thomas ludvik næss - cisco€¦ · internal resources internet / wan identity services engine ncs...
TRANSCRIPT
![Page 1: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/1.jpg)
1© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Thomas Ludvik NæssHead of Cisco Security SalesNorth Europe
![Page 2: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/2.jpg)
2© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Security Architecture
Consistent Identity-Aware Policy from Any Device to Data Center – Based on Business Needs
Policy Distribution and Intelligence Through the Network
Security Group Tagging Scales Context-Aware Enforcement
CISCO SOLUTION
POSTURE-BASED PERMISSIONS1. Permit/Deny based on policy2. Authorized devices tagged with policy3. Policy tags enforced by the network
VPN
Data Center
Virtual DC Machines
ALLOWED
DENIED
WHO
WHAT
WHERE
WHEN
HOW? ? ?
MACSec
![Page 3: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/3.jpg)
3© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
![Page 4: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/4.jpg)
4© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
![Page 5: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/5.jpg)
5© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
![Page 6: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/6.jpg)
6© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
![Page 7: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/7.jpg)
7© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
TrustedWiFi
Authenticate User Fingerprint Device Apply Corporate Config Enterprise Apps Automatic Policies
![Page 8: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/8.jpg)
8© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
WiFiTrusted
Apply defined policy profiles based on: Device Type User Location Application
Identity Services Engine
Mobile Device Management
Prime Management
802.11n Infrastructure• VideoStream• CleanAir, Client Link
![Page 9: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/9.jpg)
9© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
TrustedWiFi
Electronic Medical Records
Mobile TelePresence
EmailInstant Messenger
YesNo
Access: FULL
![Page 10: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/10.jpg)
10© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Is Mr. Allen’s lab work ready yet?
Not yet but i will let you know the moment it arrives
TrustedWiFi
Identity Services Engine
802.11n Infrastructure• VideoStream• CleanAir, Client Link
Prime Management
WAAS
![Page 11: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/11.jpg)
BYOD
Internal Resources
Internet
Cisco Firewall
CleanAirClientLink
VideoStreamBandSelect
Cisco Access Point
Cisco WirelessLAN Controller
Identity Services Engine
NCS
Onboard, Authenticate, Identify, Policy, Posture
Content, Services, Policy Enforcement
Corporate Network
![Page 12: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/12.jpg)
12© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Untrusted WiFi
Access: Limited
![Page 13: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/13.jpg)
13© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Hotspot 2.0
802.11nInfrastructure
ScanSafeIronPort
Identity Services Engine
AnyConnect
WebExMobile 8
![Page 14: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/14.jpg)
Internal Resources
Internet / WAN
Identity Services Engine
NCS
Corporate Network
Cisco ASA
3G / 4G
AnyConnect
Cisco ASR5K HLR/HSS
Licensed Access Network
Open / Walled Garden
SP Audio/Video Servers & Content
HomeMSP / MSO
Enterprise Access
WiFi
AnyConnect
Cisco ASR1K Cisco Access
Registrar
Unlicensed Access Network
Open / Walled Garden
SP Audio/Video Servers & Content
802.11uHotSpot 2.0
802.1x – EAP/SIMHotSpot 2.0
VPN
VPN
Identity / Policy
Content, Services, Policy Enforcement
![Page 15: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/15.jpg)
15© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
![Page 16: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/16.jpg)
16© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Electronic Medical Records
Mobile TelePresence
Instant Messenger
YesNo
3G/4G
Access: Limited
![Page 17: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/17.jpg)
17© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Identity Services Engine
AnyConnect
3G/4G
ASR
![Page 18: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/18.jpg)
18© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
CleanAirClientLink
VideoStreamBandSelect
Cisco Access Point
BYOD
Cisco WirelessLAN Controller
Internal Access
Internet / WAN
Identity Services Engine
NCS
Corporate Network
Internal Resources
Cisco ASA
3G / 4G
AnyConnect
Licensed Access Network
Cisco ASR5K HLR/HSS
Open / Walled Garden
SP Audio/Video Servers & Content
3G/4G SIM Authentication
VPN
VPN
Identity / Policy
Content, Services, Policy Enforcement
![Page 19: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/19.jpg)
19© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Electronic Medical Records
Mobile TelePresence
Instant Messenger
YesNo
TrustedWiFi
Access: FULL
![Page 20: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/20.jpg)
20© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
WebExMobile 8
802.11n Infrastructure
TrustedWiFi
Cisco Virtual Office
Bandwidth Priority
![Page 21: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/21.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28Cisco Confidential 28
• Improving workforce productivity
• Reducing operating costs with BYOD, Cloud….
• Providing Secure access to 3rd party organisations
• Reducing compliance risk
• Increasing agility of IT and ability to scale cost effectively
Rebecca JacobyCIO, Cisco
![Page 22: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/22.jpg)
Cisco Confidential 29© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Security that means business
![Page 23: Thomas Ludvik Næss - Cisco€¦ · Internal Resources Internet / WAN Identity Services Engine NCS Corporate Network Cisco ASA 3G / 4G AnyConnect Cisco ASR5K HLR/HSS Licensed Access](https://reader036.vdocument.in/reader036/viewer/2022081613/5fb867560e8b2e14e4343dee/html5/thumbnails/23.jpg)
30© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID