WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Data center webinar_v2_1
1. Securing the Data Center
Matt Robertson - Lancope Technical Marketing Engineer
David Anderson – Cisco Principal Solution Architect, Data Center Security
4. Security Buckets
Segmentation
• Establish boundaries: network, compute, virtual
• Enforce policy by functions, devices, organizations, compliance
• Control and prevent unauthorized access to networks, resources, applications
Threat Defense
• Stop internal and external attacks and interruption of services
• Patrol zone and edge boundaries
• Control information access and usage, prevent data loss and data modification
Visibility
• Provide transparency to usage
• Apply business context to network activity
• Simplify operations and compliance reporting
5. Internet
Partners
Application
Software
Virtual
Machines
VSwitch Access
Aggregation
and Services
Core Edge
IP-NGN
Backbone
Storage
and SAN
Compute
IP-NGN
Application Control (SLB+)
Service Control
Firewall Services
Virtual Device Contexts
Fibre Channel
Forwarding
Fabric Extension
Fabric-Hosted Storage
Virtualization
Storage Media Encryption
Virtual Contexts for FW &
SLB
Port Profiles & VN-
Link
Port Profiles & VN-Link
Line-Rate NetFlow
Virtual Device Contexts
Secure Domain Routing
Service Profiles
Virtual Machine
Optimization
Virtual Firewall
Edge and VM
Intrusion Detection
PhysicalVirtual
Security As A System
Unified Policy
6. UCSVirtual AccessStorage
Data Center Security Control Framework
Multi-Layer, Distributed Model
Data Center Core
Layer
DC Service Layer
DC Access Layer
Services
• Initial filter for DC ingress
and egress traffic. Virtual
Context used to split
polices for server-to-server
filtering
• Additional firewall services
for server farm specific
protection
Infrastructure Security
• Infrastructure Security
features are enabled to
protect device, traffic
plane and control plane
• 802.1ae and vPC
provides
internal/external
separation
Services
• IPS/IDS provide traffic
analysis and forensics
• Network Analysis provide
traffic monitoring and data
analysis
• Server load balancing
masks servers and
applicationsData security
authenticate &
access control
Port security
authentication,
QoS features
Virtual Firewall
Real-time
Monitoring
Firewall Rules
ACLs, Port Security, VN Tag, Netflow, ERSPAN,
QoS, CoPP, DHCP snooping
Security Management
• Visibility
• Event correlation, syslog,
centralized authentication
• Forensics
• Anomaly detection
• Compliance
AD, ASDM
CSM, VNMC,
ACS
DC Aggregation
Layer
7. Visibility Challenges in the Data Center
High value assets and data
Large, high volume
throughput Multiple layers and levels of
communication
Virtual hosts
8. NetFlow
8
10.2.2.2
port 1024
10.1.1.1
port 80
eth0/1
eth0/2
Start Time Interface Src IP Src
Port
Dest IP Dest
Port
Proto Pkts
Sent
Bytes
Sent
TCP Flags
10:20:12.221 eth0/1 10.2.2.2 1024 10.1.1.1 80 TCP 5 1025 SYN,ACK,PSH
10:20:12.871 eth0/2 10.1.1.1 80 10.2.2.2 1024 TCP 17 28712 SYN,ACK,FIN
Start Time Interface Src IP Src
Port
Dest IP Dest
Port
Proto Pkts
Sent
Bytes
Sent
TCP Flags
10:20:12.221 eth0/1 10.2.2.2 1024 10.1.1.1 80 TCP 5 1025 SYN,ACK,PSH
12. StealthWatch: Alarms
12
Alarms
• Indicate significant behavior changes and policy violations
• Known and unknown attacks generate alarms
• Activity that falls outside the baseline, acceptable behavior or
established policies
16. Custom Security Events
High Level Use cases:
• Check policy
• Check for known bad conditions
Examples:
• IOC specific to environment
• Audit compliance (ex. Users to PCI servers)
• VM-to-VM communication
• Inappropriate access or applications
26. Alternative: Physical FlowSensor
26
Nexus 7000
StealthWatch
FlowSensor
SPAN
StealthWatch FlowSensor
• Multiple hardware platforms up to 20 Gbps throughout
• Non-performance impacting 1:1 NetFlow generation
• Recognition of over 900 Applications
• URL capture
• Additional statistics:
• Server Response Time
• Round Trip Time
27. Access: Nexus 1000v
27
Nexus 1000v
Nexus 1000v:
• NetFlow as close to access as possible: complete visibility
• Visibility into VM-to-VM communication (across the 1000v)
• Up to 256 NetFlow interfaces; one flow monitor per interface,
per direction
• Cache: 256 to 16384 entries - default is 4096.
29. 29
Optional: StealthWatch FlowSensor VE
capture
SERVICE
CONSOLEVM VM
lightweight packet capture and IPFIX generation
Visibility & Context:
• Flow records include:
• VM name
• VM server name
• VM State
• vMotion aware
• Host Profiled in terms of VM name
• Application, SRT, RRT (same as physical)
31. 31
FlowSensor VE: VM Visbility
Provide VM-to-VM Policy Monitoring within the same VMware server
32. Summary
32
More Information:
• http://www.lancope.com/
• http://www.cisco.com/go/securedatacenter
• http://www.cisco.com/go/threatdefense
NetFlow and the Lancope StealthWatch System provide
actionable security intelligence in data centers
Visibility into Data Center traffic has historically been difficult