Secure Mobility. Klaus Lenssen Senior Business Development Manager Security

Similar documents
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Cisco Passguide Exam Questions & Answers

Cisco Network Admission Control (NAC) Solution

Cisco AnyConnect Secure Mobility Solution. György Ács Regional Security Consultant

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

Cisco CISCO Securing Networks with ASA Advanced. Practice Test. Version

Enterprise Guest Access

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1

Cisco s AnyConnect VPN Client (version 2.4)

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Cisco Virtualization Experience Media Engine Overview

Managing WCS User Accounts

CCNP Security VPN

SASSL v1.0 Managing Advanced Cisco SSL VPN. 3 days lecture course and hands-on lab $2,495 USD 25 Digital Version

Support Device Access

Cisco AnyConnect Secure Mobility Client

Managing NCS User Accounts

SSL VPNs or IPsec VPNs The Challenges of Remote Access. February 2 nd, 2007 Chris Witeck- Director of Product Marketing

Managing WCS User Accounts

Support Device Access

NetMotion Mobility and Microsoft DirectAccess Comparison

Systems Manager Cloud-Based Enterprise Mobility Management

SAS and F5 integration at F5 Networks. Updates for Version 11.6

Pulse Policy Secure X Network Access Control (NAC) White Paper

Solution Architecture

BYOD: BRING YOUR OWN DEVICE.

Aventail ST2 SSL VPN New Features Guide

Deployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1

New Features for ASA Version 9.0(2)

Wireless and Network Security Integration Solution Overview

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

Exam A QUESTION 1 An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales de

Cisco Secure Desktop (CSD) on IOS Configuration Example using SDM

Provide One Year Free Update!

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Partner Webinar. AnyConnect 4.0. Rene Straube Cisco Germany. December 2014

Reviewer s guide. PureMessage for Windows/Exchange Product tour

ONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013

1100 Dexter Avenue N Seattle, WA NetMotion Mobility Architecture A Look Under the Hood

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

Cisco NAC Network Module for Integrated Services Routers

Wireless LAN Solutions

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

ISE Primer.

Configuring Network Admission Control

Cisco NAC Appliance Agents

TECHNOLOGY Introduction The Difference Protection at the End Points Security made Simple

Networks with Cisco NAC Appliance primarily benefit from:

Cisco Questions & Answers

Configure Client Posture Policies

Standard For IIUM Wireless Networking

Deploying Cisco ASA VPN Solutions v2.0 (VPN)

PCI DSS Compliance. White Paper Parallels Remote Application Server

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Configure Posture. Note

Setting Up Cisco SSC. Introduction CHAPTER

Cisco Security Solutions for Systems Engineers (SSSE) Practice Test. Version

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Borderless Networks. Tom Schepers, Director Systems Engineering

vshield Administration Guide

Secure Access - Update

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

ASACAMP - ASA Lab Camp (5316)

What Is Wireless Setup

Clientless SSL VPN Overview

Firepower Threat Defense Remote Access VPNs

Comodo Endpoint Security Manager Professional Edition Software Version 3.3

Firewalls for Secure Unified Communications

Cisco Actualtests Exam Questions & Answers

Cisco Exactexams Questions & Answers

Vendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo

Training UNIFIED SECURITY. Signature based packet analysis

REMOTE ACCESS IPSEC. Course /14/2014 Global Technology Associates, Inc.

Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

Pulse Secure Desktop Client

The SonicWALL SSL-VPN Series

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

Cisco AnyConnect Secure Mobility & VDI Demo Guide

ExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you

Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy

Managing WCS User Accounts

Cisco Desktop Collaboration Experience DX650 Security Overview

Contents. Introduction. Prerequisites. Requirements. Components Used

Cisco Identity Services Engine (ISE) Mentored Install - Pilot

Deployment of Cisco IP Mobility Solution on Enterprise Class Teleworker Network

Aventail Connect Client with Smart Tunneling

Cisco EXAM Implementing Cisco Unified Wireless Networking Essentials (IUWNE) Buy Full Product.

Cisco ISE Features Cisco ISE Features

Network Admission Control

PSEG SSL VPN USER GUIDE

Configuring Network Admission Control

Security in Bomgar Remote Support

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Secure Access Solutions. Version: Demo

Guest Access User Interface Reference

Configure Client Posture Policies

Transcription:

Secure Mobility Klaus Lenssen Senior Business Development Manager Security KL Secure Mobility 2008 Cisco Systems, Inc. All rights reserved. Cisco public 1

Complete Your Online Session Evaluation Please complete the online evaluation under www.cisco.at/expo2008/feedback The first 100 to complete the survey will receive a copy of Don Tapscott s book Wikinomics. We very much appreciate and value your feedback, many thanks! 2

Business in Motion Increasing User Mobility Agile business for competitive advantage Proliferation of Mobile Devices Expanded Business Ecosystem Mobilizing Business Applications Evolving to the Mobile Business 3

Business Mobility Requirements Differ from Consumer Mobility Secure, manage and audit device usage/policies/access Integrate multiple networks from personal to private to public Enable applications to securely access information across multiple networks Enforce role-aware user experience irrespective of connection Anytime, Anywhere over Any Network: Not exactly. rather Right Application, Right User, Right Policies 4

Unified Secure Access Authentication Encryption Enforcement True IPsec Mobile SSL DTLS Clientless SSL 5

Cisco Security on iphone Cisco VPN technology Integrated in iphone Secure intranet access Critical applications Cisco ASA and PIX 6

For End-Users, Seamless Access Anywhere Personalized application and resource access Personalized homepage Localizable, RSS feeds, personal bookmarks, etc. Delivers web-based and traditional applications Sophisticated web and other applications delivered seamlessly to the browser SAML Single Sign-On (SSO) verified with RSA Access Manager Intuitive user experience Drag and Drop file access and webified file transport Delivers key applications beyond the browser Smart Tunnels deliver more applications without admin privileges 7

For End-Users, Access for All Applications Cisco AnyConnect VPN Client for secure remote productivity Extends the in-office experience LAN-like full-network access, supports latency sensitive apps like voice (via DTLS transport) Access across platforms Windows 2K / XP (x86/x64) / Vista (x86/x64) Mac OS X 10.4 & 10.5, Linux Intel Windows Mobile 5 Pocket PC Edition (Coming soon) Always up to date Remotely installable and configurable to minimize user demands No-hassle Connections No reboots required Stand-alone, Web Launch, Portal Connection Start Before Login (2K/XP) MSI Windows Pre-installation package 8

For End-Users, Access for All Applications Datagram Transport Layer Security (DTLS) Limitations of TLS (HTTPS/SSL) with SSL VPN tunnels TLS is used to tunnel TCP/IP over TCP/443 TCP requires retransmission of lost packets Both application and TLS wind up retransmitting when packet loss is detected. DTLS solves the TCP over TCP problem DTLS replaces underlying transport TCP/443 with UDP/443 DTLS uses TLS to negotiate and establish DTLS connection (control messages and key exchange) Datagrams only are transmitted over DTLS Other benefits Low latency for real time applications DTLS is optional and will automatically fallback to TLS (HTTPS) 9

Unique Security Challenges on the Endpoint SSL VPN Brings New Points of Attack Supply Partner Extranet Machine Employee at Home Unmanaged Machine Remote User Customer Managed Machine Before SSL VPN Session Who owns the endpoint? Endpoint security posture: AV, personal firewall? Is malware running? During SSL VPN Session Is session data protected? Are typed passwords protected? Has malware launched? Post SSL VPN Session Browser cached intranet web pages? Browser stored passwords? Downloaded files left behind? 10

Cisco Secure Desktop (Secure Vault) How it Works Step One: A user on the road connects with the concentrator and the Cisco Secure Desktop is pushed down to the endpoint automatically. Step Two: An encrypted sandbox or hard drive partition is created for the user to work in Step Three: The user logs in Step Four: At Logout the Virtual Desktop that the user has been working in is eradicated and the user is notified Cisco Clientless Secure Note: CSD download and eradication is seamless to the user. If the user forgets to terminate the session autotimeout will close the session and erase session information SSL Desktop VPN www ASA 5500 Employee- Owned Desktop 11

Comprehensive EndPoint Security Cisco Secure Desktop (CSD) now supports checking for hundreds of pre-defined products, updated frequently Anti-virus, anti-spyware, personal firewall, and more Administrators can define custom checks including running processes Posture policy presented visually to simplify configuration and troubleshooting (Pre-login sequence and Dynamic Access Policies) Cisco Secure Desktop consists of four features: Host Scan (Windows) Advanced Endpoint Assessment provides remediation and periodic rechecking capabilities (licensed option) Secure Vault (Windows 2K/XP) Cache Cleaner (Windows, Mac OS X, and Linux) 12

Cisco Secure Desktop Pre-login Decision Tree Supported Checks Registry check File check Certificate check Windows version check IP address check Leaf Nodes Login denied Location Subsequence Visual policy simplifies administrative configuration 13

Comprehensive EndPoint Security Dynamic Access Policies (DAP) The Dynamic Access Policy (DAP) is defined as a collection of access control attributes associated with a specific tunnel or session. The DAP is dynamically generated by selecting and/or aggregating attributes from one or more DAP records. The DAP records are selected based on the endpoint security information of the remote device and/or the AAA authorization information of the authenticated user. DAP will be generated and then applied to the user s tunnel or session. 14

Cisco SSL VPN Summary Simple and Secure Access from Anywhere Broad access from anywhere User-friendly interfaces World-class security Flexible, controlled access options Intuitive management Fully integrated with the Cisco Self-Defending Network www.cisco.com/go/sslvpn 15

Secure Guest Access KL Secure Mobility 2008 Cisco Systems, Inc. All rights reserved. Cisco public 16

The Enterprise Hotspot Enterprises are the most important hotspot destination for business partners in a connected world. Provide network access to visitors Presents a professional and secure access to visitors Enable improved productivity from vendors and contractors Strengthen collaboration between employees and partners Provide Guest Access in a seamless, secure manner 17

Guest Access Considerations Ease of use Integration with network infrastructure Auditing and accountability Cost Provisioning of user accounts Receptionist, help desk, any user Reduce infrastructure upgrades Avoid parallel network infrastructure Know who is doing what Know who created which account Cost of implementation Cost of ongoing management 18

Delivering Guest Access Cisco NAC Guest Server Unites guest access functions Account Creation Please enter username: Audit & Reporting NAC Guest Server Network Access 19

Four Key Components of Guest Access SPONSOR The internal user who wants to be able to provide internet access to their guest NAC GUEST SERVER Enables sponsor to create guest account; audits; provisions account on network enforcement device NETWORK ENFORCEMENT DEVICE Web re-direction, authentication and provides access. Wireless LAN Controller or NAC Appliance GUEST The visitor who needs network access (usually internet only, but could be more) 20

Managing the Guest User Lifecycle PROVISIONING SMS Email Print-out NOTIFICATION MANAGEMENT REPORTING 21

Provisioning Who should create user accounts? Receptionist/Lobby Ambassador IT Security Managers Anyone NAC Guest Server lets you choose based upon your security policy Allowing anyone to create accounts provides increased usage and will be just as secure Reduced Cost Full Audit Trail Speed of access Ease of use 22

Summary Providing Guest Access brings increased Collaboration Productivity Cost Savings Security is paramount Accountability Audit Cisco NAC Guest Server integrates Guest Access Ease of Provisioning Network Integration Audit and Reporting Audit & Reporting Account Provisioning NAC Guest Server Unifies guest access across Cisco NAC Appliance and Cisco Wireless LAN Controllers Network Access 23

Cisco Secure Services Client 5.1 KL Secure Mobility 2008 Cisco Systems, Inc. All rights reserved. Cisco public 24

Network Architecture Extensive 802.1X authentication and encryption (EAP, WPA2, etc.) prevents unauthorized users from accessing the network Cisco WCS Cisco ACS Cisco Client Config Tool/SMS Cisco WLAN Controller Cisco Secure Services Client Cisco Access Point Catalyst Switch 802.1X/EAP 802.1X/EAP 25

Introducing Cisco Secure Services Client Secure and Managed Connectivity to Wired and Wireless Networks Client Services: Mobility, Security, Management, Identity & Cisco Compatible Extensions Key Features: 802.1X authentication for wired and wireless devices Broad support for encryption and authentication standards Target Customers: Enterprises with wired and wireless devices 26

Single Client for Uniform Security & Services Cisco Solution Support: Network Admission Control Cisco Secure ACS Identity Based Network Security Cisco Unified Wireless Network SSC Cisco Secure Services Client Features Unified wired and wireless client Support for industry standards Endpoint integrity Single sign-on capable Enabling of group policies Administrative control Benefits Reduces client software Simple, secure device connectivity Minimizes chances of network compromise from infected devices Reduces complexity Restricts unauthorized network access Centralized provisioning 27

Drivers for Cisco Secure Services Client What End Users want Intuitive - Easy to configure & use Immediate access to network without intervention Connectivity at office, home and public hotspots Status at a glance Balancing the Needs of End Users and IT Administrators Secure Services Client 5 What IT Administrators need Adhere to enterprise security policies No user tampering - No override Easy to Manage Easy to Deploy Manage from the tray icon No Wireless When Wired 28

Simple User Interface Most user interaction done from the tray icon Users manage home and roam profiles - IT manages office profile Users are unable to override the office profile All deployed profiles are locked 802.1X profiles are deployed and not configurable by the user Two Click Connect to an open beaconing access point - Eliminates the need for the insecure and cumbersome "ANY" SSID 29

Campus Settings Moving from building to building Walking outside Enclosed walkways Driving Laptop Fully powered, suspended or hibernating Goal - Resume connection without having to re-enter credentials but do not keep sessions overnight 30

No Wireless When Wired Prefer wired when in automatic mode Override with manual mode One connection at a time 31

Home / Open Hotspot VPN Not Active VPN Active Automate the user experience set it up once Automatically connect to the SSID (open, WPA- Personal, etc.) Prompt for VPN credentials and connect without requiring the user to open the VPN Client Remember the VPN credential until logout 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback