Self-Defending Networks: The Next Generation of Network Security

Security is one of the fastest-growing areas in the networking and IT industries today. Security is often the top concern of Chief Information Officers (CIOs) and one of the top technology initiatives of many organizations. However, security projects often do not get the focus needed to be approved and deployed. Perhaps, this reticence can be explained by the complexity of security. Cisco has reduced the cost to deploy and manage security by creating a self-defending network. The self-defending network can enable the network to detect and defend itself against certain attacks. This book provides an overview of the attacks that a self-defending network can protect against, introduces the components of a self-defending network, and details how an organization can manage its self-defending network in a centralized and integrated fashion.

This book provides an overview of the components of a self-defending network, including distributed denial-of-service (DDoS) mitigation, Adaptive Security Appliances (ASA), Cisco Incident Control Service (Cisco ICS), NAC framework, NAC appliances (Cisco Clean Access), IEEE 802.1x, Cisco Security Agent (CSA), and integrated, centralized management.

Management is the glue that enables the components of a self-defending network to integrate and share a common defensive plan to thwart network attacks. The Cisco Security Manager and Cisco Security MARS are the bedrock of the Cisco centralized management strategy.

Goals and Methods

The goal of this book is to familiarize you with concepts, benefits, and implementation details of a Cisco self-defending network. This book endeavors to make you more comfortable with the following topics:

• Security threats and risks to IP networks

• Baseline security components of a traditional security network

• Concepts and benefits of a Cisco self-defending network

• Advanced topics in network security, including DDoS mitigation, NAC, and 802.1x

• In-depth coverage of the Cisco centralized management suite, including the Cisco Security Manager and Cisco Security MARS.

This book is not intended to be a one-stop shopping destination or a step-by-step guide to deploy each component of a self-defending network; instead, this book is a first-step to introduce you to the components of the Cisco self-defending network. If this book were a menu item in a restaurant, it would be a sampler platter, not an all-you-can buffet or a complete five-course meal. You can read this book in a day and, in that time, gain the ability to discuss the philosophy and components of a self-defending network at a high-level.

This book is heavily focused on device management and centralized management to show how you can manage a self-defending network. Many chapters of this book contain screenshots from beta or alpha software to get this book to market shortly after the products are released. There may be changes in the device manager and centralized management GUIs from alpha/beta software. There may also be changes in the device managers and centralized management GUIs between the versions used in the book and subsequent versions that are released to the market after the publication of this book.

Who Should Read This Book?

This book is intended for everyone learning about security and next-generation security networks, including Chief Security Officers (CSOs) and CIOs, network engineers and architects, and engineering students. This book is written to enable quick overview coverage of topics like DDoS, while creating a quick reference to enable deep-dives into specific implementation details, like how to deploy an 802.1x network.

How This Book Is Organized

This book is designed to be read as a beginning-to-intermediate overview of Cisco self-defending networks. The chapters cover the following topics:

• Chapter 1, "Understanding Types of Network Attacks and Defenses" Starts with an overview of network security threats and then details specific components of a self-defending network.

• Chapter 2, "Mitigating Distributed Denial-of-Service Attacks" Discusses the DDoS attack threats to an IP network and the components to mitigate this DDoS thread, including the DDoS service module for the Catalyst 6500/7600 family and the DDoS Device Manager.

• Chapter 3, "Cisco Adaptive Security Appliance Overview" Discusses the Cisco security appliance for firewall, IPS, VPN, antivirus, antispam, antiphishing, and URL filtering. This chapter also details how you can use the Adaptive Security Appliance Device Manager (ASDM) to help create a self-defending network.

• Chapter 4, "Cisco Incident Control Service" Examines the Cisco ICS product, developed with Trend Micro, that enables IOS routers, IPS Sensors, and the IPS module (AIP-SSM) of the Adaptive Security Appliance to update virus-related IPS signatures. This chapter also details the ability of Cisco ICS to configure access-list rules on IOS routers and ASA security appliances to help to protect the network against network virus infections.

• Chapter 5, "Demystifying 802.lx" Examines the underlying technology of the IEEE 802.1x standard, which enables networks to identify, authenticate, and authorize users to the desired VLANs and applications. This chapter also details how 802.1x can be a component of NAC.

• Chapter 6, "Implementing Network Admission Control" Provides an overview of the component of a self-defending network that authenticates and quarantines rogue users and users with down-level versions of OS patches and virus-protecting software. This chapter is dedicated to NAC framework, or a NAC solution that uses existing routers and switches.

• Chapter 7, "Network Admission Control Appliance" Covers the fundamentals of and configuration of the NAC appliance (Cisco Clean Access) product line. Specifically, this chapter covers how this NAC appliance can provide an alternative to the embedded components of NAC framework that may be attractive to several target markets, including the education market. This chapter also details how 802.1x is not required to implement NAC with the NAC appliance.

• Chapter 8, "Managing the Cisco Security Agent" Covers the fundamentals and configuration of the end-point or desktop self-defending component. It also discusses the product to provide end-point or desktop protection for up to 100,000 PCs or laptops with a single management center.

• Chapter 9, "Cisco Security Manager" Covers the centralized management product (Cisco Security Manager), which can configure the self-defending network for routers, switches, ASA, and IPS devices. This chapter also details how a management station can manage a self-defending network.

• Chapter 10, "Cisco Security Monitoring, Analysis, and Response System" Details how Cisco Security MARS can centrally monitor and provide mitigation for a self-defending network. Cisco Security MARS received monitoring input from many components in the selfdefending network, including routers, switches, ASA devices, IPS devices, databases, hosts, and Cisco Security Agents.