This chapter suggests design principles to plan a threat control and containment strategy using firewalls and intrusion prevention systems in Cisco IOS environments. This chapter provides a general evaluation of the current state of enterprise security in the presence of evolving threats. It presents the design considerations for a threat protection strategy as part of a risk management strategy with Cisco threat control and containment solutions.
Trang 1© 2012 Cisco and/or its affiliates All rights reserved 1
Planning a Threat Control Strategy
Trang 2© 2012 Cisco and/or its affiliates All rights reserved 2
In this chapter, we will
• Evaluate the current state of enterprise security in the presence of
evolving threats
• Describe design considerations for a threat protection strategy to
mitigate threats as part of a risk management strategy
• Describe how Cisco strategizes threat control and containment
Contents
Trang 3© 2012 Cisco and/or its affiliates All rights reserved 3
Recent threat vectors include the following:
• Cognitive threats: social networks (likejacking)
• Smartphones, tablets, and consumer electronics exploits
• Widespread website compromises
• Disruption of critical infrastructure
• Virtualization exploits
• Memory scraping
• Hardware hacking
Trends in Network Security Threats
Trang 4© 2012 Cisco and/or its affiliates All rights reserved 4
The following is a list of the specific trends that can be gathered from the evolution of threats in information security:
•Insidious motivation, high impact
•Targeted, mutating, stealth threats
•Threats consistently focusing on the application layer
•Social engineering front and center
•Threats exploiting the borderless network
Trends in Network Security Threats
Trang 5© 2012 Cisco and/or its affiliates All rights reserved 5
The result of the recent trends in information security threats is the need
for an updated, carefully planned threat control and mitigation strategy,
and a revision of old design paradigms
• Policies and process definition
• Mitigation technologies
• End-user awareness
Threat Mitigation and Containment: Design
Fundamentals
Trang 6© 2012 Cisco and/or its affiliates All rights reserved 6
These new paradigms result in specific design guidelines for the threat
control and containment architecture:
• Stick to the basics
• Risk management
• Distributed security intelligence
• Security intelligence analysis
• Application layer visibility
• Incident response
Threat Control Design Guidelines
Trang 7© 2012 Cisco and/or its affiliates All rights reserved 7
Application Layer Visibility
Trang 8© 2012 Cisco and/or its affiliates All rights reserved 8
Distributed Security Intelligence Using Telemetry
Distributed Security Intelligence
Trang 9© 2012 Cisco and/or its affiliates All rights reserved 9
Security Information and Event Management (SIEM)
Security Intelligence Analysis
Trang 10© 2012 Cisco and/or its affiliates All rights reserved 10
Cisco Threat Control and Containment
Categories
Trang 11© 2012 Cisco and/or its affiliates All rights reserved 11
• Application Awareness
• Any alphanumeric character
• Modular Policy Framework (MPF)
• Network Based Application Recognition (NBAR)
• Flexible Packet Matching (FPM)
• Application-Specific Gateways
• Security Management
Integrated Approach to Threat Control
Trang 12© 2012 Cisco and/or its affiliates All rights reserved 12
Cisco IronPort SenderBase Web Page
Cisco Security Intelligence Operations
Site
Trang 13© 2012 Cisco and/or its affiliates All rights reserved 13
Cisco Security Appliances
• Cisco ASA
• Hardware modules : Cisco catalyst 6500 ASA services module and
Cisco catalyst 6500 Firewall Services Module (FWSM)
• Cisco IOS Firewall
• Cisco Virtual Security Gateway (VSG)
The different firewalls listed above implement various access control
mechanisms for the new landscape of information security threats that are
described in this module:
• Zone-based firewall
• ACLs
• FPM
• AIC
• MPF
• URL filtering
• User-based access control (cut-through proxy)
• Stateful failover
Cisco Threat Control and Containment Solutions
Fundamentals
Trang 14© 2012 Cisco and/or its affiliates All rights reserved 14
• Cisco IPS 4200 Series Sensors
• Hardware Module : integrate into ASA, Catalyst 6500 and ISR
• Cisco IOS IPS
These IPSs implement various intrusion management solutions for the
new landscape of information security threats that are described in an
upcoming chapter:
• Rich set of detection mechanisms
• Signatures
• Anomaly detection
• Normalization
• Correlation
• Automatic signature updates
• Multiple deployment modes
• Inline
• Promiscuous
Cisco IPSs
Trang 15© 2012 Cisco and/or its affiliates All rights reserved 15
Threat Control Scenario for a Small
Business
Trang 16© 2012 Cisco and/or its affiliates All rights reserved 16
The following are the main points conveyed in this chapter:
• Threat control and containment should distribute security intelligence,
improve incident analysis and correlation, and respond automatically
• Cisco threat control and containment solutions provide multiple
deployment options: appliance, hardware module, software based, and
virtualized
• Cisco threat control and containment is a solution for small, medium, and large businesses
Summary
Trang 17© 2012 Cisco and/or its affiliates All rights reserved 17
• For additional information, refer to these Cisco.com resources:
• “Cisco Security Intelligence Operations,” http://
tools.cisco.com/security/center/home.x
• “Cisco 5500 Series Adaptive Security Appliances,” http://
www.cisco.com/en/US/products/ps6120/index.html
Ref
Trang 18© 2012 Cisco and/or its affiliates All rights reserved.
© 2012 Cisco and/or its affiliates All rights reserved.