Cisco

, Channel SE
tboskovi@cisco.com

Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
 ?

?

Cisco Security Manager

Cisco CS-MARS

CS-M CS-MARS

?

2
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 ?

3
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 ?

4
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential


Datacenter

Patch-
, ,

5
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 Cisco Security Management
Cisco Security Manager Cisco Security Monitoring,
Analysis and Response
(CS-M)
System (CS-MARS)

Provisioning A a




o

Cisco Secure Access Control Server

(RBAC)

6
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 Cisco Security Manager

7
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 Cisco Security Manager

VPN-

VPN wizard
site-to-site, hub-and-spoke,
full-mesh VPNs


VPN, DMVPN, Easy
VPN Devices
Jumpstart : a



, :
VPNs IPSs IPS-

ASA, Cisco PIX Firewall,

FWSM, Cisco IOS
Software IPS

8
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential

,
?



Policy

Site-to-site VPN Policy

Policy

SSH SSL

9
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential


Mandatory Default

Corporate Rules: Rules:
Policy I-M1 I-D1
I-D2
I-M2

inherit


default Data Mandatory Default
Center Rules: Rules:
Policy II-M1 II-D1

- II-M2 II-D2

inherit
- default
Application Mandatory Default
Server Rules: Rules:
Policy III-M1 III-D1
III-M2 III-D2

inherit Local Device Rules:
L-1
L-2
10
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential


11
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 Workflow ?
?

_, VPN IPS

Security
Operations
Create/Edit Review/ Approve/
Policy Definition
Policy Submit Commit

Undo





Generate/
Submit Job
Approve Job Deploy

Policy Deployment
Network
Operations Rollback
Policy Deployment

12
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 (RBAC)

?

Cisco
IOSSoftware



Cisco Security Manager


Cisco PIX
CS-M Concepts Firewall and
Cisco ASA

AAA


Cisco Secure Access Remote
Access
Control System (ACS)




Home

Office

13
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 Cisco CS-MARS

14
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 Cisco Security MARS
,

Firewall Log IDS Event Server Log

Switch Log Firewall Cfg. AV Alert

Switch Cfg. NAT Cfg. App Log

, Router Cfg. Netflow VA Scanner
,

15
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Dec 5, 2007 1:06:34 [10.1.2.2] %FWSM-6-302015: Built
outbound UDP connection 219025352 for
inside:10.10.21.108/4664 (10.61.1.1/25572) to
outside:144.254.6.144/1029 (144.254.6.144/1029)

Dec 5, 2007 1:07:38 [10.1.2.2] %FWSM-6-302016:

Teardown UDP connection 219025322 for
inside:10.10.21.108/4660 to
outside:144.254.6.144/1029 duration 0:02:03 bytes 64

Dec 5, 2007 1:08:34 [10.1.2.2] %FWSM-6-302015: Built

outbound UDP connection 219025330 for
inside:10.10.21.108/4673 (10.61.1.1/25597) to
outside:144.254.6.144/1029 (144.254.6.144/1029)

16
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 ?

BR2-NIDS-2 BR2-NIDS-4
HQ-SW-4 Cloud 27
HQ-NIDS-2
BR2 Host1
BR2-NIDS-3
HQ-SW-3
n-10.4.14.0/24
Cloud 42 Cisco IPS
Cloud 40 BR2-WAN-
Sensor
CSA Edge-Router
Cloud 39 n-192.168.2.0/24
Cloud 14 nsSxt pix506
Cloud 16 n-10.4.2.0/24
CP Module
CSA n-10.4.13.0/24
HQ-FW-2 HQ-FW-3 BR2-NIDS-10 BR2-NIDS-1 ns25
BR2-NIDS-
HQ-WAN
BR2-IQ-Router
Edge Router
Cloud 4 Cloud 5 HQ Hub Router n-10.1.7.0/24
n-10.4.15.0/24
Mgmt BR3-RW-1

HQ-SW-1
BR2-NIDS-9
HQ-FW-1 IPS2 HQ-SW-2

n-192.168.0/24

Cloud 2 BR2-NIDS-8

CS-MARS
HQ-NIDS1
Demo3
BR3Host1

HQ-WEB-1
CS-MARS
17
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential


18
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 ?
CS-MARS

-
-
-

2,694,083

992,511

249

61

19
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential


20
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 CS-MARS ?









?

21
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential


CS-MARS

22
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential


23
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential


?
?

24
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 ()

25
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential


Admin -> System Maintenance -> View the Audit Trail

26
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 ?

27
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 ? ()

28
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 Cisco Security MARS

MARS 55
MARS

MARS 210

MARS 25
MARS 110
!
MARS GC2 & GC2R
MARS 25R
MARS 110R
EPS 50 750 1500 4500 7500 15000

MARS 50 MARS 200

MARS

1
!
MARS 20 MARS 100

MARS GC & GCm

MARS 20R MARS 100E

EPS 50 500 1000 3000 5000 10000

29
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 CS-M CS-MARS

30
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 Cisco Security Manager / MARS












security

31
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 Cisco Security Manager / MARS

Cisco
IPS

Cisco Security Manager MARS
Management

32
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 IPS

33
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 :

2 3

4 34
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 :

35
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
ASA: Real-Time Match Flow

36
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 ASA: Real-Time Match Rule

Hash code

37
Hash code 2008 Cisco Systems, Inc. All rights reserved.
Presentation_ID Cisco Confidential
 ASA:
1

Show Event  Historical

 Matching this Rule 2

38
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 IPS - Real-Time

3
2

39
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 IPS - Real-Time ()

40
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 IPS ()

10 9

11

12

41
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 IPS ()

42
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 IPS

43
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPS ()

44
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential


CS-M
http://www.cisco.com/en/US/products/ps6498/index.
html

CS-MARS
http://www.cisco.com/en/US/products/ps6241/index.
html

CS-MARS
http://ciscomars.blogspot.com/

CS-MARS Google
http://groups.google.com/group/cs-mars-ug?hl=en-GB

45
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential


CS CS-MARS

,

...

46
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 47
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 48
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 49
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 Cisco Networkers Barcelona
26 29. 2009.
!

http://www.cisco.com/web/europe/cisco-networkers/2009/index.html

50
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
 51
Presentation_ID 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential