思科无边界云安全解决方案讲解学习.ppt

1、Slide Title,Body Text,Second Level,Third Level,Fourth Level,Fifth Level,2009 Cisco Systems,Inc.All rights reserved.,Cisco Confidential,SODC by Weihang,*,2009 Cisco Systems,Inc.All rights reserved.,Cisco Confidential,*,SODC by Weihang,Slide Title,Body Text,Second Level,Third Level,Fourth Level,Fifth

2、Level,版权所有,2009 Cisco Systems,Inc.,保留所有权利。,*,2006 Cisco Systems,Inc.All rights reserved.,Cisco Confidential,Slide Title,Body Text,Second Level,Third Level,Fourth Level,Fifth Level,Slide Title,Body Text,Second Level,Third Level,Fourth Level,Fifth Level,版权所有,2009 Cisco Systems,Inc.,保留所有权利。,*,Slide Tit

3、le,*,Body Text,Second Level,Third Level,Fourth Level,Fifth Level,思科安全无边界网络架构及解决方案,支撑企业业务,创新的商业平台,Wind Wan,Borderless Network,议程,思科安全无边界网络架构,外联业务安全思科云火墙解决方案,内网业务安全思科攻击定位与响应解决方案,问与答,攻击威胁与防御体系的演进,有边界网络,-,无边界网络,过去,现在,集中计算,云计算,有边界网络,无边界网络,外部入侵,DDoS,内部木马僵尸利用,网络应用,内容数据,边界单点,全网多点,固定静态特征,移动动态变化,IT,行业,攻击威胁,防御

4、体系,传统的企业网络边界,企业网络边界,分支办公室,应用与数据,总部办公室,控制策略,攻击者,客户,合作伙伴,一个没有边界的网络已形成,企业网络边界,分支办公室,应用与数据,总部办公室,控制策略,攻击者,Home Office,咖啡店,客户,机场,合作伙伴,Platform,as a Service,Infrastructure,as a Service,X,as a Service,Software,as a Service,任何时间,任何地点,任何设备,任何资源,移动与协作、以及云计算,打破了企业数据中心边界,智能终端,/,移动用户,任何,人,无边界,数据中心,3,无边界,Internet

5、2,无边界终端用户,1,思科无边界网络安全,安全控制策略,企业网络边界,分支办公室,应用与数据,总部办公室,控制策略,(,访问控制,合法使用,恶意软件,数据安全,),4,Home Office,攻击者,咖啡店,客户,机场,合作伙伴,Platform,as a Service,Infrastructure,as a Service,X,as a Service,Software,as a Service,智能终端,/,移动用户,正确人员、正确终端、正确地点,正确时间、正确资源,无边界网络安全,从自防御网络,SDN,到安全无边界网络,SBN,自防御网络,SDN,安全无边界访问,把坏人阻挡在外,移

6、动安全,Mobility,Always On,安全无边界网络,SBN,策略,&,身份,受信任访问,Trust,云安全,Cloud,主机托管,/,混合托管,思科安全智能运营中心,Cisco SIO,防火墙,Firewall,访问控制,侵扰防御,IPS,防止攻击,内容安全,Content,邮件,&Web,思科安全架构核心,:,CSIO-Sensor,Base,SensorBase,全球覆盖,:,美国圣何塞,圣布鲁诺,澳大利亚,北卡罗莱纳和中国上海,来自中国互联网的安全数据占,17%,之多,实时采集全球,30%,的,IP,流量,主动防御,:,全面及时的安全防护体系联动,IPS,全球入侵防御系统；,A

7、SA,僵尸网络数据流过滤器；,病毒蠕虫爆发预防过滤器；,全球名誉度过滤器（,IPS,；邮件及,Web,）,准确可靠,:,源于思科全球安全设备及第三方机构信息采集,Email,URL,Signature,Domain,Botnet,思科无边界网络安全,-,实践,有边界内部网络,-,私有网络,自防御网络,SDN,：集成、自适应、协同,解决方案：,ASA/FWSM(virtual Firewall)+CSM/IPS +NAC,全网统一,:,动态防御,管理及可信网络管控,防御：,ScanSafe,、,SensorBase,管理：,TrustSec,可信架构,弹性架构防御,解决方案：动态目的检测、智能信

8、任报文；（云火墙,Anti-Botnet,、,SGT,）,可信终端,移动接入防御,解决方案：移动准入控制，接入感知；（,AnyConnect+NAC,）,可信数据,数据保护,解决方案：域内、域间信息加密及验证、,PN,、,SSL,感知；（,WAAS,、,MACSec,、,VPN,，,Netflow,）,可信资源,内容防御,解决方案：动态源检测、内容合规检测；（,IPS,Global Correlation,、,XML,Firewall,）,议程,思科安全无边界网络架构,外联业务安全,思科云火墙解决方案,内网业务安全,思科攻击定位与响应解决方案,问与答,IPS,Firewall/VPN,Anti

9、Maleware,保护每个数据包和数据流,ATD,自适应威胁防御实现,接入,突破,网络滥用,端口扫描,畸形数据包,应用滥用,停止服务,/Hacking,已知的攻击,被感染的流量,植入应用中的攻击,外联业务多功能防护需求,下一代防火墙：,主动防御僵尸网络，智能入侵防护,.,思科“云”火墙应对五大信息安全最新挑战,如何避免内部感染木马与僵尸网络潜伏,?,“云”火墙,Sensorbase,动态策略技术,如何阻断外部黑客攻击,?,IPS Global Correlation,全球信誉协防技术,如何划分,安全域与安全接入,?,虚拟防火墙技术与,xVPN,技术,如何实现内容安全与数据防泄漏,?,云火墙与

10、Ironport,邮件安全、,Web,安全网关,1,2,4,5,如何提高,Session,性能实效,?,Real World,性能，,IPS,硬件，,Session Reputation,3,一,.,防内部木马僵尸潜伏,Anti-Botnet,Infected Clients,ASA 5500 Series,扫描流量，端口，协议，恶意“回拨”流量,警示被感染客户端，清除木马僵尸流量,Malware Command&Control,Threat Protection,Botnet Traffic Filter on ASA 5500 Series,监控恶意流量,扫描全部流量，端口和协议,通过追

11、踪“回拨”流量发现被感染的客户端,高准确度,每周识别超过,10,万恶意连接,自动,DNS,地址查询,与,CSIO,实时连动,Infected Clients,Cisco ASA,Command and Control,Anti-Malware,二,.,防外部攻击入侵,IPS Global Correlation,2009 Cisco Systems,Inc.All rights reserved.,Cisco Confidential,16,Empowered Branch,Sensor Base,SIO,更新,协同,:,特征库,+,全球信誉关联,特点,:,鉴别新增的威胁种类,增加安全团队的工

12、作效率,Internet,攻击者不在现在数据库中,IPS,检查,signatures,结果是可疑攻击,威胁确认,执行阻断,Report Attack to SIO*,下载全球威胁数据,最新恶意攻击信息更新,未知攻击者,关联信息,:,特征数据,+,全球威胁数据,Cisco,IPS,Server,Client,Call Manager,全球协防,-,IPS Global Correlation,08:00 GMT,一个新恶意软件正在澳大利亚被发现,一个正在俄罗斯活跃的僵尸网络正在广泛的发送新内容,在韩国，一个病毒正在网络上肆虐,在佛罗里达，一个电脑黑客正在为主要的金融机构发送探通,08:15 GM

13、T,所有的,Cisco IPS,用户已经被保护，免于以上威胁的攻击,Collaborative IPS,遥感,全球一体化关联,先发制人的保护,Cisco IPS,比其他,IPS,技术提前两倍的时间发现威胁入侵,收集数十亿全球范围内的数据点,三,.,清理恶意,Session,，提高并发实效,Real World,性能，,IPS,硬件，,Session Reputation,Access Control,Granular Policy for Modern Networks,ASA,支持数十万条策略,能够基于接口或全局设定策略,强大的,NAT,引擎,Protocol Inspection,Powe

14、rful Network Security and Controls,Fragmentation and Obscured Content,Piggybacked Sessions,Overloaded Sessions,Source Address Verification,Sequence Randomization,Retransmitted Packets,Connection and Embryonic Limits,SYN Flood Protection,Checksum Testing,Malformed Packets and State Checks,TCP Window

15、Size Anomalies,Selective Resets and Timeouts,Dead Connections,规避,欺骗,拒绝服务,连接滥用,Anti-Evasion,Anti-Spoofing,Denial of Service Protection,Anti-Connection Abuse,四,.,安全域隔离,ASA,虚拟火墙,MSFC,云火墙,VRF,VRF,VRF,VRF,VRF,VRF,VFW,VFW,VFW,VFW,VFW,VFW,.,.,安全区,1,安全区,2,安全区,3,(,多个,VLAN,）,安全区,4,安全区,5,安全区,n,Server,Internet,

16、企业网,基于身份的准入控制,xVPN,工程师,合作伙伴,ASA,ASA,SW,技术部经理,RBAC,Destination,Source Groups,A,B,C,D,策略认证中心,Cut-Through,SSL VPN,SSL VPN,SSL VPN,互联网,SSL VPN,选择,Diverse EndpointSupport for Greater Flexibility,安全,Rich,Granular SecurityIntegrated Into the network,体验,Always-on IntelligentConnection for SeamlessExperience

17、 andPerformance,Secure Mobility,Web Security with Next Generation Remote Access,Acceptable Use,Access Control,Intranet,Corporate File Sharing,Access Granted,Data Loss Prevention,Threat Prevention,解决方案,:Secure Mobility,互联网出口安装,ASA+WSA,家庭,咖啡店,机场,接入点,INTERNET,应用,企业托管,SaaS,News,Email,AnyConnect Client,接

18、入设备,社交网络,Flexible Delivery,Appliance,Cloud&Hybrid,News,Email,Social Networking,Enterprise SaaS,Cisco Web Security Appliance,Information Sharing Between ASA and WSA,Corporate AD,ASA,AnyConnect,Anywhere+,(Transitioning to AnyConnect),思科下一代移动安全解决方案,永久在线,自动寻找最优接入点,自动识别设备当前所在的网络区域,应用控制,单点登录,五,.,内容安全与数据防泄

19、露,ASA,“云”火墙,-URL,、,IP,层面过滤,IronPort,网关,内容层面过滤,Content,Filter,Email,内容,Email/Web,策略制定,Content,Filter,Web,内容,ASA,云火墙,ESA,（硬件网关）,-Email,安全,硬件网关层面的邮箱防护,*防垃圾，防病毒，防攻击,邮件的政策性管理,*防泄密，备份等,邮件相关应用,*营销邮件，业务通知,*信用卡账单，话费账单等,邮件加密需求,WSA,（硬件网关）,-Web,安全,上网行为管理,上网加速缓存,防毒墙,思科信息安全架构,信誉度 邮件及,Web,安全,Web,安全,|,Email,安全,|,安全

20、管理,|,加密,邮件安全网关,互联网安全网关,安全管理设备,SensorBase,安全威胁数据库,应用安全网关,终端客户,阻挡来自互联网络的威胁,保护企业信息资产与信息丢失防护,集中安全管理与维护,Internet,邮件加密设备,Internet,客户本地的设备,用户体验,思科云火墙、,Web,云服务,企业网络云组件,Web,安全,Email,安全,IPS,入侵检测,7.0,具有防木马感染的,ASA,防火墙,ASR1000,的,WebEx,节点,ISR G2,可用服务模块,SRE,思科,AXP,弹性应用、,本地性能、安全法规遵从,广域网,企业,分支机构,思科,WebEx,协同云,全球协同邮件安

21、全,应用云,领先的实时安全情报中心,日均,50,亿次查询量,超过,150,个,Email,与,Web,参数,监控全球近,30%,流量,思科安全云服务,网络感知的云覆盖,Anyconnect,移动安全互联,Netflow v9,异常流量监控,ScanSafe,云服务,数据库,Sensorbase,Cisco ASA,Industrys Most Proven Firewall,Trusted,15+years of proven innovation,Broad portfolio of devices,Versatile,multi-service platform,Adaptive,Gran

22、ular policy enforcement,In-depth defense for todays highly collaborative environment,Leader in secure business connectivity,Cisco Adaptive Security Appliances,Granular Access Controls,Advanced Threat Protection,Secure Connectivity,Secure Unified Communications,Comprehensive Management,Summary,：,Cisc

23、o ASA 5500 Series,Comprehensive Solutions from Branch to the Data Center,Teleworker,Branch Office,InternetEdge,ASA 5550,(1.2 Gbps,36K conn/s),ASA 5505,(150 Mbps,4K Conn/s,),Cisco ASA 5500:Branch to the Data Center,Data Center,ASA 5540,(650 Mbps,25K conn/s),ASA 5520,(450 Mbps,12K conn/s),ASA 5510,(30

24、0 Mbps,9K conn/s,),ASA 5580-20,(5-10 Gbps,90K conn/s),ASA 5580-40,(10-20 Gbps,150K conn/s,),Campus,Cisco ASA 5500 Platforms,FWSM*,(5 Gbps),*PIX feature set,新产品发布：,Cisco ASA 5585,为数据中心设计的下一代防火墙,高性能,高可部署性,高安全性,业界最快的连接建立速度,最多的,VPN,数目,业界最优的防火墙、入侵防御和,VPN,的整合,云智能安全,永久在线的远程访问,部署灵活,领先的性能密度,领先的能耗比,Cisco ASA

25、5500 Series Portfolio,Comprehensive Solutions from SOHO to the Data Center,Multi-Service(Firewall/VPN and IPS),Performance and Scalability,Data Center,Campus,Branch Office,SOHO,Internet Edge,ASA 5585 SSP-60(35 Gbps,350K cps),ASA 5585 SSP-40(20 Gbps,200K cps),ASA 5585 SSP-20(10 Gbps,125K cps),ASA 558

26、5 SSP-10(4 Gbps,50K cps),ASA 5540(650 Mbps,25K cps),ASA 5520(450 Mbps,12K cps),ASA 5510(300 Mbps,9K cps),ASA 5505(150 Mbps,4K cps),ASA 5550,(1.2 Gbps,36K cps),ASA 5580-20,(10 Gbps,90K cps),ASA 5580-40(,20 Gbps,150K cps),NEW,NEW,NEW,NEW,Firewall and VPN Appliance,议程,思科安全无边界网络架构,外联业务安全,思科云火墙解决方案,内网业务安

27、全,思科攻击定位与响应解决方案,问与答,Infected Host,内部网络的复杂性,安全监控与响应的挑战,Action Steps:,Alert,Investigate,Mitigate,网络运营,安全运营,Security Knowledge-Base,总是太迟,Firewall,IDS/IPS,VPN,VulnerabilityScanners,AuthenticationServers,Router/Switch,Antivirus,10K Win,100s UNIX,Collect Network Diagram,Read and Analyze,TONS of Data,Repea

28、t,=Logs and Alerts,真实的攻击导致出现大量的独立警告事件,实时停止威胁传播,保护公司资产,如何快速准确定位与响应,安全攻击发生在,思科,Global Correlation IPS,Changing Network IPS to Global IPS,效率,2,倍于传统仅基于签名的,IPS,精确度,信誉分析的引入大幅降低误报率,及时,比传统基于签名的,IPS,快,100,倍以上对最新型的攻击开始拦截,Harnessing the Power of Cisco Security Intelligence Operations,Results Averaged Over Two

29、Week Period in Pre-release Deployments,Cisco SensorBase,Threat Operations Center,Dynamic,Updates,Security Infrastructure That Dynamically Protect Against the Latest Threats Through:,The Most Comprehensive Vulnerability and Sender Reputation Database,A Global Team of Security Researchers,Analysts,and

30、 Signature Developers,Dynamic Updates and Actionable Intelligence,Cisco Security Intelligence Operations,思科安全智能运营中心,CSIO,Cisco SensorBase,Threat Operations Center,Dynamic Updates,Powered by Global Correlation,Cisco Intrusion Prevention System,更精确的实时威胁防御,智能检测技术,Management and Operations,灵活、安全的平台,动态防护

31、应用保护,Cisco Security Intelligence Operations(SIO),方便的部署至现有网络,Easy Integration into any Network Topology,Virtual Sensors,Inline On-A-Stick,Flexible deployment,Inline or out-of-band,Inline“on-a-stick”,No rewiring of the network,Lower operational costs,Virtual sensors,Device consolidation,Policy flexib

32、ility,Mixed-mode deployment,Inline and out-of-band,Prevent Future Attacks,Dashboard RSS feeds inform operators of widespread threats,Over 150 customizable report templates keep operators up to date on threats,Reports include“attacks prevented”and“malware discovered,”,See the Threat,Powerful event fi

33、ltering and customizable color coding reduces network noise,IPS,事件管理,Reporting and Event Management Hasten Response,CS-MARS report view,IPS Manager Express(IME)dashboard,Understand the Threat,Easily link directly to Cisco IntelliShield to find vulnerability patches,Performance,Cisco Security Managem

34、ent,-CSM,Capabilities to Match Your Network Demands,IPS Device Manager,Single Device Manager,Event Management,Configuration,Health and Performance,License Management,$27,$55,$95,$150,$125/$50,IPS Manager Express,SMB Multi-Device Manager,Reporting,Event Store,Event Management,Configuration,Health and

35、 Performance,License Management,CS-Manager,Enterprise SDN Management,Threat ID and Resolution,Reporting,Event Store,Event Management,Configuration,Health and Performance,License Management,Summary,：威胁防御与响应系统,先知先觉，主动防御,快速获知安全攻击事件,清晰描绘攻击路径,准确定位攻击源头,直接提供安全修复方案,安全知识,Security knowledge base,统一的安全信息预警中心,风

36、险评估,Risk Assessment,网络运营,安全运营,快速响应,Cisco IPS Product Portfolio,IOS IPS,IPS AIM and NME,Small,Medium,Large,Organization Size,ASA5510-AIP10,ASA5520-AIP10,ISR,ASA5510-AIP20,ASA5520-AIP20,ASA5540-AIP20,IPS 4240,IPS 4255,IPS 4260,ASA 5500 Series,IPS 4200 Series,Catalyst 6500,Appliance,Switch-Integrated,Branch,Multi-Service,IPS 4270,IDSM2,Catalyst 6500 IDSM2 bundle,ASA5540-AIP40,ASA5540-AIP40,