Presented by: Charles Ponton

1
VCCS Network Security

• Presented by Charles Ponton
• Advanced Technology Lead Engineer
• cponton_at_vccs.edu
• 804-819-4989

2
Topics

• VCCS Network Security Model
• http//www.vccs.edu/its/models/NetworkInfrastureSe
  curityModel.htm
• Security Products
• VCCS documentation
• Securing Edge Devices
• Firewalls

3
VCCS Network Security Model

• History
• Firewalls single point of network security
• Full meshed environment with SVCs
• VCCS Independent internet access for each
  college campus
• Separating system into 44 separate networks
• Increased applications
• Open access
• Remote
• wireless

4
VCCS Network Security Model

• Development of Security Model
• Applications supported
• Risk assessment
• Business impact if compromised
• Placement of servers
• Who needs access and where.
• Availability of services
• Standards compliance
• VITA ITRM Standard SEC2001-01.1

5
VCCS Network Security Model
6
VCCS Network Security Model

• Three (3) Security Access levels
• Open Access (Internet)
• Web applications
• Controlled Access (Intranet)
• Customer ID and password required for access
• Secured Access
• Customer ID and password required for access
• Sensitive data stored

7
VCCS Network Security Model

• Four (4) Functional protection areas
  subcategory of each access level.
• Firewall appliance
• Router
• Switch
• Server

8
VCCS Network Security Model

• Open Access (Internet)
• Firewall appliance may or may not be required
• Router
• IDS network module
• Cisco firewall IOS
• ACLs ( Access Control Lists) VCCS guidelines
• Switch may or may not be required

9
VCCS Network Security Model

• Open Access (Internet) contd
• 4. Server
• Backup files
• Redundant server
• Personal firewall on server
• IDS
• Anti-virus software (anti-spyware)
• Maintain security patches!

10
VCCS Network Security Model

• Controlled Access
• Firewall appliance may or may not be required
• Router
• IDS network module
• Cisco firewall IOS
• ACLs ( Access Control Lists) VCCS guidelines
• Switch
• ACLs optional
• VLANs segregate network traffic

11
VCCS Network Security Model

• Controlled Access (contd)
• 4. Server
• Backup files
• Redundant server
• Personal firewall on server
• IDS
• Anti-virus software (anti-spyware)
• Maintain security patches!
• Authentication

12
VCCS Network Security Model

• Secured Access
• Firewall appliance required
• IDS appliance - optional
• Router
• IDS network module
• Cisco firewall IOS
• ACLs Access control lists
• Switch
• ACLs
• VLans

13
VCCS Network Security Model

• Secured Access (contd)
• Server
• Personal Firewall
• IDS
• Anti-virus
• Security Patches
• Authentication

14
VCCS Network Security Model

• Application filtering
• Filter specific content, i.e, P2P, gaming
  applications, and etc.
• Call Managers
• Call manager CSA (Cisco Security Agent)

15
VCCS Network Security Model

• Wireless Security
• Physical Security
• APs within physical boundary of bldg.
• Places where they are not easily accessed
• AP configuration
• Change default SSID
• Enable WEP (minimum 128-bit)
• Security patches (wireless laptops or desktops)
• MAC ACLs
• Authentication

16
VCCS Network Security Model

• Wireless Security (contd)
• Proposed standard from VITA ITRM Standard
  SEC501-01

17
Security Products

• Cisco MARS ( Monitoring, Analysis and Response
  System)
• Cisco CCA ( Cisco Clean Access)

18
Security Products

• Cisco MARS
• Transforms raw network and security data into
  actionable intelligences used to identify and
  defend against real security incidents and
  maintain corporate compliance

19
Introducing Cisco Security Monitoring, Analysis
Response System (CS-MARS)

• CS-MARS transforms raw network and security data
  into actionable intelligence used to subvert real
  security incidents, as well as maintain corporate
  compliance
• Network-intelligent correlation
• Incident validation
• Attack visualization
• Automated investigation
• Leveraged mitigation
• Compliance management
• High performance
• Low TCO

20
CS-MARS Know the Battlefield

• Gain Network Intelligence
• Topology, traffic flow,
• device configuration,
• and enforcement devices
• ContextCorrelation
• Correlates, reduces and categorizes events
• Validates incidents

21
CS-MARS Command and Control
22
Security Products

• Cisco Clean Access

23
Cisco Clean Access
Before allowing users onto the network, whether
its a local, remote, wired or wireless, Clean
Access

• Recognizes
• Users, device, and role (guest, employee,
  contractor)
• Evaluates
• Identify vulnerabilities on devices
• Enforces
• Eliminate vulnerabilities before network access

RECOGNIZES
ENFORCES
EVALUATES
24
Cisco Clean Access Components

• Cisco Clean Access Server
• Serves as an in-band or out-of-band device for
  network access control
• Cisco Clean Access Manager
• Centralizes management for administrators,
  support personnel, and operators
• Cisco Clean Access Agent
• Optional lightweight client for device-based
  registry scans in unmanaged environments
• Ruleset Updates
• Scheduled automatic updates for anti-virus,
  critical hotfixes and other applications

25
Pre-Configured Clean Access Checks
Custom Applications Cisco Secure Agent Anti
Spyware P2P. . . etc.

• Critical Windows Update
• Windows XP,2000, 98, ME
• Anti Virus Vendors    
•  

26
VCCS Documentation

• Securing Edge Devices
• Securing Edge Devices Guidelines v3.1
• Firewalls
• Firewall Guidelines v1.0

27
(No Transcript)
28
(No Transcript)