Outbreak Prevention - NTSC - cisco.com · A group of computers infected by a worm or Trojan and taken over surreptitiously by hackers. This network of computers can be used to attack

1© 2005 Cisco Systems, Inc. All rights reserved.10983_04_2005_c1

MANAGING YOUR SECURITY PAIN:OUTBREAK PREVENTION ANDTHEFT OF INFORMATION PREVENTION

CISCO BUSINESS SOLUTIONS WORKSHOPFOR RESELLERS


Agenda Slide

222

• Security Challenges

• Self-Defending Networks

• Outbreak Prevention Using SDN

• Theft of Information Using SDN

• Summary


Key Issues Facing Organizations

SIMPLIFICATION AND COST REDUCTION• Scalability• Equipment cost• Staffing (total cost of ownership)• Integration and systems management

• Market growth

• Brand loyalty

• Customer care

• Efficiency

• Productivity

• Cost mgmt

• Partnerships

GOALS:

10983_04_2005_c1

APPLICATION AND SERVICE OPTIMIZATION• Enablers• Application management• Performance/Optimization• Resilience

SECURITY• Threats• Theft• Loss• Response time


Vanishing Patch to Outbreak WindowPatch: MS04-011

Apr. 13, 2004

SASSER

Patch: MS03-026 Jul. 16, 2003

Jan. 25, 2003

Aug. 11, 2003

May 1, 2004

18

26

185 SLAMMER

Patch: MS02-039Jul. 24, 2002

BLASTER.A

Time(days)

336

Sept. 18, 2001

NIMDA

Patch: MS00-078Oct.17, 2000


Why Business Disruptions Continue

• Viruses, worms, trojan horses, botnets penetrating defensesViruses now #1 cause of financial loss (2004 CSI/FBI)

• Day-zero attacks can negate reactive solutions

• Point technologies easily bypassed, not designed to preserve network integrity or resiliency

• Non-compliant servers/desktops common, difficult to detect and contain

• Locating and isolating infected systems time and resource intensive



Threat Classifications

• VIRUS: Propagates via executable code (SMTP, POP, FTP, HTTP, etc.) Exploits unwary user or application “convenience” to execute a script or attachment that typically creates email-based propagation and installs back doors and Trojans

Examples: Bagle, Netsky

• WORM: Propagates over network. Exploits vulnerability in a remotely exploitable network application, often without user intervention, which typically further propagates and installs back doors and trojans

Examples: Code Red, Nimda

• HYBRID: Note that some threats exhibit a hybrid nature: propagate as a virus but result can be more worm-like in that they both spread via email and exploit vulnerable network applications

Examples: Lovegate, Patbot, Netsky


Threat Classifications

• TROJAN HORSE: A malicious or destructive security-breaking program disguised as something benign, such as a screen saver, a game, or some other program. A Trojan horse does not distribute itself, but may be widely redistributed as part of a computer virus, can be downloaded from the Internet, or is sent as an email attachment

• BOTNETS: A group of computers infected by a worm or Trojan and taken oversurreptitiously by hackers. This network of computers can be used to attack networks by sending spam, viruses, Trojans, or launching distributed denial of service attacks. Individual computers in a botnet are sometimes known as zombies or agentsCurrent estimates claim more than 100,000 computers are being “recruited” into botnets every week, and may be responsible for everything from DoS attacks to spam email

• SPYWARE: Any program installed and running without the knowledge of the user. Spyware is designed to run in the background, track surfing habits, andrecord keystrokes; in other words, to spy on the user.


Security Paradigm Must Shift

A Secure Global Internet Can No Longer Rely onIMPLICIT TRUST

A Secure Global Internet Can No Longer Rely onIMPLICIT TRUST

An Intelligent Information Network Builds UponEXPLICIT TRUST

An Intelligent Information Network Builds UponEXPLICIT TRUST



Future of Security

IP + SecurityIP + Security

2. DisparateSecurity

2. DisparateSecurity

Collaborative SecurityCollaborative Security

1. Point Appliance

1. Point Appliance Integrated

SecurityIntegratedSecurity

3. Anti Virus3. Anti Virus AdaptiveSecurityAdaptiveSecurity


Self-Defending Network Strategy

• Endpoints + Networks + Policies

• Services• Partnerships

• Endpoints + Networks + Policies

• Services• Partnerships

SECURITY TECHNOLOGYINNOVATION

SECURITY TECHNOLOGYINNOVATION

• Endpoint Security• Application Firewall• SSL VPN• Network Anomaly

Detection

• Endpoint Security• Application Firewall• SSL VPN• Network Anomaly

Detection

INTEGRATED SECURITY

INTEGRATED SECURITY

• Secure Connectivity• Threat Defense• Trust and Identity

• Secure Connectivity• Threat Defense• Trust and Identity

Cisco Strategy to Dramatically Improve the Network’s Ability to Identify, Prevent, and Adapt to Threats

SYSTEM-LEVEL SOLUTIONS

SYSTEM-LEVEL SOLUTIONS

SELF-DEFENDING NETWORK


Integrated Security Is the SDN FoundationTr

ust a

nd

Iden

tity

Trus

t and

Id

entit

y Verify the User and Device• Control who/what has access

Verify the User and Device• Control who/what has access

Secu

reC

onne

ctiv

itySe

cure

Con

nect

ivity

Secure the Transport:Secure the Transport:•• Protect data and voice Protect data and voice

confidentialityconfidentiality

Thre

at D

efen

seTh

reat

Def

ense

Protect the InteriorProtect the Interior•• Protect against internal attacksProtect against internal attacks

Guard the Endpoints• Protect hosts against infection,

(trojans, spyware, backdoors, etc.)

Guard the Endpoints• Protect hosts against infection,

(trojans, spyware, backdoors, etc.)

Defend the EdgeDefend the Edge•• Detect and prevent external attacksDetect and prevent external attacks

Branch

U N I V E R S I T YU N I V E R S I T YU N I V E R S I T YU N I V E R S I T YAIRPORTAIRPORT

Data Center

Mobile WorkforceCampus

Teleworker

USING THE SELF-DEFENDING NETWORK FOR OUTBREAK PREVENTION

10983_04_2005_c1 121212121212© 2005 Cisco Systems, Inc. All rights reserved.


Sources of Infection and Outbreak

• Infected remote devices connecting to the internal network

• Improperly protected internal devices that become infected whilebrowsing the Internet, etc.

• Malicious executables via email attachments or infected web sites

• Hackers planting trojan horses, time bombs, agent software (zombies), etc.

Unfortunately, these sorts of attacks continue to plague organizations in spite of significant investments in traditional security solutions



Outbreak Prevention Elements

Identify Anomalous

Behavior Perimeter Protectionfor Branch Against

Worms, Viruses, etc.via IOS FW / IPS

Prevent Outbreak Introduction and

Propagation

Prevent Outbreak

Introduction & Propagation

NAC, AVCSA

Identify and

Prevent Outbreaks

Enforce Outbreak Control• Quarantine• Remediate• Permit / Deny Access

Cisco ISR

Cisco “Clean Pipe”Offered Through

Managed Security Provider

Service ProviderNetwork

Cisco ISR

Cisco PIX

Cisco 4200IPS Sensor

CiscoCatalyst

6500

Identifyand ContainOutbreaks

EndpointProtection

CSA

WebServers

EmailServers

DNSServers

CiscoAccessControlServer

3rd

PartyPolicyServer

(NAC), AV,CSA

Identify Compliant and Non-Compliant

Endpoints

Cisco Works VMS

Non-ResponsiveAssessment

Server

Ensure Security Compliance Before Allowing Internet

Browsing

Content Engine

Prevent Web Server-Based

Infection

NAC, AV CSA


NAC IN ACTION

Cisco NAC Solution Overview

NAC SOLUTION: Leverage the Network to Intelligently Enforce Access Privileges Based on Endpoint Security Posture

Ubiquitous Solution for Ubiquitous Solution for ALLALL Connection MethodsConnection Methods

NAC CHARACTERISTICS

Validates Validates ALLALL HostsHosts

Leverages Customer Investments In Cisco Network Leverages Customer Investments In Cisco Network and Antivirus Solutionsand Antivirus Solutions

Supports Multiple AntiSupports Multiple Anti--virus Vendors and virus Vendors and Cisco Security Agent (CSA)Cisco Security Agent (CSA)

Quarantine and Remediation ServicesQuarantine and Remediation Services

Deployment ScalabilityDeployment Scalability


NAC Appliance—Cisco Clean Access

Turnkey Policy Compliance and Remediation Solution for the SMB• Role-based authentication

Clean Access Server enforces authorization policies and privilegesSupports multiple user roles (e.g. guests, employees, and contractors)

• Scans for security requirementsAgent scan for required versions of Hotfixes, AV, and other softwareNetwork scan for virus and worm infectionsNetwork scan for port vulnerabilities

• Network quarantineIsolate non-compliant machines from rest of network MAC & IP-based quarantine effective at a per-user level

• Repair and updateNetwork-based tools for vulnerability and threat remediationHelp-desk Integration


Cisco Clean Access System Operation

Cisco Clean Access Agent (optional)

THE GOAL

Intranet/Network

3b. Device is “clean.”Machine gets on “clean list”and is granted access to network.

2. User is redirected to a login pageCCA Server validates username and

password. Also performs device and network scans to assess vulnerabilities on the device.

Cisco Clean Access ServerCisco Clean Access Manager

1. End user attempts to access a web page or uses an optional client

Network access is blocked until end user provides login information. Authentication

Server

3a. Device is non compliant or login is incorrectUser is denied access and assigned to a quarantinerole with access to online remediation resources.

QuarantineRole


Clean Access 3.5: Out of Band Deployment

• VLAN-based quarantineManager performs switch management and port assignment

Server performs remediation and is deployed on the quarantine VLAN.

• Support for multiple switch infrastructures (2950, 3550, 3750, 4500, 6500)

SNMP v1/v2c for “reads”

SNMP v1/v2c/v3 for “writes”

• Supports multigigabit network deployment because:

Server is only in the data path for non-certified devices

• Host retains IP address after “certification”

Based on smart internal VLANand DHCP mapping

• Does not require 802.1X infrastructure

CCA Server

CCA Manager


Cisco Security Agent

• Next-generation security solution provides threat protection for servers and desktops

• Identifies and prevents malicious behavior before it occurs

• Unique behavior analysis addresses known and unknown threats

• Protects against: Port scansBuffer overflowsTrojan horsesMalformed packetsMalicious html requestsE-mail worms“Day-zero” attacksAnd more…


Threat Defense System Example CSA Protection Against Sasser

SasserRandomly scans IP addresses on port 445/tcp. Can scan up to 1,024 addresses simultaneouslycreates remote shell on port 9996/tcp. It then starts an FTP server listening on port 5554/tcp3) Persist

5) Propagate

1) Probe2) Penetrate

4) Paralyze

Host

Victim system connects back to attacking system on port 5554/tcp to retrieve copy of worm

Crashes infected devicesCauses systems to reboot continuously


Mitigating the Impact of an Internet Worm

AccessDistribution

Core

InfectedSource

SiSi

SiSi

SiSiSiSi

SystemUnder Attack

Protect the End Systems

• Cisco Security Agent Protect the Links

• QoS/ACL

Protect the Switches

• Cisco Express Forwarding (CEF)

• Rate Limiters

Prevent the Attack• ACLs and NBAR• Firewall / IPS• NAC for Posture Validation

Comprehensive Enterprise Security Strategy Directed at Protecting the ENTIRE Network


Integrated Services RoutersCisco Self-Defending Networks at Wire Speed

Trust and IdentityTrust and Identity

Network Foundation ProtectionNetwork Foundation Protection

Secure ConnectivitySecure Connectivity

Threat DefenseThreat Defense

Leverage the Network to Intelligently Protect Endpoints

Protect the Network Infrastructure from Attacks and Vulnerabilities

Secure and Scalable Network Connectivity

Prevent and Respond to Network Attacks and Threats such as Worms

Network Admission Control, 802.1x

Device ProtectionRouting and Switching Protection

Secure Voice (sRTP, V3PN), DMVPN, MPLS & IPSec, Wirespeed Encryption

Inline IPS, URL Filtering, Content Caching, AV Gateway, Netflow, Firewall

Complete, Preventative, Scalable Security Solutions

Built in VPN HW Encryption

NME/NMENME/NME--XXHWICHWIC HWICHWICHWICHWIC HWICHWIC EVMEVM USBUSB

USBUSBGEGE GEGE

Secure Voice

High Performance AIM Security and Voice Services

USB Ports for Removable Credentials


Integrated Security Services in the Small Office

Corporation Cisco 800/1800

Remote Office

IPSec VPN

Deep Packet Inspection Firewallfor Managed Firewall Service

High Seed Encryption for Managed IPSec or AES VPNs

Inline IPS Inline Threat Containment - Create Zones of Protection

Cisco SDM Used for Setup and Monitoring of Security Policy

User Authentication with 802.1x

Internet

SP Network

Antivirus PolicySystem

Router Enforces Firewall, Antivirus, URL access Policies at the Small Office

N2H2/ Websense URL Policy

Server


Intrusion Prevention + Anti-Virus

Cisco and Trend Micro Symbiosis:• Address the network virus/worm life cycle by providing

system-level worm and virus defense across Cisco infrastructure• Provide key extensions to the Cisco Self-Defending Network

• Integration of Trend Micro virus signature technologies into Cisco IPS signature database

Enhanced anti-virus at the IPS sensor

Better anti-virus signature response times

No added cost, configuration or management burden

Available since August 2004

• NEXT: Licensing of additional Trend Micro technology to address real-time protection against new threats

Outbreak Prevention Service for real-time protection against new threats


New Cisco 800 Series Integrated Services Routers for Small Offices

• High performance for broadband accessin small offices

• Advanced security including:Stateful inspection firewallIPSec VPNs (3DES or AES)Intrusion Prevention System (IPS) Antivirus support through Network Admission Control (NAC) and enforcement of secure access policies Cisco Easy VPN & DMVPN with Autosecure

• Secure WLAN 802.11b/g option with use of multiple, replaceable antennas

• 4-port 10/100 managed switch with 802.1q VLAN support & inline power using mid-span module

• Easy set up and deployment and remote management capabilities through Web-based tools and Cisco IOS Software


Cisco 1800 Series Fixed Configuration Integrated Services Routers (Cisco 1811 Shown)

Dual, Replaceable Antennas

DSL WAN Port:• ADSL (1801)• ADSL over ISDN (1802)• G.SHDSL (1803)

Console Port

Security Cable Lock

Internal Power Supply

8-Port 10/100 Switch with optional POE

AUX PortDual 10/100 MB FE WAN Ports (1811, 1812)

USB 2.0 Ports for Security Tokens (1811/1812)

ISDN S/T (1801, 1802, 1803, 1812) or Analog Modem (1811) for Backup and Out-of-Band Management Cisco 1811 Shown

MemoryFlashDefault: 32 MBMax: 128 MB

DRAMDefault: 128 MBMax: 384 MB

PoE Power Input

Antenna Options


Cisco Security Device Manager (SDM) Combining Ease Of Use and Application Intelligence

Intuitive, Web-Based Device Management Tool Embedded in Cisco ISRs

• New Express Set Up feature• Supports WLAN configurations and

new ISRs• Intelligent wizards: Auto-detect

misconfiguration and proposes fixes• Quick deployment: 1-Step Router

lockdown (firewall), and VPN wizard (Site-to-site, easy VPN)

• Security audit: ICSA, TAC recommended security configuration

• Run from the Router (no software install needed)

• Run from a PC (ease of always using the most up-to-date version)


Miercom 1812 W and SDM 2.1.1 Test Findings Redefining Integrated Services and Ease of Use

Verified Concurrent Secure, Broadband Wireless Services

“In our tests, the Cisco 1812 Wireless router ran multiple applications, including Network Admission Control, Firewall, and Intrusion Prevention, as well as NAT, QoS, SLA monitoring, and 3DES encryption over a backup link with DMVPN - all concurrent with routing traffic.

We figure that the latest version 2.1.1 of the SDM configuration and management application reduces in half the technical expertise required to properly configure and deploy the router with these services.”

Ed MierPresident, Mier Communications Inc.

View the Test Report at:www.miercom.com

* after external launch

http://www.miercom.com/


USING THE SELF-DEFENDING NETWORK TO PREVENT THEFT OF INFORMATION

292929


Theft of Information Characteristics

2825

82

40

77

26 26

82

38

75

25

31

81

49

76

2126

77

44

81

21

30

74

53

86

0

20

40

60

80

100

ForeignGov.

IndependentHackers

DisgruntledEmployees

2003

2002

2001

2000

1999

Foreign Corp.

U.S. Competitors

Likely Sources of Attack• Proprietary information

stolen from the organizationIntellectual property, patents, engineering designs, strategy, customer lists/data, etc.

• Committed by EXTERNAL or INTERNAL resources to the company

Industrial espionage, organized crime, vandals, disgruntled employees, bragging rights, etc.

• Malicious intent, not accidental!

• Damage can be severeCost, intellectual property lost, company image tarnished, competitive advantage reduced

2003: 488 Respondents/92%2002: 414 Respondents/82%2001: 484 Respondents/91%2000: 583 Respondents/90%1999: 460 Respondents/88%


Wired Connection Site-to-Site

Security via IPSec VPN

Remote Access Security via SSL and IPSec VPN

VLAN Creation and Assignment

Cisco Catalyst

Wireless Connection

Cisco IP PhoneEncrypted Voice

Cisco PIX Firewall

Cisco 4200IPS Sensor

Cisco VPN 3000

VLAN1HRVLAN2Finance

VLAN3Marketing

Service Provider Network

Cisco ISR

Cisco ISR

CiscoWorks VMS

CSA

CSA

Identity ManagementIdentity ManagementAccess EnforcementAccess Enforcement

The Cisco Theft of Information Prevention Solution

Data Data Confidentiality Confidentiality and Integrityand Integrity

Network Network Admission Admission

ControlControl

BehavioralBehavioralPolicyPolicy

EnforcementEnforcement

Cisco VPN Client

Secure Transport of Secure Transport of Applications and Data Across Applications and Data Across

Untrusted NetworksUntrusted Networks

Perimeter ProtectionPerimeter ProtectionAgainst UnauthorizedAgainst Unauthorized

ActionsActions

Grant and Enforce Grant and Enforce Access According Access According

to Trust Levelto Trust LevelServer Server

ProtectionProtection


Steps to Protect Against Theft

1) Determine if the device/user is trustedNAC, IBNS

2) Once trusted, protect the user’s informationVPN

3) Protect endpoints and network from those “trusted” people (>70% thefts are committed by INTERNAL people!)CSA, FW, IPS, network intelligence


Grant Access Based on User Trust

802.1x Authentication Challenge

802.1x Authentication Info

2. Verify Login and Check with Policy DB

4. Credentials VerifiedLogin grantedSend Policies

• Set port to enable• Set port vlan 106. VLAN 10

Engineering VLAN

5. Switch applies policies and enables port.

Login + Certificate

Login Verified

CiscoSecure ACSAAA Radius Server

802.1x Authentication Server

Active Directory3. Login and Certificate Services

6500 Series Access Points

4000 Series3550/2950 Series

802.1x Capable Access Devices

1. 802.1x Capable Client

Secure Access In Action

Identity Based Networking Services


Protect the Voice and Data

Cisco CallManagerCall setup and signalingHost IDS protection

Cisco IP PhonePhone handset with integrated QoS

RemoteOffice Headquarters

VPN

Cisco VPN Branch RoutersIntegrated LAN, WAN, IP Routing, voice gateway and security

• Firewall• VPN• Intrusion Protection

Cisco VPN Head-End RouterIPSec integration with Voice, Video, Data

• Scalable VPN termination• Site to site / remote access VPN• Bandwidth allocation

Data Privacy and Integrity


Cisco Rated Only Fully-Secure IPT System

• Cisco had the only solution named “Secure” in grueling independent test:

• Breaking Through IP TelephonyNetwork World Magazine, May 24, 2004

Hundreds of tests over 3 days, Layers 2–6

Cisco had highest grade awarded

NO exploitable vulnerabilities found

NO negative effect on voice quality

• Other vendor solutions had “serious vulnerabilities”

“To date we have not seen a VoIP solution that outperforms the security provided by Cisco.”Randall Birdsall, Miercom



Remote Access—SSL and IPSec VPNs Deployment Scenarios

SSL VPN IPSEC VPN

• Uses a standard web browser to access the corporate network

• SSL encryption native to browser provides transport security

• Applications accessed through browser portal

• Limited client/server applications accessed using applets

• Granular access control can limit access to specific web pages or other internal resources

• IT department may have limited or no control over the remote system, especially in the case of a partner

• Strong authentication a necessity

• Uses purpose-built client software for network access

• Client provides encryption and desktop security

• Client establishes seamless connection to network

• All applications are accessible through their native interface - no browser dependency

• Access control less granular - wide open or limited to certain internal hosts or subnets

• IT department often maintains complementary applications on PC like anti-virus and personal firewall software

• Strong authentication desirable


Protecting Proprietary Data: Example

Q. How do you allow access to sensitive data from a potentially hostile environment?

Contractors, partners, consultants that need access to some of your information to do their work, but you don’t want them to take that information with them when they leave

A. Don’t let data stay in hostile environmentControl the applications accessing data and prevent them from storing or printing the sensitive data in non-protected locations



Cisco Secure DesktopComprehensive Endpoint Security for SSL VPN

THE TECHNOLOGY: VIRTUAL SECURE DESKTOPRemoves sensitive security information (cookies, browser cache/history, e-mail file attachments, etc.) related to an SSL VPN connection at the close of the session. This protects from exploitation of such information for host network or system penetration.

• The Virtual Secure Desktop is transparent to the end user and automatically creates a secure session under Windows 2000 and Windows XP

• User can still have access to all of the PC’s hardware and software resources

• All applications and processes that run in the Virtual Secure Desktop are controlled

• The Virtual Secure Desktop creates a cryptographic file system on the fly and nothing is ever written in clear on the disk


CSA Protects Against Theft

• CSA can prevent files from being copied to removable hard drives (ex. USB stick)

• CSA can prevent sensitive information from being saved on local machines

• CSA can identify protect against port scans

• CSA can thwart hackers trying to gain access to the system using strange methods (i.e. bad behavior profiles)


Cisco Self-Defending Network: Controlling the Who, What, Where, When, Why, and How

Cisco Self-Defending Network Solution That Strictly Controls Access to Sensitive Data

• Who—allow access to sensitive data only by authorized personnel

• What—prevent data from ever being stored, copied, or printed outside the secure environment

• Where—ensure data is only stored in the secure location

• When—users process data normally, but the data never “sleeps”outside of the secure area, control access time

• Why— better protect sensitive data with higher levels of security

• How—data access is restricted, authenticated, and audited by Cisco Self-Defending Network


Solution Example

SECURE AREA

INSECURE AREA

SAN Disks

CSAMC Printers

VPN3000

PIX

11

CSA + VPNCSA + VPN33

Workstations

CSA + VPN3

CSA + VPN3

CSA + VPN3

CSA + VPN3

IPS

2

1. Workstations use VPN to access secure area

AYT + CSAPIX rejects all other traffic

2. Inline IPS blocks all non-file access to NAS

File and Print OKAll else dropped

3. CSA controls access to NAS

Only approved appsApps can only store data on NASApps can only print to NAS printersAccess audited


INTERNAL Theft of Information Risk:Man-in-the-Middle Attack Protection

Catalyst Integrated Security Features (CISF) Protect Both Data and VoIP Applications Against Theft

CISF Technologies:• Port Security• DHCP Snooping• Dynamic ARP Inspection• IP Source Guard• BPDU Guard• Root Guard• ACLs


Port Security Protects Against MAC Address Flooding Attacks

Port Security Limits the number of devices that can use that port.

Thief can not gain access

00:0e:00:aa:aa:aa00:0e:00:bb:bb:bb00:0e:00:aa:aa:aa00:0e:00:bb:bb:bb

Thief can plug a device onto the wire before the switch port and

gain access to the network

Only 3 MAC Only 3 MAC Addresses Addresses allowed on allowed on

the port: the port: ShutdownShutdown

Problem: Solution:

XXXX



Dynamic ARP Inspection

My GW Is10.1.1.1

IP: 10.1.1.1

10.1.1.2I’m Your

GW: 10.1.1.1

Not by my Binding Table

MAC: 0000.0000.0001

Gratuitous ARP to Change End Device MAC to ARP Tables

What It Does:Maintains a binding table containing IP and MAC address associations dynamically populated using DHCP Snooping

Benefit:Ensures integrity of user and default gateway information such that traffic cannot be captured



Integrated Security Advantages

Use What You Have

Leverage existing network infrastructure by enabling security through Cisco IOS

Protect Your Infrastructure

Use the network to protect the network

Save Time and Money

Minimize the number of devices and management tools; maximize IT staff efficiency

Deploy Security Where You Need It Most

Apply security functionality anywhere in the network—protect all network entry points

Reduce Your Risk!

Deploy integrated security to minimize exposure to risk

“ANYONE CAN BUILD A STOP SIGN—OR EVEN A TRAFFIC LIGHT—BUT IT TAKES A DIFFERENT MIND-SET ENTIRELY TO CONCEIVE OF A CITY-WIDE TRAFFIC CONTROL SYSTEM.”

Bruce Schneier, “Beyond Fear”


10983_04_2005_c1 474747© 2005 Cisco Systems, Inc. All rights reserved.

Documents

Outbreak Prevention - NTSC - cisco.com · A group of computers infected by a worm or Trojan and taken over surreptitiously by hackers. This network of computers can be used to attack