Beruflich Dokumente
Kultur Dokumente
• Explain how Cisco NAC authenticates and enforces the network security policy.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Post malware attack Host-Based Protection:
questions:
• Antivirus/Antimalware
• Where did it come from?
• SPAM Filtering
• What was the threat method
• URL Filtering
and point of entry?
• Blacklisting
• What systems were affected?
• Data Loss Prevention (DLP)
• What did the threat do?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Talos teams gather real-time threat intelligence from a variety of
sources:
• 1.6 million deployed security devices, including firewall, IPS, web, and
email appliances
• 150 million endpoints
They then analyze this data:
• 100 TB of security intelligence daily
• 13 billion web requests per day
• 35% of the world’s enterprise email traffic
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
• AMP for Endpoints - AMP for Endpoints integrates with Cisco AMP for
Networks to deliver comprehensive protection across extended networks and
endpoints.
• AMP for Networks - Provides a network-based solution and is integrated
into dedicated Cisco ASA Firewall and Cisco FirePOWER network security
appliances.
• AMP for Content Security – This is an integrated feature in Cisco Cloud
Web Security or Cisco Web and Email Security Appliances to protect against
email and web-based advanced malware attacks.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Features and benefits of Cisco Email Security solutions:
• Global threat intelligence
• Spam blocking
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Client Initiates Web Request
WSA Forwards
Request
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Three ways to grant sponsor permissions:
• to only those accounts created by the sponsor
• to all accounts
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Upon completion of the section, you should be able to:
• Describe Layer 2 vulnerabilities.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Intruder Runs Attack Tool
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Switch Floods All Traffic
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Enabling Port Security
Verifying Port
Security
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Setting the Maximum Number of Mac Addresses
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Security Violation Modes:
• Protect
• Restrict
• Shutdown
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Step 1 – Double Tagging Attack
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Attacker Initiates a Starvation Attack
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Client Requests all Offers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
The switch will deny packets
containing specific information:
• Unauthorized DHCP server
messages from an untrusted port
• Unauthorized DHCP client
messages not adhering to the
snooping binding table or rate
limits
• DHCP relay-agent packets that
include option-82 information on
an untrusted port
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
DHCP Snooping Reference Topology
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Verifying DHCP Snooping
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Dynamic ARP
Inspection:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
ARP Reference Topology
Configuring Dynamic
ARP Inspection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Checking Source, Destination, and IP
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
For each untrusted port, there are two possible levels of IP traffic security filtering:
• Source IP address filter
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
IP Source Guard Reference Topology
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Spoofing the Root Bridge
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Chapter Objectives:
• Explain endpoint security.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 84