Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
#CiscoLiveLA
Agenda • Introduction
• Quick Review: Email Pipeline
• Anti-Spoofing : Domain Reputation and
Protection
• Anti-Phishing: URL Analysis and Advanced
Phishing Protection
• Threat Hunting with Cisco Threat Response
and ESA
• External Threat Feeds & APIs
• Next Steps & Conclusion
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Introduction…
Usman Din
• Joined Cisco through IronPort acquisition in 2007
• Global Lead for the Email Security Advisory Group
• Cisco Live Speaker in US, LATAM and EU
• 3 time Distinguished Speaker
• Joined the Email Product Manager Team in 2016
• Based out of Toronto, Canada
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Quick Review: Email Pipeline
Reputation Connection File File Graymail Outbreak Adv. Phishing
CASE Anti-Virus Content Filtering
Filtering Filtering Reputation Analysis Detection Filtering Protection
70-80% Throttling Multi- Block 100% SHA based Over 300 Control Business & 9-12 hr lead Behavioral
Block SPF, DKIM & Verdict of known file blocking Behavioral marketing, Security time Analytics
rate DMARC scanning viruses Indicators social and Rules Outbreaks
DP
bulk
Connection and Content Filtering Virus & Malware Filtering Content Filtering Anti-Phishing
Anti-Spoofing URL Analysis 0-Day Malware URL Analysis
0-Day
Brand Protect Inspect Outbound Block 100% Multi- Link validation Track user clicks Alert on verdict
Protection Sensitive sensitive malware of known Verdict and and report on changes and
Data content scanning viruses scanning unsubscribe URLS Auto-delete from
O365
Anti-Spoofing Content Filtering Virus & Malware Filtering Filtering URL Analysis URL Analysis 0-Day Malware
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Anti-Spoofing
Putting together the anti-spoofing puzzle
Data
Domain
Header DMARC
Protection
Matching
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Putting together the anti-spoofing puzzle
Data
Domain
Header DMARC
Protection
Matching
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Understanding the types of Spoofs
Type Who are they Spoof Target Description
spoofing?
Simple Spoof External Parties Your Users Simple spoof is where the attacker attempts to change or manipulate the
envelope from in the headers of an email, or change the reply-to to
redirect email.
Cousin Domain / Your Brand Your Customers Attacks become more sophisticated by relaying on minor changes to the
Typo Squatting suffix and / or prefix of the email addresses to trick users. High probability
of success and hard to detect due to large number of variations
Display Name Your Executives Financial Controllers Also called Business Email Compromise (BEC) is the most complex attack
Modification involves the use of legitimate domains (either hijacked or created) with the
manipulating message headers to show an accurate Display Name and a
Cousin domain/typo in the email address to trick targets into releasing
information. This is the most common attack today with a high success
rate.
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Sources of spoofs
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Envelope Spoofing (for owned domains)
• There are 2 types of headers in an email, envelope and data headers
• Envelope spoofing is one of the simplest and easiest ways to trick users by
manipulating the headers to show whatever is desired
Info: ICID 1840489 ACCEPT SG ACCEPT match 45.55.251.155 SBRS None country United States
Info: Start MID 3481407 ICID 1840489 Envelope spoof of a domain that you
Info: MID 3481407 ICID 1840489 From: <usman@encoresol.com> own
Info: MID 3481407 ICID 1840489 RID 0 To: <usman@encoresol.com>
Info: MID 3481407 ready 653 bytes from <user@encoresol.com> Recipient is of the same domain
Info: MID 3481407 matched all recipients for per-recipient policy DEFAULT in the inbound table
Info: MID 3481407 queued for delivery
Info: Delivery start DCID 0 MID 3481407 to RID [0]
From header inherits Envelope if not specified
Info: Message done DCID 0 MID 3481407 to RID [0] [('from', 'usman@encoresol.com')]
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Protection against own domain spoofs
• By leveraging the Sender Verification table, you can stop effectively stop
envelope spoofing of your domain
• If there are known / allowed spoofing sources you can set them to bypass
the check
Info: ICID 1840469 ACCEPT SG ACCEPT match 45.55.251.155 SBRS None country United States
Info: ICID 1840469 Address: <user@encoresol.com> sender rejected, envelope sender matched domain exception
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Sender Domain Reputation (SDR)
Includ
ed in
v 12
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
SDR flow Mail Flow
Policy
Host Access RAT
Accept and
DMARC mark values
DATA SPF Check DKIM Data Size, Subject size
for AS, AV,
S/MIME
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
SDR Verdicts
• Evaluate domain information of Envelope Sender, From and reply-to as well as domain age
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Enabling SDR
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
What is sent to Talos?
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Configuring SDR Actions
• Though SDR queries during the
conversation phase, actions are
configured at the filter level
• Message Filters and content
filters can use either the domain
age or reputation to take an
action
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
SDR in logs and message tracking
• Evaluates domains in the envelope-from, from and reply-to headers, will
display the “worst” verdict, along with domain age
• Verdicts and domain age can be used in a filter
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
SDR Reporting
• 2 reporting widgets
available for SDR
• Breakdown of SDR
categories
• Breakdown of Threat
Category
• Spam
• Malware Sites
• Phishing
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Data header manipulation
• Detecting envelope spoofing is relatively simple to detect and block
• Bad actors are aware of this too
• Data Headers (from, reply-to) are harder to detect as it’s common practice
to have different from or reply-to addresses
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
SPF and DKIM
• Sender Policy Framework, specified in RFC4408
• Allows recipients to verify sender IP addresses by looking up DNS records listing authorized Mail Gateways for a
particular domain
• Uses DNS TXT Resource Records
• Can verify HELO/EHLO and MAIL FROM identity (FQDN)
• Upon evaluation of SPF records, the following can these results:
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
SPF and DKIM
• Domain Keys Identified Mail, Specified in RFC5585
• In a nutshell: Specifies methods for gateway-based cryptographic signing of outgoing messages,
embedding verification data in an e-mail header, and ways for recipients to verify integrity of the
messages
• Additional RFCRFC6376 (DKIM Signatures), RFC5863 (DKIM Development, Deployment and
Operation), RFC5617 (Author Domain Signing Practices (ADSP))
• Uses DNS TXT records to publish public keys
20120113._domainkey.gmail.com IN TXT “k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Kd87/UeJjenpabg
bFwh+eBCsSTrqmwIYYvywlbhbqoo2DymndFkbjOVIPIldNs/m40KF+yzMn1skyoxcTUGCQs8g3FgD2Ap3ZB5DekAo5wMmk4wimDO+U8QzI3SD
0""7y2+07wlNWwIt8svnxgdxGkVbbhzY8i+RQ9DpSVpPbF7ykQxtKXkv/ahW3KjViiAH+ghvvIhkx4xYSIc9oSwVmAl5OctMEeWUwg8Istjqz
8BZeTWbf41fbNhte7Y+YqZOwq1Sd0DbvYAD9NOZK9vlfuac0598HY+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/
wIDAQAB”
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Enable SPF Verification
• When SPF is enabled, the ESA will stamp
headers in the message
BRKSEC-2240 24
Enable DKIM Verification
1 2
BRKSEC-2240 25
After enabling SPF
Mon Jun 26 16:48:31 2018 Info: New SMTP ICID 238970 interface Data 1 (216.71.129.13) address 72.142.13.157 reverse dns host
unallocated-static.rogers.com verified no
Mon Jun 26 16:48:31 2018 Info: ICID 238970 ACCEPT SG SUSPECTLIST match sbrs[none] SBRS None country Canada
Mon Jun 26 16:48:54 2018 Info: Start MID 137251 ICID 238970
Mon Jun 26 16:48:54 2018 Info: MID 137251 ICID 238970 From: <ceo@dinconsulting.com>
Mon Jun 26 16:49:09 2018 Info: MID 137251 ICID 238970 SMTP Call-Ahead bypass applied to <bob@dinconsulting.com>
Mon Jun 26 16:49:09 2018 Info: MID 137251 ICID 238970 RID 0 To: <bob@dinconsulting.com>
Mon Jun 26 16:49:18 2018 Info: MID 137251 SPF: helo identity postmaster@dinconsulting.com Fail (v=spf1)
Mon Jun 26 16:49:18 2018 Info: MID 137251 SPF: mailfrom identity ceo@dinconsulting.com Fail (v=spf1)
Mon Jun 26 16:49:40 2018 Info: MID 137251 SPF: pra identity None headers None
Mon Jun 26 16:49:40 2018 Info: MID 137251 Subject 'Re: Please pay this...'
Mon Jun 26 16:49:40 2018 Info: MID 137251 ready 202 bytes from <ceo@dinconsulting.com>
Mon Jun 26 16:49:40 2018 Info: MID 137251 matched all recipients for per-recipient policy DINCONSULTING in the inbound table
<scan results> …
BRKSEC-2240 26
DMARC
• Both DKIM and SPF have shortcomings, not because of bad design, but because of different
nature of each technology
• Thus, DMARC was born:
• Leveraging great existing technologies, providing a glue to keep them in sync, and allowing senders to
mandate rejection policies and have visibility of offending traffic
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Forged Email Detection – Header Fuzzy Matching
1 2
MID 143464 Forged Email Detection on the From: header with score of 100
Info: Message done DCID 1570 MID 143464 to RID [0] [('From', ‘Angry Bossman <angryboss@gmail.com>']
• The idea behind Forged Email Detection is to provide a method to match the Display Name in the
From Message header to Executives or High Value Personnel
• This feature can help narrow down targeted spoofs, that can leverage any action inside a content
or message filter and can also strip the From header to expose the envelope from.
• Using it alone is prone to false positives! Use in conjunction with other conditions
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
What are we matching?
• Forged Email Detection focuses on matching the Header From (RFC5322) and
specifically the Display Name (i.e First Last <user@domain.com>)
• There were issues with efficacy in earlier releases, addressed in v10.0.3+ and
v11.0.1+
• Fuzzy Matching samples:
Amgry Bossman -> Forged Email Detection on the From: header with score of 93
Angerry Bossman -> Forged Email Detection on the From: header with score of 92
Angry Bosman -> Forged Email Detection on the From: header with score of 96
Angry B0ssman -> Forged Email Detection on the From: header with score of 93
Angry Bossm4n -> Forged Email Detection on the From: header with score of 92
Andry Bossman -> Forged Email Detection on the From: header with score of 92
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Getting Started with FED
• FED will only create a log entry for a score that is the same or higher than what is configured
• Start by creating a filter with a low threshold (50) and log the results for each score above that
threshold
• Enable logging of From and Reply-To headers
1 3
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Example Forged Email Detection Filter
Before fed() After fed()
BRKSEC-2240 32
How to enable DMARC
1
• DMARC is configured via by
creating a profile and then applying
the profile to a Mail Flow Policy
• By default the profile is set to
Monitor for DMARC violations,
2 however it needs to be applied to a
policy for it to evaluate DMARC
records
• Monitor and Tune settings and
SenderGroups and move to
blocking when ready
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Blocking with DMARC
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Participation is key
• In order to take advantage of DMARC for your own domains you need to
create and maintain your SPF records
TXT Record for Domain amazon.com Version of DMARC Action on Auth Failure % of messages to apply policy
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Cisco Domain Protection (CDP)
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
CDP – Monitoring your senders
• If you have not created SPF or DMARC records, you’ll need to implement
them in monitoring mode to get an idea of who is sending as your domain
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
CDP - Approved & Unapproved Senders
• In order to effectively stop spoofing
attacks using DMARC , understanding
which 3rd parties that send email on your
behalf is mandatory
• CDP automates that process by
identifying, tracking and managing all 3rd
party senders.
• In addition, CDP maintains governance
and helps to identify 3rd party sender risk
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Email Posture
• Because of the feedback
loop provided by DMARC,
analytics on the number of
legitimate vs spoofed email
can be displayed
• This information is valuable as
the majority of information
seen is from external
recipients sending aggregate
reports
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Anti-Phishing
Phishing Types
• Phishing can be broadly broken up into 2 types:
• URL or File: Credential Take Over, Ransomware, etc.
• Payload is delivered in a file or URL prompting the user to enter information into
a fake site and/or execute an exploit
• Scams: Money Mule, Dating, Wire Transfers, etc.
• No payload (url, document), focusing on the social engineering aspects to fool
users in to making an transaction
• Blended threats will use spoofing of addresses and phishing
payloads to trick the user into an action
#CiscoLiveLA © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Looking for URLs
• URLs can be searched in the email body,
subject and with version 11.1 in
attachments
• URLs can be triggered by Reputation
score, Category or External Threat Feed
match
• When URLs are extracted from
attachments, no modification is done to
the attachment New in
v11.1
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Managed URL Expansion
New in
v11.1
• This feature will allow for URLs that are using a Malicious URL behind a shortener service
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Actions to take on URLs
http://ihaveabadreputation.com
https://secure-web.cisco.com/1adjW1InNsH83UFDjLDFTjer5nJId9J- https://secure-web.cisco.com/1adjW1InNsH83UFDjLDFTjer5nJId9J-
YYihaveabadrepution_comYY [URL REMOVED] HjqKlbAcaLQ74EH5ViYEStC5jPZqvg_weQJeocAQeEryL5b1JR6T0JgzXkjk1P
UMCBb_eQApCXS6ZsoujzgNvwt9UqN27SN1zcMVjmIpWQN__lTmALmHd
HjqKlbAcaLQ74EH5ViYEStC5jPZqvg_weQJeocAQeEryL5b1JR6T0JgzXkjk1P
UMCBb_eQApCXS6ZsoujzgNvwt9UqN27SN1zcMVjmIpWQN__lTmALmHd
GMZ_PaFf9FTUvmMc7UjRZBhvHzDvGJ0Lm5uh9evj_C_OemBAy44xbXw GMZ_PaFf9FTUvmMc7UjRZBhvHzDvGJ0Lm5uh9evj_C_OemBAy44xbXw
mYuA3uRPqKrf7T6ZNepA0MlcszDFPwufWUB7bbmS8Ziqh_- mYuA3uRPqKrf7T6ZNepA0MlcszDFPwufWUB7bbmS8Ziqh_-
CyjG8KI6fJU33qjnInxHsjOBq98VxQUT- CyjG8KI6fJU33qjnInxHsjOBq98VxQUT-
vMf_2U_OlpguXStzGTlj3U__yBZlLZsS9W1xLZpcGUKpdUp8Q_SBBq9HknQ vMf_2U_OlpguXStzGTlj3U__yBZlLZsS9W1xLZpcGUKpdUp8Q_SBBq9HknQ
/http%3A%2F%ihaveabadreputation.com /http%3A%2F%ihaveabadreputation.com
Click! Click!
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Cisco Advanced Phishing Protection (CAPP)
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
The science behind it – a phishing attack
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
The science behind it – a legitimate email
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
CAPP Policies
• Policies can be used to report
and take actions on messages
that been found to be
malicious
• Multiple policies based on
Subject, To / From addresses,
and verdicts of the email can
be created
• Actions such as move or
delete, can be taken
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
CAPP Enforcement
• Enforcement is done through
API calls
• Office 365 is supported
through the Graph API and
on-prem Exchange through
the EWS API
• Message trajectory is found
through journaling of emails
which allows for metadata to
be collected on the message
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Separating the trees from the forest
cisco.com
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Separating the trees from the forest
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Cisco Threat Response
Security components must work together
Security Operations Technologies and Intelligence
Is this bad?
Endpoint
Has it affected us? Threat Intel Security SIEM Next-Gen
IPS
???
How?
Email
Where? Malware Secure Internet Web
Detection Gateway Security Security
What do we do?
#CiscoLiveLA © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Threat Response for Email Security
Includ
ed in
v 12
#CiscoLiveLA © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Global and Local Intelligence
#CiscoLiveLA © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Threat Response Integration
External Threat Feeds and
APIs
External Threat Feeds: STIX over TAXII
Includ
ed in
v 12
• Opens up Cisco Email STIX TAXII or Structured Threat Information Expression™ and
Security to consume external Trusted Automated eXchange of Indicator Information™
feeds
• Consume company and
industry specific threat
information and take actions
• 5 IoCs supported:
• IP
• Domain
• Host
• URL
• SHA/MD5
#CiscoLiveLA © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Using External Threat Feeds
#CiscoLiveLA © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Tracking, Reporting and Quarantine APIs
Includ
ed in
v 12
Sample Response
• The new API opens up data on the {
"data": {
"messages": {
#CiscoLiveLA © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Next Steps & Conclusion
Upgrade!
#CiscoLiveLA © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete your online session evaluation
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Continue
your Demos in
the Cisco
Walk-in
self-paced
Meet the
engineer
Related
sessions
education campus labs 1:1
meetings
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Thank you
#CiscoLiveLA
#CiscoLiveLA
Cybersecurity Cisco education offerings
Course Description Cisco Certification
Understanding Cisco Cybersecurity The SECFND course provides understanding of cybersecurity’s CCNA® Cyber Ops
Fundamentals (SFUND) basic principles, foundational knowledge, and core skills needed to
build a foundation for understanding more advanced
cybersecurity material & skills.
Implementing Cisco Cybersecurity Operations This course prepares candidates to begin a career within a Security CCNA® Cyber Ops
(SECOPS) Operations Center (SOC), working with Cybersecurity Analysts at
the associate level.
Cisco Security Product Training Courses Official deep-dive, hands-on product training on Cisco’s latest
security products, including NGFW, ASA, NGIPS, AMP, Identity
Services Engine, Email and Web Security Appliances, and much
more.
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Cybersecurity Cisco education offerings
Course Description Cisco Certification
CCIE Security 5.0 CCIE® Security
Implementing Cisco Edge Network Security Configure Cisco perimeter edge security solutions utilizing Cisco CCNP® Security
Solutions (SENSS) Switches, Cisco Routers, and Cisco Adaptive Security Appliance (ASA)
Firewalls
Implementing Cisco Threat Control Solutions
(SITCS) v1.5 Implement Cisco’s Next Generation Firewall (NGFW), FirePOWER NGIPS
(Next Generation IPS), Cisco AMP (Advanced Malware Protection), as
well as Web Security, Email Security and Cloud Web Security
Implementing Cisco Secure Access Solutions
(SISAS) Deploy Cisco’s Identity Services Engine and 802.1X secure network
access
Implementing Cisco Secure Mobility Solutions
(SIMOS) Protect data traversing a public or shared infrastructure such as the
Internet by implementing and maintaining Cisco VPN solutions
Implementing Cisco Network Security (IINS Focuses on the design, implementation, and monitoring of a CCNA® Security
3.0) comprehensive security policy, using Cisco IOS security features
#CiscoLiveLA BRKSEC-2240 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68