Hide Notes 

Slide 1: IU1 – Tech Council Meeting Rob Paris, CISSP Systems Engineer Pittsburgh Commercial April 20th, 2006 Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Slide 2: Agenda Introduction Core Network 6509, FWSM, IDSM Internet Edge ASA Remote Connection 3750 Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
Slide 3: Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Slide 4: Core Network FWSM, IDSM Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Slide 5: Catalyst 6500: Switch with a Future Switch With a Future The right infrastructure gear can be a key ally in your quest to avoid a forklift upgrade. A switch such as Cisco’s Catalyst 6509, as shown here in data center and wiring closet configurations, protects investments by keeping several important options open. Power over 10G Ethernet is a must for the data center. Avoid future bottlenecks by putting 10G in the wiring closet to accommodate new PCs that come with 1G Ethernet adapters. Another 7+ Years of Investment & Innovation Ethernet will simplify the work when you need to deploy more access points or VoIP phones. Look for support for the 802.3af standard. SSL-based VPNs scale well and ensure great security. A switch with space for an add-in SSL VPN module should prove a costeffective choice. A field-upgradeable policy feature card delivers innovative hardware-based services such as IPv6, MPLS or generic route encapsulation VPNs. Stay as modular as possible to add capacity as needed. These chassis have nine slots. Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Slide 6: Catalyst 6500 Line Cards Ethernet Linecard Portfolio Core/Distribution & Data Center Linecards Wiring Closet Linecards WS-X6148A-RJ45 WS-X6148A-45AF •48-port 10/100 Classic Linecard •Integrated TDR •Optional 802.3af PoE module •Queuing Structure : TX - 1p3q8t, RX – 1p1q4t WS-X6704-10GE •4-port 10GE XENPAK CEF720 Linecard •40 Gbps Connection to the Sup720 •ER, LR, LX4, SR, CX4 XENPAKs •Optional WS-F6700-DFC3A, B, BXL •Queuing Structure - TX : 1p7q8t, RX – 1q8t or 8q8t (w/DFC) •48-port SFP CEF720 Linecard •40 Gbps Connection to the Sup720 •SX, LX, ZX, Tx, CWDM SFPs •Optional WS-F6700-DFC3A, B, BXL •Queuing Structure : TX - 1p3q8t, RX – 1q8t or 2q8t (w/DFC) •24-Port SFP CEF720 Linecard •20 Gbps Connection to the Sup720 •SX, LX, ZX, Tx, CWDM SFPs •Optional WS-F6700-DFC3A, B, BXL •Queuing Structure : TX - 1p3q8t, RX – 1q8t or 2q8t (w/DFC) •48-port 10/100/1000 CEF720 Linecard •40 Gbps Connection to the Sup720 •Supports Time Delay Reflectometer (TDR) •Optional WS-F6700-DFC3A, B, BXL •Queuing Structure : TX – 1p3q8t, RX – 1q8t (w/DFC) © 2005 Cisco Systems, Inc. All rights reserved. WS-X6748-SFP WS-X6196-RJ-21 WS-X6196-21AF •96-Port 10/100 Classic Linecard •Twice the density in a single slot with standard RJ-21 connector •Optional 802.3af PoE Module •Queuing Structure : TX – 1p3q1t RX – 1p1q0t •48-port 100Base-X SFP card •Supports the buy as grow model with the SFP optics •Optics supported – FX, LX, BX-U and BX-D •Queuing Structure : TX – 1p3q8t per port , RX – 1p1q2t per 8 ports •48-Port 10/100/1000 Classic card •New support for Jumbo Frames, WRED •Integrated TDR •Optional 802.3af PoE Module •Queuing Structure : TX – 1p3q8t, RX – 1q2t Cisco Confidential 6 WS-X6724-SFP WS-X6148-FE-SFP WS-X6748-GE-TX WS-X6148A-GETX WS-X6148A-GE-45AF Session Number Presentation_ID
Slide 7: Catalyst 6500 Firewall • • • • • • • • • • • • • Services Modules Summary Catalyst 6500 Service Modules Portfolio 5.5 Gbps Throughput • Detect and Mitigate DDoS Anomaly Detection Routed or Transparent attacks automatically & Guard Active/Active Multicast NEW! • 8 Gps performance • Continuous baseline learning, 250 Context/Module Application Firewall signature extraction IPv6 Phase 1 SLB SSL Offload, TCP Offload Virtualization & RBAC Application Acceleration Application Security 4G module Content Switching &SSL Wireless LAN • Converge wireless and wired NEW! • infrastructure 3600 AP’s per Scalability to cluster; 1500 AP’s per chassis; and 300 AP’s per module • Layer 3, N+1 redundancy • Simultaneously monitor multiple VLANs • Unlimited VLAN support • Transparent via passive promiscuous operation • L2-7 protocol visibility, analysis and decode • Real-Time and historical statistics • Capture & Reports export • MPLS tag monitoring Cisco Confidential 7 AON • Provides Application message level services NEW! • Content based routing, message load balancing, transformation, application message security, etc • • • • 2.5 Gbps Throughput Feature parity with VPNSM AES (128, 192, 256-bit key sizes) Jumbo Frame support Intrusion Detection IP Sec VPN SPA NEW! Network Analysis Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved.
Slide 8: Catalyst 6500 NetFlow Benefits: • Monitor traffic for anomalies • Identify and classify the attack Cisco partners: Arbor Networks, Mazu, and Adlex • Trace attack to its source • Supported on all Cat6k supervisors Cisco IT prevented SQL slammer at Cisco, watching flows per port Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
Slide 9: Integrated Time Domain Reflectometer Simplifies Network Management and Operational Control X X Catalyst 6500 Integrated TDR Shows: • • • • • Cable Unplugged from Catalyst 6500 Cable Unplugged from End Station Cable Unplugged from Patch Panel Cable Broken at 55 Meters from Catalyst 6500 Server Down © 2003, Cisco Systems, Inc. All rights reserved. © 2005 Cisco Systems, Inc. All rights reserved. X X X 9 Session Number 7680_03_2003_c1 Presentation_ID Supported with the new 48 port 10/100/1000 modules using any Supervisor 9 Cisco Confidential
Slide 10: Operational Manageability Encapsulated Remote SPAN Campus Core •Mirror any interface, VLAN, or other Traffic to any destination port, even across a routed boundary! •Used in conjunction with Intelligent Services Modules to deliver services anywhere •$$$ No need for external probes/on-site staff •$$$ No running around with a network analysis tool to debug problems Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
Slide 11: Catalyst 6500 Firewall Services Module Value Proposition • High performance and scalability firewall up to 5 Gbps per module and 20 Gbps per chassis • Integrated security module providing superior network infrastructure services and ease of management • Industry-leading virtualized services allowing consolidation, granular customized control with lower TCO • Flexible management solutions lower operational costs Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Fabric Enabled Cisco Confidential 11
Slide 12: Cisco Adaptive Security Device Manager v5.0F Next-Generation of Popular Cisco PIX Device Manager New! • Adds support for all major new features introduced in FWSM 3.1 • Homepage includes: - Platform uptime - Security Contexts - Real-time syslog viewer (last 10 events) - Improved navigation - Powerful search capabilities - And more! Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential – NDA Use Only Cisco Confidential 12 12
Slide 13: Cisco Intrusion Prevention System Stops Worms and Malicious Traffic Multivector Threat Identification Achieves maximum attack identification via multiple analysis techniques Increases accuracy and confidence for inline mitigation actions Accurate Inline Prevention Technologies Cisco Intrusion Prevention System v5.0 Unique Network Collaboration Leverages the network for enhanced scalability and resiliency Comprehensive Deployment Solutions Provides a range of reliable high performance solutions Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
Slide 14: Process for Accurate Threat Mitigation: Multi-Vector Attack Identification Viruses/Worms P2P/IM Abuse Port 80 Misuse Multiple techniques must be utilized to block broad classes of attacks Vulnerability – encoding signatures to the underlying vulnerability for day-zero protection Exploit-specific – protection from unknown threats and quickly mutating viruses Policy – traffic filtering based on security policy DoS/ DDoS Spyware/ Adware Trojans/ Backdoors Anti-Spam Bots/Zombies Anomaly – Traffic and protocol anomaly detection to complement signature based analysis Heuristic – statistically based algorithms to rate limit alarms produced by sensing engine Cisco Confidential 14 Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved.
Slide 15: Process for Accurate Threat Mitigation: Anti-X and Application Abuse Vectors Spyware/Adware • Controls the transmission of confidential data • Polices the network traffic to filter out spyware communications Voice Over IP (VoIP) • Ensures protocol compliance for call setup • Protects voice gateways from attacks • Prevents excess memory allocation of URL overflows Application Abuse • Provides deep inspection for web protection and control of “port 80 misuse” • Controls usage of IM, P2P, methods/commands, MIME types Network Virus • Leverages Trend Micro partnership to integrate late-breaking malware • Improves virus coverage and response time Cisco Confidential 15 Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved.
Slide 16: Internet Edge ASA Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
Slide 17: Introducing Cisco Adaptive Security Appliances Delivering Adaptive Threat Defense and VPN Solutions Converged Adaptive Threat Defense and Flexible VPN Services Application Security, Worm/Virus Mitigation, Malware Protection and Threat-Protected VPN Minimize Deployment and Operations Costs Platform Standardization, Unified Management, Network Awareness Purpose-Built Adaptive Identification and Mitigation Architecture Enables Unprecedented Extensibility and Policy Control Technology Extensibility to Address New Threats The Cisco ASA 5500 Series Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
Slide 18: Cisco ASA 5500 Series Market-Proven Technologies Firewall Technology Cisco PIX Convergence of Robust, Market-Proven Technologies Adaptive Threat Defense, Secure Connectivity App Inspection, Use Enforcement, Web Control Application Security IPS Technology Cisco IPS Malware/Content Defense, Anomaly Detection Anti-X Defenses NW-AV Technology Cisco IPS, AV Traffic/Admission Control, Proactive Response Network Containment & Control VPN Technology Cisco VPN 3000 Network Intelligence Cisco Network Services Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Secure Connectivity IPSec & SSL VPN Cisco Confidential 18
Slide 19: Cisco Adaptive Security Device Manager v5.0F Next-Generation of Popular Cisco PIX Device Manager New! • Adds support for all major new features introduced in FWSM 3.1 • Homepage includes: - Platform uptime - Security Contexts - Real-time syslog viewer (last 10 events) - Improved navigation - Powerful search capabilities - And more! Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential – NDA Use Only Cisco Confidential 19 19
Slide 20: Remote Connection 3750 Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
Slide 21: Cisco Catalyst 3750 Series Innovative Stacking Sets New Standards for Resiliency and Management • Enterprise-class Services • Wire-speed switching and routing • Cisco StackWise™ Technology Fault-tolerant, Bi-directional 32-Gbps stack interconnection Automated Configuration & Management Single network instance (IP, SNMP, CLI, Spanning-Tree Protocol , VLAN) Master/secondary architecture with master failover Cross-Stack EtherChannel®, cross-stack QoS • Next Generation in Desktop Switching Optimized for Gigabit Ethernet IPv6-capable in hardware Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
Slide 22: Cisco Catalyst 3750 Series Model Overview Catalyst 3750-24TS • 24 10/100 + 2 SFP ports Catalyst 3750-48TS • 48 10/100 + 4 SFP ports Catalyst 3750-24TS • 24 10/100/1000 Catalyst 3750-24PS Catalyst 3560G-24PS • 24 10/100 + 2 SFP ports • 370W PoE Catalyst 3750-48PS Catalyst 3560G-48PS • 48 10/100 + 4 SFP ports • 370W PoE Catalyst 3750-24PS Catalyst 3560G-24PS • 12 SFP (AC or DC) Catalyst 3750G-24TS-1U Catalyst 3750G-48TS • 24 10/100/1000 + 4 SFP • 48 10/100/1000 + 4 SFP Catalyst 3750G-24TS-1U • 16 10/100/1000 • 1x 10GE XENPAK Catalyst 3750G-24PS Catalyst 3560G-24PS • 24 10/100/1000 + 4 SFP • 370W PoE Session Number Presentation_ID Catalyst 3750G-48PS Catalyst 3560G-48PS • 48 10/100/1000 + 4 SFP • 370W PoE Catalyst 3750-24FS • 24 10/100/1000 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
Slide 23: Session Number Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23