iPads on your network? Take Control with Unified Policy and Management

1. RenuUpadhyay, Marketing Manger, CiscoDan Larkin, Director, Strategic Operations, NCFTAMatt Schmitz, Senior Product Manager, CiscoSaurabhBhasin, Senior Product Line Manager, CiscoMay 4, 2011iPads on Your Network?Establish Visibility and Management Control

2. Mobile Security AssessmentAgenda123Unified Policy management for Any DeviceUnified User and Access Management for Any Network

3. Users Have New ExpectationsThe Evolving Workplace LandscapeOld SchoolNew SchoolEnterprise provided mobile devices

4. Work is a place you go to—limited off-campus access

5. IT visibility and control into user deices and applications

6. Anywhere, anytime, any device usage

7. Work is a function—globally dispersed, mixed device ownership

8. Change in IT control and management paradigmExecutiveEmployeeIT

9. The User to Device Ratio Has ChangedIT Resources Stay the SameFixed UserWired access

10. One user, one deviceMobile UserWireless access

11. One user, local devicesBorderless UserAnytime, anywhere access

12. One user, many devicesAccess EvolutionEarly 90s Late 90sTodayEffectively Support Users with Box ManagementNeed for Policy and ControlNeed for Operational Efficiency

13. Some Questions to ConsiderEnterprises Are Trying to Embrace Mobility While Addressing SecurityDo I have the WLAN capacity and reliability to support increase in mobile devices?How do I enforce security policies on noncompliant devices?How do I grant different levels of access to protect my network?How do I ensure data loss prevention on devices where I don’t have visibility?How should I address the employee (tech savvy) who trade up to new devices? New policy?How do I protect my intellectual property/personal information?How do I monitor and troubleshoot user and client connectivity issues on my access (wired/wireless) network?

14. Dan LarkinDirector, Strategic OperationsNational Cyber Forensics Training Alliance

15. Executive WebinarMay 4, 2011I-Pad’s & similar productsComing to a network- near you…

16. Regardless of how you define the Threat…..It’s all about the “People”as…Assets…. Or…Liabilities!

17. Fundamentals always in play…. The need for speed

18. Novelty – new technology – gadgets

19. The world is flat – outsourcing – supply chain – subcontracting

20. Mergers/acquisitions –

21. Taking on new threats

22. Knowing your new customer

23. Who has the best Intel (regarding threats) & how do we leverage that?“I’ve seen the enemy – and it is us”Malware Delivery Methods – Social Engineering

24. Targeting High Value customers/Social Networks

25. Bad guys are walking through the front door..

26. Laptops

27. Thumb drives

28. I-Pads Emerging Global Cyber Threats Mobile Banking & Mobile apps overlap

29. Who gets to play – who has to pay?

30. Expanding services = expanding opportunity for exploits

31. Similar pattern/opportunity for I-Pads (and similar products)

32. Real world examples, and what we can expect nextPartnerships

33. Partnerships—Global & GrowingSupport from International Law Enforcement and Industry in 34 nations…TDY..and in-country modelAustraliaCanadaU.K.GermanyRomaniaItalyIndiaTurkey

34. HistoricalGaps/ObstaclesLack of “Trusted” Two-Way information sharing relationships with SME’sCompelled information sharing vs Voluntary - triggers legal issues,Lack of Neutral setting to analyze/triage open source or Industry owned intelligence (Meet in the middle space)

35. We all need “a better environment”

36. PRO-ACTIVE EFFORTSCriminal On-Line FORUMSCarding-CredentialsTools/TechniquesUCO Deep Penetration UCO’s Past & Ongoing Subject Attribution - engagementForecasting the Future

37. International Carding Alliance (ICA) Data Base NCFTA/CIRFU/USPIS

38. Telco Threat AreasMobileSmartphone applicationsMobile finance

39. Infection (malware, spyware, trojans)SMS SMiShingTechnologyCheck imaging deposit

40. Near field communication

41. Scan and pay

42. BluetoothVoIP/CableVishingCall centers and customersKnown Router hacking linesVideo Conferencing linesTraffic pumpingPBX HackingCable Modem CloningOverlapAutomated Calling ServicesNumber TestingSIM cardsTDoS attacksSpoofing

43. CyFin Trends: January 2011-PresentRelay Services Exploit

44. Conference Bridge Compromises

45. Number Testing for PBX hacking

46. Automated Calling utilizing caller ID spoofingOverlap to tablets?

47. Underground Forums TrendsPopular TopicsEducational tutorials on PBX hacking/War Dialing

48. Smartphone malware coders

49. Discussion of Near Field Communication….Say you hear a lot of Audix mailbox recordings, then you are dealing with an Avaya PBX (which is a very popular VoIP PBX)….

50. Vulnerabilities exposed- I-Pads-Tablets…

51. Criminal Forums focus on I-Pad/TabletsTheHammer I HAVE Iphones/Ipad SERIALS need methods!!!! I have Iphone 3g/4g serials and Ipad as well. They are working i test them but i need the person who knows how to do the methods. I will pay him for the work and i have drops. If anyone knows it or know how to do it im ready and i dont like to waiste my time only if you are seriouse. Reply.

52. Other Forum chatter- Exploits….“Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution”“Viewing a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution… memory corruption issue existed in QuickLook's handling of Microsoft Office as well.”Cert weakness: “An attacker with a privileged network position may intercept user credentials or other sensitive information”….”man-in-the-middle”

53. Mobile Malware: March 2011

56. Smartphone Applications: Who is involved?Technical vulnerabilities

57. Service

58. Billing

59. Other areas affected by mobile finance?Mobile banking same legal responsibility as online banking

60. Monitor transactions?

61. Consumer education

62. Accepted risk

63. Contracted by financial institutions

64. Maintain apps or sell product? Mobile Finance – vs – tablets..Mobile BankingApplicationsBrowser UseSMS TextingCustomer does mobile banking utilizing applicationBank receives activity from application software Transaction CompletedWho is monitoring? Who are stakeholders within the Digital Tablet world?– beyond Mfg

68. Why to get Plugged inFinancial SrvsPartnersDB’sISP’sDB’sIDS Co’sie SymantecDB’sL.EDBsSoftware Co DB’s viaBSANCFTA - CIRFU SpaceFBI SecureSpaceOther FusionCenters IntelMerchants via MRC DB’sOther DBDPNDBSPAMDBUS CERTDHSUS Postal &Internat’l– L.EReferral to Law Enforcement & Coordination

69. What is next?? Telecom & Mobile Exploits continue...

70. Social Networking Sites – Tied to tablets.

71. Education, Education, Education…(where are the best early warning signs? Who owns them?)

72. Policy/Procedures vs. Taking away choices

73. Getting ahead of regulations (they will come)

74. Re-defining your team—to fight the good fight….

75. Questions? Dan Larkin dlarin@ncfta.netMobility Introduces New Security ChallengesHow do I identify a device - corporate or person that is on my network but has already been botted?How do I prevent end users from going to inappropriate sites?How do I protect end users from going to legitimate websites that have already been compromised?How do I know if an end user is logged on locally and remotely at the same time?

76. Evolving Policies in a Mobile World“Printers should only ever communicate internally.”Internet“Employees should be able to access everything but have no access on personal devices.”Cisco SwitchInternal ResourcesCampus Network“Guest and partners are only allowed bandwidth constrained Internet access via wireless.”Cisco AccessPointCisco WirelessLAN ControllerPolicy Services

77. BYOT: Bring Your Own Technology Access ChallengesIT Is Struggling With:Classifying managed vs.. unmanaged endpointsID devices that cannot authenticateUser  host associationBut There Barriers:CertificatesEndpoint certainty No automated way to discover new endpointsUserLocationTimeDeviceAttribute XPC and Non-PC Devices

78. Typical BYOT Policy Options“Employees can access everything from either corporate or personal devices. But non-employees are blocked.”Internet“Employees are required to use corporate devices. Personal devices are not allowed and there is no guest access.”Internal ResourcesCampus NetworkLimited Resources“Employees can access everything from corporate devices. Employees on personal devices and partners have restricted access.”Really Important!Policy Services

79. Current OptionsInfrastructure HomegrownBasic capability (e.g. HTTP)

80. No user logic

81. Authentication/Authorization integration

82. Siloed (wireless only)

83. Devoid of authentication/authorization

84. Care and feedingX

85. Unified Policy Management for Any Device

86. Introducing Identity Services EnginePart of the TrustSec Network ServiceConsistent policyManagement integrationEasier deploymentTroubleshootingMonitoringReportingWiredWirelessVPNEmployeesDevicesGuests

87. Migration from Existing Policy SolutionsACSNAC GuestNAC ProfilerNAC ManagerNAC ServerCurrent hardware is software upgradeable (1121/3315/3355/3395)

88. Migration program for older hardware

89. License migration program for all software licenses

90. Data and configurations migration tools available*Identity Services Engine*Available over multiple releasesExisting Investments Protected

91. Comprehensive Policy Solution for Any DevicePurpose-Built, Complete, and Reliable ProfilingCisco ISE uses SNMP, NetFlow, DNS, RADIUS, HTTP, and DHCP to increase accuracy, reduce spoofability Works across wired and wirelessCompletely integrated with RADIUS/AAAIncludes additional services (posture, guest/portal, etc.)Scalable Policy EnforcementSwitch, WLAN controller, and VPN as an enforcement pointFlexible control (VLAN, dACL/ACL, QoS, SGA, etc.) based on any contextual attributes (user, device, group, location, time, etc.)Unified ManagementISE detailed reports and troubleshooting tools (user, device, session, etc.) can be accessed from within NCS 1.0 providing a single pane of glass into user, device, and network across wired and wireless infrastructureUserLocationTimeDeviceAttribute X

92. ISE Demo

93. Identity Services Engine Offers a Robust Set of CapabilitiesConsolidated Services, Software PackagesSession DirectoryFlexible Service DeploymentACSAll-in-One HA PairAdmin ConsoleM&TUser IDAccess RightsNAC ManagerNAC ProfilerISENAC ServerDistributed PDPsNAC GuestDevice (and IP/MAC)LocationTracks Active Users and DevicesOptimize Where Services RunSimplify Deployment and AdminPolicy ExtensibilityManage Security Group AccessSystemwide Monitoring and TroubleshootingSGTPublicPrivateStaffPermitPermitGuestDenyPermitKeep Existing Logical DesignConsolidate Data, Three-Click Drill-InLink in Policy Information Points

94. Unified User and Access Management for Any Network

95. Client Devices: Top Contributor to Network Performance Problems Contributors to Wireless Network Problems400350300250Number of Customers200150100500Client Devices (Drivers, Connections, Authentication, or Other Issues) RF Interference from Wi-Fi and/or Non-Wi-Fi SourcesUnexpected Demand for Increase Coverage of CapacityFaulty Wireless Network Design ImplementationOld or Outdated Wireless TechnologyInsufficient IT Administrator ExpertiseOtherMajor Issues Contributing to Wireless Network ProblemsA Recent Survey Shows That Respondents View Client Devices as the TOP Contributor to Wireless Network Performance Problems

96. Introducing Cisco Prime Network Control SystemConverged Access Management for Wired and Wireless NetworksWireless | Wired | Security Policy | Network ServicesUnified ManagementOperationsUsersPolicyImproved Network Visibility | Faster Troubleshooting | Eliminate Configuration Errors

97. Single Integrated User and Access DashboardHigh-Level View of Key Metrics with Contextual Drill-Down to Detailed DataFlexible platform: Accommodates new and experienced IT administratorsSimple, intuitive user interface: Eliminates complexityUser-defined customization: Display the most relevant information

98. Unified User and Endpoint Services Correlated and focused wired/wireless client visibility Client health metricsClient posture and profileClient troubleshooting Client reportingUnknown device ID inputClear view of the end user landscapeWho is connectingUsing which deviceAre they authorized

99. Integrated Access Infrastructure VisibilityWired and wireless discovery and inventoryAdd/detect infrastructure devices such as switches, WLAN controllers, and access points Comprehensive access infrastructure reporting View the access infrastructure as a whole or as discrete technologiesStolen asset notificationTrack when devices presumed stolen come back online

100. Identity Services Engine Integration for True User and Access Management Converged Security and Policy Monitoring and TroubleshootingEnhance Infrastructure SecurityStreamline Service OperationsEnforce ComplianceShows where security and policy problems existRetrieves information directly from clients: Wired, wireless; authenticated, unauthenticatedReduces the time to troubleshoot security and policy problemsClient posture status and client profiled viewsDrill deeper into security and policy issue detailsDirect linkage from Cisco NCS to Cisco ISE with contextual filtering

101. Comprehensive Wireless Lifecycle ManagementFull Range of Lifecycle CapabilitiesPlanDeployOptimizeMonitor and TroubleshootRemediate

102. NCS Demo

103. One Access Network: One SolutionConverged Access Management for Borderless NetworksSingle Unified ViewImprove IT ProductivityEnable the WorkforceSingle viewpoint for wired, wireless, security, and policy management

104. Unprecedented visibility and control

105. Direct access to Cisco support and services

106. Empower first-tier to address issues without escalation

107. Resolve problems faster with logical workflows

108. Improve resource productivity, lower TCO

109. Provide reliable access to network services

110. Visibility at the access layer as networks become borderless

111. Address problems where most issues occur: the endpointDelivered by the Borderless Network ArchitectureEnabling Mobility—Securely, Seamlessly and ReliablyArchitecture for Agile Delivery of the Borderless ExperienceBORDERLESS END-POINT/USER SERVICESSecurely, Reliably, Seamlessly:AnyConnectPOLICYApp Performance: App VelocityEnergy Management: EnergyWiseMultimedia Optimization: MedianetMobility:MotionSecurity:TrustSecBORDERLESS NETWORK SERVICESMANAGEMENTBORDERLESS NETWORK SYSTEMSAPIsCoreFabricExtended CloudExtendedEdgeUnifiedAccessApplication Networking/ OptimizationBORDERLESSINFRASTRUCTURESwitchingSecurityRoutingWirelessSMART PROFESSIONAL AND TECHNICAL SERVICES: Realize the Value of Borderless Networks Faster

112. Key ResourcesMarch 22ndCIN Webinar: iPad. Galaxy. Cius. Best Practices to Support the influx of Mobile DevicesDec 2ndCIN Webinar: Preparing the WLAN for mobile devices/tablets. Technical White Paper: Optimize the Cisco Unified Wireless Network to Support Wi-Fi Enabled Phones and TabletsWhite Paper: The Future of Network Security: Cisco SecureX Architecture

113. Cisco’s Borderless Networks Solutions Prepare Your Enterprise Network for Mobile Devices The mobile security landscape is evolvingEnabling mobility requires a comprehensive, consistent approach to user/ device access and network managementMeet User Demand for Mobility

iPads on your network? Take Control with Unified Policy and Management

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to iPads on your network? Take Control with Unified Policy and Management (20)

More from Cisco Mobility (20)

Recently uploaded (20)

iPads on your network? Take Control with Unified Policy and Management