Cisco.com: Networkers 2004 Presentations

For additional session groups, please select from the pull down menu:

SEC-1000: Introduction to Network Security
In the last few years, network security has become dramatically more important to the business success of an organization. Current threats to the organization such as worms, denial of service (DoS), and electronic theft pose increasing risks to the bottom line. Security has become a concern of all network professionals, yet for those new to the field, the broad array of technologies and terminology can be daunting. This session presents an overview of the key concepts and current best practices in network security. The central role of a security policy and its ongoing maintenance are discussed. Using reference designs for a few key areas of the network, the role that each security and network technology plays in securing the network is examined. Finally, the session closes with a discussion of security event monitoring, as well as incident response.

SEC-1N20: Introduction to Firewall Technology
Firewalls are considered a requirement for any secure network connection. This is an entry level presentation that introduces the reader to Firewalls and their use as part of a network security design. The presentation will examine the various types of Firewall technologies, how devices that implement these technologies work, and what Firewalls are good or bad at doing. A number of common Firewall features and functions such as authentication and logging will be identified and explained.

SEC-2000: Secure Enterprise Design
Network security is no longer exclusively the domain of dedicated information security teams. Throughout the enterprise, from the access through to the core and out to the Internet perimeter, network security must be an intergal part of network design. This session introduces key concepts to consider when designing and evaluating network security systems. It starts with the fundamentals: axioms, the design process, and important design principles. These concepts are then applied to a variety of best practice designs and case studies in an interactive design discussion.

SEC-2002: Understanding and Stopping Layer 2 Attacks
Most networks today are built on the foundations of the seven-layer (OSI) model. This session focuses on the security issues associated with Layer 2, the data link layer. Studies show that a significant percentage of all network attacks originate from inside the corporate firewall; therefore, exploring this soft underbelly of data networking is critical for any secure network design. Security issues focused on in this session include Address Resolution Protocol (ARP) spoofing, MAC flooding, VLAN hopping, Dynamic Host Configuration Protocol (DHCP) attacks, and Spanning-Tree Protocol concerns. Common myths about Ethernet switch security are either confirmed or debunked, and specific security lockdown recommendations are provided. Attack mitigation options include the new DHCP snooping and Dynamic ARP Inspection (DAI) function. Attendees can expect to learn Layer 2 design considerations from a security perspective, and mitigation techniques for Layer 2 attacks.

SEC-2003: IPv6 Security Threats
IPv6 is seeing increased deployments worldwide and is expected to ramp up significantly with the U.S. Department of Defense mandate of IPv6 by 2008. Much of the existing security discussion around IPv6 has focused on its inclusion of IPSec. While the confidentiality, integrity, and authentication features of IPSec are clearly useful, IPSec deployment will suffer many of the same deployment challenges as are currently seen in IPv4 (identity, key management, and configuration issues). This session will present IPv6 security as contrasted with IPv4 from a threats perspective. Common threats you may be familiar with in IPv4 will be compared to how those threats may evolve in IPv6 and what new considerations or best practices will be necessary to mitigate these threats. Potential best practices for the use of IPv6 in a dual-stack mode in an Internet edge will be presented as well.

SEC-2004: Responding to Security Incidents
No matter how well you have secured your network, your organization will still experience security incidents. How quickly and effectively you verify and respond to these events will determine the impact to your organization. This session reviews the signs and symptoms of security incidents, and then discusses how to prepare for and respond to them when they occur. It covers the technical features in Cisco products that can be used to help you address security incidents, as well as the processes you must have in place to effectively manage these events and minimize their impact when they occur.

SEC-2005: Understanding 802.1x, IBNS, and Network Identity Services
This session covers the applications and implications of identity and authentication as a means of enhancing network security via access control. Topics include identity-based access control and policy enforcement techniques using Cisco's Identity Based Networking Services (802.1x, RADIUS, Extensible Authentication Protocol [EAP], etc.), deployment and migration issues associated with introducing identity concepts into the network, and advanced network authentication concepts. A brief overview of supporting technologies and their relevance in complementing identity in the network (Public Key Infrastructure [PKI], Transport Layer Security [TLS], leveraging of Identity Management Systems & Data Stores, etc.) also are discussed.

SEC-2006: Managing Security Technologies
This session examines the issues involved in managing security technologies. Best practices will be explained by using case studies for commonly deployed security technologies including firewalls, network- and host-based intrusion prevention systems and IPsec virtual private networks (VPNs). We will cover both tooling for small to medium-sized networks and tooling used for larger enterprises and managed security service providers. Details will also be provided on how to use these tools when addressing security related events, such as best practices for storing and managing events, and available reports for viewing security events most effectively. Finally, an update will be given on how security events can be aggregated and correlated.

SEC-2007: Internet Service Provider Security Best Practices
As the Internet grows in importance to global commerce, security becomes a paramount requirement. Security incidents are increasing, particularly direct infrastructure attacks, and service providers need to secure their backbones to protect their customers and maintain the overall stability of the global Internet. This session focuses on the foundational requirements necessary to improve service provider backbone security. It provides an overview of features and techniques available to service providers to help improve security by "hardening" the core network. A review of service provider security best practices, routing protocol security recommendations, and features to mitigate direct infrastructure attack is included. Finally, deployment of specific features and how those features can be used to improve backbone security is discussed.

SEC-2008: Service Provider Responses to Denial-of-Service Attacks
Denial-of-service (DoS) attacks and worms have become a daily occurrence for most service providers. The frequency and complexity of these attacks are increasing, and service providers need to be prepared to react effectively to this barrage. A security toolkit has been developed to combat these attacks. This toolkit divides DoS responses into distinct categories and associated techniques such as attack identification, traceback, and reaction. This session reviews this toolkit and discusses how service providers can use the techniques to effectively respond to large-scale attacks.

SEC-2009: SP Deployment of Cisco (formerly Riverhead) Detectors and Guards for DDoS Protection
Cyber attacks have evolved over time and today we must defend against increasingly large and sophisticated attacks, including application connection floods and massive botnets that can generate attacks reaching millions of bad packets per seconds. Increasingly, edge customers are turning to their Service Providers for large-scale detection and attack mitigation that ensures legitimate traffic is correctly identified and forwarded to its destination in order to maintain uninterrupted operations of business of critical applications. This session will cover the Cisco (formerly Riverhead) Detector and Guard product functionality, as well as network design and SP deployment guidelines that provide various service levels to mitigate DDoS. Design models and associated guidelines for both SP premise and customer premise deployments will be explored. We will address anomaly detection, and once an attack is detected how to divert traffic to a Guard cluster that provides a multi-layer intelligent filtering complex for intelligent attack mitigation. A detailed case study will be used to illustrate a real world example of a deployed Traffic Anomaly Detector and Guard topology.

SEC-2010: Deploying Remote Access IPSec and SSL VPNs
This session covers the essentials for effectively planning, deploying, and managing VPNs for remote access. It includes analysis of IP Security (IPSec), Secure Sockets Layer (SSL), and operating system-supplied client options for providing remote user connectivity, as well as showing how these protocols can be used to provide transport security for wireless LANs (WLANs). Authentication choices, scalability and resiliency options, as well as device placement and network design are all covered. In addition, solutions to common concerns such as Network Address Translation (NAT) transparency, desktop security integration, user management, and bandwidth allocation are highlighted. Finally, case studies are reviewed to demonstrate remote access VPN deployment examples and their corresponding configurations.

SEC-2011: Deploying Site-to-Site IPSec VPNs
This session addresses how to plan, design, and deploy site-to-site IP Security (IPSec) VPNs. It covers deployment of site-to-site VPNs, including the configuration of common designs using various topologies, products, and deployment technologies. Important concepts making VPN deployment practical such as dynamic peers, load balancing, high availability, and Dynamic Multipoint VPN (DMVPN)are discussed. Advantages and disadvantages for various device placement options and how they fit into the overall security policy are addressed. Common issues and solutions relating to IPSec interaction with Network Address Translation (NAT), generic routing encapsulation (GRE), IP maximum transmission unit (MTU), routing, and quallity of service (QoS) are offered. Case studies are provided to demonstrate site-to-site VPN deployment examples.

SEC-2020: Deploying Firewalls
A firewall is considered by many to be a minimum requirement for any secured network. Firewall technology can be found in devices ranging from network interface cards to software available for a wide variety of computer devices to specialized appliances. The firewall is thought to provide an important point of defense against a wide variety of vulnerabilities and reduce the profile of the network to a wide range of threats and vulnerabilities. This presentation explores some of the most common firewall deployment scenarios, including how a firewall can be used to implement security policy. Numerous methods for implementing and testing firewalls in these scenarios are presented. This presentation also examines and contrasts the security capabilities of many existing firewalls, as well as highlighting the relationship of firewalls to other related security technologies such as filtering, antivirus, intrusion prevention, and intrusion detection systems. These capabilities are matched against numerous threats that have been discovered during the past year to help the attendee understand the contribution of the various capabilities when trying to address these threats.

SEC-2030: Deploying Network-Based Intrusion Detection and Prevention Systems
Intrusion detection and prevention systems have become an essential technology in the deployment of a "defense-in-depth" security architecture. These systems provide packet and flow analysis and have the capability of taking response actions to various events, such as dropping malicious or offending traffic. These abilities are not available through other security technologies. This session discusses the roles of network-based intrusion detection and prevention systems, and where these systems can be best deployed to maximize coverage and benefit. The session provides an in-depth look at the capabilities and components of Cisco Intrusion Detection System (IDS) Threat Defense technologies and presents a series of strategies and techniques on how to design, deploy, and tune network-based intrusion and prevention systems in several environments. Issues such as device placement, traffic selection and aggregation, design validation, capture options, and scalability are discussed. Also covered are some of the key monitoring and attack validation concepts specific to IDS deployments. A series of deployment case studies are examined.

SEC-2031: Understanding and Deploying Host-Based Intrusion Protection Technology
Recent Internet-born worm and Trojan incidents have made malicious mobile code protection an issue of top concern for many organizations. Host intrusion prevention technologies provides threat protection for server and desktop computing systems, also known as endpoints. It can identify and prevent malicious behavior, thereby eliminating known and unknown ("Day Zero") security risks and helping to reduce operational costs. This session provides an in-depth look at the capabilities and components of host intrusion protection technology, the deployment process, and its integration within various computing environments.

SEC-2040: Understanding and Deploying Network Admission Control
Cisco Network Admission Control (NAC) is an industry-wide collaboration led by Cisco to focus on limiting damage from emerging security threats such as viruses and worms. Customers using NAC can allow network access only to compliant and trusted endpoint devices (for example, PCs, servers, personal digital assistants [PDAs]) and can restrict the access of noncompliant devices. With the newly shipping initial phase, Cisco NAC helps enable Cisco routers to enforce access privileges when an endpoint device attempts to connect to a network. This decision can be based on information about the endpoint device such as its current antivirus state and operating system patch level. Cisco NAC allows noncompliant devices to be denied access, placed in a quarantined area, or given restricted access to computing resources. This session provides an overview of Cisco NAC, its key components and capabilities, and the underlying technologies, design considerations, management considerations, and troubleshooting tips.

SEC-3010: Troubleshooting Cisco IOS Firewall-Based and Cisco Secure PIX Firewall-Based IPSec VPNs
This session demonstrates detailed techniques for troubleshooting Cisco IOS Firewall and Cisco Secure PIX Firewall-based IP Security (IPSec) designs and implementations. It covers the debugging tools available within Cisco IOS Firewall and Cisco Secure PIX Firewall to troubleshoot IPSec VPN configurations. This session also provides solutions to the most commonly seen issues concerning IPSec VPN designs and implementations, based on the experiences of Cisco Technical Assistance Center (TAC) engineers.

SEC-3011: Troubleshooting Cisco VPN 3000 IPSec and SSL Implementations
This session shows detailed techniques for troubleshooting Cisco VPN 3000 IP Security (IPSec) and Secure Sockets Layer (SSL) implementations. This presentation discusses the tools and techniques that can be used to troubleshoot the Cisco VPN 3000 while covering detailed descriptions of the logs, provides troubleshooting tips and resolution to common issues, and discusses case studies involving real-world scenarios.

SEC-3020: Troubleshooting Firewalls
Firewalls are crucial components of today's networks. Their optimal functioning is critical to an enterprise network. It is essential for network engineers to be able to quickly and efficiently troubleshoot them. This presentation focuses on the tools and techniques that can be used to troubleshoot the Cisco PIX Firewall, the Cisco Firewall Service Module (FWSM), and the Cisco IOS Firewall, enabling the attendees to successfully maintain their Cisco firewalls. This presentation also covers some common troubleshooting scenarios in a case study format.

SEC-3030: Troubleshooting Intrusion Detection Systems
This presentation focuses on troubleshooting intrusion detection systems (IDSs) using Cisco IDS Software 4.0 on sensors and Web-based configuration tools for network IDS appliances such as the Cisco IDS Device Manager (IDM) and the Cisco IDS Event Viewer. Detailed troubleshooting steps are examined for the Cisco Security Agent Management Console (SAMC), which is a part of the CiscoWorks VPN/Security Management Solution (VMS) 2.2 Software bundle with regard to installation, configuration, and deployment issues.

SEC-4000: Advanced Concepts in Security Threats
The recent rounds of viruses and worms that continue to plague the Internet have indicated an increasing level of activity among malicious code writers trying to exploit systems. While viruses typically rely on social engineering by getting end-users to execute their payloads, worms rely on more automatic methods such as stack and heap overflows. This session examines the mechanics of stack and heap overflows in detail. This information will then be applied to examine two recent, widely publicized vulnerabilities in order to understand the mechanics of their exploitation code. These vulnerabilities include the Microsoft ASN.1 library length overflow heap corruption and the ASN.1 library bit string Heap corruption.

SEC-4010: Advanced IPSec Deployments and Concepts of DMVPN Networks
This session covers advanced IP Security (IPSec) VPN site-to-site design and deployment with a focus on scaling to very large IPSec VPNs. It begins with dual-hub Dynamic Multipoint VPN (DMVPN) solution designs, progresses to multihub DMVPN, and ends with very large scale hubs using the Cisco Catalyst 6500. The main focus is on design, deployment, and managment, with some in-depth description of the functioning of DMVPN. The course also covers specific issues when using DMVPN with Network Address Translation transparency (NAT-T), quality of service (QoS), Multiprotocol Label Switching (MPLS), and dynamic routing.

SEC-4011: Advanced IPSec Algorithms and Protocols
This session details how the Internet Key Exchange (IKEv1 as well as IKEv2) and the IP Security (IPSec) protocols work. The session also analyzes the authentication protocols involved in the IKE process. Encryption and hashing mechanisms, including the new Advanced Encryption Standard (AES) in IPSec, is also discussed. After describing the workings of these main protocols and mechanisms, the presentation addresses how some of the most important IPSec features and enhancements actually work. Examples of these include mode configuration, extended authentication, dead peer detection (DPD), IPSec Network Address Translation (NAT) transparency, and Tunnel Endpoint Discovery (TED). The session emphasizes protocol-level details of how the various features have been implemented, using packet flow charts and descriptions of the various fields in the packets. The session also includes discussions about some of the new implementations being worked in the IPSec space, such as multicast IPSec (group domain of interpretation [GDOI]).


		All contents are Copyright © 1992-2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.