Professional Documents
Culture Documents
, Channel SE
tboskovi@cisco.com
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
?
?
Cisco Security Manager
Cisco CS-MARS
CS-M CS-MARS
?
2
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
?
3
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
?
4
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Datacenter
Patch-
, ,
5
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Security Management
Cisco Security Manager Cisco Security Monitoring,
Analysis and Response
(CS-M)
System (CS-MARS)
Provisioning A a
o
7
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Security Manager
VPN-
VPN wizard
site-to-site, hub-and-spoke,
full-mesh VPNs
VPN, DMVPN, Easy
VPN Devices
Jumpstart : a
, :
VPNs IPSs IPS-
ASA, Cisco PIX Firewall,
FWSM, Cisco IOS
Software IPS
8
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
,
?
Policy
Site-to-site VPN Policy
Policy
SSH SSL
9
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Mandatory Default
Corporate Rules: Rules:
Policy I-M1 I-D1
I-D2
I-M2
inherit
default Data Mandatory Default
Center Rules: Rules:
Policy II-M1 II-D1
- II-M2 II-D2
inherit
- default
Application Mandatory Default
Server Rules: Rules:
Policy III-M1 III-D1
III-M2 III-D2
inherit Local Device Rules:
L-1
L-2
10
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
11
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Workflow ?
?
_, VPN IPS
Security
Operations
Create/Edit Review/ Approve/
Policy Definition
Policy Submit Commit
Undo
Generate/
Submit Job
Approve Job Deploy
Policy Deployment
Network
Operations Rollback
Policy Deployment
12
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
(RBAC)
?
Cisco
IOSSoftware
Cisco Security Manager
Cisco PIX
CS-M Concepts Firewall and
Cisco ASA
AAA
Cisco Secure Access Remote
Access
Control System (ACS)
Home
Office
13
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco CS-MARS
14
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Security MARS
,
Firewall Log IDS Event Server Log
15
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Dec 5, 2007 1:06:34 [10.1.2.2] %FWSM-6-302015: Built
outbound UDP connection 219025352 for
inside:10.10.21.108/4664 (10.61.1.1/25572) to
outside:144.254.6.144/1029 (144.254.6.144/1029)
16
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
?
BR2-NIDS-2 BR2-NIDS-4
HQ-SW-4 Cloud 27
HQ-NIDS-2
BR2 Host1
BR2-NIDS-3
HQ-SW-3
n-10.4.14.0/24
Cloud 42 Cisco IPS
Cloud 40 BR2-WAN-
Sensor
CSA Edge-Router
Cloud 39 n-192.168.2.0/24
Cloud 14 nsSxt pix506
Cloud 16 n-10.4.2.0/24
CP Module
CSA n-10.4.13.0/24
HQ-FW-2 HQ-FW-3 BR2-NIDS-10 BR2-NIDS-1 ns25
BR2-NIDS-
HQ-WAN
BR2-IQ-Router
Edge Router
Cloud 4 Cloud 5 HQ Hub Router n-10.1.7.0/24
n-10.4.15.0/24
Mgmt BR3-RW-1
HQ-SW-1
BR2-NIDS-9
HQ-FW-1 IPS2 HQ-SW-2
n-192.168.0/24
Cloud 2 BR2-NIDS-8
CS-MARS
HQ-NIDS1
Demo3
BR3Host1
HQ-WEB-1
CS-MARS
17
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
18
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
?
CS-MARS
-
-
-
2,694,083
992,511
249
61
19
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
20
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
CS-MARS ?
?
21
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
CS-MARS
22
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
23
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
?
?
24
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
()
25
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Admin -> System Maintenance -> View the Audit Trail
26
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
?
27
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
? ()
28
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Security MARS
MARS 55
MARS
MARS 210
MARS 25
MARS 110
!
MARS GC2 & GC2R
MARS 25R
MARS 110R
EPS 50 750 1500 4500 7500 15000
1
!
MARS 20 MARS 100
30
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Security Manager / MARS
security
31
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Security Manager / MARS
Cisco
IPS
Cisco Security Manager MARS
Management
32
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPS
33
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
:
2 3
4 34
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
:
35
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
ASA: Real-Time Match Flow
36
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
ASA: Real-Time Match Rule
Hash code
37
Hash code 2008 Cisco Systems, Inc. All rights reserved.
Presentation_ID Cisco Confidential
ASA:
1
38
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPS - Real-Time
3
2
39
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPS - Real-Time ()
40
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPS ()
10 9
11
12
41
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPS ()
42
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPS
43
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPS ()
44
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
CS-M
http://www.cisco.com/en/US/products/ps6498/index.
html
CS-MARS
http://www.cisco.com/en/US/products/ps6241/index.
html
CS-MARS
http://ciscomars.blogspot.com/
CS-MARS Google
http://groups.google.com/group/cs-mars-ug?hl=en-GB
45
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
CS CS-MARS
,
...
46
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
47
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
48
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
49
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Networkers Barcelona
26 29. 2009.
!
http://www.cisco.com/web/europe/cisco-networkers/2009/index.html
50
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
51
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential