renu upadhyay, marketing manger, cisco dan larkin ... · mobile security assessment unified user...
TRANSCRIPT
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1
Renu Upadhyay, Marketing Manger, Cisco
Dan Larkin, Director, Strategic Operations, NCFTA
Matt Schmitz, Senior Product Manager, Cisco
Saurabh Bhasin, Senior Product Line Manager, Cisco
May 4, 2011
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
1
2
3
Mobile Security Assessment
Unified User and Access Management for Any Network
Unified Policy management for Any Device
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
• Enterprise
provided mobile
devices
• Work is a place
you go to—limited
off-campus
access
• IT visibility and
control into user
deices and
applications
• Anywhere,
anytime, any
device usage
• Work is a
function—globally
dispersed, mixed
device ownership
• Change in IT
control and
management
paradigm
Executive
Employee
IT
Old School New School
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
IT Resources Stay the Same
Late 90s Early 90s Today
Effectively Support Users
with Box Management
Fixed User
• Wired access
• One user, one device
Mobile User
• Wireless access
• One user, local devices
Borderless User
• Anytime, anywhere access
• One user, many devices
Access Evolution
Need for Policy and
Control
Need for Operational
Efficiency
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Some Questions to Consider
Do I have the WLAN capacity and reliability to support increase in mobile devices?
How do I enforce security policies on noncompliant devices?
How do I grant different levels of access to protect my network?
How do I ensure data loss prevention on devices where I don’t have visibility?
How should I address the employee (tech savvy) who trade up to new devices? New policy?
How do I protect my intellectual property/personal information?
How do I monitor and troubleshoot user and client connectivity issues on my access (wired/wireless) network?
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
National Cyber Forensics
And Training Alliance www.ncfta.net
Executive Webinar May 4, 2011
It’s all about the “People” as…
Assets…. Or… Liabilities!
Regardless of how you define the Threat…..
Fundamentals always in play….
The need for speed
Novelty – new technology – gadgets
The world is flat – outsourcing –
supply chain – subcontracting
Mergers/acquisitions –
Taking on new threats
Knowing your new customer
Who has the best Intel (regarding
threats) & how do we leverage that?
“I’ve seen the enemy – and it is us”
Malware Delivery Methods – Social Engineering
Targeting High Value customers/Social Networks Bad guys are walking through the front door.. Laptops Thumb drives I-Pads
Emerging Global Cyber Threats
Mobile Banking & Mobile apps overlap Who gets to play – who has to pay? Expanding services = expanding opportunity for exploits
Similar pattern/opportunity for I-Pads (and similar products)
Real world examples, and what we can expect next
Partnerships
PARTNERSHIPS—GLOBAL & GROWING
Support from International Law Enforcement
and Industry in 34 nations…
TDY..and in-country model
Australia
Canada
U.K.
Germany
Romania
Italy
India
Turkey
Gaps/Obstacles
• Lack of ―Trusted‖ Two-Way information
sharing relationships with SME’s
• Compelled information sharing vs
Voluntary - triggers legal issues,
• Lack of Neutral setting to analyze/triage
open source or Industry owned
intelligence (Meet in the middle space)
Historical
We all need “a better environment”
PRO-ACTIVE EFFORTS
• Criminal On-Line FORUMS
– Carding-Credentials
– Tools/Techniques
• UCO Deep Penetration
– UCO’s
• Past & Ongoing
– Subject Attribution - engagement
– Forecasting the Future
International Carding Alliance
(ICA) Data Base
NCFTA/CIRFU/USPIS
Telco Threat Areas
VoIP/Cable Mobile
Smartphone applications •Mobile finance •Infection (malware, spyware, trojans)
SMS •SMiShing
Technology •Check imaging deposit •Near field communication •Scan and pay •Bluetooth
Vishing •Call centers and customers
Known Router hacking lines Video Conferencing lines Traffic pumping PBX Hacking Cable Modem Cloning
Automated Calling Services Number Testing
SIM cards TDoS attacks
Spoofing
Overlap
CyFin Trends: January 2011-Present
• Relay Services Exploit
• Conference Bridge Compromises
• Number Testing for PBX hacking
• Automated Calling utilizing caller ID
spoofing
Underground Forums Trends
Popular Topics •Educational tutorials on PBX hacking/War Dialing •Smartphone malware coders •Discussion of Near Field Communication
….Say you hear a lot of Audix mailbox recordings, then you are dealing with an Avaya PBX (which is a very popular VoIP PBX)….
Vulnerabilities exposed- I-Pads-Tablets…
Criminal Forums focus on I-Pad/Tablets
TheHammer
I HAVE Iphones/Ipad SERIALS need methods!!!! I have Iphone 3g/4g serials
and Ipad as well. They are working i test them but i need the person who
knows how to do the methods. I will pay him for the work and i have drops. If
anyone knows it or know how to do it im ready and i dont like to waiste my time
only if you are seriouse. Reply.
Other Forum chatter- Exploits….
“Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary
code execution”
“Viewing a maliciously crafted Microsoft Office file
may lead to an unexpected application termination
or arbitrary code execution… memory corruption
issue existed in QuickLook's handling of Microsoft
Office as well.”
Cert weakness: “An attacker with a privileged
network position may intercept user credentials or
other sensitive information”….”man-in-the-middle”
Mobile Malware: March 2011
• Type: Trojan
• Description:
• Collects International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI), Downloads ProviderManager.apk" for collection of additional device information
Android.RootCager
• Type: Spyware
• Description:
• Monitors calls and text messages, receives commands via text message, collective information from device, can block and unblock numbers
BBOS_Zitmo.B
• Type: Trojan
• Description:
• Constructs botnet, installs applications, visits websites, sends text messages, blocks incoming text messages
Android.Pjapps
• Type: Trojan
• Description:
• Roots infected device
• Collects information exchanged over device
• Downloads applications
AndroidOS_LOTOOR.A
• Type: Program
• Description:
• Contained within 50+ applications, Collects International Mobile Equipment Identity (IMEI), vehicle for download of malicious applications
DroidDream
Smartphone Applications: Who is involved?
Hardware
Phone Carrier
Customer Software
Developer
Financial Institution
Technical vulnerabilities
Service Billing Other areas affected by mobile finance?
Consumer education Accepted risk
Contracted by financial institutions Maintain apps or sell product?
Mobile banking same legal responsibility as online banking Monitor transactions?
Mobile Finance – vs – tablets..
Mobile Banking
Applications Browser Use SMS Texting
Customer does mobile banking
utilizing application
Bank receives activity from application software
Transaction Completed
Who is monitoring? Who are stakeholders within the Digital Tablet world?– beyond Mfg
NCFTA - CIRFU
Space DPN
DB
SPAM
DB
Other
DB
IDS Co’s
ie Symantec
DB’s
L.E
DBs
ISP’s
DB’s
Financial Srvs
Partners
DB’s
Software Co
DB’s via
BSA
Other Fusion
Centers
Intel
Merchants
via MRC
DB’s
FBI Secure
Space
US CERT
DHS US Postal &
Internat’l– L.E
Telecom & Mobile Exploits continue...
Social Networking Sites – Tied to tablets.
Education, Education, Education…(where are the
best early warning signs? Who owns them?)
Policy/Procedures vs. Taking away choices
Getting ahead of regulations (they will come)
Re-defining your team—to fight the good fight….
Questions? Dan Larkin [email protected]
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
How do I identify a device - corporate or person that is on my network but has already been botted?
How do I prevent end users from going to inappropriate sites?
How do I protect end users from going to legitimate websites that have already been compromised?
How do I know if an end user is logged on locally and remotely at the same time?
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Internet
―Printers should only ever communicate internally.‖
―Employees should be able to access everything but have no access on personal devices.‖
Cisco Wireless LAN Controller
Cisco Access Point
Policy Services
Cisco Switch
Campus
Network
―Guest and partners are only allowed bandwidth constrained Internet access via wireless.‖
Internal Resources
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Use
r
Lo
ca
tio
n
Tim
e
De
vic
e
Att
rib
ute
X
IT Is Struggling With:
• Classifying managed vs..
unmanaged endpoints
• ID devices that cannot authenticate
• User host association
But There Barriers:
• Certificates
• Endpoint certainty
• No automated way to discover
new endpoints
PC and Non-PC Devices
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Limited Resources
―Employees can access everything from either corporate or personal devices.
But non-employees are blocked.‖
―Employees are required to use corporate devices. Personal devices are not allowed
and there is no guest access.‖
―Employees can access everything from corporate devices. Employees
on personal devices and partners have restricted access.‖
Campus
Network
Internet
Policy Services
Internal Resources
Really
Important!
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
• Basic capability (e.g. HTTP)
• No user logic
• Authentication/Authorization integration
• Siloed (wireless only)
Infrastructure
• Devoid of authentication/authorization
• Care and feeding
Homegrown
X
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 Cisco Confidential 40
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
• Consistent policy
• Management integration
• Easier deployment
• Troubleshooting
• Monitoring
• Reporting
Wired Wireless VPN
Employees Devices Guests
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Identity Services Engine *Available over multiple releases
Existing Investments Protected
• Current hardware is software upgradeable (1121/3315/3355/3395)
• Migration program for older hardware
• License migration program for all software licenses
• Data and configurations migration tools available*
ACS NAC Guest NAC Profiler NAC Manager NAC Server
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Purpose-Built, Complete, and Reliable Profiling
• Cisco ISE uses SNMP, NetFlow, DNS, RADIUS, HTTP, and
DHCP to increase accuracy, reduce spoofability
• Works across wired and wireless
• Completely integrated with RADIUS/AAA
• Includes additional services (posture, guest/portal, etc.)
Scalable Policy Enforcement
• Switch, WLAN controller, and VPN as an enforcement point
• Flexible control (VLAN, dACL/ACL, QoS, SGA, etc.) based
on any contextual attributes (user, device, group, location,
time, etc.)
Unified Management
• ISE detailed reports and troubleshooting tools (user,
device, session, etc.) can be accessed from within NCS 1.0
providing a single pane of glass into user, device, and
network across wired and wireless infrastructure U
ser
Location
Tim
e
Devi
ce
Attribute
X
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44 Cisco Confidential 44
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Simplify Deployment and Admin
ISE
Tracks Active Users and Devices Optimize Where Services Run
Link in Policy Information Points Keep Existing Logical Design Consolidate Data, Three-Click Drill-In
SGT Public Private
Staff
Guest
Permit
Deny
Permit
Permit
Distributed PDPs
All-in-One HA Pair Admin Console
M&T User ID
Device (and IP/MAC)
Access Rights
Location
ACS
NAC Profiler
NAC Guest
NAC Server
NAC Manager
Consolidated Services,
Software Packages Session Directory Flexible Service Deployment
Policy Extensibility Manage Security
Group Access
Systemwide Monitoring and
Troubleshooting
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 Cisco Confidential 46
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Nu
mb
er
of C
usto
me
rs
Major Issues Contributing to Wireless Network Problems
400
350
300
250
200
150
100
50
0 Client Devices
(Drivers, Connections,
Authentication, or Other Issues)
RF Interference from Wi-Fi and/or Non-
Wi-Fi Sources
Unexpected Demand for
Increase Coverage of
Capacity
Faulty Wireless Network Design
Implementation
Old or Outdated Wireless
Technology
Insufficient IT Administrator
Expertise
Other
A Recent Survey Shows That
Respondents View Client Devices
as the TOP Contributor to Wireless
Network Performance Problems
Contributors to Wireless Network Problems
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Users Policy Operations
Wireless | Wired | Security Policy | Network Services
Improved Network Visibility | Faster Troubleshooting | Eliminate Configuration Errors
Converged Access Management for Wired and Wireless Networks
Unified Management
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
• Flexible platform: Accommodates new and experienced IT administrators
• Simple, intuitive user interface: Eliminates complexity
• User-defined customization: Display the most relevant information
High-Level View of Key Metrics with Contextual Drill-Down to Detailed Data
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
• Correlated and focused wired/wireless client visibility
Client health metrics
Client posture and profile
Client troubleshooting
Client reporting
Unknown device ID input
• Clear view of the end user landscape
Who is connecting
Using which device
Are they authorized
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
• Wired and wireless discovery and inventory
Add/detect infrastructure devices such as switches, WLAN controllers, and access points
• Comprehensive access infrastructure reporting
View the access infrastructure as a whole or as discrete technologies
• Stolen asset notification
Track when devices presumed stolen come back online
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
• Shows where security and policy problems exist
Retrieves information directly from clients: Wired, wireless; authenticated, unauthenticated
• Reduces the time to troubleshoot security and policy problems
Client posture status and client profiled views
• Drill deeper into security and policy issue details
Direct linkage from Cisco NCS to Cisco ISE with contextual filtering
Enhance Infrastructure
Security
Enforce Compliance
Streamline Service
Operations
Converged Security and
Policy Monitoring and Troubleshooting
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
Full Range of Lifecycle Capabilities
Plan
Deploy Optimize
Monitor and
Troubleshoot Remediate
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54 Cisco Confidential 54
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
Converged Access Management for Borderless Networks
• Single viewpoint for
wired, wireless,
security, and policy
management
• Unprecedented
visibility and control
• Direct access to Cisco
support and services
• Empower first-tier to
address issues without
escalation
• Resolve problems
faster with logical
workflows
• Improve resource
productivity, lower TCO
• Provide reliable access
to network services
• Visibility at the access
layer as networks
become borderless
• Address problems
where most issues
occur: the endpoint
Single Unified View Improve IT Productivity Enable the Workforce
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
Enabling Mobility—Securely, Seamlessly and Reliably
Architecture for Agile Delivery of the Borderless Experience
BORDERLESS INFRASTRUCTURE
Application Networking/ Optimization
Switching Security Routing Wireless
BORDERLESS
NETWORK
SYSTEMS
BORDERLESS
NETWORK
SERVICES
BORDERLESS
END-POINT/
USER SERVICES Securely, Reliably, Seamlessly:AnyConnect
Mobility: Motion
App Performance: App Velocity
Energy Management: EnergyWise
Multimedia Optimization:
Medianet
Security: TrustSec
Core Fabric
Extended Cloud
Extended Edge
Unified Access
POLICY
MANAGEMENT
SMART PROFESSIONAL AND TECHNICAL SERVICES: Realize the Value of Borderless Networks Faster
APIs
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
• March 22nd CIN Webinar: iPad. Galaxy. Cius. Best Practices to Support the influx of Mobile Devices
• Dec 2nd CIN Webinar: Preparing the WLAN for mobile devices/tablets.
• Technical White Paper: Optimize the Cisco Unified Wireless Network to Support Wi-Fi Enabled Phones and Tablets
• White Paper: The Future of Network Security: Cisco SecureX Architecture
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
The mobile security landscape is evolving
Enabling mobility requires a comprehensive, consistent approach to
user/ device access and network management
Meet User Demand for Mobility
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
Thank you. Thank you.