thomas ludvik næss - cisco€¦ · internal resources internet / wan identity services engine ncs...

1© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Thomas Ludvik NæssHead of Cisco Security SalesNorth Europe

2© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Security Architecture

Consistent Identity-Aware Policy from Any Device to Data Center – Based on Business Needs

Policy Distribution and Intelligence Through the Network

Security Group Tagging Scales Context-Aware Enforcement

CISCO SOLUTION

POSTURE-BASED PERMISSIONS1. Permit/Deny based on policy2. Authorized devices tagged with policy3. Policy tags enforced by the network

VPN

Data Center

Virtual DC Machines

ALLOWED

DENIED

WHO

WHAT

WHERE

WHEN

HOW? ? ?

MACSec

3© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

4© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

5© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

6© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

7© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

TrustedWiFi

Authenticate User Fingerprint Device Apply Corporate Config Enterprise Apps Automatic Policies

8© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

WiFiTrusted

Apply defined policy profiles based on: Device Type User Location Application

Identity Services Engine

Mobile Device Management

Prime Management

802.11n Infrastructure• VideoStream• CleanAir, Client Link

9© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

TrustedWiFi

Electronic Medical Records

Mobile TelePresence

EmailInstant Messenger

YesNo

Access: FULL

10© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Is Mr. Allen’s lab work ready yet?

Not yet but i will let you know the moment it arrives

TrustedWiFi

Identity Services Engine

802.11n Infrastructure• VideoStream• CleanAir, Client Link

Prime Management

WAAS

BYOD

Internal Resources

Internet

Cisco Firewall

CleanAirClientLink

VideoStreamBandSelect

Cisco Access Point

Cisco WirelessLAN Controller

Identity Services Engine

NCS

Onboard, Authenticate, Identify, Policy, Posture

Content, Services, Policy Enforcement

Corporate Network

12© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Untrusted WiFi

Access: Limited

13© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Hotspot 2.0

802.11nInfrastructure

ScanSafeIronPort

Identity Services Engine

AnyConnect

WebExMobile 8

Internal Resources

Internet / WAN

Identity Services Engine

NCS

Corporate Network

Cisco ASA

3G / 4G

AnyConnect

Cisco ASR5K HLR/HSS

Licensed Access Network

Open / Walled Garden

SP Audio/Video Servers & Content

HomeMSP / MSO

Enterprise Access

WiFi

AnyConnect

Cisco ASR1K Cisco Access

Registrar

Unlicensed Access Network

Open / Walled Garden

SP Audio/Video Servers & Content

802.11uHotSpot 2.0

802.1x – EAP/SIMHotSpot 2.0

VPN

VPN

Identity / Policy

Content, Services, Policy Enforcement

15© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

16© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Electronic Medical Records

Mobile TelePresence

Email

Instant Messenger

YesNo

3G/4G

Access: Limited

17© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Identity Services Engine

AnyConnect

3G/4G

ASR

18© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

CleanAirClientLink

VideoStreamBandSelect

Cisco Access Point

BYOD

Cisco WirelessLAN Controller

Internal Access

Internet / WAN

Identity Services Engine

NCS

Corporate Network

Internal Resources

Cisco ASA

3G / 4G

AnyConnect

Licensed Access Network

Cisco ASR5K HLR/HSS

Open / Walled Garden

SP Audio/Video Servers & Content

3G/4G SIM Authentication

VPN

VPN

Identity / Policy

Content, Services, Policy Enforcement

19© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Electronic Medical Records

Mobile TelePresence

Email

Instant Messenger

YesNo

TrustedWiFi

Access: FULL

20© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

WebExMobile 8

802.11n Infrastructure

TrustedWiFi

Cisco Virtual Office

Bandwidth Priority

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28Cisco Confidential 28

• Improving workforce productivity

• Reducing operating costs with BYOD, Cloud….

• Providing Secure access to 3rd party organisations

• Reducing compliance risk

• Increasing agility of IT and ability to scale cost effectively

Rebecca JacobyCIO, Cisco

Cisco Confidential 29© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29

Security that means business

30© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID