思科网络准入控制管理.ppt
《思科网络准入控制管理.ppt》由会员分享,可在线阅读,更多相关《思科网络准入控制管理.ppt(44页珍藏版)》请在咨信网上搜索。
1、 2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID1思科网络准入控制管理思科网络准入控制管理 Network Access Control(NAC)2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID2安全趋势与网络准入控制思科网络准入控制管理简介思科网络准入控制功能介绍思科网络准入控制部署和应用议程议程 2006 Cisco Systems,Inc.All rights reserved.C
2、isco ConfidentialPresentation_ID3全球电子犯罪率上升迅速!全球电子犯罪率上升迅速!Malicious Software Strains exploded from 30K/40K per month to 170,000 from February to March 2008Phishing e-mails doubled 400,000 a day in August to nearly 800,000 a day in November)Ads for stolen identity information doubled or tripled in pri
3、ce in Fall 2008(stolen identity that once cost$5,for instance,now sells for$15).Over 100 million credit/debit card transactions compromised due to malware at a large US Payment Processor possibly the largest data breach to date (WashingtonP-Jan 20,2009)Theres been a marked increase in the number of
4、attacks and the number of successful fraud attemptsThis is the busiest practice has ever been.”Gartner 2008“In periods of recession or slow growth,companies are going to turn their attentions to customer retention rather than customer acquisitionThe last thing you need in that environment is a data
5、breach and the associated brand damage.“Forrester 2008 2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID4企业重要数据泄漏统计企业重要数据泄漏统计Unauthorized application use:70%of IT say the use of unauthorized programs result in as many as half of data loss incidents.Misuse of corporate comp
6、uters:44%of employees share work devices with others without supervision.Unauthorized access:39%of IT said they have dealt with an employee accessing unauthorized parts of a companys network or facility.Remote worker security:46%of employees to transfer files between work and personal computers.Misu
7、se of passwords:18%of employees share passwords with co-workers.That rate jumps to 25 percent in China,India,and Italy.2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID5终端应用安全现状终端应用安全现状Windows,Linux笔记本电脑、台式机或笔记本电脑、台式机或PDA打印机或其他公司资产打印机或其他公司资产系统环境复杂公司公司员工员工合同商合同商访客访客未知人员未知人员
8、人员复杂VPN局域网局域网WLAN广域网广域网网络环境复杂防病毒,防间谍软件防病毒,防间谍软件个人防火墙个人防火墙修补工具修补工具安全工具实施难度大终端遭受严重安全威胁,各种恶意代码攻击,如病毒、终端遭受严重安全威胁,各种恶意代码攻击,如病毒、蠕虫、木马及混合安全威胁,非法访问,黑客攻击蠕虫、木马及混合安全威胁,非法访问,黑客攻击如何防范?如何防范?2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID6网络准入控制NAC用户受益用户受益威胁控制减少终端感染减轻IT查毒负担增强网络复原力细粒度访问
9、控制减少安全事故防敏感数据泄漏行业规范遵从提高安全性满足安全审计需要提高运维效率便捷的访客网络 设备自动识别和监控网络准入控制的好处网络准入控制的好处 2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID7Source:Infonetics Research,May 2008网络准入控制实例统计网络准入控制实例统计0%20%40%60%80%100%Limit the impact of security problems,stop threats from propagatingProtect
10、 against loss of sensitive/personal informationIncrease overall corporatesecurity postureControl network access basedon user identity and roleReduce risk of allowing alldevices to connect to my networkDemonstrate compliance to security/access policiesProtect against lossof intellectual propertyDrive
11、rs83%76%76%74%73%70%61%2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID8安全趋势与网络准入控制思科网络准入控制管理简介思科网络准入控制功能介绍思科网络准入控制部署和应用议程议程 2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID9思科网络准入控制思科网络准入控制NAC领先、创新!领先、创新!4000+customers41%market share11 Infonet
12、ics,June 20082 Frost&Sullivan April 2008,Gartner March 2008,IDC Dec 2007,Infonetics June 20083 April 2008 http:/ MayGold Award:Information Security Readers Choice Awards3#1 NAC Vendorleading analysts2Pioneered NAC launched in 2004 2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresenta
13、tion_ID10业务策略治理业务策略治理Governance200320092004:$92m2006:$207m安全访客登录安全访客登录Secure Guest用户身份识别用户身份识别User Identity设备特征识别设备特征识别Device ProfilingWhoareyou?Whatson yourdevice?What otherdevices areconnected?Who else isconnecting?What are theconditionsof access?2005:$131m2007:$354mMarket Size(source:IDC,June 200
14、7)Value-Add安全状态评估安全状态评估Posture AssessmentFirst to the marketComprehensive solutionFlexible deployment choices and options思科网络准入控制思科网络准入控制NAC领先、不断创新!领先、不断创新!2008:$570m 2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID11思科思科NAC功能一览功能一览基于角色的访问控制基于角色的访问控制 强制终端安全策略遵从强制终端安全策略遵从检
15、测用户权限和终端健康状况提供员工/访客网络访问Cisco NAC完善的企业终端网络准入控制!识别非PC终端,实时监控终端修复 2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID12思科思科NAC组件组件NAC ManagerCentralized management,configuration,reporting,and policy storePosture,services and enforcementNAC ServerNAC ProfilerNAC Guest ServerProf
16、iles unmanageddevicesFull-featured guest provisioning server 802.1x SupplicantCSSC or Vista embedded supplicantNAC Agent No-cost client:Persistent,dissolvable,or webACS ServerAccess policy system for 802.1x terminationEndpointComponents(Optional)NAC Profiler,Guest Server and ACS(Optional)NAC Manager
17、 and Server(Required)2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID13思科思科NAC可部署于各种场景可部署于各种场景Endpoint ComplianceNetwork access only for compliant devicesGuest ComplianceRestricted internet access only for guest usersWireless ComplianceSecured network access only for comp
18、liant wireless devicesVPN User ComplianceIntranet access only for compliant remote access usersGovernance ComplianceEnsure user compliance to governance and risk user acceptable policies802.1QWireless Building 2Conference Roomin Building 3Internet IPSec Campus Building 1 2006 Cisco Systems,Inc.All r
19、ights reserved.Cisco ConfidentialPresentation_ID14思科思科NAC部署规模选择部署规模选择3500 users eachSuperManagermanages up to 40Enterprise andBranch Servers Enterprise andBranch Servers 1500 users eachStandardManagermanages up to 20Branch Officeor SMB Servers100 users 250 users 500 usersManagerLitemanages up to 3Us
20、ers=online,concurrent2500 users each50/100 Users(ISR NM)2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID15安全趋势与网络准入控制思科网络准入控制管理简介思科网络准入控制功能介绍思科网络准入控制部署和应用议程议程 2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID16Cisco NAC四项基本功能四项基本功能Using the netw
21、ork to enforce policies ensures that incoming devices are compliant.扫描与评估Agent scan for required versions of hotfixes,AV,etcNetwork scan for virus and worm infections and port vulnerabilities认证与授权Enforces authorization policies and privilegesSupports multiple user roles更新与修复Network-based tools for v
22、ulnerability and threat remediationHelp-desk integration隔离与实施Isolate non-compliant devices from rest of network MAC and IP-based quarantine effective at a per-user level 2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID17目标目标内部网内部网/网络网络思科思科NAC用户流程概述用户流程概述2.用户被重导向到登录页面用户被重导
23、向到登录页面Clean Access验证用户名和密码,验证用户名和密码,并执行设备和网络扫描。以评估并执行设备和网络扫描。以评估设备上的安全漏洞设备上的安全漏洞设备不符合安全策略或登录信息不设备不符合安全策略或登录信息不正确正确拒绝用户接入,向其分配一个隔离角色,拒绝用户接入,向其分配一个隔离角色,使其访问在线修复资源使其访问在线修复资源3a.隔离隔离3b.设备已设备已“清洁清洁”机器进入机器进入“认证设备列表认证设备列表”,获得接入网络的许可,获得接入网络的许可Clean AccessServerClean Access Manager1.最终用户尝试访问某一网页或使用一个最终用户尝试访问某
24、一网页或使用一个可选客户端可选客户端在有线或无线最终用户提供登录信息之前,禁在有线或无线最终用户提供登录信息之前,禁止其接入网络止其接入网络验证验证服务器服务器 2006 Cisco Systems,Inc.All rights reserved.Cisco ConfidentialPresentation_ID18终端体验终端体验4.LoginScreenScan is performed(types of checks depend on user role)Scan failsRemediate 2006 Cisco Systems,Inc.All rights reserved.Cis
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 思科 网络 准入 控制 管理
1、咨信平台为文档C2C交易模式,即用户上传的文档直接被用户下载,收益归上传人(含作者)所有;本站仅是提供信息存储空间和展示预览,仅对用户上传内容的表现方式做保护处理,对上载内容不做任何修改或编辑。所展示的作品文档包括内容和图片全部来源于网络用户和作者上传投稿,我们不确定上传用户享有完全著作权,根据《信息网络传播权保护条例》,如果侵犯了您的版权、权益或隐私,请联系我们,核实后会尽快下架及时删除,并可随时和客服了解处理情况,尊重保护知识产权我们共同努力。
2、文档的总页数、文档格式和文档大小以系统显示为准(内容中显示的页数不一定正确),网站客服只以系统显示的页数、文件格式、文档大小作为仲裁依据,平台无法对文档的真实性、完整性、权威性、准确性、专业性及其观点立场做任何保证或承诺,下载前须认真查看,确认无误后再购买,务必慎重购买;若有违法违纪将进行移交司法处理,若涉侵权平台将进行基本处罚并下架。
3、本站所有内容均由用户上传,付费前请自行鉴别,如您付费,意味着您已接受本站规则且自行承担风险,本站不进行额外附加服务,虚拟产品一经售出概不退款(未进行购买下载可退充值款),文档一经付费(服务费)、不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
4、如你看到网页展示的文档有www.zixin.com.cn水印,是因预览和防盗链等技术需要对页面进行转换压缩成图而已,我们并不对上传的文档进行任何编辑或修改,文档下载后都不会有水印标识(原文档上传前个别存留的除外),下载后原文更清晰;试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓;PPT和DOC文档可被视为“模板”,允许上传人保留章节、目录结构的情况下删减部份的内容;PDF文档不管是原文档转换或图片扫描而得,本站不作要求视为允许,下载前自行私信或留言给上传者【1587****927】。
5、本文档所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用;网站提供的党政主题相关内容(国旗、国徽、党徽--等)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。
6、文档遇到问题,请及时私信或留言给本站上传会员【1587****927】,需本站解决可联系【 微信客服】、【 QQ客服】,若有其他问题请点击或扫码反馈【 服务填表】;文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“【 版权申诉】”(推荐),意见反馈和侵权处理邮箱:1219186828@qq.com;也可以拔打客服电话:4008-655-100;投诉/维权电话:4009-655-100。