1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved.

THIS IS THE POWER OFTHIS IS THE POWER OFCISCO SECURITY.CISCO SECURITY.

now.

222© 2003, Cisco Systems, Inc. All rights reserved.

End – to – End SecurityEnd – to – End Security

This presentation highlights how every device on a Cisco Powered Network can be locked down to perform Defense in Depth.

This multilayered approach presents an extremely difficult target to:

Hackers Unauthorized Access

Worms Rogue Devices

Viruses Spoofing Attacks

DoS / DDoS attacks

This presentation highlights how every device on a Cisco Powered Network can be locked down to perform Defense in Depth.

This multilayered approach presents an extremely difficult target to:

Hackers Unauthorized Access

Worms Rogue Devices

Viruses Spoofing Attacks

DoS / DDoS attacks

333© 2003, Cisco Systems, Inc. All rights reserved.

Threats Can be From Internal SourcesThreats Can be From Internal Sources

InternalMost expensive attacks come from inside (Up to 10x more costly)

Accidental:Misconfiguration

InternalMost expensive attacks come from inside (Up to 10x more costly)

Accidental:Misconfiguration

Source: CSI / FBI Security Study 2003

444© 2003, Cisco Systems, Inc. All rights reserved.

Threats Also Come from External SourcesThreats Also Come from External Sources

External78% of Attacks Come fromInternet Connection

(up from 57% in 1999)

External78% of Attacks Come fromInternet Connection

(up from 57% in 1999)

Source: CSI / FBI Security Study 2003

555© 2003, Cisco Systems, Inc. All rights reserved.

Threats Can Already Be Known to You…Threats Can Already Be Known to You…

KnownGood Security Practices AllowYou to Protect Yourself Against“Known” Threats

KnownGood Security Practices AllowYou to Protect Yourself Against“Known” Threats

666© 2003, Cisco Systems, Inc. All rights reserved.

Or Unknown …Or Unknown …

UnknownHow Can You Protect YourselfAgainst SomethingYou Don’t Know About

UnknownHow Can You Protect YourselfAgainst SomethingYou Don’t Know About

777© 2003, Cisco Systems, Inc. All rights reserved.

Threat from HackersThreat from Hackers

• 2,524 new vulnerabilities discovered in 2002

• Many recently discovered vulnerabilities remain highly viable targets for future threats

• “Blended threats” present the greatest risk

• Companies experience 30+ attacks per week

• 2000% increase (’99-’02) in financial losses from hacker-caused denial of service

$65.6M in reported cost (2002)

• 2,524 new vulnerabilities discovered in 2002

• Many recently discovered vulnerabilities remain highly viable targets for future threats

• “Blended threats” present the greatest risk

• Companies experience 30+ attacks per week

• 2000% increase (’99-’02) in financial losses from hacker-caused denial of service

$65.6M in reported cost (2002)

888© 2003, Cisco Systems, Inc. All rights reserved.

Threat from TheftThreat from Theft

• Theft of proprietary information causes greatest financial loss: $2.7M per incident (2003)

• 90% of respondents detected computer security breaches within last 12 monthsSource: CSI / FBI Security Study 2003

“The average amount of money, as a % of revenue, that companies spend on IT security is .0025 % or slightly less than they spend on coffee.”Richard ClarkeFormer Special Advisor to the President for Cyberspace Security

999© 2003, Cisco Systems, Inc. All rights reserved.

Threat EvolutionThreat Evolution

GlobalInfrastructur

eImpact

RegionalNetworks

MultipleNetworks

IndividualNetworks

IndividualComputer

GlobalInfrastructur

eImpact

RegionalNetworks

MultipleNetworks

IndividualNetworks

IndividualComputer

Target and Scope of Damage

Target and Scope of Damage

1st Gen• Boot viruses

1st Gen• Boot viruses

WeeksWeeks 2nd Gen• Macro viruses• Email • DoS• Limited

hacking

2nd Gen• Macro viruses• Email • DoS• Limited

hacking

DaysDays3rd Gen• Network DoS• Blended threat

(worm + virus+ trojan)

• Turbo worms • Widespread

system hacking

3rd Gen• Network DoS• Blended threat

(worm + virus+ trojan)

• Turbo worms • Widespread

system hacking

MinutesMinutes

Next Gen• Infrastructure

hacking • Flash threats• Massive

worm driven DDoS

• Damaging payload worms

Next Gen• Infrastructure

hacking • Flash threats• Massive

worm driven DDoS

• Damaging payload worms

SecondsSeconds

1980s1980s 1990s1990s TodayToday FutureFuture

101010© 2003, Cisco Systems, Inc. All rights reserved.

The Sapphire Worm or “Slammer”The Sapphire Worm or “Slammer”

2681111 0

• Infections doubled every 8.5 seconds

• Infected 75,000 hosts in first 11 minutes

• Caused network outages, cancelled airline flights and ATM failures

• Infections doubled every 8.5 seconds

• Infected 75,000 hosts in first 11 minutes

• Caused network outages, cancelled airline flights and ATM failures

Cisco Responded in 10

At Peak,Scanned 55 Million Hosts per Second

At Peak,Scanned 55 Million Hosts per Second

Minutes after ReleaseMinutes after Release

111111© 2003, Cisco Systems, Inc. All rights reserved.

How Cisco Stopped “Slammer”How Cisco Stopped “Slammer”

RESULT: No infections found within CiscoRESULT: No infections found within Cisco

00:0300:03 00:10 00:10 00:3000:3000:00 00:0600:06

SlammerlaunchedSlammerlaunched

“Unusual” traffic verifiedand triggered alarm

Anomaly detection technology identified “unusual” trafficAnomaly detection technology identified “unusual” traffic

Locked down the appropriate ports (inside and outside Cisco)

Corporate networks, internal nets, LANs etc

Vulnerability Scan of Cisco’s network  

(200+ systems identified as vulnerable internally)

Cisco Security AgentStops Threat on Protected Hosts

00:00

121212© 2003, Cisco Systems, Inc. All rights reserved.

Security Paradigm is ChangingSecurity Paradigm is Changing

• Security is no longer a “product level” proposition. Security is tied directly to the business proposition

• Server and desktop management Increasing number of vulnerabilities Must scale to thousands in large Enterprises

• Legacy endpoint security TCO challenge Reactive products force deployment of multiple agents and management paradigms to update

• Day Zero Damage Rapidly propagating attacks (Slammer and Blaster) happen too fast for reactive products to handle - an automated security system is needed

• Security is no longer a “product level” proposition. Security is tied directly to the business proposition

• Server and desktop management Increasing number of vulnerabilities Must scale to thousands in large Enterprises

• Legacy endpoint security TCO challenge Reactive products force deployment of multiple agents and management paradigms to update

• Day Zero Damage Rapidly propagating attacks (Slammer and Blaster) happen too fast for reactive products to handle - an automated security system is needed

131313© 2003, Cisco Systems, Inc. All rights reserved.

Deploy Security as an Integrated SystemDeploy Security as an Integrated System

Secure TransportSecure TransportCard ReadersCard ReadersSecurity Room CCTVSecurity Room CCTV

Secured Doors and VaultsSecured Doors and VaultsSurveillance and AlarmsSurveillance and Alarms Patrolling Security GuardPatrolling Security Guard

Firewalls and Router ACLsFirewalls and Router ACLsNetwork and Host-based

Intrusion DetectionNetwork and Host-based

Intrusion Detection ScannerScanner

Centralized Security and Policy Management

Centralized Security and Policy Management

Identity, AAA, Access Control Servers and

Certificate Authorities

Identity, AAA, Access Control Servers and

Certificate Authorities

Encryption and Virtual Private Networks (VPN’s)

Encryption and Virtual Private Networks (VPN’s)

141414© 2003, Cisco Systems, Inc. All rights reserved.

Security is a Systematic ProcessSecurity is a Systematic Process

Vulnerabilities and Risk

Assessment

Vulnerabilities and Risk

Assessment

Architecture Design and

Implementation

Architecture Design and

Implementation

Security Policy/ Procedures

Security Policy/ Procedures

Deploy Security Policy

Deploy Security Policy

Surveillance, Monitoring, Audit &

Analysis

Surveillance, Monitoring, Audit &

Analysis

Incident ResponseIncident

Response

Corrective ActionCorrective Action

Forensic AnalysisForensic Analysis

© 2002, Cisco Systems, Inc. All rights reserved. 141414

Central SecurityManagement

Central SecurityManagement

151515© 2003, Cisco Systems, Inc. All rights reserved.

Cisco Security Strategy Evolution

Severity ofSecurity Threats

Severity ofSecurity Threats

1990s1990s 20002000 TodayToday FutureFuture

• Integrated security RoutersSwitchesAppliancesEndpoints

• FW + VPN + IDS• Anomoly detection• Integrated

management software

• Evolving advanced services

• Integrated security RoutersSwitchesAppliancesEndpoints

• FW + VPN + IDS• Anomoly detection• Integrated

management software

• Evolving advanced services

• Security appliances

• Enhanced router security

• Separate management software

• Security appliances

• Enhanced router security

• Separate management software

• End to End Protection

• Application oriented (per port basis)

• Security aware elements

• Self-protecting• Self-managing

• End to End Protection

• Application oriented (per port basis)

• Security aware elements

• Self-protecting• Self-managing

• Basic router security

• Command line interface

• Basic router security

• Command line interface

• End to End Protection

• Application oriented (per port basis)

• Security aware elements

• Self-protecting• Full suite of

advanced services

• End to End Protection

• Application oriented (per port basis)

• Security aware elements

• Self-protecting• Full suite of

advanced services

Intelligent Information Networks

Intelligent Information Networks

Fully Integrated Security

Fully Integrated Security

161616© 2003, Cisco Systems, Inc. All rights reserved.

Cisco Systems is the only vendor that can provide you security on

every point of your network

VPN

End-to-End SecurityEnd-to-End Security

171717© 2003, Cisco Systems, Inc. All rights reserved.