SAFE Architecture Guide. Places in the Network: Secure Branch

Transcription

1 SAFE Architecture Guide Places in the Network: Secure Branch January 2018

2 SAFE Architecture Guide Places in the Network: Secure Branch Contents January 2018 Contents Overview Business Flows Threats Security Capabilities Architecture Small Branch 14 Medium Branch 15 Large Branch 16 Attack Surface Human 17 Devices 18 Access Layer 19 Core and Distribution Layer 20 Services Layer 21 Summary Appendix A Proposed Design 23 Suggested Components

3 SAFE Architecture Guide Places in the Network: Secure Branch Overview January Overview The Secure Branch is a place in the network (PIN) where a company does business across dispersed locations. This guide addresses the most common branch business flows across all industries and the security used to defend them. Branch examples are stores in retail, clinics in healthcare, banks in financial markets, etc. Typically less complex and smaller in footprint than campuses or data centers, branches can have large numbers of locations supporting network access for employees, third parties, and customers. The Secure Branch is one of the six places in the network within SAFE. SAFE is a holistic approach in which Secure PINs model the physical infrastructure and Secure Domains represent the operational aspects of a network. The Secure Branch architecture guide provides: Business flows typical for branch locations Branch threats and security capabilities Business flow security architecture Design examples and a parts list Compliance Segmentation Security Intelligence Threat Defense Management Secure Services Places in the Network (PINs) Domains Figure 1 The Key to SAFE. SAFE provides the Key to simplify cybersecurity into Secure Places in the Network (PINs) for infrastructure and Secure Domains for operational guidance.

4 SAFE Architecture Guide Places in the Network: Secure Branch Overview January SAFE simplifies security by starting with business flows, then addressing their respective threats with corresponding security capabilities, architectures, and designs. SAFE provides guidance that is holistic and understandable. T H E K E Y T O S A F E Design Guides Architecture Guides Operations Guides Design Guides Secure Data Center Capability Guide Secure Services Secure Cloud SAFE Overview Threat Defense Secure WAN Segmentation Secure Internet Edge YOU ARE HERE Compliance Secure Branch Security Intelligence Secure Campus Management PLACES IN THE NETWORK SECURE DOMAINS Figure 2 SAFE Guidance Hierarchy

5 SAFE Architecture Guide Places in the Network: Secure Branch Business Flows January Business Flows The Secure Branch is where physical presence is important for internal employees, third-party partners, and customers. Internally, employees use devices (PCs, laptops, phones, tablets, and other tools) that require access to branch-critical applications (i.e. payments), collaboration services like (voice, video, ) and the Internet. Third parties, such as service providers and partners, require remote access to applications and devices. Customers at the branch use guest Internet access on their phones or tablets. Clerk processing credit card transaction to PCI server Employee researching product information on website Customer Third Party Internal Subject matter expert consulting with remote colleague Connected device with remote vendor support Guest accessing Internet website Figure 3 Branch business use cases are color coded to define where they flow.

6 SAFE Architecture Guide Places in the Network: Secure Branch Business Flows January Functional Controls Functional controls are common security considerations that are derived from the technical aspects of the business flows. Secure Applications Secure Access Secure Remote Access Secure Communications Secure Web Access Applications require sufficient security controls for protection. Employees, third parties, customers, and devices securely accessing the network. Secure remote access for employees and third-party partners that are external to the company network. , voice, and video communications connect to potential threats outside of company control and must be secured. Web access controls enforce usage policy and help prevent network infection. Secure applications for PCI: Clerk processing credit card transaction to PCI server Secure web access for employees: Employee researching product information on website Customer Third Party Internal Secure communications for collaboration: Subject matter expert consulting with remote colleague External access VPN: Connected device with remote vendor support Secure guest Internet access: Guest accessing Internet website Figure 4 Branch business flows map to functional controls based on the types of risk they present.

7 SAFE Architecture Guide Places in the Network: Secure Branch Business Flows January Capability Groups Branch security is simplified using foundational, access and business capability groups. Each flow requires access and foundational groups. Additional business activity risks require appropriate controls as shown in figure 5 which often reside outside the branch (nonbranch capabilities). For more information regarding capability groups, refer to the SAFE overview guide. Branch Capabilities Non-Branch Capabilities Clerk Secure applications for PCI: Clerk processing credit card transaction Payment Application Client-Based Security Identity Posture Assessment Firewall Intrusion Prevention Flow Analytics Threat Intelligence Anti- Malware TrustSec AVC Web Application Firewall Host-Based Security Customer Third Party Internal Employee Expert Thermostat Guest Client-Based Security Client-Based Security DNS Security DNS Security Identity Identity Identity Wireless Intrusion Prevention Posture Assessment Posture Assessment Wireless Rogue Detection Secure web access for employees: Employee researching product information Firewall Firewall Firewall Firewall Intrusion Prevention Intrusion Prevention Intrusion Prevention Intrusion Prevention Flow Analytics Flow Analytics Flow Analytics Flow Analytics Threat Intelligence Threat Intelligence Threat Intelligence Threat Intelligence Anti- Malware Anti- Malware Anti- Malware Anti- Malware TrustSec TrustSec TrustSec TrustSec AVC VPN Web Security Secure communications for collaboration: Subject matter expert consultation Posture Assessment Posture Assessment Identity Secure remote access for third party: Connected device with remote vendor support Client-Based Security Secure web access for guests: Guest accessing the Internet for comparative shopping Client-Based Security Identity Website Colleague Remote Technician Website ACCESS FOUNDATIONAL BUSINESS Figure 5 Branch security simplified into capability groups Secure Branch threats and capabilities are defined in the following sections.

8 SAFE Architecture Guide Places in the Network: Secure Branch Threats January Threats The branch has four primary threats, and the defense is explained throughout the rest of the document: Exploitation of trust People have a specific job to do. Unfortunately, the trust of employees can be compromised. Malicious employees (especially administrators) are very dangerous. Partners can be compromised. If a trusted partner is breached, an attacker would have access via stolen credentials. Endpoint malware Devices present at the branch are a common source of contamination. Devices of employees, partners or customers can be infected from multiple sources such as web use, use, or lateral infection from other devices on the network. Mobile devices can roam networks increasing chances of compromise. Devices accepting credit cards and the Internet of Things are primary attack points. Unauthorized/malicious device activity Devices at the branch range from Employee PCs to Temperature Controls Units. Although PCs can use client security software, zeroday attacks can bypass them. Worse, many devices are not constructed with strong security. Advanced persistent threats take advantage of exploits from various resources, and once compromised through vulnerability, can be used to contribute to a larger overall attack. Wireless infrastructure exploits Wireless networks expose companies to threats beyond their walls. A company s wireless service allows attackers access that they would not normally have without physical access. Attackers with physical access can place their own (rogue) wireless access points which allow them to continue attacks from parking lots or other locations outside the physical walls of the company.

9 SAFE Architecture Guide Places in the Network: Secure Branch Security Capabilities January Security Capabilities The attack surface of the branch is defined by the business flow, which includes the people and the technology present. The security capabilities that are needed to respond to the threats are mapped in Figure 6. The branch security capabilities are listed in table 1. The placement of these capabilities are discussed in the architecture section. HUMAN DEVICES NETWORK APPLICATIONS Attack Surface Users Endpoints Wired Wireless Analysis WAN Cloud Services Employees, Third Parties, Customers, and Administrators Client Voice Network Wireless Connection Public WAN Public/Hybrid Cloud Application Video Security Identity Client-Based Firewall Wireless Rogue Anti-Malware Security Detection Web Security Cloud Security Server-Based Security Posture Assessment Intrusion Prevention Wireless Intrusion Prevention System Threat Intelligence Virtual Private Network (VPN) TrustSec Flow Analytics Figure 6 Secure Branch Attack Surface and Security Capabilities The branch primary threats are mitigated by security capabilities placed within architectural locations that are described in the following sections.

10 SAFE Architecture Guide Places in the Network: Secure Branch Security Capabilities January Table 1 Secure Branch Attack Surface, Security Capability, and Threat Mapping Branch Attack Surface Human Security Capability Threat Users: Employees, third parties, customers, and administrators. Identity: Identity-based access. Attackers accessing restricted information resources. Devices Security Capability Threat Client-based Security: Security software for devices with the following capabilities: Anti-Malware Malware compromising systems. Clients: Devices such as PCs, laptops, smartphones, tablets. Anti-Virus Cloud Security Viruses compromising systems. Redirection of user to malicious website. Personal Firewall Unauthorized access and malformed packets connecting to client. Posture Assessment: Client endpoint compliance verification and authorization. Compromised devices connecting to infrastructure. Voice: Phone. N/A: Covered in Secure Services domain. Attackers accessing private information. Video: Displays, collaboration. N/A: Covered in Secure Services domain. Attackers accessing private information.

11 SAFE Architecture Guide Places in the Network: Secure Branch Security Capabilities January Network Security Capability Threat Wired Network: Physical network infrastructure; routers, switches, used to connect access, distribution, core, and services layers together. Firewall: Stateful filtering and protocol inspection between branch layers and the outside Internet, and service provider connections to the data center. Intrusion Prevention: Blocking of attacks by signatures and anomaly analysis. Unauthorized access and malformed packets between and within the branch. Attacks using worms, viruses, or other techniques. TrustSec: Policy-based segmentation. Unauthorized access and malicious traffic between branch layers. Wireless Network: Branches vary from having robust local wireless controller security services to a central, cost-efficient model. Wireless Rogue Detection: Detection and containment of malicious wireless devices that are not controlled by the company. Wireless Intrusion Prevention (WIPS): Blocking of wireless attacks by signatures and anomaly analysis. Unauthorized access and disruption of wireless network. Attacks on the infrastructure via wireless technology. Anti-Malware: Identify, block, and analyze malicious files and transmissions. Malware distribution across networks or between servers and devices. Analysis: Analysis of network traffic within the branch. Threat Intelligence: Contextual knowledge of existing and emerging hazards. Zero-day malware and attacks. Flow Analytics: Network traffic metadata identifying security incidents. Traffic, telemetry, and data exfiltration from successful attacks. WAN: Public and untrusted Wide Area Networks that connect to the company, such as the Internet. Web Security: Web, DNS, and IP-layer security and control for the branch. Virtual Private Network (VPN): Encrypted communication tunnels. Attacks from malware, viruses, and redirection to malicious URLs. Exposed services and data theft of remote workers and third parties.

12 SAFE Architecture Guide Places in the Network: Secure Branch Security Capabilities January Cloud Cloud Security: Web, DNS, and IP-layer security and control in the cloud for the campus. Attacks from malware, viruses, and redirection to malicious URLs. DNS Security Redirection of user to malicious website. Cloud-based Firewall Unauthorized access and malformed packets connecting to services. Software-Defined Perimeter (SDP/SD-WAN): Easily collecting information and identities. Web Security: Internet access integrity and protections. Infiltration and exfiltration via HTTP. Web Reputation/ Filtering: Tracking against URL-based threats. Attacks directing to a malicious URL. Cloud Access Security Broker (CASB) Unauthorized access and Data loss. Applications Security Capability Threat Server-based Security: Security software for servers with the following capabilities: Anti-Malware: Identify, block, and analyze malicious files and transmissions. Malware distribution across servers. Applications Anti-Virus Viruses compromising systems. Cloud Security Redirection of session to malicious website. Host-based Firewall Unauthorized access and malformed packets connecting to server. Management Security Capability These security capabilities are required across all PINs: Identity/authorization Policy/configuration Analysis/correlation Monitoring Vulnerability management Logging/reporting Time synchronization/ntp Get details on these management security capabilities in the SAFE Management Architecture Guide.

13 CEO sending to Shareholders Guest browsing Employee browsing Subject Matter Expert Building Controls HUMAN DEVICES NETWORK APPLICATIONS Branch Manager browsing information Customer browsing prices Clerk processing credit card Subject Matter Expert Building Controls Wireless Guest Employee Phone Environmental Controls Wireless Guest Employee Phone Environmental Controls Wireless Access Point Wireless Access Point Access Distribution Wireless Controller Firepower Appliance BUILDING BLOCK Wireless Controller HUMAN DEVICES NETWORK APPLICATIONS Server Core CORE BLOCK Router Web Security Firepower Appliance Blade Server Guest Wireless Communications Manager SERVICES Anti-Malware Threat Intelligence Web Reputation/ Filtering/DCS Anomaly Detection Application Visibility Control (AVC) Router vrouter v Comparative Shopping Website vfirepower Appliance vfirepower Appliance vradware Appliance v Secure Server vfirepower Appliance vfirepower Appliance Product Information Website Customer making purchase NETWORK vradware Appliance REMOTE USERS Technician submitting task Third-party Technician accessing logs NETWORK v v v Shareholder receiving from CEO Router Firepower Appliance Storage Server Secure Server Secure Server Wholesaler Website APPLICATIONS Database Zone Payment Application Workflow Application Hosted E-Commerce SERVICES Identity Authorization DNS Security Distributed Denial of Service Protection Web Security Router Wireless Controller Communications Manager Secure Server FMC Security RA VPN Firepower Appliance Distribution Firepower Appliance Firepower Appliance Firepower Appliance Firepower Appliance Nexus NETWORK NETWORK Wireless Controller DMVPN Adaptive Security Appliance Nexus Nexus Adaptive Security Appliance Radware Appliance Radware Appliance Radware Appliance Payment Secure Server Application Nexus Fabric Nexus Fabric Nexus Fabric SERVERS Hyperflex Server Blade Server Secure Server Secure Server APPLICATIONS Database Payment Application Workflow Application Communication Services SAFE Architecture Guide Places in the Network: Secure Branch Architecture January Architecture SAFE underscores the challenges of securing the business. It enhances traditional network diagrams to include a security-centric view of the company s business. The Secure Branch architectures are logical groupings of security and network capabilities that support branch business use cases. Branches are not easily defined across multiple industries; SAFE uses several sizes of branches to address a large cross-section of scenarios. SAFE business flow security architecture depicts a security focus. Traditional design diagrams that depict cabling, redundancy, interface addressing, and specificity are depicted in SAFE design diagrams. Note that a SAFE logical architecture can have many different physical designs. Cloud Branch Services Business Use Cases Edge Perimeter Services Untrusted Trusted Enterprise DMZ VPN Business Use Cases Endpoints Access Services Internet Campus Business Endpoints Access Use Cases Distribution Core Services Services Services Core Distribution Access Endpoints Business Use Cases Data Center WAN Figure 7 SAFE Model. The SAFE Model simplifies complexity across a business by using Places in the Network (PINs) that it must secure.

14 SAFE Architecture Guide Places in the Network: Secure Branch Architecture January Small Branch The Secure Small Branch architecture has the following characteristics: Location size averages between 1,000 and 6,000 square feet Preference for integrated services within fewer network components because of physical space requirements Wireless connectivity Single router with firewall/ips, integrated Ethernet switch, compact switch, and power-over-ethernet (PoE) Web security via the cloud Survivable Remote Site Telephony (SRST) Majority of applications in data center or cloud Fewer than 25 traditional devices (PCs, laptops, tablets, phones, etc.) requiring network connectivity Fewer than 25 low-bandwidth devices (sensors, thermostats, printers, etc.) Small Branch Architecture HUMAN DEVICES NETWORK APPLICATIONS Secure Web Branch Manager browsing information Guest Wireless Customer browsing prices Wireless Guest Wireless Access Point Secure Applications Clerk processing credit card Access Router Secure Communications Product Information Website Subject Matter Expert Employee Phone Secure Third Parties Comparative Shopping Website Building Controls Environmental Controls Server Payment Processing Business Use Cases Endpoints Access Services Remote Colleague Third-party Technician accessing logs Figure 8 Secure Small Branch. The Secure Small Branch business flows and security capabilities are arranged into a logical architecture. The colored business use cases flow through the green architecture icons with the required blue security capabilities.

15 SAFE Architecture Guide Places in the Network: Secure Branch Architecture January Medium Branch The Secure Medium Branch architecture uses the following characteristics: Location size averages between 6,000 and 18,000 square feet Redundant LAN and WAN infrastructures with firewall/ips The physical size is smaller than a large branch, so a core and distribution layer of network switches is not required Web security via the cloud Wireless connectivity Survivable Remote Site Telephony (SRST) traditional devices (PCs, laptops, tablets, phones, etc.) requiring network connectivity Fewer than 100 low-bandwidth devices (sensors, thermostats, printers, etc.) Medium Branch Architecture HUMAN DEVICES NETWORK APPLICATIONS Secure Web Branch Manager browsing information Wireless Controller Guest Wireless Customer browsing prices Wireless Guest Wireless Access Point Secure Applications Clerk processing credit card Access Router Secure Communications Product Information Website Subject Matter Expert Employee Phone Secure Third Parties Comparative Shopping Website Building Controls Environmental Controls Server Payment Processing Business Use Cases Endpoints Access Services Remote Colleague Third-party Technician accessing logs Figure 9 Secure Medium Branch. The Secure Medium Branch business flows and security capabilities are arranged into a logical architecture. The colored business use cases flow through the green architecture icons with the required blue security capabilities.

16 SAFE Architecture Guide Places in the Network: Secure Branch Architecture January Large Branch The Large Branch architecture includes the following design requirements: Location size averages between 15,000 and 150,000 square feet Multiple routers for primary and backup network connectivity requirements Preference for a combination of network services distributed across the facility to meet resilience and application availability requirements Tiered network architecture within the branch; distribution layer switches are employed between the central network services core and the access layer connecting to the network endpoints (endpoints, wireless APs, servers) Unified Communications with centralized or distributed PSTN access and services 100 or more traditional devices (PCs, laptops, tablets, phones, etc.) requiring network connectivity 100 or more low-bandwidth devices (sensors, thermostats, printers, etc.) Large Branch Architecture HUMAN DEVICES NETWORK APPLICATIONS Secure Web Branch Manager browsing information Wireless Controller Guest Wireless Customer browsing prices Wireless Guest Wireless Access Point Web Security Secure Applications Clerk processing credit card Core/ Distribution Firepower Appliance Router Secure Communications Product Information Website Subject Matter Expert Employee Phone Communications Manager Secure Third Parties Comparative Shopping Website Building Controls Environmental Controls Server Payment Processing Business Use Cases Endpoints Access Collapsed Core & Distribution Services Remote Colleague Third-party Technician accessing logs Figure 10 Secure Large Branch. The Secure Large Branch business flows and security capabilities are arranged into a logical architecture. The colored business use cases flow through the green architecture icons with the required blue security capabilities.

17 SAFE Architecture Guide Places in the Network: Secure Branch Attack Surface January Attack Surface The Secure Branch attack surface of Human, Devices, Network, and Applications is consistent across all sizes of branch architectures. The sections below discuss the security capability that defends the threats associated with each layer of the surface. Note that the capability might be a service that is supplied from another PIN. For example, the Identity service is prompted to a human, on a user s device, enforced at the switch, and served from the Data Center. However, for the sake of simplifying, Identity is depicted logically where the risk exists of supplying credentials: the human. Human Typically, humans in the branch are employees, customers, and remote access users such as partners. Exploitation of Trust attacks happen most frequently at this layer. Credential management of employees, partners and customers with effective role based segmentation minimized the risk or this threat Primary Security Capability Identity Security technology should be augmented with security awareness training and acceptable Secure Web use policies for internal, partner, and customer users. No amount of technology can prevent successful attacks if humans in your company, both internal and partner users, are not trained to keep security in mind. Security training and metrics of adoption are critical elements to reducing the risk of this attack surface. Guest Wireless Secure Applications Branch Manager browsing information Customer browsing prices Wireless Guest Administrators have more authority than normal users and the systems they have access to. Additional controls should be used like two-factor authentication, limited access to job function, and logging of their changes. Secure Communications Clerk processing credit card Subject Matter Expert Employee Phone Appropriate identity services defined by policy must be supplied with associated, approved clients and devices. Secure Third Parties Building Controls Environmental Controls Figure 11 Business Use Cases Business Use Cases Endpoints

18 SAFE Architecture Guide Places in the Network: Secure Branch Attack Surface January Devices Devices are part of the security reference architecture. Endpoint Malware and Malicious device activity attacks occur at this layer. Combining identity, posture assessments with the capabilities of the device layer minimize the risk of these threats. Branch Manager browsing information Perimeter defenses are no longer (if ever) sufficient. A secure company uses the network and the devices connecting to it as baselines for comparison. If you are not using the network as a sensor, you are not secure. This visibility allows for effective containment through intelligent architectural design. It is equally important to ensure that clients (PCs, tablets, phones, and other connected devices) are participating in security and that malicious devices are quarantined. Primary Security Capability Customer browsing prices Clerk processing credit card Subject Matter Expert Building Controls Business Use Cases Wireless Guest Employee Phone Environmental Controls Endpoints Wireless Access Point Access Access Client-based Security Figure 12 Branch Devices Client-Based Security Anti-Virus Anti-Malware Cloud Security Personal Firewall

19 SAFE Architecture Guide Places in the Network: Secure Branch Attack Surface January Access Layer The access layer is where users and devices connect to the company network. It is the first line of defense within the Secure Branch architecture. Its purpose is to identify the users, to assess compliance to policy of devices seeking access to the network, and to respond appropriately. Wireless infrastructure exploits typically happen at the access layer. Unauthorized wireless access points and attacks on the wireless communication are mitigated by security capabilities. This layer connects to the distribution or core layer in a hierarchical organization that simplifies network troubleshooting and segments traffic for security. The network as a sensor utilizes flow analytics to capture anomalies and provide visibility to attacks. Violations of posture, identity, or anomalous behavior can be enforced. Wireless Guest Employee Phone Environmental Controls Endpoints Wireless Access Point Access Access Primary Security Capability Figure 13 Access Layer Identity Flow Analytics Posture Assessment TrustSec Wireless Rogue Detection

20 SAFE Architecture Guide Places in the Network: Secure Branch Attack Surface January Core and Distribution Layer The access/distribution/core is classic network hierarchy. Due to branches having smaller footprints, these functions may be collapsed. By segregating the access layer from the services layer, this layer provides a distribution method of services that discretely separates business-based traffic into flows. Primary Security Capability Wireless Access Point Wireless Controller Identity Flow Analytics Core/ Distribution Firepower Appliance Posture Assessment TrustSec Server Access Collapsed Core & Distribution Figure 14 Collapsed Core and Distribution

21 SAFE Architecture Guide Places in the Network: Secure Branch Attack Surface January Services Layer The services layer connects the Secure Branch to the outside data center and Internet via service providers. It connects the access and distribution layers inside the branch to the security and inspection capabilities that secure the separate business flows coming into and out of the branch. Primary Security Capability Foundational Security Services Firewall IPS Threat Intelligence Anti-Malware Flow Analytics TrustSec Wireless Controller Identity Web Security Business-based Security Firepower Appliance Router Web Security VPN Application Visibility Control Communications Manager WIPS Wireless Rogue Detection Server Services Server-based Security Figure 15 Services Layer Server-Based Security Anti-Virus Anti-Malware Cloud Security Host-Based Firewall

22 SAFE Architecture Guide Places in the Network: Secure Branch Summary January Summary Today s companies are threatened by increasingly sophisticated attacks. Branches are commonly targeted because they are susceptible to physical access and have a large mix of services across increasingly complicated devices. SAFE is Cisco s security reference architecture that simplifies the security challenges of today and prepares for the threats of tomorrow. Cisco s Secure Branch architecture and solutions defend the business against corresponding threats.

23 SAFE Architecture Guide Places in the Network: Secure Branch Appendix January Appendix A Proposed Design The Secure Branch has been deployed in Cisco s laboratories. Portions of the design have been validated and documentation is available on Cisco Design Zone. Figures depict the specific products that were selected within Cisco s laboratories. It is important to note that the Secure Branch architecture can produce many designs based on performance, redundancy, scale, and other factors. The architecture provides the required logical orientation of security capabilities that must be considered when selecting products to ensure that the documented business flows, threats, and requirements are met. Small Branch Design HUMAN DEVICES NETWORK APPLICATIONS Corporate Laptop AIR-CAP3702E-A-K9 Secure Web FP-AMP-LC UMBRELLA-SUB Host Firewall WIRELESS SSID:EMPLOYEE G0/1 Guest Device Guest Wireless UMBRELLA-SUB WIRELESS SSID:GUEST MANAGEMENT VLAN WDATA VLAN VOICE VLAN L-FP4351-TAMC UCS-E160S-M3 Branch Point of Sale G1/11 UCS-E 2/0/0 UCS-E 1/0/0 Secure Applications FP-AMP-LC UMBRELLA-SUB Host Firewall P0 WS-C3560CX-12PC-S PCI VLAN G1/5 G1/1 TRUNK G0/1 G3/0/1 G1/6 G1/10 ISR4351-K9 Corporate Computer CP-9951-C-K9 Secure Communications FP-AMP-LC UMBRELLA-SUB Host Firewall P1 P0 DATA VLAN VOICE VLAN Building Controls Secure Third Parties VENDOR VLAN Business Use Cases Endpoints Access Services Figure 16 Secure Small Branch Proposed Design

24 SAFE Architecture Guide Places in the Network: Secure Branch Appendix January Medium Branch Design HUMAN DEVICES NETWORK APPLICATIONS Corporate Laptop AIR-CAP3702E-A-K9 (QTY:3) Secure Web FP-AMP-LC UMBRELLA-SUB Host Firewall WIRELESS SSID:EMPLOYEE G0/1 Guest Device Guest Wireless UMBRELLA-SUB WIRELESS SSID:GUEST MANAGEMENT VLAN WDATA VLAN VOICE VLAN L-FP4451-TAMC UCS-E160S-M3 Branch Point of Sale G1/11-13 UCS-E 2/0/0 UCS-E 1/0/0 Secure Applications FP-AMP-LC UMBRELLA-SUB Host Firewall P0 WS-C PQ-S PCI VLAN G1/41 G1/48 TRUNK G0/1 G3/0/1 Corporate Computer CP-9951-C-K9 G1/1-2 G1/1-2 HSRP ISR4451-K9 ISR4451-K9 Secure Communications FP-AMP-LC UMBRELLA-SUB Host Firewall P1 P0 WS-C PQ-S G1/5 DATA VLAN VOICE VLAN G1/48 TRUNK G0/1 G3/0/1 G1/6 G1/11-13 UCS-E 2/0/0 UCS-E 1/0/0 Building Controls Secure Third Parties VENDOR VLAN L-FP4451-TAMC UCS-E160S-M3 To more APs Business Use Cases Endpoints Access Services Figure 17 Secure Medium Branch Proposed Design

25 SAFE Architecture Guide Places in the Network: Secure Branch Appendix January Large Branch Design HUMAN DEVICES NETWORK APPLICATIONS Corporate Laptop AIR-CAP3702E-A-K9 (QTY:3) Secure Web FP-AMP-LC UMBRELLA-SUB Host Firewall WIRELESS SSID:EMPLOYEE G0/1 Guest Device Guest Wireless UMBRELLA-SUB WIRELESS SSID:GUEST MANAGEMENT VLAN WDATA VLAN VOICE VLAN Branch Point of Sale G1/11-13 G3/41 E1/7 ISR4431-K9 Secure Applications FP-AMP-LC UMBRELLA-SUB Host Firewall P0 PCI VLAN WS-C4507 R+E G3/48 TRUNK E1/2 FP4110-X E1/1 TRUNK G0/1 G3/0/1 G1/5 T1/1-4 T1/5-7 E1/8 Corporate Computer CP-9951-C-K9 T1/1-4 E1/8 HSRP ISR4431-K9 Secure Communications FP-AMP-LC UMBRELLA-SUB Host Firewall P1 P0 DATA VLAN VOICE VLAN WS-C4507 R+E G3/48 TRUNK E1/2 FP4110-X E1/1 TRUNK G0/1 G3/0/1 Building Controls 3560CX-12PC-S G3/11 T1/5-7 G3/41 E1/7 TRUNK E1 AIR-CTVM-K9 Unified Communications Manager Web Security Secure Third Parties VENDOR VLAN E1/2 G1/1 E0 UCSC-C220-M4S (QTY:3) Business Use Cases Endpoints Access Collapsed Core and Distribution Services Figure 18 Secure Large Branch Proposed Design

26 SAFE Architecture Guide Places in the Network: Secure Branch Suggested Components January Suggested Components Table 2 SAFE Design Components for Secure Branch Branch Attack Surface Branch Security Suggested Cisco Components Human Users Identity Identity Services Engine(ISE) Meraki Management Devices Endpoints Client-Based Security Advanced Malware Protection (AMP) for Endpoints Cisco Umbrella AnyConnect AnyConnect Agent Posture Assessment Identity Services Engine(ISE) Meraki Mobile Device Management Network Wired Network Firewall Firepower Appliance, Adaptive Security Appliance (ASA) Integrated Services Router (ISR) Meraki MX Intrusion Prevention Firepower Appliance (ASA) Firepower Services on UCS-E Meraki MX Access Control + TrustSec Wireless Controller/Catalyst Centralized Identity Services Engine Meraki MX Wireless Network Wireless Rogue Detection Meraki Wireless Mobility Services Engines (MSE) Wireless Intrusion Prevention (WIPS) Wireless APs Wireless LAN Controller

27 SAFE Architecture Guide Places in the Network: Secure Branch Suggested Components January Table 2 SAFE Design Components for Secure Branch (continued) Branch Attack Surface Branch Security Suggested Cisco Components Network (continued) Analysis Advanced Malware Protection (AMP) for Endpoints Advanced Malware Protection (AMP) for Security Anti-Malware Advanced Malware Protection (AMP) for Networks Advanced Malware Protection (AMP) for Web Security Stealthwatch Integrated Services Router (ISR) with Stealthwatch Learning Network (SLN) AMP ThreatGrid Threat Intelligence Cisco Collective Security Intelligence Talos Security Intelligence AMP ThreatGrid Cognitive Threat Analytics (CTA) Adaptive Security Appliance Catalyst es Flow Analytics ISR with Stealthwatch Learning Network (SLN) Stealthwatch (Flow Sensor and Collectors) Wireless LAN Controller Meraki MX WAN Web Security Firepower URL Web Security Appliance Umbrella Secure Internet Gateway (SIG) Meraki MX Firepower Integrated Services Router (ISR) VPN Aggregation Services Router (ASR) Adaptive Security Appliance (ASA) Meraki MX Cloud Cloud Security Umbrella Secure Internet Gateway(SIG) Cloudlock Meraki MX Applications Service Server-based Security Advanced Malware Protection (AMP) for Endpoints Cisco Umbrella

28 For more information on SAFE, see Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) 2017 Cisco and/or its affiliates. All rights reserved.