(kiseo@cisco.com) Cisco Systems Korea 2008 Cisco Systems, Inc. All rights reserved. 1
Agenda 2008 Cisco Systems, Inc. All rights reserved. 2
2008 Cisco Systems, Inc. All rights reserved. 3
Threats Are Becoming Increasingly Difficult to Detect and Mitigate Financial: Theft and Damage reat Sever rity Th Fame: Viruses and Malware Notoriety: Basic Intrusions and Viruses 1990 1995 2000 2005 2007 2010 2008 Cisco Systems, Inc. All rights reserved. 4
Writers First-Stage Abusers Middle Men Second-Stage Abusers End Value Tool Writers Hacker or Direct Attack Fame Malware Writers Worms Viruses Trojans Spyware Machine Harvesting Information Harvesting Internal Theft Abuse of Privilege Compromised Host and Application Botnet t Creation Botnet Management Personal Information Information Brokerage Extortionist DDoS for Hire Spammer Phisher Pharmer/DNS Poisoning Identity Theft Theft Espionage Extortion Commercial Sales Fraudulent Sales Click Fraud Electronic IP Leakage Financial Fraud 2008 Cisco Systems, Inc. All rights reserved. 5
Source: 2007 CSI Survey 2008 Cisco Systems, Inc. All rights reserved. 6
, DDoS 2008 Cisco Systems, Inc. All rights reserved. 7
2008 Cisco Systems, Inc. All rights reserved. 8
Training and Staffing Policy Implementation Configuration Configuration and and Management Management Event Sharing and Collaboration Event Sharing and Collaboration Threat Intelligence Threat Intelligence URL URL Filter Filter Host Host IPS IPS Web Web Application Fi Firewall Network Network IPS IPS NAC NAC Fi Firewall IPs IPsec VPN VPN SSL SSL VPN VPN AV AV Gateway XML XML Fi Firewall Se Security Ma ment ment Spam Spam Manage- Ga Gateway Integration ti Into the Network Infrastructure t 2008 Cisco Systems, Inc. All rights reserved. 9
SDN Integrated Adaptive Collaborative Network Security Endpoint Security Content Security Application Security Firewall N-IDS / IPS Router Switch Anti-Virus Anti-Spyware H-IPS Access Control Anti-Phising Content Filtering Email Security XML F/W Application F/W Traffic T Control Virus Prevention Malware Ml Prevention App. A Attack Prevention Worm Prevention ACL L2 Security Host Protection Network Admission Control URL Filtering Anti-Spam Data Loss Prevention XML Packet Inspection 2008 Cisco Systems, Inc. All rights reserved. 10
Port 25 Port 80 Content Security Network Security Locked the Network Doors, but E-Mail and Web Stayed Open 2008 Cisco Systems, Inc. All rights reserved. 11
75% Custom Web Applications Customized Packaged Applications Internal and Third-Party Code Business Logic and Code Network Firewall IDS/IPS Web Servers Operating Systems Application Servers Operating Systems Network Database Servers Operating Systems 50% of enterprises and government agencies are using XML, Web services or SOA. Source: Gartner XML accounted for 15% of internet traffic in 2005. By 2008, it is expected to account for 50%. Source: 451 Group 2008 Cisco Systems, Inc. All rights reserved. 12
2008 Cisco Systems, Inc. All rights reserved. 13
0111111010101000100001000100111110 ACL Firewall RFC2827 urpf CoPP NetflowN L2 Security IP TCP/UDP C / N-IDS / IPS Application Recognition (NBAR) Flexible Packet Matching (FPM) F/W w/ App. Engine Content C t t Security XML F/W App. F/W DDoS Solution H-IPSH Email Security DNS Safeguard Worm Packet Inspection App. Attack DDoS Protection Prevention Malformed App. Protection Data Loss Prevention 2008 Cisco Systems, Inc. All rights reserved. 14
, Application Inspection Content Security ASA 5500 Series Cat6K Sup32-PISA ACE XML Firewall ACE Application Firewall IronPort S Series (Web Security) IronPort C Series (Email Security) Endpoint Security NAC Appliance Cisco Security Agent (CSA) DDoS Attack Prevention Guard and Detector 2008 Cisco Systems, Inc. All rights reserved. 15
2008 Cisco Systems, Inc. All rights reserved. 16
: Guard Internet ASA 5500 Detector t CSA IronPort S Series DMZ IronPort C Series ACE XML Firewall ACE App. Firewall Campus 2008 Cisco Systems, Inc. All rights reserved. 17
: CSA Access Switch Security Distribution NAC Appliance Cat6K Sup32-PISA NBAR FPM 0111111010101000100001000100111110 Core Switch Security 2008 Cisco Systems, Inc. All rights reserved. 18
: Core Switch Security Aggregation Switch Security XML Firewall App. Firewall Access Detector Switch Security CSA 2008 Cisco Systems, Inc. All rights reserved. 19
2008 Cisco Systems, Inc. All rights reserved. 20
2008 Cisco Systems, Inc. All rights reserved. 21