Безопасность современного ЦОДа

  • Published on
    12-Jan-2015

  • View
    8.322

  • Download
    1

Embed Size (px)

DESCRIPTION

 

Transcript

<ul><li> 1. 1C97-714039-00 Cisco / , 2012 . . </li></ul> <p> 2. 3. C97-714039-00 Cisco / , 2012 . . 3 4. C97-714039-00 Cisco / , 2012 . . 4 (VDC) - , (VPC) ? 5. C97-714039-00 Cisco / , 2012 . . 5 6. C97-714039-00 Cisco / , 2012 . . 6 ? ? , ? , ? , , . , , , , 7. C97-714039-00 Cisco / , 2012 . . 7 , , , 8. - Data Center Security CVD | | 9. C97-714039-00 Cisco / , 2012 . . 9 : , , , , , . - 10. (SAN) 1 2 4 3 5 6 11. C97-714039-00 Cisco / , 2012 . . 11 VDC-1 VDC-2 Cisco Nexus 1000V, Nexus 1010, VM-FEX UCS NetApp, EMC Cisco Nexus 7K/6K/5K/4K/3K/2K Cisco UCS EMC, NetApp , , VSG IPS Data Center Security CVD (VMDC) 12. C97-714039-00 Cisco / , 2012 . . 12 UCS Fabric Interconnect (VLAN, VRF) () / ACL VPN (SGT) (SXP) ACL- TrustSec . 13. C97-714039-00 Cisco / , 2012 . . 13 , (IPS), ( -) - . / (VSG) -. 14. - 1 2 IPS 15. C97-714039-00 Cisco / , 2012 . . 15 VM VM 16. C97-714039-00 Cisco / , 2012 . . 16 Security Admin Port Group Service Admin Virtual Network Management Center VSG VMs Virtual Security Gateway VMs VMs virtual switch UCS x86 server 17. C97-714039-00 Cisco / , 2012 . . 17 , Cisco: Virtual Secure Gateway (VSG) VDC vApp vApp Nexus 1000V vPath VDC (VNMC) VMware vCenter VSG VSG VSG vFWvFW VSG 18. C97-714039-00 Cisco / , 2012 . . 18 (, , ), - X 19. C97-714039-00 Cisco / , 2012 . . 19 : , : : SGT 5 : , , : : , , , 20. C97-714039-00 Cisco / , 2012 . . 20 : / - SGACL 802.1X/MAB/Web Auth. (SGT=10) (SGT=11) &amp; SGT = 5 SGT = 100 21. C97-714039-00 Cisco / , 2012 . . 21 - - 22. C97-714039-00 Cisco / , 2012 . . 22 IPS , , , FWNG / App FW , , , 23. C97-714039-00 Cisco / , 2012 . . 23 FW NG - : , - - 24. C97-714039-00 Cisco / , 2012 . . 24 Known Attackers Bots Web Attacks Undesirable Countries Web Fraud App DDoS Scrapers Phishing Sites Comment Spammers Vulnerabilities Copyright 2012 Imperva, Inc. All rights reserved. 24 25. C97-714039-00 Cisco / , 2012 . . 25 Dynamic Profiling HTTP Protocol Validation Cookie Web Fraud Detection - IP IP Anti-Scraping Policies Bot Mitigation Policies 26. C97-714039-00 Cisco / , 2012 . . 26 Web Application Firewall (MX) Web Web Web Application Firewall Web Web Application Firewall 27. C97-714039-00 Cisco / , 2012 . . 27 NetFlow / sFlow Identity Services Engine (ISE) (SGT) 28. C97-714039-00 Cisco / , 2012 . . 28 29. C97-714039-00 Cisco / , 2012 . . 29 30. C97-714039-00 Cisco / , 2012 . . 30 31. C97-714039-00 Cisco / , 2012 . . 31 sFlowNetFlow: Cisco Switches, Routers, ASA 5500 NetFlow/sFlow 25 FlowCollector- 1.5 NetFlow : Cisco switches, routers, ASA 5500 FlowSensors , Netflow FlowCollector Identity: ISE : NBAR/AVC Cisco Routers , , 2,000 120K ISE, NBAR/AVC SMC FC 32. 2013 Lancope, Inc. All rights reserved. ASR-1000 Cat6k UCS Nexus 1000v ASA Cat6k 3925ISR 3560-X 3850 Stack(s) Cat4k WAN DMZ Xen,VMware, Hyper-V 33. C97-714039-00 Cisco / , 2012 . . 33 10.10.101.89? Source Host Groups Desktops &amp; Trusted Wireless 3, 2013 10.10.101.89 , 5.33 . 500 2013 Lancope, Inc. All rights reserved. 34. C97-714039-00 Cisco / , 2012 . . 34 Desktops &amp; Trusted Wireless 3, 2013 10.10.101.89 , Apple-iPad 2013 Lancope, Inc. All rights reserved. 35. C97-714039-00 Cisco / , 2012 . . 35 Troubleshooting 2013 Lancope, Inc. All rights reserved. 36. 36C97-714039-00 Cisco / , 2012 . . 37. C97-714039-00 Cisco / , 2012 . . 37 38. C97-714039-00 Cisco / , 2012 . . 38 21 18.02.2013 05.02.2010 58 , 39. C97-714039-00 Cisco / , 2012 . . 39 17 12.02.2013 , , , - - , 40. C97-714039-00 Cisco / , 2012 . . 40 , , () , , (), ( ), , , (), , , 41. C97-714039-00 Cisco / , 2012 . . 41 4 3 2 1 .1 , + + + + .2 , + + + + .3 + + + .4 (, , , ) , .5 , (), .6 () + + .7 + + .8 , , , + + .9 + + + .10 ( ) () + + + 42. 42C97-714039-00 Cisco / , 2012 . . 43. C97-714039-00 Cisco / , 2012 . . 43 SAN (RBAC) FC VSAN FC-SP FCIP Port Security SLAP, FCAP, FCPAP RFC3723 iSCSI Storage Media Encryption SAN SAN SAN IP SAN (iSCSI/FCIP) iSCSI Target 44. C97-714039-00 Cisco / , 2012 . . 44 VLAN VSAN ACL hard/soft zoning Ethernet Port Security FC Port Security IPSec FCSec, FC-SP VLAN (virtual device context) ACL Ethernet Port Virtual PortChannel ? 45. C97-714039-00 Cisco / , 2012 . . 45 - ASA 5585-X ASA 5585-X VDC Nexus 7018 Nexus 7018 = = = Nexus 7000 Nexus 5000 Nexus 2100 Nexus 1000V VSG Catalyst 6500 VSS ACE (NAM) (IPS) VSSVPCVPCVPCVPCVPCVPCVPCVPC 10G 10 G 46. C97-714039-00 Cisco / , 2012 . . 46 47. C97-714039-00 Cisco / , 2012 . . 47 - - IaaS PaaS SaaS VM VM VM VM VM - - - 48. C97-714039-00 Cisco / , 2012 . . 48 , , - 49. C97-714039-00 Cisco / , 2012 . . 49 XaaS, hosted service, MSS privacy 50. C97-714039-00 Cisco / , 2012 . . 50 51. , , XaaS SaaS IaaS PaaS 51 52. C97-714039-00 Cisco / , 2012 . . 53 1 2 3 53. C97-714039-00 Cisco / , 2012 . . 54 http://www.facebook.com/CiscoRu http://twitter.com/CiscoRussia http://www.youtube.com/CiscoRussiaMedia http://www.flickr.com/photos/CiscoRussia http://vkontakte.ru/Cisco http://blog.cisco.ru/ 54. ! security-request@cisco.com </p>

Recommended

View more >