More Related Content
Similar to Protegendo a nova geração de redes (20)
More from Cisco do Brasil (20)
Protegendo a nova geração de redes
- 1. 1© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Protegendo a nova geração
de redes de acesso
Flávio Corrêa
Consulting Systems Engineer - Mobility
Fernando Zamai
Consulting Systems Engineer - Security
- 2. 2© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Evolução das redes de acesso
Cisco Wi-Fi
Cisco LAN
Autonomous
Access Point
Controller
Coordinated
Access Points
with RRM
1,2, and 3
Spatial
Stream
802.11n with
CleanAir
Unified
Policy and
Network
Management
Stateful
Switchover &
Application
Visibility and
Control
802.11ac
Wave 1 &
High-Density
ExperienceConnected
Mobile
Experiences
802.11ac Wave
2 & Multigigabit
Ethernet &
Hyperlocation
Self-Learning -
RRM
Self-Protecting -
CleanAir
Self-Healing
– SSO
Self-Optimizing–
HDX
1997 2012 2016
Cisco Unified
Access™
- 3. 3© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
1000!
14B!
500B!
Conexões Internet!
+55%!
Tráfego Internet!
hoje é WiFi!
50B!
- 4. 4© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Evolução do casos de uso de mobilidade
BYOD!
Company !
Purchased!
Basic
Communications!
Transforming!
Work!
Mobile
Transactions!
Networking!
- 5. 5© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Autenticação! Criptografia! Rogue APs! Ataques OTA!
- 6. 6© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
- 7. 7© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
- 8. 8© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Access Point
“Rogue”
- 9. 9© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
- 10. 10© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
- 11. 11© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Visibilidade! Localização!
CleanAir!
WIDS/WIPS!
AVC / NetFlow!
Interferências!
Clients!
Rogue Aps!
Attackers!
Rede como Sensor!
- 12. 12© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
- 13. 13© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
- 14. 14© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ISE
Cisco Identity Services Engine
Controle de acesso avançado com compartilhamento de contexto em tempo real.
Wired
Wireless
VPN
Dynamic Segmentation Options:
VLANs, DACLs, or TrustSec
Política de Acesso, Segmentação e Contexto é
fundamental no combate ao Cybercrime.
Quem é você? à Paulo
Qual Dispositivo? à iPad Pessoal ou Corporativo (BYOD)
Onde? à Torre A, 2o andar
Quando? à 16:30, 16 de Setembro
Como? à Wired, Wireless, ou VPN
- 15. 15© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Controle de Acesso Avançado
Fingerprint
MAC Vendor, Dhcp / CDP, Nmap
Dispositivo
=
Access Point
Ubiquiti
NEGADO
- 16. 16© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Provisionar
BYOD - Provisionamento
[Nome / senha]
• Usuário é autorizado?
• Dispositivo é autorizado?
Provisionar
fzamai
C1:5C:00:00:20:15
OU = BYOD Access
ü
ü
fzamai
C1:5C:00:00:20:15
OU = BYOD Access
WiFi
- 17. 17© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Configurar
Rede
BYOD – Acesso Seguro e Transparente
• Certificado válido?
• Usuário válido?
• Grupo BYOD?
• Dispositivo válido?
• MAC Cert / Dispositivo?
Autorizar
Acesso
BYOD
Vlan = 10
ACL = Net_Only
TAG = BYOD
ü
Certificado
fzamai
C1:5C:00:00:20:15
OU = BYOD Access
- 18. 18© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Confidential
- 19. 19© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Confidential
USABILIDADE
- 20. 20© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Rastreabilidade
WWW
10.1.1.20 → www.cisco.com
10.1.1.20
Usuário?
Fzamai
IPAD
BYOD
- 21. 21© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Network
as Sensor
Network as
Enforcer