Documente Academic
Documente Profesional
Documente Cultură
BRKSEC-2000
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5
GLOBAL Seconds
Infrastructure
Impact Next Gen
REGIONAL
Networks Minutes
3rd Gen
MULTIPLE Days
Networks
INDIVIDUAL
Computer
1980s 1990s Today Future
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6
WWW SMTP
AV
HIPS
Internal
Host AV
Internet
WAN
Stateful
Router
Firewall
Internet Campus
Network
ISP Anomaly NIPS
Router Detection
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9
For Example
How Can a Router Be a Weapon?
Disable interfaces = DoS
Change ACLs = change access policy and DoS
Alter routing tables = change access policy and DoS
Packet generator = DoS
Serve false addresses = DoS and
Man-in-the-Middle (MitM)
Internet LAN
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10
Internet LAN
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12
Extranet
Server
SSL FW Router Extranet
Offload Client
Extranet Extranet
Server Client
Security-Enabled Switch
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14
Customer
Internet
E-Comm
Svr
Mail Svr
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15
Agenda
Design Principles
Best Practice Designs
Case Studies
Conclusion
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17
Business Risk
Requirements Analysis
Regulatory Cost
Requirements Analysis
Security Policy
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19
Open policy
“Yes you can, unless explicitly denied”
Popular in communal and academic environments
Generally used by service and transport providers
Closed policy
“No you can’t, unless explicitly permitted”
Popular in enterprise and business environments
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20
Case Study/Example
Conclusion
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21
1stcase.com 2ndcase.com
Internal External
Internal WAN WAN Servers
Internet
External Internet
Servers
Labs
Employees VPN
VPN
Remote Remote
Access Access
Labs Employees
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22
Production Lab
HQ Public Branch
Steep gradient =
high risk
Considerable
safeguards Lesser gradient =
Advanced Firewalling low risk
Considerable safeguards
Flow-based inspection Basic safeguards
between corporate and public
Misuse detection (IPS) Basic access control
Constant monitoring Casual monitoring
Protect data transiting
steep gradients
Communication security
Auth, confidentiality, integrity
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24
Internet Corporate
ISP DMZ Dev
Access Core
Web Ops
Apps
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25
VLAN22 VLAN12
Web Ops
Apps
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26
Case Study/Example
Conclusion
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27
Firewall/VPN
Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28
ASA 5550
ASA 5540
ASA 5520
ASA 5510
ASA 5505
SSL/VPN
AnyConnect Remote Access
Web VPN Portal Supply Partner
Remote Access
Site to Site
Public
Hourly Employee Internet
IPSec VPN
SSL VPN
Employee at Home
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30
Firewall/VPN
Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31
Firewall/VPN
Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32
Infrastructure Firewall/VPN
Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33
Network
Administrator
username: dan
password: grades Unauthorized User
Confidential
Plan
Unauthorized User
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 35
Controlling Unauthorized
Network Expansion
Problem:
Individuals can add
unauthorized devices
to network
Solution:
Port security limits
MAC addresses
allowed on network
ports to only one
device at a time
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36
CEF/FIB Lookup
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38
OOB, Secure
Management
Users
In-band in the clear Out-of-band management
Telnet, HTTP, FTP Strongest security
TFTP, SNMPv2c Beware topology aware mngt systems
Pillar 2
Network Identity
Firewall/VPN
Infrastructure
Identity
Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41
Problem:
Unauthorized users
connect to network and
Unauthorized
download confidential
User documents
Solution:
Confidential
802.1x Security Plan 802.1x with Cisco Access
Control Server (ACS)
authenticates user
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 42
Policy Instructions
(Dynamic VLAN)
Pillar 3
Posture Assessment
Firewall/VPN
Infrastructure
Posture
Identity
Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44
Recognize
Recognize
User, device, role
Enforce
Evaluate
Identify vulnerabilities
Enforce
Evaluate
Quarantine and Remediate
before network access
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45
Customer
Business
Issues
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46
Firewall
NAC Appliance
NAC Appliance Routed or
Bridged Central Bridged Central
Deployment Switch Deployment
Switch
Core
NAC Appliance
Edge Deployment
Authentication
NAC Appliance Server
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public Manager 48
Infrastructure Firewall/VPN
Management
Posture
Identity
Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49
Configuration Monitoring
Identity Analysis
Auditing Mitigation
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50
Configuration Monitoring
Identity Analysis
Auditing Mitigation
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53
Configuration Monitoring
Identity Analysis
Auditing Mitigation
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55
CS-MARS
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56
2,694,083 Events
992,511 Sessions
249 Incidents
61 High Severity
Incidents
Tremendous Data Reduction
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57
NetFlow Telemetry
Cisco Cisco and Partners Partners
Network Planning
Accounting/Billing
Router: Collector:
• Cache creation • Collection
• Data export • Filtering
• Aggregation • Aggregation
Applications:
• Storage
• File system management Data Presentation
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58
Configuration Monitoring
Identity Analysis
Auditing Mitigation
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59
Key Scenarios
Device Administration
Remote Access
Wireless and 802.1x CiscoWorks
Compliance Features
ACS AD/LDAP
Authentication policy
(e.g. require complex
password)
Authorization enforcement Posture/Audit
Infrastructure Firewall/VPN
Management
Posture
Identity
IPS
Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61
Network IPS
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62
IP Address
Passive Interface
No IP Address
Monitoring the Network
Data Capture
Data Flow
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63
Management Interface
IP Address
Data Flow
Transparent Interfaces
No IP Address
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64
Signature Updates
Central Signature
File Management Cisco IPS
Appliance
Corporate
Office
WAN
Regional Office
Branch Office
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 65
Attack
+
Is attack relevant to
Relevancy host being attacked?
+
Asset Value How critical is this
of Target destination host?
RISK Drives
Mitigation
RATING Policy
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 66
Time: 0 2 4 6 8 10
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 69
Malicious Behavior
• Ping addresses 0Rapidly mutating
• Scan ports 0Continual
• Guess passwords signature
• Guess mail users updates
• Mail attachments 0Inaccurate
• Buffer overflows
Probe • ActiveX controls
1 • Network installs
• Compressed messages
2 Penetrate • Backdoors
Target 3 Persist • Create new files
• Modify existing files
4 Propagate • Weaken registry
5 • Mail copy of attack security settings
Paralyze • Install new services
• Web connection
• IRC • Register trap doors
• Delete files • FTP
• Modify files • Infect file shares
• Drill security hole 0Most damaging
• Crash computer
• Denial of service
9 Changes very slowly
• Steal secrets 9 Inspiration for the
CSA solution
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 70
TCP/445 via
Null session
Buffer Overflow
against uPNP service
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 71
Pillar 6
Application Security
Firewall/VPN
Infrastructure
Management
Application
Posture
Identity
IPS
Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 72
Internet
IronPort
SenderBase
EMAIL WEB
Security Security
Appliance Appliance
Security
MANAGEMENT
Appliance
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 73
IronPort SenderBase®
Data Makes the Difference
150 Parameters
Threat Prevention in Realtime
• Complaint Reports
• Spam Traps
• Message
Composition Data
• Global Volume Data
• URL Lists SenderBase Data Analysis/ SenderBase
Data Security Modeling Reputation Scores
• Compromised
Host Lists -10 to +10
• Web Crawlers
• IP Blacklists
& Whitelists
• Additional Data
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 74
Known good
is delivered
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 75
Web
Traffic
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 76
50%
Growing fast,
Big harbors spyware
Head
& malware
Long Tail
# of Sites
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 77
IronPort S-Series
Addressing the Entire Spectrum of Web Traffic
Solution:
AUP URL Filtering
Traffic Volume
Solution:
IronPort Web Reputation Filters
Big Signature-based Anti-Malware
Head Protection
Long Tail
# of Sites
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 78
Firewall/VPN
Infrastructure
Management
Application
Posture
Identity
IPS
Antivirus/Antispyware
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 80
Case Study/Example
Conclusion
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 81
Enterprise Network
End Points
Si Si Si Si Si Si
Si Si
Si Si
Si Si
Si Si
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 82
Agenda
Case Study/Example
Conclusion
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 84
Firewall/VPN
Infrastructure
Management
Application
Posture
Identity
IPS
Internet
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 85
Firewall/VPN
Infrastructure
Management
Application
Posture
Identity
IPS
Internet
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 86
Firewall/VPN
Infrastructure
Management
Application
Posture
Identity
IPS
Internet
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 87
Firewall/VPN
Infrastructure
Management
Application
Posture
Identity
IPS
Internet
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 88
DMZ
Firewall/VPN
Infrastructure
Management
Application
Posture
Identity
IPS
Internet
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 89
DMZ
Firewall/VPN
Infrastructure
Management
Application
Posture
Identity
IPS
Internet
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 90
Case Study/Example
Conclusion
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 91
Access
ACLs
Firewall Services Module
Si Si
Dist
Core Firewall/VPN
Si Si
Infrastructure
Management
Application
Posture
Identity
IPS
Mngt
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 92
Infrastructure
Management
Application
Posture
Identity
IPS
Mngt
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 93
Access
802.1x
NAC Appliance
Posture
Si Si
NAC Appliance
Dist
Core Firewall/VPN
Si Si
Infrastructure
Management
Application
Posture
Identity
IPS
Mngt
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 94
Access
Syslog – All
Netflow – All
SNMPv3 – All
Si Si
MARS
Dist
CSM
NAC Manager
Core Firewall/VPN
Si Si
Infrastructure
Management
Application
Posture
Identity
IPS
Mngt
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 95
Access
CSA
IPS 4200
Si Si
Dist
Core Firewall/VPN
Si Si
Infrastructure
Management
Application
Posture
Identity
IPS
Mngt
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 96
Case Study/Example
Conclusion
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 97
Agg
Firewall/VPN
Core
Infrastructure
Access
Management
Application
Posture
Identity
IPS
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 98
Core
Infrastructure
Access
Management
Application
Posture
Identity
IPS
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 99
Agg
Firewall/VPN
Core
Infrastructure
Access
Management
Application
Posture
Identity
IPS
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 100
Agg
Firewall/VPN
Core
Infrastructure
Access
Management
Application
Posture
Identity
IPS
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 101
Agg
Firewall/VPN
Core
Infrastructure
Access
Management
Application
Posture
Identity
IPS
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 102
Conclusion
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 103
ACLs Firewall/VPN
FWSM
Infrastructure
Dist IPSM Identity
MD5
NetFlow, Posture
Syslog, Management
SNMPv3
IPS
Core Firewall/VPN
Si Si
Infrastructure
Management
Application
Posture
Identity
IPS
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 104
ACLs
Firewall/VPN
FWSM
Infrastructure
Dist IPSM
MD5 Identity
NetFlow,
Syslog, Posture
SNMPv3 Management
Core IPS Firewall/VPN
Si Si
Infrastructure
Management
Application
Posture
Identity
IPS
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 105
Si Si
Infrastructure
Management
Application
Posture
Identity
IPS
BRKSEC-2000 Antivirus/Antispyware
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 106
Summary
Network security is a system
Must incorporate business needs, security policy, best
practices, risk analysis
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 107
Related Sessions
Identity and Access Control
SEC-2005 Deploying 802.1X
SEC-2007 Deploying Cisco IOS Security
SEC-2020 Firewall Design and Deployment
SEC-2041 Deploying Cisco Network Admission Control Appliance
Infrastructure Protection
SEC-2002 Understanding and Preventing Layer 2 Attacks
SEC-2101 Service Provider and Large Network Core Infrastructure Best Practices
SEC-2105 Router Security Strategies: Securing IP Network Traffic Planes
Threat Detection and Mitigation
SEC-2030 Deploying Network-Based Intrusion Prevention Systems
SEC-2031 Understanding Host-Based Threat Mitigation Techniques
Security Management
SEC-2006 Inside the Perimeter: 6 Steps to Improving your Security Monitoring
SEC-2009 Cisco Security Manager (CSM) and CS-MARS Integration and Deployment
SEC-3009 Operational firewall and IPS management using CSM and MARS
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 108
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 109
Recommended Reading
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 111
BRKSEC-2000
14339_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 112