Data Centers Are Under Increasing Pressure Collaboration E m p ow e re d U s e r S L A M e tric s G lobal A v ailability R e g. Com p lianc e N ew B u

Similar documents
A L A BA M A L A W R E V IE W

Agenda Rationale for ETG S eek ing I d eas ETG fram ew ork and res u lts 2

OH BOY! Story. N a r r a t iv e a n d o bj e c t s th ea t e r Fo r a l l a g e s, fr o m th e a ge of 9

176 5 t h Fl oo r. 337 P o ly me r Ma te ri al s

Table of C on t en t s Global Campus 21 in N umbe r s R e g ional Capac it y D e v e lopme nt in E-L e ar ning Structure a n d C o m p o n en ts R ea

P a g e 5 1 of R e p o r t P B 4 / 0 9

Geometric Predicates P r og r a m s need t o t es t r ela t ive p os it ions of p oint s b a s ed on t heir coor d ina t es. S im p le exa m p les ( i

T h e C S E T I P r o j e c t

Software Process Models there are many process model s in th e li t e ra t u re, s om e a r e prescriptions and some are descriptions you need to mode

P a g e 3 6 of R e p o r t P B 4 / 0 9

H STO RY OF TH E SA NT

M M 3. F orc e th e insid e netw ork or p rivate netw ork traffic th rough th e G RE tunnel using i p r ou t e c ommand, fol l ow ed b y th e internal

What are S M U s? SMU = Software Maintenance Upgrade Software patch del iv ery u nit wh ich once ins tal l ed and activ ated prov ides a point-fix for

THIS PAGE DECLASSIFIED IAW E

Instruction Sheet COOL SERIES DUCT COOL LISTED H NK O. PR D C FE - Re ove r fro e c sed rea. I Page 1 Rev A

Use precise language and domain-specific vocabulary to inform about or explain the topic. CCSS.ELA-LITERACY.WHST D

Beechwood Music Department Staff

M Line Card Redundancy with Y-Cab l es Seamless Line Card Failover Solu t ion f or Line Card H ardw or Sof t w are Failu res are Leverages hardware Y-

F l a s h-b a s e d S S D s i n E n t e r p r i s e F l a s h-b a s e d S S D s ( S o-s ltiad t e D r i v e s ) a r e b e c o m i n g a n a t t r a c

I M P O R T A N T S A F E T Y I N S T R U C T I O N S W h e n u s i n g t h i s e l e c t r o n i c d e v i c e, b a s i c p r e c a u t i o n s s h o

Lesson Ten. What role does energy play in chemical reactions? Grade 8. Science. 90 minutes ENGLISH LANGUAGE ARTS

W Table of Contents h at is Joint Marketing Fund (JMF) Joint Marketing Fund (JMF) G uidel ines Usage of Joint Marketing Fund (JMF) N ot P erm itted JM

Form and content. Iowa Research Online. University of Iowa. Ann A Rahim Khan University of Iowa. Theses and Dissertations

Executive Committee and Officers ( )

c. What is the average rate of change of f on the interval [, ]? Answer: d. What is a local minimum value of f? Answer: 5 e. On what interval(s) is f

C o r p o r a t e l i f e i n A n c i e n t I n d i a e x p r e s s e d i t s e l f

I N A C O M P L E X W O R L D

database marketing Database Marketing Defined Loyalty as Competitive Advantage DBM is Incremental in Nature DBM is a complete framework for Marketing


I n t e r n a t i o n a l E l e c t r o n i c J o u r n a l o f E l e m e n t a r y E.7 d u, c ai ts is ou n e, 1 V3 1o-2 l6, I n t h i s a r t

CPU. 60%/yr. Moore s Law. Processor-Memory Performance Gap: (grows 50% / year) DRAM. 7%/yr. DRAM

This Specification is subject to change without notice

COMPILATION OF AUTOMATA FROM MORPHOLOGICAL TWO-LEVEL RULES

Dangote Flour Mills Plc

Use precise language and domain-specific vocabulary to inform about or explain the topic. CCSS.ELA-LITERACY.WHST D

J A D A V PUR U N IV ERS IT Y K O LK AT A Fa cu lty of En gi n eer in g & T e ch no lo gy N O T I C E

2 tel

I zm ir I nstiute of Technology CS Lecture Notes are based on the CS 101 notes at the University of I llinois at Urbana-Cham paign

The Ability C ongress held at the Shoreham Hotel Decem ber 29 to 31, was a reco rd breaker for winter C ongresses.

EKOLOGIE EN SYSTEMATIEK. T h is p a p e r n o t to be c i t e d w ith o u t p r i o r r e f e r e n c e to th e a u th o r. PRIMARY PRODUCTIVITY.

REGISTRATION DOCUMENTATION ENROLLMENT RENEWAL SCHOOL YEAR STUDENT

Bellman-F o r d s A lg o r i t h m The id ea: There is a shortest p ath f rom s to any other verte that d oes not contain a non-negative cy cle ( can

Gen ova/ Pavi a/ Ro ma Ti m i ng Count er st at Sep t. 2004

Grain Reserves, Volatility and the WTO

THIS PAGE DECLASSIFIED IAW EO IRIS u blic Record. Key I fo mation. Ma n: AIR MATERIEL COMM ND. Adm ni trative Mar ings.

The Ind ian Mynah b ird is no t fro m Vanuat u. It w as b ro ug ht here fro m overseas and is now causing lo t s o f p ro b lem s.

6 Lowercase Letter a Number Puzzles

Fragment Processor. Textures

Welcome to the Public Meeting Red Bluff Road from Kirby Boulevard to State Highway 146 Harris County, Texas CSJ No.: December 15, 2016

LU N C H IN C LU D E D

Provider Satisfaction

Results as of 30 September 2018

FOR SALE T H S T E., P R I N C E AL BER T SK

Parts Manual. EPIC II Critical Care Bed REF 2031

Carrier Ethernet P ro d u c ts U p d ate Josef Ungerman C S E, C C I E #

QJ) Zz LI Zz. Dd Jj. Jj Ww J' J Ww. Jj Ww. Jj I\~~ SOUN,DS AND LETTERS

Th e E u r o p e a n M ig r a t io n N e t w o r k ( E M N )

Class Diagrams. CSC 440/540: Software Engineering Slide #1

" = Y(#,$) % R(r) = 1 4& % " = Y(#,$) % R(r) = Recitation Problems: Week 4. a. 5 B, b. 6. , Ne Mg + 15 P 2+ c. 23 V,

STEEL PIPE NIPPLE BLACK AND GALVANIZED

Trade Patterns, Production networks, and Trade and employment in the Asia-US region

VERITAS L1 trigger Constant Fraction Discriminator. Vladimir Vassiliev Jeremy Smith David Kieda

heliozoan Zoo flagellated holotrichs peritrichs hypotrichs Euplots, Aspidisca Amoeba Thecamoeba Pleuromonas Bodo, Monosiga

A Crash Course in Spatial History

Building Harmony and Success

Description LB I/O15 I/O14 I/O13 I/O12 GND I/O11 I/O10 I/O9 I/O8

tc., ,if. l/ ft 6 & L 8. livteya.halaf6e feoreox es Pp I +41 Sc C Qn 4-er 70-y Cc, inoor f,?cr LA I }or 1.er

Alles Taylor & Duke, LLC Bob Wright, PE RECORD DRAWINGS. CPOW Mini-Ed Conf er ence Mar ch 27, 2015

INTERIM MANAGEMENT REPORT FIRST HALF OF 2018

O. B. S H I M E, Q. C.

Certificate Sound reduction of building elements

e-hm REPAIR PARTS REPAIR PARTS ReHM R3

F48T10VHO, F60T10VHO, F72T10VHO, F96T12HO (1 LAMP ONLY) ELECTRICAL DATA (120V APPLICATION)

". :'=: "t',.4 :; :::-':7'- --,r. "c:"" --; : I :. \ 1 :;,'I ~,:-._._'.:.:1... ~~ \..,i ... ~.. ~--~ ( L ;...3L-. ' f.':... I. -.1;':'.

INS TITU TE O F CLINICAL CH E M IS TR Y AND LABO R ATO R Y

DETAIL MEASURE EVALUATE

Fr anchi s ee appl i cat i on for m

M a n a g e m e n t o f H y d ra u lic F ra c tu rin g D a ta

o Alphabet Recitation

gender mains treaming in Polis h practice

I/O7 I/O6 GND I/O5 I/O4. Pin Con fig u ra tion Pin Con fig u ra tion

Functional pottery [slide]

A Rich History. AB OVE T H E F O L D: C O N S T R U C T E D by Dwight B. Heard between 1919 and HUMAN SPIDER ON TH E RADIO FI LM DE B UT

J. Org. Chem., 1997, 62(12), , DOI: /jo961896m

A0A TEXAS UNIV AT AUSTIN DEPT OF CHEMISTRY F/G 7/5 PHOTOASSISTED WATER-GAS SHIFT REACTION ON PLATINIZED T7TANIAI T--ETCIUI

A new ThermicSol product

Creative Office / R&D Space

opposite hypotenuse adjacent hypotenuse opposite adjacent adjacent opposite hypotenuse hypotenuse opposite

THIS PAGE DECLASSIFIED IAW EO 12958

S ca le M o d e l o f th e S o la r Sy ste m

HMX 4681 Kratos. Apollo N CD 5, IP,

We help hotels and restaurants SAYHELLO.

REFUGEE AND FORCED MIGRATION STUDIES

SPECIFICATION SHEET : WHSG4-UNV-T8-HB

m e m b e r s c o m e to feel less a m b i v a l e n t a b o u t t h e w o r k e r a n d r e l a t e

1. The graph of a function f is given above. Answer the question: a. Find the value(s) of x where f is not differentiable. Ans: x = 4, x = 3, x = 2,

AT LAST!! CAGE CODE 6CVS2. SandMaster 20 for Skid Steers THE FUTURE OF EMERGENCY FLOOD CONTROL HAS ARRIVED.

Engine Control <2TR-FE> I

STANDARDIZATION OF BLENDED NECTAR USING BANANA PSEUDOSTEM SAP AND MANGO PULP SANTOSH VIJAYBHAI PATEL

Software Architecture. CSC 440: Software Engineering Slide #1

Transcription:

Data Center Security Securing Web applications Christopher P a g g en S ol u tion s A rc hitec t, Cisc o S erv ic es 1

Data Centers Are Under Increasing Pressure Collaboration E m p ow e re d U s e r S L A M e tric s G lobal A v ailability R e g. Com p lianc e N ew B u s ines s P res s u res Operational L im itations P ow e r & Cooling A s s e t U tiliz ation P rov is ioning S e c u rity T h re ats B u s. Continu anc e 2

WW The A c c i d en t a l a r c hi t ec t u r e ee b b // AA pp pp lic at io n n SS ee rr vv ee r r FF ar m II BB M M MM ain ff rr ame ww it h h OO SS AA BB lad e e SS ee rr vv ee rr ss DD ee pp ar tt me nn tt al SS ee rr vv ee rr ss Email, FF ile && PP rr in tt SS tt oo rr ag ee && BB ac kk uu pp PP oo in tt AA pp pp lian cc ee ss Siloed CC om pp lex,, hh et er og en eou s s in ff rr aa ss tt rr uu cc tt uu rr e NN ew dev elop mm en tt s s aa nn d aa pp pp lic aa tt ion ss FF rr aa gg mm en tt ed Sec uu rr it yy 3

D a t a C en t er & A p p l i c a t i o n C ha l l en g es c g u p g r a g a p p a t s a n p t a n t s u f m a n y f m s, r a n k g a s t h f t h h t p r y a m g I T m a k s f 2 0 0 6.. F r t R r c h, J u n 2 0 0 7 R ep la in or din lic ion is im or is e or ir in e if -h ig es ior it on dec is ion er or or es er es ea e A p p lic a t ion s a r e t h e b ig g es t s ou r c e of n et w or k dow n t im e, a c c ou n t in g f or r ou g h ly 2 5 % or $ 2 1 3, 0 0 0 a n n u a lly, s p lit 6 5 / 3 5 b et w een a p p lic a t ion ou t a g es a n d deg r a da t ion s. I n f on et ic s R es ea r c h, M a r c h 2 0 0 6 5 0 % of en t er p r is es a n d g ov er n m en t a g en c ies a r e u s in g X M L, W eb s er v ic es or SO A. G a r t n er X M L a c c ou n t ed f or 1 5 % of in t er n et t r a f f ic in 2 0 0 5. B y 2 0 0 8, it is ex p ec t ed t o a c c ou n t f or 5 0 %. 4 5 1 G r ou p 4

To p S ec u r i t y C ha l l en g es 1. D a t a p r t V u l n e r a b i l i t y s e c u r i t y 3. P y a n r u t y c p n c 4. I t y t h t a n k a g f m a t 5 V i r u s e s a n d w o r m s 6 R i s k m a n a g e m e n t 7 A c c e s s c o n t r o l 8 U s e r e d u c a t i o n, t r a i n i n g a n d a w a r e n e s s 9 W i r e l e s s i n f r a s t r u c t u r e s e c u r i t y 1 0 I n t e r n a l n e t w o r k s e c u r i t y / i n s i d e r t h r e a t s ot ec ion 2. olic d eg la or om lia e den it ef d lea e of in or ion...... Source: CSI/FBI 2006 Com p ut er Cri m e a n d Securi t y Surv ey A c c ord ing to I D C, inc reas ing s oph is tic ation of attac k s and c om plex ity of s ec u rity m anag em ent w ill d riv e need f or m ore integ rated / proac tiv e s ec u rity s olu tions. 5

Cisco s r e sp on se : S e l f -D e f e n d in g N e t w or k 3. 0 1. E x pa n d s S D N to in c l u d e c on ten t a n d a ppl ic a tion sec u rity in a b etter tog ether a pproa c h 2. L ev era g es W id e T ra f f ic I n spec tion to protec t a g a in st l a test I n tern et threa ts 3. I n c orpora tes protec tion f or tod a y s em erg in g a ppl ic a tion en v iron m en ts 6

W W W W W M M The S D N S ec u r ed D a t a C en t er Data Center Edge F ire w all & I P S D O S P rote c tion A p p P rotoc ol I ns p e c tion W e b S e rv ic e s S e c u rity V P N te rm ination E m ail & W e b A c c e s s c ontrol eb A c c es s W e b S e c u rity A p p lic ation S e c u rity A p p lic ation I s olation Conte nt I ns p e c tion S S L E nc ry p tion/ O f f load S e rv e r H ard e ning A p p s and Datab as e X M L, S O A P, A J A X S e c u rity X D os P re v e ntion A p p to A p p S e c u rity S e rv e r H ard e ning S to rage D ata E nc ry p tion I n M otion A t R e s t S tore d D ata A c c e s s Control S e g m e ntation M gm t T ie re d A c c e s s M onitoring & A naly s is R ole -B as e d A c c e s s A A A A c c e s s Control A CE A CS A A S E-M Iron P ort a i l Securi t y ACE WAF CSA A SA Ca t 6K FW SM ACE WAF CSA Iron P ort eb Securi t y CSA CSA CSA A p p l i ca t i on Serv ers D S w /SM E T i er 1 /2/3 St ora g e CSM CSA -M C CW -L M N A R S Iron P ort eb Securi t y ACE AX G ( B 2 B ) eb Serv ers D a t a b a s e Serv ers T a p e/o f f -s i t e Ba ck up 7

D a ta Cen ter S ec u rity : T he W eb A c c ess / F ron t-e n d T ier 8

V u l n e r a b il it y T r e n d s: A t t a ck s f ocu se d on W e b 34% 9

The E v o l u t i o n o f I n t en t A S h if t t o F in a n cia l G a in Threats becoming increasingly difficult to detect and mitigate A p p lications are the p rimary targets FINANCIAL: T h e f t & D a m a g e THREAT SEVERITY NO T O R IE T Y : V i r u s e s a n d M a l w a r e V AND ALIS M : B a s i c I n t r u s i o n s a n d V i r u s e s 1 9 9 0 1 9 9 5 2 0 0 0 2 0 0 5 2 0 0 7 W H A T S N EX T? 1 0

W DD e b V u l n e r a b il it ie s: B u sin e ss Cr it ica l P r ob l e m aa ta LL ea kk aa gg e Customer Con ff ii dd en ti aa ll ii ty II dd en ti ty TT hh ef t SS erv ii cc e DD ii srup ti on Applications Give Unprecedented Access to C ritical B u siness D ata S in c e 2 0 0 5, 2 2 6 M il l ion R ec ord s ha v e b een c om prom ised http://pr i v a c y r i g hts. o r g 1 / 1

H o w m u c h i s y o u r s t o l en i d en t i t y w o r t h? http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_secu rity_threat_report_x iii_0 4-2 0 0 8.en-u s.pd f 1 2

W h a t sor t of a t t a ck s a r e w e t a l k in g a b ou t? http : / / w w w. ow asp. org Top 1 0 H ow w idesp read these attack s are S ou rc e : W h ite H at S e c u rity, 2 0 0 7 1 3

M ost com m on W e b A p p v u l n e r a b il it ie s b y cl a ss O W A S P A 6 O W A S P A 1 O O W W A A S S P P A A 6 6 + + A A 1 1 = = 9 9 4 4 % % of of threat landscap e! e! S o u r c e : W h i t e H a t S e c u r i t y, 2 0 0 7 1 4

W M W G T r a d it ion a l N e t w or k F ir e w a l l s il l -e q u ip p e d t o p r ot e ct W e b A p p l ica t ion s I P F i r e w a l l eb Cl i ent eb S erv er Application Application Datab as e S erv er U n f i l t e r e d H T T P T r a f f i c P o r t s 8 0 & 4 4 3 o p e n t o b o t h o o d a n d a l i c i o u s H T T P T r a f f i c 1 5

M I n d u s t r y R es p o n s e 1. V isa, A merican E x p ress, M aster C ard and others (the P ayment C ard I ndustry) C r e a t e d a D a t a S e c u r i t y S t a n d a r d ( P C I D S S ) 2. S ection 6. 6 : u s t c o n d u c t c o d e r e v i e w s o r I n s t a ll a W eb A p p lic a t ion F ir ew a ll 3. E v ery comp any that p rocesses credit cards must comp ly or face fines 4. C omp liance deadline is J une 3 0 2 0 0 8 5. A p ril 1 5 rev ision added X M L security to the list of req uirements; recommends W A F and secure coding p ractices 1 6

W hy N o t F i x C u r r en t A p p l i c a t i o n s? E v ery 1 0 0 0 lines of code av erages 1 5 critical security defects (US Dept of Defense) The av erage business ap p has 1 5 0, 0 0 0-2 5 0, 0 0 0 lines of code (Softw a r e M a g a z i ne) The av erage security defect tak es 7 5 minutes to diagnose and 6 hours to fix (5 -y ea r P enta g on Stu d y ) E v en if you consider those figures are ex aggerated (p ositiv ely or negativ ely) the cost of fix ing ap p lications is p rohibitiv e W AF c a n o f f l o a d s e c u r i t y f i x e s f r o m a p p s e r v e r s 1 7

W eb S ec u rity : Cross-S ite S c riptin g S o w h a t s t h e w o r s t t h i n g y o u c a n d o w i t h X S S? S t e a l e v e r y p i e c e o f s e n s i t i v e i n f o r m a t i o n y o u v e e v e r i n p u t t e d o r w i l l e v e r i n p u t o n a n y w e b s i t e y o u r e a u t h e n t i c a t e d t o. Y e s, i t s p o t e n t i a l l y t h a t b a d. R ob er t R Sna k e H a nsen, C E O Sec T h eor y h ttp: / / h a. c k er s. or g 1 8

I n t r o d u c i n g The A C E W eb A p p l i c a t i o n F i r ew a l l ( W A F ) Drop-i n s ol u t i on f or P CI Com pl ia n c e, V irtu a l A pp P a tc hin g, D a ta L oss P rev en tion 1. u r D e e p p a c k e t p r o t e c t i o n o f t h e m o s t c o m m o n v u l n e r a b i l i t i e s 2. F a s t P r o c e s s e s 3, 0 0 0 + T P S a n d 1 0, 0 0 0 + c o n c u r r e n t c o n n e c t i o n s 3. D r D o e s n o t r e q u i r e r e c o d i n g a p p l i c a t i o n s, d e p l o y a b l e i n u n d e r a n h o u r 4. P C I 6. 5 / 6. 6 c p n c j u s t a f c k s a w a y Sec e op -in - om lia e is ew lic Fi r s t c u s t o m e r s h i p m e n t : M a y 1 5 2 0 0 8 1 9

E l ev a t o r P i t c h 1. C i s c n e w W e b A i c a t i F i w a l l i s d e s i g n e d t v e n t t h e m t h a n t w h i s n e t w b a s e d a t t a c k s t h a t a w e b a s e d. I t i s a d n s u t i t h a t i s d e e d i n f t t h e s e a i c a t i s t s t i d e n t i t y t h e f t a n d d a t a l e a k a g e b y v i u a l l y t c h i n g w e b a o s ppl on re o pre ore o-t rd of ork re -b rop-i ol on pl oy ron of ppl on o op rt pa pps 2. T h i s prod u c t a l l ow s y ou t o m e e t y ou r s e c u ri t y c om pl i a n c e re q u i re m e n t s ( e. g. P C I ) q u i c k l y a n d c a n b e m a n a g e d s i m pl y b y n e t w ork ope ra t i on s a n d s e c u ri t y ope ra t i on s t e a m s. 20

Z W A F N et w o r k D ep l o y m en t External Web B ro w s ers I nternet DM L o ad B alanc er ( e. g. A C E, C S S ) Data Center H T M L H T M L / X M L Packaged or Custom W eb A p p l i cati on s A C E Web A p p li c ati o n F i rew all G atew ay s A C E WA F M anag er 1. D M Z W W W S F 2. C 2 p L B F 3. D Typ ically dep loyed in the or erv er arm access luster of ap liances behind oad alancer for ailov er istributed solution: M a n a g e r = G U I G a t e w a y s = P o l i c y E n f o r c e m e n t P o i n t s 21

I t s m o r e t ha n j u s t P C I! 1. G r a m m -L e a c h -B l i l e y A c t (G L B A ) S a f e g u a r d s R u l e A c t f o c u s e s o n F i n a n c i a l S e r v i c e s M o d e r n i z a t i o n R e q u i r e s p r o t e c t i o n o f p e r s o n a l n o n -p u b l i c i n f o r m 2. S a r b a n e s -O x l e y (S O X ) S e c t i o n 4 0 4 a t i o n C o v e r s M a n a g e m e n t A s s e s s m e n t o f I n t e r n a l C o n t r o l s R e q u i r e s p r o t e c t i o n o f f i n a n c i a l r e c o r d s a n d d a t a 3. H e a l t h I n s u r a n c e P o r t a b i l i t y a n d A c c o u n t a b i l i t y A c t (H I P A A ) S e c u r i t y R u l e E s t a b l i s h e s s t a n d a r d s o n h e a l t h c a r e t r a n s a c t i o n s R e q u i r e s p r o t e c t i o n o f p e r s o n a l n o n -p u b l i c i n f o r m 4. These acts are driv ing focus on data leak age from ap p lications 5. F orrester estimates the mark et at $ 1 8 0 M in 2 0 0 8 and grow ing a t i o n W A F : it s m or e t h a n P CI! 22

W A F : v i r t u a l p a t c hi n g & D L P s a v e $ $ $ 1. V irtu al W eb Application P atch ing B y d e i n g a i c a t i h t c h e s ( i t l y t h i s v a l u e i n t h i s w e b f ; d e n y t h e b a d t t e s t t h i s a a l a e a m n t c e v i e w / d e v / t e s t t i m e i s s a v e d, a n d n a d n t i m e i s q u i d! pl oy ppl on ot pa pe rm on orm os pa rn o pp) rg ou of od re o pp ow re re 2. D ata L eak ag e P revention T h e W A F c a n pe rf orm on e f or on e s e a rc h a n d re pl a c e on c on t e n t re t u rn e d f rom s e rv e r a n d h i d e s e n s i t i v e i n f o. T h e W A F c a n a l s o re m a p e rror c od e s re t u rn e d b y w e b a pps a n d h i d e v e rb os e e rror pa g e s. V ir t u a l p a t ch in g e x t r e m e l y in t e r e st in g f in a n cia l l y 23

m C o n c l u s i o n 1. A t t a c k s a g a i n s t w e b a pps n ow v e ry c om m on 2. C os t s of i n f orm a t i on t h e f t pot e n t i a l l y e n orm ou s 3. H u n d re d s or t h ou s a n d s of w e b a pps m e a n f i x i n g c od e i s t oo e x pe n s i v e 4. W e b A pp F i re w a l l : g re a t d rop-i n s ol u t i on f or v i rt u a l pa t c h i n g a n d d a t a l os s pre v e n t i on 5. W A F s a v e s b ot h t i m e a n d on e y i n c l u d e i t i n y ou r DC S e c u ri t y t ool k i t! 24

Cisco N e t w or k e r s B a r ce l on a 2 6 2 9. J a n u a r 2 0 0 9. r e g ist r u j t e se! h t t p : / / w w w.c i s c o.c o m / w e b / e u r o p e / c i s c o -n e t w o r k e r s / 20 0 9 / i n d e x.h t m l 25

26

Q u i c k O r d er i n g G u i d e F I P S H W A CE -X M L -K 9 ( F I P S ) + A CE -X M L -N F -K 9 + A C E -X M L -F I P S A C E -X M L -N O N F I P S N o n F I P S H W A C E -X M L -SW -6. 0 & A C E A F A T I C F X A C E A F G T I C F X -W -G -L -W -M -L S W L i c e n s e s f o r W A F o n l y T h er e i s a l so a fu l l l i c ense w h i c h c onta i ns b oth X M L / W eb Ser v i c es a nd W A F fea tu r e sets 27

G Cisco W A F S t a n d a r d D e p l oy m e n t A CE W eb A pp F W U I 2 ACE WAF ACE-X M L -N F-K 9 $ 4 0, 0 0 0 x 2 = $ 8 0, 0 0 0 + 1 ACE WAF M a n a g e r ACE-X M L -N F-K 9 $ 1 5, 0 0 0 U pg ra d e P ossib il ities 1. 2x A C E L o a d B a l a n c e r A p p l i a n c e s ( $ 5 8, 0 0 0 ) 2. F I P S c o m p l i a n c e ( + $ 5, 0 0 0 p e r W A F u n i t ) 3. U p g r a d e t o f u l l A C E X M L f u n c t i o n a l i t y ( + $ 3 0, 0 0 0 p e r W A F u n i t, + $ 1 0, 0 0 0 p e r M a n a g e r ) 4. R e p l i c a t i o n o f d e p l o y m e n t f o r s t a g i n g a n d a c r o s s d a t a c e n t e r s 28

S a m p l e B O M : 2 G a t ew a y s 1 M a n a g er 2 x G 1. A C E M L F 9 W A F A p p $ 0 2. A C E M L W. 0 W A F S $ 0 3. A C E M L O N F I P S S S L $ 5, 0 0 0 4. A C E A F A I C F X W A F F $ 3 5, 0 0 0 1 x M 1. A C E M L F 9 W A F A p p $ 0 2. A C E M L W. 0 W A F S $ 0 3. A C E M L O N F I P S S S L $ 5, 0 0 0 4. A C E A F G I C F X W A F M $ 1 0, 0 0 0 atew ays: -X -N -K liance -X -S -6 oftw are -X -N acceleration -W -G T-L irew all license anager: -X -N -K liance -X -S -6 oftw are -X -N acceleration -W -M T-L anager license 29

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback