renu upadhyay, marketing manger, cisco dan larkin ... · mobile security assessment unified user...

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1

Renu Upadhyay, Marketing Manger, Cisco

Dan Larkin, Director, Strategic Operations, NCFTA

Matt Schmitz, Senior Product Manager, Cisco

Saurabh Bhasin, Senior Product Line Manager, Cisco

May 4, 2011

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

1

2

3

Mobile Security Assessment

Unified User and Access Management for Any Network

Unified Policy management for Any Device


• Enterprise

provided mobile

devices

• Work is a place

you go to—limited

off-campus

access

• IT visibility and

control into user

deices and

applications

• Anywhere,

anytime, any

device usage

• Work is a

function—globally

dispersed, mixed

device ownership

• Change in IT

control and

management

paradigm

Executive

Employee

IT

Old School New School


IT Resources Stay the Same

Late 90s Early 90s Today

Effectively Support Users

with Box Management

Fixed User

• Wired access

• One user, one device

Mobile User

• Wireless access

• One user, local devices

Borderless User

• Anytime, anywhere access

• One user, many devices

Access Evolution

Need for Policy and

Control

Need for Operational

Efficiency


Some Questions to Consider

Do I have the WLAN capacity and reliability to support increase in mobile devices?

How do I enforce security policies on noncompliant devices?

How do I grant different levels of access to protect my network?

How do I ensure data loss prevention on devices where I don’t have visibility?

How should I address the employee (tech savvy) who trade up to new devices? New policy?

How do I protect my intellectual property/personal information?

How do I monitor and troubleshoot user and client connectivity issues on my access (wired/wireless) network?

National Cyber Forensics

And Training Alliance www.ncfta.net

Executive Webinar May 4, 2011

It’s all about the “People” as…

Assets…. Or… Liabilities!

Regardless of how you define the Threat…..

Fundamentals always in play….

The need for speed

Novelty – new technology – gadgets

The world is flat – outsourcing –

supply chain – subcontracting

Mergers/acquisitions –

Taking on new threats

Knowing your new customer

Who has the best Intel (regarding

threats) & how do we leverage that?

“I’ve seen the enemy – and it is us”

Malware Delivery Methods – Social Engineering

Targeting High Value customers/Social Networks Bad guys are walking through the front door.. Laptops Thumb drives I-Pads

Emerging Global Cyber Threats

Mobile Banking & Mobile apps overlap Who gets to play – who has to pay? Expanding services = expanding opportunity for exploits

Similar pattern/opportunity for I-Pads (and similar products)

Real world examples, and what we can expect next

Partnerships

PARTNERSHIPS—GLOBAL & GROWING

Support from International Law Enforcement

and Industry in 34 nations…

TDY..and in-country model

Australia

Canada

U.K.

Germany

Romania

Italy

India

Turkey

Gaps/Obstacles

• Lack of ―Trusted‖ Two-Way information

sharing relationships with SME’s

• Compelled information sharing vs

Voluntary - triggers legal issues,

• Lack of Neutral setting to analyze/triage

open source or Industry owned

intelligence (Meet in the middle space)

Historical

We all need “a better environment”

PRO-ACTIVE EFFORTS

• Criminal On-Line FORUMS

– Carding-Credentials

– Tools/Techniques

• UCO Deep Penetration

– UCO’s

• Past & Ongoing

– Subject Attribution - engagement

– Forecasting the Future

International Carding Alliance

(ICA) Data Base

NCFTA/CIRFU/USPIS

Telco Threat Areas

VoIP/Cable Mobile

Smartphone applications •Mobile finance •Infection (malware, spyware, trojans)

SMS •SMiShing

Technology •Check imaging deposit •Near field communication •Scan and pay •Bluetooth

Vishing •Call centers and customers

Known Router hacking lines Video Conferencing lines Traffic pumping PBX Hacking Cable Modem Cloning

Automated Calling Services Number Testing

SIM cards TDoS attacks

Spoofing

Overlap

CyFin Trends: January 2011-Present

• Relay Services Exploit

• Conference Bridge Compromises

• Number Testing for PBX hacking

• Automated Calling utilizing caller ID

spoofing

Underground Forums Trends

Popular Topics •Educational tutorials on PBX hacking/War Dialing •Smartphone malware coders •Discussion of Near Field Communication

….Say you hear a lot of Audix mailbox recordings, then you are dealing with an Avaya PBX (which is a very popular VoIP PBX)….

Vulnerabilities exposed- I-Pads-Tablets…

Criminal Forums focus on I-Pad/Tablets

TheHammer

I HAVE Iphones/Ipad SERIALS need methods!!!! I have Iphone 3g/4g serials

and Ipad as well. They are working i test them but i need the person who

knows how to do the methods. I will pay him for the work and i have drops. If

anyone knows it or know how to do it im ready and i dont like to waiste my time

only if you are seriouse. Reply.

Other Forum chatter- Exploits….

“Visiting a maliciously crafted website may lead to

an unexpected application termination or arbitrary

code execution”

“Viewing a maliciously crafted Microsoft Office file

may lead to an unexpected application termination

or arbitrary code execution… memory corruption

issue existed in QuickLook's handling of Microsoft

Office as well.”

Cert weakness: “An attacker with a privileged

network position may intercept user credentials or

other sensitive information”….”man-in-the-middle”

Mobile Malware: March 2011

• Type: Trojan

• Description:

• Collects International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI), Downloads ProviderManager.apk" for collection of additional device information

Android.RootCager

• Type: Spyware

• Description:

• Monitors calls and text messages, receives commands via text message, collective information from device, can block and unblock numbers

BBOS_Zitmo.B

• Type: Trojan

• Description:

• Constructs botnet, installs applications, visits websites, sends text messages, blocks incoming text messages

Android.Pjapps

• Type: Trojan

• Description:

• Roots infected device

• Collects information exchanged over device

• Downloads applications

AndroidOS_LOTOOR.A

• Type: Program

• Description:

• Contained within 50+ applications, Collects International Mobile Equipment Identity (IMEI), vehicle for download of malicious applications

DroidDream

Smartphone Applications: Who is involved?

Hardware

Phone Carrier

Customer Software

Developer

Financial Institution

Technical vulnerabilities

Service Billing Other areas affected by mobile finance?

Consumer education Accepted risk

Contracted by financial institutions Maintain apps or sell product?

Mobile banking same legal responsibility as online banking Monitor transactions?

Mobile Finance – vs – tablets..

Mobile Banking

Applications Browser Use SMS Texting

Customer does mobile banking

utilizing application

Bank receives activity from application software

Transaction Completed

Who is monitoring? Who are stakeholders within the Digital Tablet world?– beyond Mfg

NCFTA - CIRFU

Space DPN

DB

SPAM

DB

Other

DB

IDS Co’s

ie Symantec

DB’s

L.E

DBs

ISP’s

DB’s

Financial Srvs

Partners

DB’s

Software Co

DB’s via

BSA

Other Fusion

Centers

Intel

Merchants

via MRC

DB’s

FBI Secure

Space

US CERT

DHS US Postal &

Internat’l– L.E

Telecom & Mobile Exploits continue...

Social Networking Sites – Tied to tablets.

Education, Education, Education…(where are the

best early warning signs? Who owns them?)

Policy/Procedures vs. Taking away choices

Getting ahead of regulations (they will come)

Re-defining your team—to fight the good fight….

Questions? Dan Larkin [email protected]


How do I identify a device - corporate or person that is on my network but has already been botted?

How do I prevent end users from going to inappropriate sites?

How do I protect end users from going to legitimate websites that have already been compromised?

How do I know if an end user is logged on locally and remotely at the same time?


Internet

―Printers should only ever communicate internally.‖

―Employees should be able to access everything but have no access on personal devices.‖

Cisco Wireless LAN Controller

Cisco Access Point

Policy Services

Cisco Switch

Campus

Network

―Guest and partners are only allowed bandwidth constrained Internet access via wireless.‖

Internal Resources


Use

r

Lo

ca

tio

n

Tim

e

De

vic

e

Att

rib

ute

X

IT Is Struggling With:

• Classifying managed vs..

unmanaged endpoints

• ID devices that cannot authenticate

• User host association

But There Barriers:

• Certificates

• Endpoint certainty

• No automated way to discover

new endpoints

PC and Non-PC Devices


Limited Resources

―Employees can access everything from either corporate or personal devices.

But non-employees are blocked.‖

―Employees are required to use corporate devices. Personal devices are not allowed

and there is no guest access.‖

―Employees can access everything from corporate devices. Employees

on personal devices and partners have restricted access.‖

Campus

Network

Internet

Policy Services

Internal Resources

Really

Important!


• Basic capability (e.g. HTTP)

• No user logic

• Authentication/Authorization integration

• Siloed (wireless only)

Infrastructure

• Devoid of authentication/authorization

• Care and feeding

Homegrown

X


• Consistent policy

• Management integration

• Easier deployment

• Troubleshooting

• Monitoring

• Reporting

Wired Wireless VPN

Employees Devices Guests


Identity Services Engine *Available over multiple releases

Existing Investments Protected

• Current hardware is software upgradeable (1121/3315/3355/3395)

• Migration program for older hardware

• License migration program for all software licenses

• Data and configurations migration tools available*

ACS NAC Guest NAC Profiler NAC Manager NAC Server


Purpose-Built, Complete, and Reliable Profiling

• Cisco ISE uses SNMP, NetFlow, DNS, RADIUS, HTTP, and

DHCP to increase accuracy, reduce spoofability

• Works across wired and wireless

• Completely integrated with RADIUS/AAA

• Includes additional services (posture, guest/portal, etc.)

Scalable Policy Enforcement

• Switch, WLAN controller, and VPN as an enforcement point

• Flexible control (VLAN, dACL/ACL, QoS, SGA, etc.) based

on any contextual attributes (user, device, group, location,

time, etc.)

Unified Management

• ISE detailed reports and troubleshooting tools (user,

device, session, etc.) can be accessed from within NCS 1.0

providing a single pane of glass into user, device, and

network across wired and wireless infrastructure U

ser

Location

Tim

e

Devi

ce

Attribute

X


Simplify Deployment and Admin

ISE

Tracks Active Users and Devices Optimize Where Services Run

Link in Policy Information Points Keep Existing Logical Design Consolidate Data, Three-Click Drill-In

SGT Public Private

Staff

Guest

Permit

Deny

Permit

Permit

Distributed PDPs

All-in-One HA Pair Admin Console

M&T User ID

Device (and IP/MAC)

Access Rights

Location

ACS

NAC Profiler

NAC Guest

NAC Server

NAC Manager

Consolidated Services,

Software Packages Session Directory Flexible Service Deployment

Policy Extensibility Manage Security

Group Access

Systemwide Monitoring and

Troubleshooting


Nu

mb

er

of C

usto

me

rs

Major Issues Contributing to Wireless Network Problems

400

350

300

250

200

150

100

50

0 Client Devices

(Drivers, Connections,

Authentication, or Other Issues)

RF Interference from Wi-Fi and/or Non-

Wi-Fi Sources

Unexpected Demand for

Increase Coverage of

Capacity

Faulty Wireless Network Design

Implementation

Old or Outdated Wireless

Technology

Insufficient IT Administrator

Expertise

Other

A Recent Survey Shows That

Respondents View Client Devices

as the TOP Contributor to Wireless

Network Performance Problems

Contributors to Wireless Network Problems


• Flexible platform: Accommodates new and experienced IT administrators

• Simple, intuitive user interface: Eliminates complexity

• User-defined customization: Display the most relevant information

High-Level View of Key Metrics with Contextual Drill-Down to Detailed Data


• Correlated and focused wired/wireless client visibility

Client health metrics

Client posture and profile

Client troubleshooting

Client reporting

Unknown device ID input

• Clear view of the end user landscape

Who is connecting

Using which device

Are they authorized


• Wired and wireless discovery and inventory

Add/detect infrastructure devices such as switches, WLAN controllers, and access points

• Comprehensive access infrastructure reporting

View the access infrastructure as a whole or as discrete technologies

• Stolen asset notification

Track when devices presumed stolen come back online


• Shows where security and policy problems exist

Retrieves information directly from clients: Wired, wireless; authenticated, unauthenticated

• Reduces the time to troubleshoot security and policy problems

Client posture status and client profiled views

• Drill deeper into security and policy issue details

Direct linkage from Cisco NCS to Cisco ISE with contextual filtering

Enhance Infrastructure

Security

Enforce Compliance

Streamline Service

Operations

Converged Security and

Policy Monitoring and Troubleshooting


Full Range of Lifecycle Capabilities

Plan

Deploy Optimize

Monitor and

Troubleshoot Remediate


Converged Access Management for Borderless Networks

• Single viewpoint for

wired, wireless,

security, and policy

management

• Unprecedented

visibility and control

• Direct access to Cisco

support and services

• Empower first-tier to

address issues without

escalation

• Resolve problems

faster with logical

workflows

• Improve resource

productivity, lower TCO

• Provide reliable access

to network services

• Visibility at the access

layer as networks

become borderless

• Address problems

where most issues

occur: the endpoint

Single Unified View Improve IT Productivity Enable the Workforce


Enabling Mobility—Securely, Seamlessly and Reliably

Architecture for Agile Delivery of the Borderless Experience

BORDERLESS INFRASTRUCTURE

Application Networking/ Optimization

Switching Security Routing Wireless

BORDERLESS

NETWORK

SYSTEMS

BORDERLESS

NETWORK

SERVICES

BORDERLESS

END-POINT/

USER SERVICES Securely, Reliably, Seamlessly:AnyConnect

Mobility: Motion

App Performance: App Velocity

Energy Management: EnergyWise

Multimedia Optimization:

Medianet

Security: TrustSec

Core Fabric

Extended Cloud

Extended Edge

Unified Access

POLICY

MANAGEMENT

SMART PROFESSIONAL AND TECHNICAL SERVICES: Realize the Value of Borderless Networks Faster

APIs


• March 22nd CIN Webinar: iPad. Galaxy. Cius. Best Practices to Support the influx of Mobile Devices

• Dec 2nd CIN Webinar: Preparing the WLAN for mobile devices/tablets.

• Technical White Paper: Optimize the Cisco Unified Wireless Network to Support Wi-Fi Enabled Phones and Tablets

• White Paper: The Future of Network Security: Cisco SecureX Architecture


The mobile security landscape is evolving

Enabling mobility requires a comprehensive, consistent approach to

user/ device access and network management

Meet User Demand for Mobility


Thank you. Thank you.

renu upadhyay, marketing manger, cisco dan larkin ... · mobile security assessment unified user...

Documents