SAFE Architecture Guide. Places in the Network: Secure Campus

Transcription

1 SAFE Architecture Guide Places in the Network: Secure Campus January 2018

2 SAFE Architecture Guide Places in the Network: Secure Campus Contents January 2018 Contents Overview Business Flows Threats Capabilities Architecture Secure Campus 14 Attack Surface Human 15 Devices 16 Access Layer 17 Distribution Layer 18 Core Layer 19 Services Layer 20 Summary Appendix A Proposed Design 22 Suggested Components

3 SAFE Architecture Guide Places in the Network: Secure Campus Overview January Overview The Secure Campus is a place in the network (PIN), a cluster of buildings, where a company does business. This guide addresses campus business flows across all industries and the security used to defend them. Campus examples are company headquarters, or any group of buildings that requires network services. More complex than branches due to physical and logical scale, they support network access for employees, third parties, and customers across multiple buildings and floors. approach in which Secure PINs model the physical infrastructure and Secure Domains represent the operational aspects of a network. The Secure Campus architecture guide provides: Business flows typical for campus locations Campus threats and security capabilities Business flow security architecture Design examples and a parts list The Secure Campus is one of the six places in the network within SAFE. SAFE is a holistic Compliance Segmentation Intelligence Threat Defense Management Secure Services Places in the Network (PINs) Domains Figure 1 The Key to SAFE. SAFE provides the Key to simplify cybersecurity into Secure Places in the Network (PINs) for infrastructure and Secure Domains for operational guidance.

4 SAFE Architecture Guide Places in the Network: Secure Campus Overview January SAFE simplifies security by starting with business flows, then addressing their respective threats with corresponding security capabilities, architectures, and designs. SAFE provides guidance that is holistic and understandable. T H E K E Y T O S A F E Design Guides Architecture Guides Operations Guides Design Guides Secure Data Center Capability Guide Secure Services Secure Cloud SAFE Overview Threat Defense Secure WAN Segmentation Secure Internet Edge Secure Branch YOU ARE HERE Intelligence Compliance Secure Campus Management PLACES IN THE NETWORK SECURE DOMAINS Figure 2 SAFE Guidance Hierarchy

5 SAFE Architecture Guide Places in the Network: Secure Campus Business Flows January Business Flows The Secure Campus is where physical presence is important for internal employees, third-party partners, and customers over multiple physical buildings. Internally, employees use devices (PCs, laptops, phones, tablets, and other tools) that require access to campus-critical applications, collaboration services (voice, video, ) and the Internet. Third parties, such as service providers and partners, require remote access to applications and devices. Customers at the campus use guest Internet access on their phones or tablets. CEO sending to shareholder Employee researching product information Customer Third Party Internal Subject matter expert consultation Connected device with remote vendor support Guest accessing the Internet to watch hosted video Figure 3 Campus business use cases are color coded to define where they flow.

6 SAFE Architecture Guide Places in the Network: Secure Campus Business Flows January Functional Controls Functional controls are common security considerations that are derived from the technical aspects of the business flows. Secure Applications Secure Access Secure Remote Access Secure Communications Secure Web Access Applications require sufficient security controls for protection. Employees, third parties, customers, and devices securely accessing the network. Secure remote access for employees and third-party partners that are external to the company network. , voice, and video communications connect to potential threats outside of company control and must be secured. Web access controls enforce usage policy and help prevent network infection. Secure communications for CEO sending to shareholder Secure web access for employees: Employee researching product information Customer Third Party Internal Secure communications for collaboration: Subject matter expert consultation Secure remote access for third party: Connected device with remote vendor support Secure web access for guests: Guest accessing the Internet to watch hosted video Figure 4 Campus business flows map to functional controls based on the types of risk they present.

7 SAFE Architecture Guide Places in the Network: Secure Campus Business Flows January Capability Groups Campus security is simplified using foundational, access and business capability groups. Each flow requires access and foundational groups. Additional business activity risks require appropriate controls as shown in figure 5 which often reside outside the campus (Non-Campus Capabilities). For more information regarding capability groups, refer to the SAFE overview guide. Campus Capabilities Non-Campus Capabilities CEO sending to shareholders Secure communications for CEO sending to shareholder Shareholder Client-Based Identity Posture Assessment Firewall Intrusion Prevention Flow Analytics Threat Intelligence Anti- Malware TrustSec AVC Host-Based Customer Third Party Internal Employee Expert Thermostat Guest Client-Based Client-Based DNS Wireless Connection Identity Identity Identity Wireless Intrusion Prevention Posture Assessment Posture Assessment Wireless Rogue Detection Secure web access for employees: Employee researching product information Firewall Firewall Firewall Firewall Intrusion Prevention Intrusion Prevention Intrusion Prevention Intrusion Prevention Flow Analytics Flow Analytics Flow Analytics Flow Analytics Threat Intelligence Threat Intelligence Threat Intelligence Threat Intelligence Anti- Malware Anti- Malware Anti- Malware Anti- Malware TrustSec Secure communications for collaboration: Subject matter expert consultation TrustSec Secure remote access for third party: Connected device with remote vendor support TrustSec Secure web access for guests: Guest accessing the Internet to watch hosted video TrustSec AVC VPN Web Posture Assessment Client-Based Identity Website Colleague Remote Technician Website ACCESS FOUNDATIONAL BUSINESS Figure 5 The Secure Campus Business Flow Capability Diagram Secure Campus threats and capabilities are defined in the following sections.

8 SAFE Architecture Guide Places in the Network: Secure Campus Threats January Threats Campuses have many employees, partner and guest users who use , browse the web, collaborate. With a combination of wired and wireless access, the attack surface extends beyond the building. The campus has six primary threats: Phishing Phishing is social engineering to trick people into clicking on a malicious link or opening an infected attachment of an . Messages looks as if they are from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one Unauthorized network access The act of gaining access to a network, system, application or other resource without permission. The attacker could cause damage in many ways, perhaps by accessing sensitive files from a host, by planting a virus, or by hindering network performance by flooding your network with illegitimate packets. Malware propagation Devices present in the campus are a big source of contamination. Devices of employees, partners or customers can be infected from multiple sources such as web use, use, or lateral infection from other devices on the network. Devices accepting credit cards and the Internet of Things are common attack points. Web-based exploits Malvertizing and compromised sites hosting exploit kits to take over employee devices using browser vulnerabilities. BYOD - Larger attack surface Mobile devices can roam networks increasing chances of compromise, and the spread of infection. The large variety of mobile devices makes security policies and posture checking almost impossible when no device standardization exists. Limited on-device security capabilities (e.g., firewall, antimalware, browser sand-boxing) Botnet infestation Botnets are networks made up of remotecontrolled computers, or bots. These computers have been infected with an advanced form of malware which allows the devices to be remotely controlled. The controller of a botnet is able to direct the activities of these compromised computers to perform other attacks, steal data, or send spam. The defense is explained throughout the rest of the document

9 SAFE Architecture Guide Places in the Network: Secure Campus Capabilities January Capabilities The attack surface of the campus is defined by the business flow, which includes the people and the technology present. The security capabilities that are needed to respond to the threats are mapped in Figure 6. The campus security capabilities are listed in table 1. The placement of these capabilities are discussed in the architecture section. HUMAN DEVICES NETWORK APPLICATIONS Attack Surface Users Devices Wired Wireless Analysis WAN Cloud Employees, Third Parties, Customers, and Administrators Client Voice Network Wireless Connection Public WAN Public/Hybrid Cloud Applications Application Video Identity Client-Based Firewall Wireless Rogue Anti-Malware Detection Virtual Private Network (VPN) Cloud Server-Based Posture Assessment Intrusion Prevention Wireless Intrusion Prevention System Threat Intelligence TrustSec Flow Analytics Figure 6 Secure Campus Attack Surface and Capabilities

10 SAFE Architecture Guide Places in the Network: Secure Campus Capabilities January Table 1 Secure Campus Attack Surface, Capability, and Threat Mapping Campus Attack Surface Human Capability Threat Users: Employees, third parties, customers, and administrators. Identity: Identity-based access. Attackers accessing restricted information resources. Devices Capability Threat Client-based : software for devices with the following capabilities: Anti-Malware Malware compromising systems. Clients: Devices such as PCs, laptops, smartphones, tablets. Anti-Virus Cloud Viruses compromising systems. Redirection of user to malicious website. Personal Firewall Unauthorized access and malformed packets connecting to client. Posture Assessment: Client endpoint compliance verification and authorization. Compromised devices connecting to infrastructure. Voice: Phone. N/A: Covered in Secure Services domain. Attackers accessing private information. Video: Displays, collaboration. N/A: Covered in Secure Services domain. Attackers accessing private information.

11 SAFE Architecture Guide Places in the Network: Secure Campus Capabilities January Network Capability Threat Wired Network: Physical network infrastructure; routers, switches, used to connect access, distribution, core, and services layers together. Firewall: Stateful filtering and protocol inspection between campus layers and the outside Internet, and service provider connections to the data center. Intrusion Prevention: Blocking of attacks by signatures and anomaly analysis. Unauthorized access and malformed packets between and within the campus. Attacks using worms, viruses, or other techniques. TrustSec: Policy-based segmentation. Unauthorized access and malicious traffic between campus layers. Wireless Network: Branches vary from having robust local wireless controller security services to a central, cost-efficient model. Wireless Rogue Detection: Detection and containment of malicious wireless devices that are not controlled by the company. Wireless Intrusion Prevention (WIPS): Blocking of wireless attacks by signatures and anomaly analysis. Unauthorized access and disruption of wireless network. Attacks on the infrastructure via wireless technology. Analysis: Analysis of network traffic within the campus. Anti-Malware: Identify, block, and analyze malicious files and transmissions. Threat Intelligence: Contextual knowledge of existing and emerging hazards. Malware distribution across networks or between servers and devices. Zero-day malware and attacks. Flow Analytics: Network traffic metadata identifying security incidents. Traffic, telemetry, and data exfiltration from successful attacks. WAN: Public and untrusted Wide Area Networks that connect to the company, such as the Internet. Web : Web, DNS, and IP-layer security and control for the branch. Virtual Private Network (VPN): Encrypted communication tunnels. Attacks from malware, viruses, and redirection to malicious URLs. Exposed services and data theft of remote workers and third parties.

12 SAFE Architecture Guide Places in the Network: Secure Campus Capabilities January Cloud Cloud : Web, DNS, and IP-layer security and control in the cloud for the campus. Attacks from malware, viruses, and redirection to malicious URLs. DNS Redirection of user to malicious website. Cloud-based Firewall Unauthorized access and malformed packets connecting to services. Software-Defined Perimeter (SDP/SD-WAN): Easily collecting information and identities. Web : Internet access integrity and protections. Infiltration and exfiltration via HTTP. Web Reputation/ Filtering: Tracking against URL-based threats. Attacks directing to a malicious URL. Cloud Access Broker (CASB) Unauthorized access and Data loss. Applications Capability Threat Server-based : software for servers with the following capabilities: Anti-Malware: Identify, block, and analyze malicious files and transmissions. Malware distribution across servers. Applications Anti-Virus Viruses compromising systems. Cloud Redirection of session to malicious website. Host-based Firewall Unauthorized access and malformed packets connecting to server. Management Capability These security capabilities are required across all PINs: Identity/authorization Policy/configuration Analysis/correlation Monitoring Vulnerability management Logging/reporting Time synchronization/ntp Get details on these management security capabilities in the SAFE Management Architecture Guide.

13 CEO sending to Shareholders Guest browsing Employee browsing Subject Matter Expert Building Controls HUMAN DEVICES NETWORK APPLICATIONS Branch Manager browsing information Customer browsing prices Clerk processing credit card Subject Matter Expert Building Controls Corporate Device Wireless Guest Corporate Device Employee Phone Environmental Controls Corporate Device Wireless Guest Corporate Device Employee Phone Environmental Controls Wireless Access Point Wireless Access Point Access Distribution Wireless Controller Firepower Appliance BUILDING BLOCK Wireless Controller HUMAN DEVICES NETWORK APPLICATIONS Server Core CORE BLOCK Router Web Firepower Appliance Blade Server Communications Manager SERVICES Anti-Malware Threat Intelligence Web Reputation/ Filtering/DCS Anomaly Detection Application Visibility Control (AVC) Router vrouter v Comparative Shopping Website vfirepower Appliance vfirepower Appliance vradware Appliance v Secure Server vfirepower Appliance vfirepower Appliance Product Information Website Customer making purchase NETWORK vradware Appliance REMOTE USERS Technician submitting task Third-party Technician accessing logs NETWORK v v v Shareholder receiving from CEO Router Firepower Appliance Storage Server Secure Server Secure Server Wholesaler Website APPLICATIONS Database Zone Payment Application Workflow Application Hosted E-Commerce SERVICES Identity Authorization DNS Distributed Denial of Service Protection Web Router Wireless Controller Communications Manager Secure Server FMC RA VPN Firepower Appliance Distribution Firepower Appliance Firepower Appliance Firepower Appliance Firepower Appliance Nexus NETWORK NETWORK Wireless Controller DMVPN Adaptive Appliance Nexus Nexus Adaptive Appliance Radware Appliance Radware Appliance Radware Appliance Payment Secure Server Application Nexus Fabric Nexus Fabric Nexus Fabric SERVERS Hyperflex Server Blade Server Secure Server Secure Server APPLICATIONS Database Payment Application Workflow Application Communication Services SAFE Architecture Guide Places in the Network: Secure Campus Architecture January Architecture SAFE underscores the challenges of securing the business. It enhances traditional network diagrams to include a security-centric view of the company business. The Secure Campus architecture is a logical grouping of security and network technology that supports campus business use cases. It follows a classic access/distribution/core architecture, scaling as needed by increasing distribution blocks as floors or buildings are added. SAFE business flow security architecture depicts a security focus. Traditional design diagrams that depict cabling, redundancy, interface addressing, and specificity are depicted in SAFE design diagrams. Note that a SAFE logical architecture can have many different physical designs. Cloud Branch Services Business Use Cases Edge Perimeter Services Untrusted Trusted Enterprise DMZ VPN Business Use Cases Endpoints Access Services Internet Campus Business Endpoints Access Use Cases Distribution Core Services Services Services Core Distribution Access Endpoints Business Use Cases Data Center WAN Figure 7 SAFE Model. The SAFE Model simplifies complexity across a business by using Places in the Network (PINs) that it must secure.

14 SAFE Architecture Guide Places in the Network: Secure Campus Architecture January Secure Campus The Secure Campus architecture has the following characteristics: Location size consists of multiple buildings/ floors that may have multiple business flows Many varied devices requiring network connectivity Devices (sensors, thermostats, printers, etc.) Separate appliances for services for redundancy and maximum uptime Wireless connectivity Local application services (also in data center or cloud) Campus Architecture HUMAN ATTACK SURFACE DEVICES ATTACK SURFACE NETWORK ATTACK SURFACE APPLICATIONS ATTACK SURFACE Secure CEO sending to Shareholders Corporate Device Web Shareholder receiving from CEO Guest browsing Wireless Guest Wireless Access Point Wireless Controller Comparative Shopping Website Secure Web Wholesaler Website Employee browsing Corporate Device Distribution Core Firepower Appliance Router Remote Colleague Secure Communications Subject Matter Expert Employee Phone Firepower Appliance Third-party Technician accessing logs Secure Third Parties Building Controls Environmental Controls Blade Server Communications Manager Business Use Cases Endpoints Access Distribution Core Services BUILDING BLOCK CORE BLOCK Figure 8 Secure Campus. The Secure Campus business flows and security capabilities are arranged into a logical architecture. The colored business use cases flow through the green architecture icons with the required blue security capabilities.

15 SAFE Architecture Guide Places in the Network: Secure Campus Attack Surface January Attack Surface The Secure Campus attack surface consists of Humans, Devices, Network, and Applications. The sections below discuss the security capability that defends the threats associated with that part of the surface. Note that the capability might be a service that is supplied from another PIN. For example, the Identity service is prompted to a human, on a user s device, enforced at the switch, and served from the Data Center. However, for the sake of simplifying, Identity is depicted logically where the risk exists of supplying credentials: the human. Human Typically, humans in the campus are employees, partners, or customers. No amount of technology can prevent successful attacks if the humans in the company, both internal and partner users, are not trained to keep security in mind. One of the biggest problems is that humans are prone to compromise by various types of social exploits such as phishing. Primary Capability Identity training and metrics of adoption are Secure critical elements to reducing the risk of this attack surface. CEO sending to Shareholders Corporate Device Administrators have more authority than normal users and the systems they have access to. Additional controls should be used like two-factor authentication, limited access to job function, and logging of their changes. Secure Web Guest browsing Wireless Guest It is not the purpose of this guide to advise Employee browsing Corporate Device on the specifics. Appropriate identity services defined by policy must be supplied with associated, approved clients and devices. Secure Communications Subject Matter Expert Employee Phone Secure Third Parties Building Controls Environmental Controls Figure 9 Business Use Cases Business Use Cases Endpoints

16 SAFE Architecture Guide Places in the Network: Secure Campus Attack Surface January Devices Malware propagation, Botnet infestation and a large attack surface are campus threats targeting devices. Perimeter defenses are no longer (if ever) sufficient. CEO sending to Shareholders Corporate Device Devices are part of the security reference architecture. A secure company uses the network and the devices connecting to it as baselines for comparison. If you are not using Guest browsing Wireless Guest Wireless Access Point the network as a sensor, you are not secure. This visibility allows for effective containment through intelligent architectural design. It is equally important to ensure that clients Employee browsing Corporate Device (PCs, tablets, phones, and other devices) are participating in security and that malicious devices are quarantined. Subject Matter Expert Employee Phone Primary Capability Client-based Building Controls Environmental Controls Client-Based Business Use Cases Endpoints Access Figure 10 Campus Devices Anti-Virus Anti-Malware Cloud Personal Firewall

17 SAFE Architecture Guide Places in the Network: Secure Campus Attack Surface January Access Layer Unauthorized network access is the primary threat addressable by the access layer. Primary Capability The access/distribution/core is classic network hierarchy. The access layer is where users and devices connect to the company network. This layer connects to the distribution or core layer. Its hierarchical organization simplifies network troubleshooting and segments traffic for security. It is the first line of defense within the Secure Campus architecture. The network as a sensor utilizes flow analytics to capture anomalies and provide visibility to attacks. Its purpose is to identify the users, to assess compliance to policy of devices seeking access to the network, and to respond appropriately. Violations of posture, identity, or anomalous behavior can be enforced. Identity Posture Assessment Wireless Rogue Detection Flow Analytics TrustSec Corporate Device Web Wireless Guest Wireless Access Point Wireless Controller Corporate Device Distribution Co Firepower Appliance Router Employee Phone Firepower Appliance Environmental Controls Blade Server Communications Manager Endpoints Access Distribution C Services Figure 11 Access Layer

18 SAFE Architecture Guide Places in the Network: Secure Campus Attack Surface January Distribution Layer Wireless Access Point Wireless Controller Distribution Core Firepower Appliance Access Distribution Core Figure 12 Distribution Layer Distribution layers segregate the access layer from the services layer. These layers provide a distribution method of services that discretely separates business-based traffic into flows, and allows scale as employees are moved, added, or changed. Primary Capability Identity Flow Analytics Posture Assessment TrustSec

19 SAFE Architecture Guide Places in the Network: Secure Campus Attack Surface January Core Layer The core layer provides scale to the distribution blocks and connects them to the foundational security capabilities in the services layer. Primary Capability Flow Analytics TrustSec Web Wireless Controller Distribution Core Firepower Appliance Router Firepower Appliance Blade Server Communications Manager Distribution Core Services Figure 13 Core Layer

20 SAFE Architecture Guide Places in the Network: Secure Campus Attack Surface January Services Layer Web-based exploits are threat vectors that large campus populations need protection from. The services layer connects the Secure Campus to the data center via service providers. It connects the access and distribution layers inside the campus to the security and inspection capabilities that secure the separate business flows coming into and out of the campus. Depending on the size of the campus, some security controls are brought into the campus as appliances rather than being served centrally as a service. See the Appendix for proposed options. Primary Capability Foundational Services Firewall IPS Threat Intelligence Anti-Malware Identity Flow Analytics TrustSec Business-based Web Web VPN Application Visibility Control Core Firepower Appliance Router WIPS Wireless Rogue Detection Server-based Server-Based Blade Server Communications Manager Core Services Anti-Virus Anti-Malware Figure 14 Services Layer Cloud Host-based Firewall

21 SAFE Architecture Guide Places in the Network: Secure Campus Summary January Summary Today s companies are threatened by increasingly sophisticated attacks. Campuses are commonly targeted because they are susceptible to physical access and have a large mix of services across increasingly complicated devices. Cisco s Secure Campus architecture and solutions defend the business against corresponding threats. SAFE is Cisco s security reference architecture that simplifies the security challenges of today and prepares for the threats of tomorrow.

22 SAFE Architecture Guide Places in the Network: Secure Campus Appendix January Appendix A Proposed Design The Secure Campus has been deployed in Cisco s laboratories. Portions of the design have been validated and documentation is available on Cisco Design Zone. Figure 15 depicts the specific products that were selected within Cisco s laboratories. It is important to note that the Secure Campus architecture can produce many designs based on performance, redundancy, scale, and other factors. The architecture provides the required logical orientation of security capabilities that must be considered when selecting products to ensure that the documented business flows, threats, and requirements are met. Campus Design ATTACK SURFACE HUMAN DEVICES NETWORK APPLICATIONS WSA-S390-K9 AIR-CT5520-K9 Corporate Laptop AIR-AP3802e-x-K9 (QTY:3) Secure FP-AMP-LC UMBRELLA-SUB Host Firewall WIRELESS SSID:EMPLOYEE E0 E0 E0 E1 E0 E1 G0 G1/2 G2/2 G1/5 G2/5 G1/6 G2/6 C6807-XL Guest Device WIRELESS SSID:GUEST G0/11-13 T1/5 UMBRELLA-SUB WS-C FQ G0/1 G2/11 G2/3 G1/1 G2/1 T1/7 E1/4 ISR4431-K9 G0/21-44 G0/2 G2/12 T1/1-4 G2/1 C6807-XL FP4110-X T1/5 E1/1 E1/2 G3/0/1 G3/1/1 Secure Web FP-AMP-LC UMBRELLA-SUB Corporate Desktop P0 DATA VLAN AIR-CT5520-K9 E0 G0/1 FP2130-X T1/1-4 E1/8 E1/3 E0 G1/4 G1/1 WS-C XU-L Host Firewall T1/1-4 E1/8 E1/4 E1 G0/2 C6807-XL FP4110-X G2/4 G2/1 Corporate Computer CP-9951-C-K9 WS-C FQ G0/1 G2/11 T1/1-4 G2/1 T1/5 E1/1 E1/2 G3/0/1 G3/1/1 Secure Communications FP-AMP-LC UMBRELLA-SUB P1 DATA VLAN VOICE VLAN P0 G0/21-44 G0/2 G2/12 G2/3 T1/7 E1/3 E1/6 E1/6 ISR4431-K9 Host Firewall UCS-FI-6248UP G0/3 T1/5 E1/4 C6807-XL Building Controls E1/1-8 E1/1-8 E1/1-8 E1/1-8 Secure Third Parties VENDOR VLAN UCSB-5108-AC2 Business Use Cases Endpoints Access Distribution Core Services BUILDING BLOCK CORE BLOCK Figure 15 Secure Campus Proposed Design, part 1. The building block is connected to the core block.

23 SAFE Architecture Guide Places in the Network: Secure Campus Appendix January Campus Design with Additional Floors BUILDING ONE Secure Secure Web Secure Communications G0/1 G0/2 Secure Third Parties FLOOR BLOCK Secure G1/6 T1/5 T1/6 Secure Web E0 Secure Communications G2/13 T1/5 T1/6 Secure Third Parties Business Use Cases Endpoints Access Distribution Core Services BUILDING BLOCK CORE BLOCK Figure 16 Secure Campus Proposed Design, part 2 shows how multiple floors can be connected to the distribution layer.

24 Secure Secure Web Secure Communications Secure Third Parties Secure Secure Web Secure Communications Secure Third Parties Secure Secure Web Secure Communications Secure Third Parties Secure Secure Web Secure Communications Secure Third Parties SAFE Architecture Guide Places in the Network: Secure Campus Appendix January Campus Design with Additional Buildings BUILDING ONE BUILDING TWO BUILDING THREE Secure FLOOR BLOCK FLOOR BLOCK Secure Web Secure Communications Secure Third Parties FLOOR BLOCK BUILDING BLOCK Distribution BUILDING BLOCK Distribution Secure T1/5 T1/6 T1/7 Secure Web E0 T1/8 T1/8 Secure Communications T1/7 T1/5 T1/6 Secure Third Parties Business Use Cases Endpoints Access Distribution Core Services BUILDING BLOCK CORE BLOCK Figure 17 Secure Campus Proposed Design, part 3 illustrates multiple buildings connected to the core block.

25 SAFE Architecture Guide Places in the Network: Secure Campus Suggested Components January Suggested Components Table 2 SAFE Design Components for Secure Campus Campus Attack Surface Campus Suggested Cisco Components Human Users Identity Identity Services Engine Meraki Management Devices Endpoints Client-Based Advanced Malware Protection (AMP) for Endpoints Cisco Umbrella AnyConnect AnyConnect Agent Posture Assessment Identity Services Engine(ISE) Meraki Mobile Device Management Network Wired Network Firewall Firepower Appliance, Adaptive Appliance (ASA) Integrated Services Router (ISR) Intrusion Prevention Firepower Appliance (ASA) Integrated Services Router (ISR) Access Control + TrustSec Wireless Controller/Catalyst Centralized Identity Services Engine Wireless Network Wireless Rogue Detection Meraki Wireless Mobility Services Engines (MSE) Wireless Intrusion Prevention (WIPS) Wireless APs Wireless LAN Controller

26 SAFE Architecture Guide Places in the Network: Secure Campus Suggested Components January Table 2 SAFE Design Components for Secure Campus (Continued) Campus Attack Surface Campus Suggested Cisco Components Network (continued) Analysis Anti-Malware Advanced Malware Protection (AMP) for Endpoints Advanced Malware Protection (AMP) for Advanced Malware Protection (AMP) for Networks Advanced Malware Protection (AMP) for Web Stealthwatch Integrated Services Router (ISR) with Stealthwatch Learning Network (SLN) AMP ThreatGrid WAN Threat Intelligence Flow Analytics Web Cisco Collective Intelligence Talos Intelligence AMP ThreatGrid Cognitive Threat Analytics (CTA) Adaptive Appliance Catalyst es ISR with Stealthwatch Learning Network (SLN) Stealthwatch (Flow Sensor and Collectors) Wireless LAN Controller Firepower URL Web Appliance Umbrella Secure Internet Gateway (SIG) VPN Firepower Integrated Services Router (ISR) Aggregation Services Router (ASR) Adaptive Appliance (ASA)

27 Campus Attack Surface Campus Suggested Cisco Components Network (continued) Cloud Cloud Cisco Umbrella Secure Internet Gateway(SIG) Cisco Cloudlock DNS Cisco Umbrella Secure Internet Gateway (SIG) Cloud-based Firewall Cisco Umbrella Secure Internet Gateway (SIG) Software- Defined Perimeter (SDP/SD-WAN) AnyConnect Agent Cisco Viptela Meraki MX Web : Internet access integrity and protections. Firepower virtual URL Cisco Umbrella Secure Internet Gateway (SIG) Web Reputation/ Filtering: Tracking against URL-based threats. Web Appliance Cloud Web Meraki MX Cloud Access Broker (CASB) Cloudlock Applications Service Server-based Advanced Malware Protection (AMP) Cisco Umbrella For more information on SAFE, see Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not Return imply a to partnership Contents relationship between Cisco and any other company. (1110R)