CONSIDERACIONES INMUNOLÓGICAS SOBRE LA SEPSIS

Many modern security threats rapidly propagate across the Internet and internal networks. As a result, security components need to be able to respond rapidly to emerging threats. To combat these threats, Cisco offers the Cisco Self-Defending Network, which is its vision for using the network to recognize threats and then prevent and adapt to them. This section describes the implementation of the Cisco Self-Defending Network approach, which leverages Cisco products and solutions.

Evolving Security Threats

As computing resources have evolved over the past couple of decades, security threats have kept pace. For example, in the 1980s, boot viruses presented a threat to computer systems. However, such viruses took weeks to propagate throughout an individual network. During the 1990s, more-advanced viruses, denial-of-service (DoS) attacks, and other hacking attacks evolved. These attacks could impact multiple networks and propagate in a matter of days.

Modern networks face threats such as blended threats, which combine worm, virus, and Trojan horse characteristics. Such advanced threats can spread throughout regional networks in a matter of minutes. Future threats are anticipated to spread globally within just a few seconds.

One of the challenges of protecting against these evolving threats is the ambiguity of network boundaries. For example, consider the following:

■ Port 80 traditionally is thought of as the port used for web traffic. Because it is often an open conduit entering “secured” networks, attackers can attempt to send malicious traffic in the form of port 80 payloads.

■ Because traffic is often sent in an encrypted format (for example, using Secure Socket Layer [SSL] or Transport Layer Security [TLS]), malicious traffic can often escape recognition (for example, by Intrusion Prevention System [IPS] or Intrusion Detection System [IDS] appliances).

Creating a Cisco Self-Defending Network 67

■ Clients often have multiple network connections (for example, a wireless laptop connected to a corporate wireless access point and also acting as a peer in a wireless ad-hoc network). Therefore, those clients might act as conduits for malicious users to access a “secured” network.

Constructing a Cisco Self-Defending Network

When a Cisco Self-Defending Network is constructed, consideration is given to how the individual security products work together. As a result, a Cisco Self-Defending Network integrates a collection of security solutions to identify threats, prevent those threats, and adapt to emerging threats.

Figure 2-4 highlights the three core characteristics of a Cisco Self-Defending Network, which are described in Table 2-7.

Figure 2-4 Cisco Self-Defending Network Core Characteristics

Cisco Self-Defending Networks can be more cost-effective, as compared to merely implementing a series of standalone solutions (also known as point solutions). This is

Table 2-7 Cisco Self-Defending Network Core Characteristics

Characteristic Description

Integrated Security is built in to the network, as opposed to being added to an existing network.

Collaborative IT personnel focusing on security collaborate with IT personnel focusing on network operations.

Adaptive Security solutions can adapt to evolving threats.

Integrated Collaborative Adaptive

because a complementary infrastructure simplifies management and administrative tasks. Similarly, equipment upgrade cycles can be better coordinated. Construction of a Cisco Self-Defending Network begins with a network platform that has integrated security. Then, strategic security features such as the following are layered on top of the already secure foundation:

■ Threat control: Strategies to contain and control threats include the following:

— Endpoint threat control defends endpoints against threats, typically sourced from the Internet, such as viruses and spyware.

— Infrastructure threat control protects servers and shared applications from internal and external threats.

— E-mail threat control blocks security threats sourced from e-mail, such as malicious attachments.

■ Confidential and authenticated communication: Technologies such as IPsec and SSL VPNs can provide confidential and authenticated communications channels. Specifically, the Cisco Secure Communications solution offers a set of products that can be categorized into one of two broad categories:

— Remote-access communications security secures transmission to an organization’s network and applications via a secure tunnel formed across the Internet on an as-needed basis.

— Site-to-site communications security secures transmission between an organization’s primary site and other sites (for example, home offices or business partners) via an Internet-based WAN infrastructure.

■ Management solutions: Products that provide system-wide control of policies and configuration offer a variety of benefits:

— Efficiency of rolling out a new policy to multiple devices while maintaining consistency of the configuration

— Comprehensive view of a network’s end-to-end security status

— Quick response to attacks

— Improved congruity with an organizational security policy Figure 2-5 shows the hierarchical structure of a Cisco Self-Defending Network.

Creating a Cisco Self-Defending Network 69

Figure 2-5 Cisco Self-Defending Network Hierarchical Structure

Cisco Security Management Suite

As an organization’s network begins to grow, end-to-end security management becomes a more daunting task. Fortunately, Cisco offers a suite of security management tools, the main components of which are Cisco Security Manager and Cisco Security Monitoring, Analysis, and Response System (MARS).

Cisco Security Manager

The Cisco Security Manager application can be used to configure security features on a wide variety of Cisco security products. From a scalability perspective, Cisco Security Manager can be useful on smaller networks (for example, networks with fewer than ten devices), and it can also help more efficiently manage networks containing thousands of devices. As a few examples, the Cisco Security Manager application offers these features: ■ Provisioning security on a variety of Cisco platforms, including Cisco IOS-based

routers, Cisco ASA 5500 series security appliances, Cisco PIX 500 series security appliances, Cisco IPS 4200 sensors, and the Advanced Inspection and Prevention Security Services Module (AIP-SSM), available for the Cisco Catalyst 6500 series switch platform

■ Performing configuration tasks via a graphical interface

■ Applying a centralized policy, which maintains consistency throughout a network and that can be inherited by newly installed devices

Secure Network Platform Threat

Containment

Protected Communications Management

■ Interoperates with Cisco Secure Access Control Server (ACS) to provide different sets of permissions to different users

Cisco Security MARS

The Cisco Security MARS product offers security monitoring for security devices and applications. In addition to Cisco devices and applications, Cisco Security MARS can monitor many third-party devices and applications. As a few examples, Cisco Security MARS performs these functions:

■ It uses event correlation to collect events from multiple devices in the network, thereby reducing the number of false positives.

■ It identifies appropriate mitigation strategies for specific security challenges. ■ It uses Cisco NetFlow technology to more readily identify network anomalies.

Cisco Integrated Security Products

A Cisco Self-Defending Network relies on a collection of complementary security solutions. Table 2-8 identifies some of the products available in the Cisco product line that could contribute to a Cisco Self-Defending Network.

NOTE The following URL offers a flash-based introduction to Cisco Security Manager: http://www.cisco.com/cdc_content_elements/flash/sec_manager/index.html

NOTE The following URL offers a flash-based introduction to Cisco Security MARS: http://www.cisco.com/cdc_content_elements/flash/security_mars/demo.htm

Table 2-8 Examples of Cisco Security Products

Product Description

Cisco IOS router

Many Cisco IOS routers can be configured with Intrusion Prevention System (IPS), virtual private network (VPN), and firewall features. Cisco ASA

5500 series security appliance

The Cisco 5500 series of Adaptive Security Appliances (ASA) offers a wide variety of security solutions, such as firewall, IPS, VPN, antispyware, antivirus, and antiphishing. Figure 2-6 shows a collection of Cisco ASA 5500 series security appliances.

Cisco PIX 500 series security appliance

The Cisco PIX 500 series of security appliances offer firewall and VPN-termination features. As an example, Figure 2-7 shows a Cisco PIX 535 security appliance.

Creating a Cisco Self-Defending Network 71

Product Description

Cisco 4200 series IPS appliances

The Cisco 4200 series of IPS appliances can analyze traffic inline. If this inline analysis identifies traffic believed to be malicious, the IPS appliance can perform such operations as dropping the traffic, sending an alert, and instructing another network device (such as a Cisco PIX security appliance) to block connections from the offending host. Figure 2-8 shows a selection of Cisco 4200 series IPS appliances. Cisco

Security Agent (CSA)

Cisco Security Agent (CSA) is an application that provides IPS services on a host. Therefore, CSA is called a Host-based Intrusion Prevention System (HIPS) application.

Cisco Secure Access Control Server

The Cisco Secure Access Control Server (ACS) application can provide an authentication, authorization, and accounting (AAA) function, thus allowing different sets of permissions to be applied to different users. Cisco Catalyst 6500 series switch and Cisco 7600 series router modules

Cisco Catalyst 6500 series switches and Cisco 7600 series routers use a modular chassis with multiple interchangeable modules. Some of these modules provide security features to the chassis. For example, you could insert a Firewall Services Module (FWSM) into a chassis to provide firewall services between various VLANs defined on a Cisco Catalyst 6500 series switch.

Cisco Router and Security Device Manager (SDM)

Cisco SDM provides a graphical interface for configuring a variety of security features (for example, IPS, IPsec site-to-site VPN, and firewall features), in addition to multiple router configuration features. Figure 2-9 shows the home screen of the SDM application.

Figure 2-6 Cisco ASA 5500 Series Security Appliances

Figure 2-7 Cisco PIX 535 Security Appliance

Creating a Cisco Self-Defending Network 73

Exam Preparation Tasks

Review All the Key Topics

Review the most important topics from this chapter, denoted with the Key Topic icon. Table 2-9 lists these key topics and the page where each is found.

Table 2-9 Key Topics for Chapter 2

Key Topic

Element Description

Page Number

List The five phases of SDLC 49

List SDLC’s initiation phase procedures 49

List SDLC’s acquisition and development phase procedures 49

List SDLC’s implementation phase procedures 50

List SDLC’s operations and maintenance phase procedures 50

List SDLC’s disposition phase procedures 51

Table 2-2 Operations security recommendations 51-52

List Three phases of recovery 55

Table 2-3 Disruption categories 56

Table 2-4 Backup sites 56

List Detailed documents included in a security policy 59

Table 2-5 Annualized loss expectancy factors 61

List Components of risk mitigation 62

Table 2-6 Components of a security awareness program 65

Table 2-7 Cisco Self-Defending Network core characteristics 67

Definition of Key Terms 75

Complete the Tables and Lists from Memory

Print a copy of Appendix D, “Memory Tables,” (found on the CD) or at least the section for this chapter, and complete the tables and lists from memory. Appendix E, “Memory Tables Answer Key,” also on the CD, includes completed tables and lists so that you can check your work.

Definition of Key Terms

Define the following key terms from this chapter, and check your answers in the glossary: System Development Life Cycle (SDLC), disaster recovery plan, nondisaster, disaster, catastrophe, hot site, warm site, cold site, security policy, threat identification, risk analysis, awareness, training, education, Cisco Self- Defending Network, Cisco Security Manager, Cisco Security MARS

ISR overview and providing secure

administrative access: This section describes methods of securely accessing a router prompt for purposes of administration. Additionally, this section provides an overview of the Cisco Integrated Services Router (ISR) line of routers.

Cisco Security Device Manager overview:

This section examines the Cisco Security Device Manager (SDM) interface. The graphical interface provided by SDM allows administrators to configure a variety of router features using a collection of wizards and other configuration aids, which use best-practice recommendations from the Cisco Technical Assistance Center (TAC).

C HA

P

T

E

R

3