THIS IS THE POWER OF CISCO SECURITY.

1. THIS IS THE POWER OF CISCO SECURITY. now.

2. Internet WAN IP Telephony Call Manager Cluster Firewall Unity Server Separate VLAN for IPT and Data

3. IP Telephony Internet Items to secure IP Telephony • Cisco Security Agent software (CSA) on Severs • New versions shipping with headless version installed • Separate Secure VLAN for Voice traffic that is segregated with a Firewall or VACL • PIX Firewall can inspect SIP, SCCP, and H323 traffic STATEFULLY and block unwanted traffic from the Voice VLAN • Phones can Authenticate to the network to prevent rogue phones from entering • If using Auto Registration, use Calling Search Space to limit access to the Voice Network

4. WAN Internet DMZ Sniffing Interface Network Intrusion Detection (NIDS)

5. Network Intrusion Detection (NIDS) Internet Items to secure The Network • NIDS detects anomalies in the network in REAL TIME and looks at ALL traffic flowing in and out of a Network • Actively and Dynamically reconfigures the Routers, MSFC’s, and PIXes to block the source of attacks on the Network • Allows Custom Signature to be tuned for any type of traffic • Cisco patent-pending T.A.M.E (Threat Analysis Micro-Engine) technology allows granular customization of sensor signatures, resulting in precisely tuned sensors that minimize the occurrence of "false positives. • Utilizes Stateful pattern recognition, Protocol parsing, Heuristic detection, and Anomaly detection to detect WORMS, VIRUSES, and ATTACKS on the Network • Cisco Threat Response Server parses NIDS Log Files and reduces 99% of all False Positives

6. Internet WAN Remote Sites and Users

7. Remote Site & Remote User Internet Items to secure on Remote Connections • Authenticate Routing Protocols • Enable QoS services to guarantee bandwidth is available for Business critical applications in the event of a WORM or VIRUS outbreak • Utilize VPN Accelerator Modules to enhance VPN performance • Leverage Cisco Access Control Server to Authenticate VPN users and access to all remote devices. Also providing Accounting for any activities performed while logged in to the devices • Enable RPF and anti-spoofing to prevent internal launched DoS attack from WORM or VIRUS • Utilize NBAR to discard unknown protocols • Deploy a Sink Hole Router for Scanning activity detection

8. Internet VPN WAN VPN/Security Management Center (part of CW2k) Cisco Threat Response

9. Management Internet Single point of management • Common Configuration Interface • Correlation of cross system security events • Common interface for asset management, inventory management, configuration management, and security information management • Policies can be implemented on a group basis or device basis • Allows management of PIX, FWSM, VPN3000, IOS Security, NIDS, and HIPS

10. Check your Network Security Posture Items to Verify your Security • Schedule an appointment with the SECURITY POSTURE ASSESMENT team (SPA) • Perform two services: • Design Review • Advanced Penetration testing • Former NSA, DoD, Government and other highly skilled members • Utilize Custom tools to verify that the latest exploits are not an issue on Your network • Develop in depth report showing all weaknesses found on your network with recommendations for repair • Have performed work on a majority of the Fortune 500 companies • Product Agnostic, just recommend a product type not any particular brand

11. The Real Pain Learn about the next Worm from the News not from Your Network….