Employee's are bringing tablets and smartphones onto corporate networks, increasing IT workload without adding resources. See how the Cisco Identity Services Engine and Cisco Prime Network Control System will help IT take control of the onslaught of mobile devices entering the network. Learn more: http://cisco.com/go/wireless
iPads on your network? Take Control with Unified Policy and Management
1. RenuUpadhyay, Marketing Manger, Cisco Dan Larkin, Director, Strategic Operations, NCFTA Matt Schmitz, Senior Product Manager, Cisco SaurabhBhasin, Senior Product Line Manager, Cisco May 4, 2011 iPads on Your Network?Establish Visibility and Management Control
2. Mobile Security Assessment Agenda 1 2 3 Unified Policy management for Any Device Unified User and Access Management for Any Network
3.
4. Work is a place you go to—limited off-campus access
7. Work is a function—globally dispersed, mixed device ownership
8. Change in IT control and management paradigmExecutive Employee IT
9.
10.
11.
12. One user, many devicesAccess Evolution Early 90s Late 90s Today Effectively Support Users with Box Management Need for Policy and Control Need for Operational Efficiency
13. Some Questions to Consider Enterprises Are Trying to Embrace Mobility While Addressing Security Do I have the WLAN capacity and reliability to support increase in mobile devices? How do I enforce security policies on noncompliant devices? How do I grant different levels of access to protect my network? How do I ensure data loss prevention on devices where I don’t have visibility? How should I address the employee (tech savvy) who trade up to new devices? New policy? How do I protect my intellectual property/personal information? How do I monitor and troubleshoot user and client connectivity issues on my access (wired/wireless) network?
31. Similar pattern/opportunity for I-Pads (and similar products)
32.
33. Partnerships—Global & Growing Support from International Law Enforcement and Industry in 34 nations… TDY..and in-country model Australia Canada U.K. Germany Romania Italy India Turkey
34. Historical Gaps/Obstacles Lack of “Trusted” Two-Way information sharing relationships with SME’s Compelled information sharing vs Voluntary - triggers legal issues, Lack of Neutral setting to analyze/triage open source or Industry owned intelligence (Meet in the middle space)
49. Discussion of Near Field Communication….Say you hear a lot of Audix mailbox recordings, then you are dealing with an Avaya PBX (which is a very popular VoIP PBX)….
51. Criminal Forums focus on I-Pad/Tablets TheHammer I HAVE Iphones/Ipad SERIALS need methods!!!! I have Iphone 3g/4g serials and Ipad as well. They are working i test them but i need the person who knows how to do the methods. I will pay him for the work and i have drops. If anyone knows it or know how to do it im ready and i dont like to waiste my time only if you are seriouse. Reply.
52. Other Forum chatter- Exploits…. “Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution” “Viewing a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution… memory corruption issue existed in QuickLook's handling of Microsoft Office as well.” Cert weakness: “An attacker with a privileged network position may intercept user credentials or other sensitive information”….”man-in-the-middle”
68. Why to get Plugged in Financial Srvs Partners DB’s ISP’s DB’s IDS Co’s ie Symantec DB’s L.E DBs Software Co DB’s via BSA NCFTA - CIRFU Space FBI Secure Space Other Fusion Centers Intel Merchants via MRC DB’s Other DB DPN DB SPAM DB US CERT DHS US Postal & Internat’l– L.E Referral to Law Enforcement & Coordination
76. Evolving Policies in a Mobile World “Printers should only ever communicate internally.” Internet “Employees should be able to access everything but have no access on personal devices.” Cisco Switch Internal Resources Campus Network “Guest and partners are only allowed bandwidth constrained Internet access via wireless.” Cisco Access Point Cisco Wireless LAN Controller Policy Services
77. BYOT: Bring Your Own Technology Access Challenges IT Is Struggling With: Classifying managed vs.. unmanaged endpoints ID devices that cannot authenticate User host association But There Barriers: Certificates Endpoint certainty No automated way to discover new endpoints User Location Time Device Attribute X PC and Non-PC Devices
78. Typical BYOT Policy Options “Employees can access everything from either corporate or personal devices. But non-employees are blocked.” Internet “Employees are required to use corporate devices. Personal devices are not allowed and there is no guest access.” Internal Resources Campus Network Limited Resources “Employees can access everything from corporate devices. Employees on personal devices and partners have restricted access.” Really Important! Policy Services
90. Data and configurations migration tools available*Identity Services Engine *Available over multiple releases Existing Investments Protected
91. Comprehensive Policy Solution for Any Device Purpose-Built, Complete, and Reliable Profiling Cisco ISE uses SNMP, NetFlow, DNS, RADIUS, HTTP, and DHCP to increase accuracy, reduce spoofability Works across wired and wireless Completely integrated with RADIUS/AAA Includes additional services (posture, guest/portal, etc.) Scalable Policy Enforcement Switch, WLAN controller, and VPN as an enforcement point Flexible control (VLAN, dACL/ACL, QoS, SGA, etc.) based on any contextual attributes (user, device, group, location, time, etc.) Unified Management ISE detailed reports and troubleshooting tools (user, device, session, etc.) can be accessed from within NCS 1.0 providing a single pane of glass into user, device, and network across wired and wireless infrastructure User Location Time Device Attribute X
93. Identity Services Engine Offers a Robust Set of Capabilities Consolidated Services, Software Packages Session Directory Flexible Service Deployment ACS All-in-One HA Pair Admin Console M&T User ID Access Rights NAC Manager NAC Profiler ISE NAC Server Distributed PDPs NAC Guest Device (and IP/MAC) Location Tracks Active Users and Devices Optimize Where Services Run Simplify Deployment and Admin Policy Extensibility Manage Security Group Access Systemwide Monitoring and Troubleshooting SGT Public Private Staff Permit Permit Guest Deny Permit Keep Existing Logical Design Consolidate Data, Three-Click Drill-In Link in Policy Information Points
95. Client Devices: Top Contributor to Network Performance Problems Contributors to Wireless Network Problems 400 350 300 250 Number of Customers 200 150 100 50 0 Client Devices (Drivers, Connections, Authentication, or Other Issues) RF Interference from Wi-Fi and/or Non-Wi-Fi Sources Unexpected Demand for Increase Coverage of Capacity Faulty Wireless Network Design Implementation Old or Outdated Wireless Technology Insufficient IT Administrator Expertise Other Major Issues Contributing to Wireless Network Problems A Recent Survey Shows That Respondents View Client Devices as the TOP Contributor to Wireless Network Performance Problems
96. Introducing Cisco Prime Network Control System Converged Access Management for Wired and Wireless Networks Wireless | Wired | Security Policy | Network Services Unified Management Operations Users Policy Improved Network Visibility | Faster Troubleshooting | Eliminate Configuration Errors
97. Single Integrated User and Access Dashboard High-Level View of Key Metrics with Contextual Drill-Down to Detailed Data Flexible platform: Accommodates new and experienced IT administrators Simple, intuitive user interface: Eliminates complexity User-defined customization: Display the most relevant information
98. Unified User and Endpoint Services Correlated and focused wired/wireless client visibility Client health metrics Client posture and profile Client troubleshooting Client reporting Unknown device ID input Clear view of the end user landscape Who is connecting Using which device Are they authorized
99. Integrated Access Infrastructure Visibility Wired and wireless discovery and inventory Add/detect infrastructure devices such as switches, WLAN controllers, and access points Comprehensive access infrastructure reporting View the access infrastructure as a whole or as discrete technologies Stolen asset notification Track when devices presumed stolen come back online
100. Identity Services Engine Integration for True User and Access Management Converged Security and Policy Monitoring and Troubleshooting Enhance Infrastructure Security Streamline Service Operations Enforce Compliance Shows where security and policy problems exist Retrieves information directly from clients: Wired, wireless; authenticated, unauthenticated Reduces the time to troubleshoot security and policy problems Client posture status and client profiled views Drill deeper into security and policy issue details Direct linkage from Cisco NCS to Cisco ISE with contextual filtering
101. Comprehensive Wireless Lifecycle Management Full Range of Lifecycle Capabilities Plan Deploy Optimize Monitor and Troubleshoot Remediate
112. Key Resources March 22ndCIN Webinar: iPad. Galaxy. Cius. Best Practices to Support the influx of Mobile Devices Dec 2ndCIN Webinar: Preparing the WLAN for mobile devices/tablets. Technical White Paper: Optimize the Cisco Unified Wireless Network to Support Wi-Fi Enabled Phones and Tablets White Paper: The Future of Network Security: Cisco SecureX Architecture
113. Cisco’s Borderless Networks Solutions Prepare Your Enterprise Network for Mobile Devices The mobile security landscape is evolving Enabling mobility requires a comprehensive, consistent approach to user/ device access and network management Meet User Demand for Mobility