SHOW NOTES
TechWise TV – Security Edition, Episode 14
Cisco Interaction Network
Broadcast Date: March 15, 2007

“Engineering for Continuity of Operations”
TAPED LIVE at the RSA Conference 2007

TechWise TV Event Center – see what shows are coming up and how to see shows you may have missed: www.cisco.com/go/interact

Segment 1 – Framing the Problem with Howard Schmidt
Segment 2 – Foundational Protection with Jimmy Ray Purser
Segment 3 – SSL VPN for Remote Access
Segment 4 – RSA Interview with Dennis Hoffman, Unified Communications
Segment 5 – When all else fails – Drive Savers

Executive Summary
Disaster and pandemic planning have become key to business continuity planning. A disaster or pandemic event can have a profound impact on business operations, including the displacement of workforce from the worksite. If a disaster or pandemic takes place, employees will not be able to access the worksite for several days, weeks, or even months. Without a plan for remote working solutions for displaced workers, an organization may not be able continue operations, thus crippling the business.
Cisco offers complete remote working solutions that enable employees to work with all the resources of their office environment by extending the network data, applications, and phone services available at the worksite to employees’ homes or alternate work locations. Cisco remote working solutions deliver a complete suite of data, voice, and video services to teleworkers’ desktops. Features include:
• Enables employees to work from home or an alternate work location and perform their jobs with the same efficiency and productivity as their office environment
• Delivers great flexibility in remote working environments, from work-at-home solutions using company-owned laptop PCs or employee-owned PCs to using public Internet terminals or Internet-enabled mobile phones
• Provides comprehensive, integrated security, including customized access levels based on user, access device, and location
• Minimizes equipment required at employee locations; can use existing network infrastructure and IT processes for service deployment
• Provides streamlined, “low-touch” remote user provisioning and management



Did You Know?
Cisco has the Critical Infrastructure Assurance Group (CIAG).
The Critical Infrastructure Assurance Group provides leadership to improve the security of global critical infrastructures. CIAG is committed to helping organizations worldwide implement security strategies by directly addressing research, training, education, sound practices, and standards needs.
http://www.cisco.com/web/about/security/security_services/ciag/

Segment 1 – Framing the Problem.
Featured guest, Howard Schmidt joins Patrick Gray, (Cisco Senior Security Strategist) on set with Host Jonas Tichenor and Co-Host Robb Boyd to discuss the realities surrounding Continuity of Operations.

Podcast of the Entire Conversation Available: TechWise Podcasts

Howard Schmidt has a new book out:
“Patrolling Cyberspace: Lessons Learned from a Lifetime in Data Security”
More information: http://www.patrollingcyberspace.com/



Biography:
Howard A. Schmidt
President & CEO R & H Security Consulting LLC

Howard A. Schmidt has had a long distinguished career in defense, law enforcement and corporate security spanning almost 40 years. He has served as Vice President and Chief Information Security Officer and Chief Security Strategist for online auction giant eBay. He most recently served in the position of Chief Security Strategist for the US CERT Partners Program for the National Cyber Security Division, Department of Homeland Security.

He retired from the White House after 31 years of public service in local and federal government. He was appointed by President Bush as the Vice Chair of the President’s Critical Infrastructure Protection Board and as the Special Adviser for Cyberspace Security for the White House in December 2001. He assumed the role as the Chair in January 2003 until his retirement in May 2003.

Prior to the White House, Howard was chief security officer for Microsoft Corp., where his duties included CISO, CSO and forming and directing the Trustworthy Computing Security Strategies Group.

Before Microsoft, Mr. Schmidt was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI) Computer Forensic Lab and Computer Crime and Information Warfare Division. While there, he established the first dedicated computer forensic lab in the government.

Before AFOSI, Mr. Schmidt was with the FBI at the National Drug Intelligence Center, where he headed the Computer Exploitation Team. He is recognized as one of the pioneers in the field of computer forensics and computer evidence collection. Before working at the FBI, Mr. Schmidt was a city police officer from 1983 to 1994 for the Chandler Police Department in Arizona.

Mr. Schmidt served with the U.S. Air Force in various roles from 1967 to 1983, both in active duty and in the civil service. He had served in the Arizona Air National Guard from 1989 until 1998 when he transferred to the U.S. Army Reserves as a Special Agent, Criminal Investigation Division where he continues to serve. He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet crime.

Mr. Schmidt also serves as the international president of the Information Systems Security Association (ISSA) and was the first president of the Information Technology Information Sharing and Analysis Center (IT-ISAC). He is a former executive board member of the International Organization of Computer Evidence, and served as the co-chairman of the Federal Computer Investigations Committee. He is a member of the American Academy of Forensic Scientists. He serves as an advisory board member for the Technical Research Institute of the National White Collar Crime Center, and was a distinguished special lecturer at the University of New Haven, Conn., teaching a graduate certificate course in forensic computing.

He served as an augmented member to the President’s Committee of Advisors on Science and Technology in the formation of an Institute for Information Infrastructure Protection. He has testified before congressional committees on computer security and cyber crime, and has been instrumental in the creation of public and private partnerships and information-sharing initiatives. He is regularly featured on CNN, CNBC, Fox TV as well as a number of local media outlets talking about cyber-security. He is a co-author of the Black Book on Corporate Security.

Mr. Schmidt has been appointed to the Information Security Privacy Advisory Board (ISPAB) to advise the National Institute of Standards and Technology (NIST), the Secretary of Commerce and the Director of the Office of Management and Budget on information security and privacy issues pertaining to Federal Government information systems.

Howard holds board positions on a number of corporate boards in both an advisory and director positions and recently has assumed the role as Chairman of the Board for Electronics Lifestyle Integration (ELI).

Mr. Schmidt holds a bachelor’s degree in business administration (BSBA) and a master’s degree in organizational management (MAOM) from the University of Phoenix. He also holds an Honorary Doctorate degree in Humane Letters. Howard is a Professor of Practice at GA Tech, GTISC and Adjunct Senior Fellow with Carnegie Mellon’s CyLab.

Biography:

Patrick Gray
Patrick Gray joined Cisco Systems as its Senior Security Strategist after serving as the Director of X-Force Operations, Office of the Chief Technology Officer, Internet Security Systems, Inc. (ISS). Gray also comes to Cisco Systems after twenty years of service with the Federal Bureau of Investigation. Upon his retirement from the FBI in November 2001, he joined Internet Security Systems and created the X-Force Internet Threat Intelligence Center and thereafter was Director of the Penetration Testing and Emergency Response Teams until his promotion to the X-Force R & D Team. As a result of his service with the FBI, and the Internet Threat Intelligence Center, he has first-hand knowledge of the hacking community, its aims and methodologies as they attack government, ecommerce, energy and financial entities relentlessly.
Prior to joining Internet Security Systems, Gray served as a Special Agent with the Federal Bureau of Investigation for twenty years and has served in Baltimore, Maryland, Daytona Beach, Florida, Washington, D.C. and Atlanta, Georgia. Gray was also assigned as a Supervisory Special Agent at FBI Headquarters, Washington, D.C. in the Intelligence Division where he was responsible for global counterintelligence investigations. While serving in the Washington, D.C. area, Gray was seconded to the National Security Agency where he was responsible for an FBI group that provided operational support to the Intelligence Community.
He was transferred to Atlanta in 1988 to assume Supervisory Duties for the FBI’s Drug and Violent Gang Program in Georgia. In 1994, he assumed the duties as the Supervisor of the Technical Services Squad and served as the Acting Assistant Special Agent in Charge of the FBI in Georgia in 1996 and 1997 during the time of the spree of terrorist bombings at Centennial Olympic Park and two subsequent bombings at two women’s clinics in Alabama and Georgia.
Gray was assigned as Supervisor of the Special Operations Group in 1994 which ultimately morphed into one of the FBI’s first regional Cyber Crime Squads; and was a member of the FBI’s elite Computer Assistance Response Team as a Forensic Examiner. He has investigated cases involving financial institutions, government agencies, commercial businesses and colleges and universities. He was also assigned to the investigation of the September 11 attacks. He was the Coordinator of the Atlanta Chapter of InfraGard, an alliance between the public and private sectors for the sharing of information regarding technology security issues. He grew the Atlanta Chapter of InfraGard into the largest chapter nationally. He continues to work closely with the FBI, the National Infrastructure Protection Center, the Department of Homeland Security and the White House.
Gray is a member of the American College of Forensic Examiners International and maintains a CHS Level III certification; is a member of the Association of Certified Fraud Examiners; the Information Systems Audit and Control Association; InfraGard Atlanta; the Atlanta Chapter of the Information Systems Security Association, and the International Information Systems Forensic Association. He has lectured at Colleges and Universities around the country. He has spoken at numerous technology events around the world to include Gartner Sector 5, Networld Interop, the IT World Congress, CIO Summit, GE Access, Forbes and others. He has been quoted in numerous newspapers, magazine articles and periodicals and makes regular cable television appearances.
Gray is a former Marine having served in Vietnam.

Segment 2 – Foundation Protection
It’s a gray line between security and resilient network services…but its worth exploring. At the end of the day…good security is about making measured investments to off-set risk…the risk that something ‘bad’ can happen. The foundational considerations of security are often overlooked…what kind of things can be done within your standard routers and switches to off-set your security risk?

Jimmy Ray takes us further down that path…

Additional Materials: SAFE White Papers contain fantastic information and detail around the security of your infrastructure. Although Jimmy Ray focused on Layer 2 for this broadcast, the SAFE series contains detailed descriptions and configurations for additional security considerations around such topics as Wireless LAN Security, VPNs and much more.

Check out: www.cisco.com/go/safe

Biography:
Jimmy Ray Purser, Networking Specialist, TechWiseTV
Purser also conducts advanced training for engineers across North America and Europe and regularly speaks at industry conferences such as NetWorld+Interop, CeBIT, ZoomIT, Comdex, HP World and numerous regional events. His topic of choice is network security and security penetration testing.
Pu rser has been an active participant of the information technology (IT) community for more than 15 years, with particular emphasis on local area network (LAN) and wide area network (WAN) infrastructure and security. He is an active member in the IEEE. He has designed, installed and tested numerous networks for Fortune 500 companies, the United States Military, Internet-based businesses, universities and other education institutions around the world. He also writes many articles, whitepapers and other periodicals.
Before joining the Cisco, Jimmy Ray was a Master Level Field Pre Sales Solution Architect at HP, and before that he served as Principal Consultant at a large reseller in Chicagoland.
Jimmy Ray holds a Bachelor of Science degree in Electrical Engineering from Southern Illinois University, is currently pursuing a Master of Science degree in Electrical Engineering. He is a licensed Professional Engineer in the State of Wisconsin. Jimmy Ray holds two U.S. Patents on network security algorithms, as well as Cisco CCNP, ISC(2) CISSP and numerous other vendor certifications in networking and security.

Segment 3 – Bringing the Workplace to the Employee

Robb Boyd and Bill McGee

Many of today’s job functions require access to applications and data that reside on the organization’s IT network, as well as a business telephone. In the office location, services such as e-mail, instant messaging, client/server applications, file servers and databases, the organization’s intranet, Internet access, phone service and voicemail are taken for granted. But even for employees with laptop computers at their disposal, most of these services are not available outside the office unless specific network solutions have been deployed. And for employees who work at fixed workstations, they cannot perform their job duties at all when away from the office. To ensure business continuity during disaster or pandemic events, it is critical to enable fully functional virtual offices for their workforce.
Providing seamless communications to a displaced and dispersed workforce during a disaster or pandemic requires a portable, extendable communications infrastructure. Key steps in building such an infrastructure are:
● Categorizing job roles in the organization by communications requirements. Different job roles require different levels of communication to be productive.
● Surveying the existing IT infrastructure and its remote communications capabilities. Can it reach all employees whose roles are required for operation of the business? Can it handle capacity in the event of mass employee displacement? Does it address employees who may not have a company-provided laptop?
● Is the remote communications infrastructure deployed? Is it tested, both from an IT operations standpoint as well as a business process standpoint? Is the solution staged for employees who may not have access to remote communications as a part of their normally deployed IT services (employees who don’t already have remote-access VPN, for example)?
Cisco Disaster Preparedness Solutions—Full-Function Remote Working Environments
Cisco provides a full suite of VPN and voice over IP (VoIP) solutions that enable employees with just a laptop computer or no company computer at all to recreate their office resources at their home or other Internet-enabled location. Using VPN services, employees can securely access all data applications—such as e-mail, instant messaging, client/server applications, file servers and databases, and intranet services—from a remote working location. Furthermore, the VPN connection can be used to extend voicemail or even employees’ office phone extensions directly to their PC or to an IP phone handset, thereby fully replicating the office location at a remote virtual office.
***
White Paper:
“Remote-Access VPNs: Business Productivity, Deployment, and Security Considerations”
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns347/networking_solutions_white_paper0900aecd804fb79a.shtml

Additional Material:
- www.cisco.com/go/sslvpn
- http://www.cisco.com/cdc_content_elements/flash/asa_vpn/demo.htm
- Podcast Series (great content but independent of TechWiseTV)
http://www.cisco.com/en/US/products/hw/vpndevc/networking_solutions_products_generic_content0900aecd8058815a.html


Segment 4 – RSA Perspective & Unified Communications
Biography:
Dennis Hoffman
Vice President and General Manager, Access Security Group
As Vice President and General Manager of the Enterprise Solutions Business Unit at RSA, The Security Division of EMC, Dennis Hoffman is responsible for product development, product management, and product marketing of RSA’s industry-leading identity assurance and access management products, as well as overall marketing for the Division.
Mr. Hoffman is a 20-year veteran of the high-technology industry. Before starting his role at RSA, he led the team at EMC that developed and initiated the execution of the company’s information security strategy. In his prior role at the company he led product marketing for EMC Software.
Previously, Mr. Hoffman served as CEO and Co-founder of Storigen Systems, a pioneering developer of distributed storage networking software that was acquired by EMC in October 2003. Mr. Hoffman also spent six years at Avid Technology where he was responsible for the marketing and business development of its storage and networking products, and he has held strategy consulting and engineering roles at companies including Marakon Associates, Eastman Kodak and Polaroid Corporation.
Mr. Hoffman graduated from Union College with a B.S. in Electrical Engineering and holds an MBA from Harvard University.
Felicia Ferrante joins Jonas and Robb on set…
When moving work to the employee, there are three main approaches available based on the communications needs of individual employees as required to perform their job functions:
● Remote data application access: Provides users access to e-mail, instant messaging, client/server applications, file servers and databases, and intranet services from their company laptop computer using remote-access VPN services. This is appropriate for “back-office” employees who do not often meet or collaborate with fellow employees or customers in real time. Most communications are conducted via e-mail or instant messaging.
● Remote data application and office phone extension access: Uses the remote-access VPN connection to provide users with access to their office phone extension via a PC-based IP phone, as well as the broad data applications access as noted above. This is appropriate for employees who meet or collaborate with fellow employees. Communications can be conducted in real-time conversations via employees’ office phones, as well as over e-mail or instant messaging.
● Full office replication: This approach duplicates an employee’s office at home or another designated location using site-to-site VPN technology. It delivers business-quality voice communications as enabled by the higher-quality transmission capabilities of site-to-site VPN technology, as well as a standard IP phone handset. Using the high-quality site-to-site network connection, videoconferencing is also enabled by this solution. This approach also delivers full data applications access.
Identifying the communications tools required for each job role to enable continuity of business operations when displaced from the office is critical to building a disaster-ready communications infrastructure. “Right-sizing” the solution for the job role increases employee business productivity during a displacement event, while minimizing IT deployment and management costs associated with the solution.
Each of these approaches can be addressed with a combination of Cisco VPN, Unified Communications, and remote collaboration technologies as delivered through the Cisco Anywhere Office and Cisco Enterprise-Class Teleworker communications resilience solutions. Each of these solutions is customizable to the specific requirements of the job role, thus maximizing employee productivity while minimizing IT cost.
Cisco Anywhere Office: Remote Data and Data+Voice Access
The Cisco Anywhere Office solution enables employees to turn their company-provided laptops into fully functional offices from any Internet-connected location. Built on Cisco remote-access VPN technologies, the Anywhere Office enables employees to connect remotely to the company network for access to virtually any application or network resource. Employee office phone extensions may also be extended over the VPN using Cisco IP Communicator for full data+voice services from the employee laptop. Cisco IP Communicator is PC software that uses VoIP technology to extend company voice services to employee computers.
Cisco Anywhere Office may also provide data connectivity to employees without company-provided laptops. Again using Cisco remote-access VPN technologies, secure network access is extendable to employee-owned PCs, public Internet terminals, and Internet-enabled wireless devices such as smartphones
Segment 5 – When All Else Fails…Drive Savers & R.A.F.T.
Michael Hall, Director of PC Engineering and Rob Mathison, Corporate Account Executive from Drive Savers join Jonas & Robb on set.
www.drivesavers.com
R.A.F.T.
R = Risks: Accept it, Reduce or Transfer it (if possible)
A = Assets: What are your assets? Both People and Technical/Physical Assets
F = Flexibility: How flexible is your infrastructure? How much technology do you already have that you could be using more effectively.
T = Test: Don’t just write your plan…test it and determine if it works and how your people will react.

Acronym Dictionary

ASA – Adaptive Security Appliance

CSA – Cisco Security Agent

CSC – Content Security and Control Services Module (for use within the ASA)

CSM – Cisco Security Manager

DTM – Distributed Threat Mitigation

ICS – Incident Control System

IPS – Intrusion Prevention System

IDS – Intrusion Detection System

IPSEC VPN – Virtual Private Network technology that leverages a client on the endpoint to establish the private, encrypted connection.

ISR – Integrated Services Router

MARS – Monitoring, Analysis and Response System

NAC – Network Admission Control

NCM – Network Compliance Manager

SDN – Self-Defending Network

NetFlow - open but proprietary network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information. (wikipedia)

SSL VPN – Often referred to as Clientless VPN that, in contrast to IPSEC, uses the encryption built into the browser to set up a secure, remote connection.

SSM – Security Services Module located within the ASA that allows the addition of an IPS module or a CSC (Content Security and Control Services Module…Anti-X Edition of the ASA)