© 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow Cisco VPN Partner Technical Development Module 1 : VPN and Product Overview APAC Channels Technical Operations © 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow Agenda • Security Concerns • Cisco Security • VPN Overview • VPN Product Overview – IOS Routers – PIX Firewall – 3000 Concetrator – VPN Client • VPN Positioning • Easy VPN Overview © 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow Security Concerns Why is security concern increasing, and how is the market status? © 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow Networks Of The 90’s PSTN Frame Relay X.25 Leased Line Mobile User Mobile User Branch Branch Office Office PSTN Closed Network Closed Network Telecommuter Telecommuter Most security devices were designed to secure networks like this © 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow The Problem Most security tools were designed for simple, static networks Single-solution companies, built reputations as “security providers” with simple access- control devices These single-point technologies became the default security solution (a “cure-all”) Networks have changed, and today there are serious drawbacks to relying on “overlay” products to protect sophisticated networks © 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow Security Product Vendors Most security vendors sell a limited set of legacy* security solutions – “one-trick ponies” Those products are often marketed as network security “solutions” But the TRUTH Is: •Legacy solutions have limited network intelligence, and cannot support most network services or technologies •Implementing single solutions leaves gaping security holes in the network •Over-confidence in these solutions may be a major reason why companies are broken into repeatedly *Legacy: Something handed down from the past. In security, relying on a single tool in a single place to provide all security – i.e. a firewall which does not support network services © 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow The Network Today © 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow The Security Threat is Real Connected to www.test.com www.test.com l$$$$l [ design by j0hnny7 / zho-d0h ] l$$$$l l$$$$l .,g%T$$b%g,. .,g%T$$$T%y,. .,g%T$T%y,.l$$$l l$$$l .glS$$$$Slyl$$$$' '$$$$lg$$$T' '$$$$ll$$$$' '$$$$l$$$l.,gdT$'l$$$l,gl$$$lp,. l$$$$$$$$$$l$$$$ $$$$l$$$$$ ' 'l$$$$ $$$$l$$$$T"~'' l$$$llll$$$lllll '"lT$$$$Tl"l$$$$ $$$$l$$$$$ l$$$$ $$$$l$$$$Tbg. l$$$l'"l$$$l"' l$$$$l l$$$$. ,$$$$l$$$$$ l$$$$ $$$$l$$$l~"$Tp._l$$$l l$$$l l$$$$l ~"$TbggdT$"~ ' ' ' ' ` " ' ' " ' l$$$l l$$$$l .,. ::' there is no stopping, what can't be stopped '' ' `$$$$Tbg.gdT$ ` ' [ version 6.66 2308200 torn@secret-service.co.uk ] -| Ok a bit about the kit Version based on lrk style trojans -| made up from latest linux sources special thanks to -| k1ttykat/j0hnny7 for this -| First rootkit of its kind that is all precompiled and yet allows -| you to define a password password is stored in a external encrypted -| file. The trojans using this are login/ssh/finger -| This kit was designed with the main idea of being portable and quick -| to be mainly used for mass hacking linux's, hence the precompiled bins. -| Usage : ./t0rn <password> <ssh-port> © 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow Today’s Threats Attackers take advantage of these new, complex networks and sophisticated services In this environment, Everything is a target: •Routers, Switches, Hosts, Networks (local and remote), Applications, Operating Systems, Security Devices, Remote Users, Business Partners, Extranets, etc. Threats to today’s networks are not addressed by legacy security vendors or solutions In fact, there is no single security device which can protect all of these targets © 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow Business Continuity: How Much Down-Time Can You Afford? $1,107,274 $1,107,274 Retail Retail $1,202,444 $1,202,444 Insurance Insurance $1,344,461 $1,344,461 Information Technology Information Technology $1,495,134 $1,495,134 Financial Institutions Financial Institutions $1,610.654 $1,610.654 Manufacturing Manufacturing $2,066,245 $2,066,245 Telecommunications Telecommunications $2,817,846 $2,817,846 Energy Energy Revenue/Hour Revenue/Hour Industry Sector Industry Sector Revenue loss Customer dissatisfaction Lost productivity Brand dilution Legal liability Financial performance Source: Meta Group 11/2000 [...]... Systems, Inc All rights reserved VPN Roadshow IPsec VPN Portfolio Campus VPN Switches • Infrastructure VPNs • Multi-service single device Cat6500 /VPN Multi-Purpose VPN Routers Multi• Multi-service VPNs • Very extensible 7200 /VPN ‘Olympus’ 3700 /VPN Price 3600 /VPN 2600 /VPN 17 00 /VPN 800 /VPN PIX5 01 740 0VPN 710 0VPN PIX 515 PIX506 VPN3 000 Dedicated VPN Routers • Multi-service VPNs • Full routing • “Appliance”... Reported US$ Lost / Year Virus Incident 390 61% 68 $16 2,000 $10 ,000,000 Email Intrusion (eg Spamming) 18 3 29% 12 $16 ,000 $200,000 Loss of s/w 10 2 16 19 $10 4,000 $3,000,000 Website Intrusion (eg Hacking) 79 12 84 $32,000 $200,000 Critical System Failure 79 12 80 $15 5,000 $4,000,000 Loss of Confidential Data 35 5 18 $19 7,000 $1, 500,000 Tampering on I/O 23 4 14 $14 ,000 $10 0,000 Source: KPMG 2002 Information... Server CiscoWorks— VPN/ Sec Mgmt Solution CiscoSecure Policy Manager Web Device Managers VPN Roadshow Secure management and policy Identity Intrusion services protection Secure connectivity and extended perimeter security Cisco SMB Security and VPN Portfolio Site-to-site VPN/ firewall routers 800 PIX firewall and VPN appliances 5 01 Remote access VPN VPN 3002 17 00 506E VPN 3005 VPN 3 015 Identity appliances... technical support anywhere VPN Family VPN 3000 Concentrators IOS VPN Routers PIX Firewall © 2003, Cisco Systems, Inc All rights reserved Large Enterprises Medium Enterprises Small/Branch Office SOHO 3080 3060 7200 710 0 535 525 3060 3030 3600 3 015 3005 2600 17 00 506 3002 VPN Client 800 900 5 01 515 VPN Roadshow IDS Portfolio Solution Breadth Network Sensor 4 210 4235 Switch Sensor IDSM -1, IDSM-2 Host Sensor... points PIX525 VPN Appliances • Specialized VPN device • Limited or no routing & services • Very competitive price points VPN Performance © 2003, Cisco Systems, Inc All rights reserved VPN Roadshow IPsec VPN Deployment Options Complete end-to-end solution for all applications Not only one type of VPN device, but all product types Best VPN Client software for all popular platforms Full-featured VPN integrated... rights reserved 3600 515 E Intrusion detection systems Network sensor Management portfolio for SMB segment 2600 Switch sensor Host sensor 3700 7xxx 525 VPN 3030 535 VPN 3060 VPN 3080 Router sensor Firewall sensor Cisco Access Control server Cisco SNMS Embedded Device Managers for security devices VPN/ Security Management Solution VPN Roadshow 27 Firewall Portfolio Firewall Services Module PIX Firewall... networking – with no impact on performance © 2003, Cisco Systems, Inc All rights reserved VPN Roadshow Portfolio Overview Q : What are the examples of the network security methods/Tools? © 2003, Cisco Systems, Inc All rights reserved VPN Roadshow Cisco’s Broad Security Product Portfolio Secure Connectivity VPN Cisco VPN Concentrators Perimeter Security Intrusion Protection Firewalls Intrusion Detection... 2003, Cisco Systems, Inc All rights reserved VPN Roadshow SMB Security Market Solution(s) should be designed for independent organizations; not small branches of large enterprises •Typical SMB will have < 6 -10 locations to connect •About 10 -15 % of its workforce will telecommute several times/month •About 85% of its workforce will telework extended hours •Post 9 /11 have become more concerned about business... All rights reserved VPN Roadshow Integrating Security Services into existing Infrastructure Appliance Capabilities Cisco Infrastructure Cisco Catalyst 6500 Highest Performance Market Leading Integrated Security VPN3 000 & IOS VPN © 2003, Cisco Systems, Inc All rights reserved PIX Firewall Cisco IDS VPN Roadshow Integrating Security Services into IOS Routers • Managed Voice and Data VPNs • Video Conferencing... for Windows NT * AAA for VPNs, Access, Wireless, VOIP, and Switched LANs * TACACS+ and RADIUS * LDAP user authentication * Support for one-time tokens and PKI digital certs * Wide range of backend support NT DB, Active Directory, SQL, MCIS,& ODBC VPN Roadshow Management Portfolio SMB Enterprise Remote Access VPN Site-to-Site VPN Firewall IDS Remote Access VPN Site-to-Site VPN Firewall IDS Embedded . rights reserved. VPN Roadshow Business Continuity: How Much Down-Time Can You Afford? $1, 107,274 $1, 107,274 Retail Retail $1, 202,444 $1, 202,444 Insurance Insurance $1, 344,4 61 $1, 344,4 61 Information. Failure Failure $200,000 $200,000 $32,000 $32,000 84 84 12 12 79 79 Website Intrusion Website Intrusion ( ( eg eg Hacking) Hacking) $3,000,000 $3,000,000 $10 4,000 $10 4,000 19 19 16 16 10 2 10 2 Loss of s/w Loss of s/w $200,000 $200,000 $16 ,000 $16 ,000 12 12 29% 29% 18 3 18 3 Email. Meta Group 11 /2000 © 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow There’s No Longer a Question of Need The Question Is How To Secure $10 0,000 $10 0,000 $14 ,000 $14 ,000 14 14 4 4 23 23 Tampering