85320337 networking-case-study

CISCO SELF DEFENDING NETWORK 2012
Homework Help
https://www.homeworkping.com/
Research Paper help
Online Tutoring
click here for freelancing tutoring sites
A
CASE STUDY
ON
“Cisco Self-Defending Network”
Submitted By
Amit S. Pate Roll No.
Ganesh B. Darekar Roll No.
T.Y.I.T.
IN PARTIAL FULL-FILLMENT OF
SEMISTER 6
UNDER THE GUIDENCE OF
Mr.Roshni Patil
DEPT. OF INFORMATION TECHNOLOGY
DEPARTMENT OF I.T 1 S.H.MUTHA, KALYAN

SETH HIRACHAND MUTHA COLLEGE
KALYAN
Under
UNIVERSITY OF MUMBAI
YEAR 2011-2012
CERTIFICATE
This is to certify that
Amit s. pate roll no.
Of S.Y.I.T has submitted report on “Cisco Self-Defending Network”
under my guidance and supervision. The work has done to my
satisfaction in partial fulfilment of T.Y.Bsc.I.T as prescribed by the
University Of Mumbai during the academic year 2011-2012.

EXAMINAR HEAD OF DEPARTMENT
(Information Technology)
INDEX
TOPIC PAGE NO.
1. What is networking 4
2. Introduction 5
3. Overview of CISCO networking-system 6
4. Security solution 7
5. Self defending network 8
6. Component of CSDN 9
7. Security standard 10
8. Future of CSDN 13
9. Conclusion: 13
Bibliography 14

1. What are (Wireless / Computer) Networking?
In the world of computers, networking is the practice of linking two or
more computing devices together for the purpose of sharing data.
Networks are built with a mix of computer hardware and computer
software.
If your business has more than one computer, chances are you could
benefit from networking them. A local area network (LAN) connects
your company's computers, allowing them to share and exchange a
variety of information. While one computer can be useful on its own,
several networked computers can be much more useful.

2. Introduction
Takeaway: The need for security is more important than ever in the
business world. It's tough to decide how much to invest and what
solutions to choose, but you must ensure that your network is reasonably
secure. Here is an attempt made by us to explain the Cisco’s Self-
Defending Network.
If you're a cynical consumer, the Cisco Self-Defending Network (CSDN)
solution probably begs the sarcastic question: "Yeah, right; the network
that can just defend itself?" However, as Cisco typically makes quality
products and solutions, I can't believe that the self-defending network
concept is all bad; actually, it may even be the best solution on the market
today.

3. What is Security?
While taking advantage of the possibility of defining strict rules of
communication inside the network one must achieve a satisfactory level
of security.
This involves a suitable distribution of roles among the systems. In
this case hacking into one of the barriers won't compromise the whole
network; such a hack will be limited to several devices or systems. For
instance, breaking the first firewall will not cause a catastrophe. The
hacker would only have access to the network cards of the web servers
which have been placed outside and that have been protected as well as
possible. In this case the servers' protection may be pushed to the limit
because they only keep the URL's data; therefore the process will be
efficient. In effect, the only threat to the whole system is to be flooded
with unfiltered TCP/UDP/ICMP packets of the published network cards
of the web servers. Of course, despite the existence of the firewall barrier
the attack may be addressed directly at the web servers, with the use of
the newest (or most fashionable) gap in the IIS security locks.
This case is a bit more dangerous but besieging a single server is
no victory for the hacker because all of the server-database connections
run in trusted mode. This means that there is no APS site that could give

the attacker a password or account enabling him to penetrate the system
further. On the other hand, there is a good chance that another server
from the NLB cluster would answer the attacker's query, causing slight
confusion. The attacker can't even dream of going further, to any of the
DMZ servers which only work in the internal network (SQL, DC, etc.).
The correct hardening process of the external systems makes sending
their packets into the network impossible. Please notice how far the
aggressor is from the trusted internal network, the true heart of the
system. Attack attempts from the corporation network are not definitely
successful because a good set of rules does not allow direct
Why look at security solutions in the first place?
Since every business today depends on the Internet and LAN networks
for some business critical function, the need for security is more
important than ever. A company that does not have strong security can
end up on the news as being hacked, their stock can plummet, and they
can be out of business in no time. Once released, viruses and worms can
hit businesses and consumers around the world in a matter of seconds or
minutes.
However, you and your company don't have unlimited funds; you can't
just put in every solution you discover. You have to weigh the level of
investment in security with the level of risk that is perceived by your
business. It's tough to decide how much to invest and what solutions to
choose, but you must ensure that your network is reasonably secure.

A secured network connection of Cisco
4. What is the Self-Defending Network?
The CSDN is a large complex roadmap made up of many Cisco
components. You aren't required to have all the components. CSDN does
its job using all these different components. Examples of these
components are: Cisco NAC (admission control); Cisco Security Agent
(endpoint protection); Cisco MARS (event correlation); Network
Intrusion Detection System (NIDS); authentication servers; Anti-X
systems like ASA and Iron port; network and host-based firewalls; and
antivirus.
The theory of CSDN is that the network has the ability and the
intelligence to protect itself from threats. However, this can only happen
if the components of the network are working together to ensure this level
of security, intelligence, and adaptability.

5. How do the components of the CSDN work
together?
In Figure A, you can see how the components of the CSDN are all over
the network. Every link, piece of hardware, and operating system is
somehow secured by the CSDN. By covering all the bases, CSDN
attempts to thwart security issues wherever they crop up in the network.
In addition, the attempt of the CSDN is to provide end-to-end visibility of
the network's security events and status.
Figure A

Graphic courtesy of Cisco.
Network devices must work together and be integrated in order for the
CSDN to do its job. Therefore, you probably aren't going to have third-
party network components on your network participate in the CSDN.
6. Besides hardware components, what else is
involved in CDSN?
While you can buy all the network hardware components you like,
software and services are also a huge part of CSDN. Just as with anything
else, without the people (services), the hardware isn't going to implement
itself. Once the CSDN is implemented and the servicemen are gone, the
network will still need to be monitored and maintained.

Cisco offers a lot of services revolving around the Self-Defending
Network. Figure B illustrates these offerings:
Figure B
Graphic courtesy of Cisco.
As you can see, Cisco offers services beginning with planning the
network, moving through designing, implementing, and operating the
network. Later, Cisco can come back and optimize the implemented
security systems.
While this all sounds great, I would caution anyone evaluating a security
solution to determine how much time and effort will be required to
implement and maintain that solution. Undoubtedly, the long-term

maintenance of any security system is far greater than the original price
tag.
7. How are credentials fundamental for network
security?
When it comes to the implementation of the CSDN, user and device
credentials are very important. The user and device credentials are used to
identify that device and to authenticate the user.

In Figure C, you can see how the device identification is checked, then
the operating system and application posture, and the user identity, based
on username, password, and security certificate keys.
Figure C
As you can see, user and device credentials are critical to the success of
CSDN.
8. Where are the security standards in CSDN?
There are a number of standards at work in the CSDN roadmap. One of
the most crucial technologies related to the CSDN is Network Admission
Control (NAC). NAC is used to review device security posture before

admission to the network. In many cases, this is done with 802.1X;
however, that is only part of what NAC does and how it works.
The battle between Cisco's NAC and Microsoft's new Network Access
Protection (NAP) is about to heat up. Fortunately for consumers, both
companies have agreed that there will be some compatibilities and
interoperability between these two technologies. In the end, there are
many standards at work in creating this self-defending network.
What is the future of CSDN?
A complex framework, CDSN has a goal for all of their devices to
communicate together, preventing any danger to the network. The theory
is that the devices will collaborate, with one device telling another that it
is in danger. In my mind, the thought of many different hardware and
software network security devices all working together sounds almost too
good to be true.
However, devices still don't easily integrate with other Cisco security
devices, as they aren't easy to implement and are typically expensive.
Even though the CSDN framework has been around for over six years,
there's still a lot of work left to be done before networks can truly be self-
defending
BIBLIOGRAPHY:
1. www.cisco.com/self_defending _network
2. www.google.com

3. www.wikipedia.com
4. Tanenbaum, Computer Networks [144-216].
Homework Help
Math homework help
Research Paper help
Algebra Help
Calculus Help
Accounting help
Paper Help
Writing Help
Online Tutor
Online Tutoring

85320337 networking-case-study

More Related Content

What's hot (20)

Similar to 85320337 networking-case-study (20)

More from homeworkping3 (20)

Recently uploaded (20)

85320337 networking-case-study