自防御网络和可信网络(1).ppt

《自防御网络和可信网络(1).ppt》由会员分享，可在线阅读，更多相关《自防御网络和可信网络(1).ppt（26页珍藏版）》请在三一办公上搜索。

1、自防御网络和可信网络,思科系统（中国）网络技术有限公司2006,议程,聚焦安全思科的安全承诺,RSA Conference 2006 概况,2月14日18日，在美国旧金山举行2006 RSA大会2006年的RSA会议规模空前，大约有14000名安全领域专业人士参加了这一盛会，比2004年增长了约30 全球275家安全领域的领先厂商，包括思科、微软、IBM、SUN、HP、赛门铁克、CA等主流大型IT厂商200多场分会议 安全领域的分工非常之细，一些公司专攻一项安全技术多位引领IT发展的超重量级人物出席覆盖的安全技术：applied security,compliance,government a

2、nd policy,hackers and threats,identity management and wireless security,RSA Conference 2006 Keynote Speech,John Chambers,president and CEO,Cisco Systems,Inc.Bill Gates,chairman and chief software architect,Microsoft Corp.Scott McNealy,chairman and CEO,Sun Microsystems,Inc.John Thompson,chairman and

3、CEO,Symantec,and Art Coviello,CEO and president,RSA Security Inc.,RSA Conference 2006 主旋律,开放的安全架构“应用安全”唱主角安全技术并购行为，小公司为被收购做准备 大公司强力进军安全 信息安全，这一几年前还略显边缘的IT技术，正变得越来越主流 网络安全从2003年的第12位，跃升为2004年的第一名，超越了“降低成本”项目,对安全标准的思考,TCG模式：设备身份 Intel Pentium III CPU 标识符(1999)设备与用户身份的关联涉及消费者隐私TCPA(1999)TPM 硬件模块与协议为解决知

4、识产权(IPR)问题设立TCG(2003)设计被内部采纳后再公开方案细则（会员优先）缴费会员制度,开源界表示担忧重新定向于支持DRM(与微软的Palladium 结合)IETF模式,来自VeriSign公司的信息,眼下安全行业应当一改专利性方案，转而接受开放式、能够协同工作的验证标准 VeriSign-开放式验证参考体系结构（OATH）：为验证提供了一个参考体系结构，所用的通用密钥能够为应用程序、多个设备以及内外网络所识别,来自SUN公司的信息,开放的架构和共享代码Sun 的开放架构从Java到开放源代码Solaris 10，能够很好地解决安全问题,来自Cisco的信息,标准是网络安全的必经之

5、路安全必须是面向整个架构的技术和方案安全与网络的融合是发展的必然思科公司的安全战略自防御网络（Self-Defending Network）进入了新阶段ATD（自适应威胁防御）应用安全智能控制反间谍软件和反广告软件重视网络的47层的应用安全上2004年全球网络安全市场的规模达到了41亿美元，其中思科公司占据了近30的市场份额，牢牢占据了第一的位置。,安全需要开放标准,网络开放标准是为能互相协作而制定的广泛参与性（公司，政府，开源界，个人）开放标准参与者在用户功能与通用功能之间权衡多种重叠标准会制造困难与互相协作冲突长远来讲维护分立市场需付出更高代价,议程,2006 RSA Conference

6、 聚焦安全思科的安全承诺安全无忧,智能化信息网络支撑网络安全,Connectivity,Intelligent Networking,Utilize the network to unite isolated layers and domains to enable business processes,Cisco Network Strategy,对安全标准的承诺,通往标准的途径成功开发产品与合作伙伴实现相互协作（工业协会）向开放标准组织提案标准中的知识产权资产的法律价值与法律保护标准的许可及思科的策略标准有自己的文化关系，声誉及专长的建立需要耐心常规出席(IEEE,W3C)个人参与(IET

7、F)大型组织(ITU,OASIS),自防御网络对安全的承诺利用网络发现、防范和消除威胁,整个网络中的服务和设备通过协作制止威胁,协作,让每个组件都成为一个防御和策略实施点,集成,集成安全基础设施安全,Protect the network infrastructure from attacks Control Plane Policing,NBAR,AutoSecure,Leverage the networkto intelligently protect EndpointsNAC,802.1x,Secure and scalable network connectivitySecure V

8、oice(sRTP,V3PN),DMVPN,MPLS&IPSec,Integrated Security Services,Delivered at Wire Speed,Prevent and respondto network attacks and threats such as wormsIntrusion Prevention,Netflow,App Firewall,OPS,Securing the IP Fabric with Integrated Security,协作安全安全超越单一边界,几乎所有设备都是 Multi-homed 网络真正的起止点在那里？许多设备不由企业控制，

9、但公司需要给咨询顾问或客人等等提供上网权利怎样为某一特定边界提供保护？怎样符合法规？,Peer-2-Peer,思科NAC网络准入控制架构,The best technological approach for EnterpriseBegin Long-Term Enterprise Solution with integrated product and services,CCA on top of NAC framework provides future proofing,The best turnkey appliance product for all vericalsAddress

10、immediate pain-points with CCA,NAC Convergence=Future Proof,ANTI VIRUS,CLIENT SECURITY,安全需要合作-思科与业界的合作,AUDIT,REMEDIATION,思科网络安全的下一个重点-应用安全,Policy match must include major application protocol and payload data:HTTP,SIP,Email,FTP,DNSFull complement of security services at the application protocol and

11、payload level:encryption,logging,intrusion prevention,access control,rewrite,QoSResult:Security services once only available through software coding are now core network services,思科的“Anti-X”技术-Multi-Vector Attack Mitigation,Heuristicstatistically based algorithms to rate limit alarms produced by sen

12、sing engine,Anomalytraffic and protocol anomaly detection to complement signature based analysis,Policytraffic filtering based on security policy,Exploit-specific protection from unknown threats and quickly mutating viruses,Vulnerability encoding signatures to the underlying vulnerability for day-ze

13、ro protection,Multiple techniques utilized to block broad classes of attacksFast Signature extraction,自适应安全Cisco ASA 提供全面的安全保护,THREAT TYPES,PROTECTION,Viruses,Spyware,Malware,Phishing,Spam,Inappropriate URLs,Identity Theft,Offensive Content,Unauthorized Access,Intrusions&Attacks,Insecure Comms.,NEW

14、Anti-X Service Extensions,Resource&Information Access ProtectionHacker ProtectionClient ProtectionDDoS ProtectionProtected Email CommunicationProtected Web Browsing Protected File ExchangeUnwanted Visitor ControlAudit&Regulatory AssistanceNon-work Related Web SitesIdentity Protection,Granular Policy

15、 Controls,Comprehensive Malware Protection,Advanced Content Filtering,Integrated Message Security,Easy to Use,ASA 5500 with CSC-SSM,思科安全管理体系,Integration to Cisco Secure Access Control ServerRole Based access controlPrivileged based access to management functionalityWith the Context of Auditing Servi

16、ces,Cisco Security Mars,Rapid Threat Identification and MitigationTopology AwarenessData Correlation,Simplified Policy AdministrationEnd-to-End ConfigurationNetwork wide or Device Specific,Cisco Security Manager,思科MARS安全分析、监控与响应中心,多厂商,Powerful monitoring,analysis,response systemMultivendor supportCo

17、rrelate events frommultiple sources suchas vulnerabilityassessment and NetFlowdata to detect anomalies,可视化,降低复杂性,Lower TCOAppliance based Simple to install solutionNo hidden customization costsSimple licensing,nosoftware agents,缓解风险,Mitigate attacks by isolatingswitch ports and applyingACLs closest

18、to sourceKnow“what,where,and how”of threatsLeverage the intelligencein the network to enforce security policies,Visualize attack paths andidentify network hot spotsIdentifies valid incidentsand minimizes falsepositivesHigher network availabilityIdentify day-zero attacks,reduce resolution time,小结,智能化

19、的安全网络是发展的必然信息安全的标准化道路应用安全越显重要安全管理的体系化思科自防御网络给用户带来安全无忧，可信网络,安全无忧,MajpjMVcyzj21HLfrvy96dv02lPPfYgxUS7IYmZkyEmZ0kGeYZS3bpLCkYH1lt4EK7CxmUX3ijoYSOer7ZuaVWYgz4EpZrUirVpMzzvNtf1XZw5oswSXOtFaejnOcmfE1lZgnN1RSXg8wLCG8CVQ3XPJMvodPFWcpiYJgZazNSEPNIaklYSu7qSd1UpaxmZDlpN9zW7kljfsLCLi26Yv109ffbnDH8LbUN1G6ACURQ39

20、eG12KHL9tXsZ1jzgoCK8g1kuNOh5eFvcmVT5ZYVQt9zk3rp3qLnf02FovEXxVRxjCcFRNppiJljNiOuk6fONnyX7fyGg7sXZ49BmCN5oy9VesHpKzdjTKwjrkCEQCFDehVmGax3lrOEbw63VscA3YSijtUKoCyiLzAlVRp7l4QgPNHxvJFFDyjUVN3oHlMah0XBd4uTbkfPIhHtw0evPmYOrdhEDoPwvYhzlGplU1AU9mpyiCXH8gpPCBRYjq77VcnbXumNE1yGfyTsbSj89J63kRTKDkKUg3mdS5sJ4X5cQ

21、8dK7oW9IkScssECQdz2O9UTlpRjAFPChjhLdzopQzwxQf8ozdzOhogwAooXpUF83BX4C3jRgjDJiiXEUDMaNz4vQ4n164vspddHvOIVuBBdMA4xp1YhiHk0vOJ8TL1BxogzVlMpmod6ianYGmksQq6NWCEd56hZF4wfaNyZcrGfNxnPiG6ZAxSkfmhJAKtNmCqbRmppeXp8inz4eq3HkWCMSORyMMX522xpHG6basNr6KQfbZsFbHjzyNlJrruLolKFcC84dqfijBO5Dy2NaBcNEBPgQrT12PgpcKx2or2YChN5DPjs80zzdtdAdTKuW4uVv9bbZu3K2SZ2aEhTlIC1UqrIWibkzwHh6p8gLv26zr01mJybfOzFc4T7kQH1IpPwOzMDnAKPLsLrznXGjFNIA9bSWWms6ibKZwQIKrMzalwbFrQJvOP1rPH8rx2KkyYqrtQk5VRwM1HSX,