most appropriate for your company we suggest you work with a Cisco representative, Cisco channel partner or a solutions provider.
181818© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
SMB Security Deployment Blueprint – 100 Users or Fewer
InternetMain business location
Teleworker/remote access
Secure corporate servers
Web server
Cisco® 1700, 2600 or uBR925 with firewall and
VPN
Catalyst® 2950 with Secure LAN features
10/1
00 E
ther
net
Cisco 806 with firewall and VPNDesktops/laptops with
Cisco VPN Client andthird-party anti-virus
software
DM
Z
LA
N
ISDN, cable, xDSL
Broadband access
modems
Desktops/laptops with third-party anti-virus software
Desktops/laptops with third-party anti-virus software
WAN
This network blueprint is intended to be an educational resource and a starting point in planning your network solution; it is not a final recommendation from Cisco. To determine the deployment most appropriate for your company we suggest you work with a Cisco representative, Cisco channel partner or a solutions provider.
191919© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
SMB Security Deployment Blueprint – 100 to 500 Users
Internet
Main business location
Desktops/laptops with third-party anti-virus
software
Web server with Cisco IDS
10/1
00 E
ther
net
DM
Z
LA
N
ISDN, cable, xDSL
Desktops/laptops with third-party anti-
virus software
Catalyst switch with in-line power, with Secure
LAN features
Cisco Aironet Wireless Access Point
Fractional T1, T1, multi-T1 services
Cisco ACS using Remote Dial-In User Service (RADIUS)
SiSi
Cisco VPN concentrator
Cisco PIX firewall
Catalyst switch with Secure LAN features
Secure corporate servers with
Cisco IDS
Cisco PIX firewall
Broadband access modems
Cisco modular access router with IOS firewall and VPN
Branch office (fewer than 100 users)
Catalyst stackable switch with Secure
LAN features
Desktops/laptops with third-party anti-
virus software
Cisco VPN concentrator
Cisco Aironet
NICs
WAN
Teleworker/remote access
Cisco modular access router with firewall and VPN
Catalyst stackable switch with Secure
LAN features
Cisco access router or cable access router with IOS firewall and VPN
Catalyst stackable switch with Secure
LAN features
This network blueprint is intended to be an educational resource and a starting point in planning your network solution; it is not a final recommendation from Cisco. To determine the deployment most appropriate for your company we suggest you work with a Cisco representative, Cisco channel partner or a solutions provider.
202020© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
SMB Security Deployment Blueprint – 100 to 500 Users
Internet
Main business location
Desktops/laptops with third-party anti-virus
software
10/1
00 E
ther
net
DM
Z
LA
N
ISDN, cable, xDSL
Desktops/laptops with third-party anti-
virus software
Catalyst 2950 with Secure LAN features
Catalyst 3524-PWR XL with Secure LAN
features
Cisco Aironet® 1200 Access Point
Fractional T1, T1, multi-T1 services
Cisco ACS using Remote Dial-In User Service (RADIUS)
SiSi
Cisco VPN 3005
Cisco PIX® 515
Catalyst 2950 with Secure LAN
features Catalyst 3550 or 4000 with Secure LAN features
Secure corporate servers with
Cisco IDS
Cisco PIX 501 with Firewall and VPN
Broadband access modems
Cisco uBR925, 803, or 827 with firewall and VPN
Cisco 1700 or 2600 with firewall and VPN
Branch office (fewer than 100 users)
Catalyst 2950 with Secure LAN
features
Desktops/laptops with third-party anti-
virus software
Cisco VPN 3002
Cisco Aironet
NICs
WAN
Teleworker/remote access
Cisco 2600/3700 with firewall and VPN
Web server with Cisco IDS
This network blueprint is intended to be an educational resource and a starting point in planning your network solution; it is not a final recommendation from Cisco. To determine the deployment most appropriate for your company we suggest you work with a Cisco representative, Cisco channel partner or a solutions provider.
212121© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
SMB Security Deployment Blueprint – 500 to 1000 Users
Internet
Main business location
Desktops/laptops with third-party anti-virus
software
Web server with Cisco IDS
10/1
00 E
ther
net
DM
Z
LA
N
ISDN, cable, xDSL
Desktops/laptops with third-party
anti-virus software
Catalyst stackable switch with Secure
LAN features
Catalyst switch with in-
line power
Cisco Aironet Access Point
SiSi
Cisco VPN concentrator
Cisco PIX firewall
Catalyst stackable switch with Secure
LAN features
Secure corporate servers with
Cisco IDS
Cisco IP Phone
Cisco PIX firewall with firewall and VPN
Broadband access modem
Desktops/laptops with third-party anti-
virus software
Cisco modular access router or cable access router with firewall and VPN
Cisco VPN concentrator
Cisco IP Phone
Cisco Aironet Access Point
Cisco IP Phone
Catalyst switch with
in-line power
IP call processing
SiSi
WAN
Branch office (fewer than 300 users)
Teleworker/remote access
Cisco ACS using RADIUS
Catalyst switch with Secure LAN features
Cisco modular access router or cable access router with firewall and VPN
Cisco modular access router with IOS firewall and VPN
Cisco modular access router with firewall and VPN
Fractional T1, T1, multi-T1 services
This network blueprint is intended to be an educational resource and a starting point in planning your network solution; it is not a final recommendation from Cisco. To determine the deployment most appropriate for your company we suggest you work with a Cisco representative, Cisco channel partner or a solutions provider.
222222© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
SMB Security Deployment Blueprint – 500 to 1000 Users
Internet
Main business location
Desktops/laptops with third-party anti-virus
software10/1
00 E
ther
net
DM
Z
LA
N
ISDN, cable, xDSL
Desktops/laptops with third-party
anti-virus software
Catalyst 2950 with Secure LAN features
Catalyst 3524-PWR XL with Secure LAN
features
Cisco Aironet 1200 Access Point
SiSi
Cisco VPN 3005
Cisco PIX 515 or 525Cisco
2600/3700with firewall and VPN
Catalyst 2950 with Secure LAN
features Catalyst 3550 or 4000 with Secure LAN features
Secure corporate servers with
Cisco IDS
Cisco 7490/7960 IP
Phone
Cisco PIX 501 with firewall and VPN
Broadband access modem
Desktops/laptops with third-party anti-
virus software
Cisco uBR925, 803, or 827 with firewall and VPN
Cisco uBR925, 803, or 827 with firewall
Cisco VPN 3002
Cisco 7905/7910 IP Phone
Cisco Aironet 1200 Access
Point
Cisco 7490/7960 IP Phone
Catalyst 3524-PWR XL with Secure
LAN features
IP call processing
Cisco 1700, 2600, or 3700 with firewall and VPN
SiSi
WAN
Branch office (fewer than 300 users)
Teleworker/remote access
Cisco ACS using RADIUS
Fractional T1, T1, multi-T1 services
Web server with Cisco IDS
This network blueprint is intended to be an educational resource and a starting point in planning your network solution; it is not a final recommendation from Cisco. To determine the deployment most appropriate for your company we suggest you work with a Cisco representative, Cisco channel partner or a solutions provider.
232323© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
SMARTnet and SMARTnet Onsite
• What is SMARTnet/SMARTnet Onsite?
Cisco’s Technical Support Service, available direct and through resale
• What does it offer?
Operating system software updates (including IOS) -- major, minor, and maintenance releases
24x7x365 access to highly skilled networking personnel (TAC) via phone, email, and web
Access to Self Help technical repositories on-line
Advance parts replacement in as little as two hours
Onsite field engineers available in as little as two hours (OSS) to assist in hardware replacement
242424© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Why Cisco for SMB Security?
• No one knows your network, the Internet, or security better
• Compatibility with the installed Cisco base (80% of the Internet)
• Significant savings from a single-vendor solution
• Excellent quality, standards-based development, and certified products –
• Network intelligent, integrated security solutions
• Key partnerships and worldwide security industry leadership
• Market-leading solutions, services, and support
252525© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
Important URLs
• Cisco security overview
• www.cisco.com/go/security
• Cisco SAFE documents
• www.cisco.com/go/safe
• VPN ROI calculator
• www.cisco.com/go/evpn
• Reseller support Web site
• www.cisco.com/go/vsec
• Cisco Secure Encyclopedia
• www.cisco.com/go/csec
• www.cisco.com/go/securitypartners
• www.cisco.com/go/netpro
• www.cisco.com/go/securitytrng
• www.cert.org
• www.happyhacker.org
• www.infosecuritymag.com
25© 2002, Cisco Systems, Inc. All rights reserved.
CIBR Security technical solution customer
© 2001, Cisco Systems, Inc.
www.cisco.com/warp/public/779/smbiz/iroadmap/solutions.html
CIBR Security technical solution customer26