《5G 部署中的整体安全性.pdf》由会员分享,可在线阅读,更多相关《5G 部署中的整体安全性.pdf(116页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveMunib Shah Principal ArchitectmunibshawsBRKSPM-2027Holistic Security in 5G Deployments 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webex App to chat with the speaker after the session
2、Find this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.1234https:/ 2023 Cisco and/or its affiliates.All rights reserve
3、d.Cisco Public3BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAbout Me-Live in Issaquah,Seattle(the bear country)Munib ShahMunib Shah4BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAbout Me5BRKSPM-2027 2023 Cisco and/or
4、its affiliates.All rights reserved.Cisco Public#CiscoLiveAbout Me-Live in Issaquah,Seattle(the bear country)-Role:Security advisor to Communication Service Providers in Japan,New Zealand,Australia,India and the US-Design security posture for 5G networksMunib ShahMunib Shah6BRKSPM-2027#CiscoLive 2023
5、 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgenda7Operating System/HypervisorHardwareNetworkInfrastructure5G CoreBRKSPM-2027#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaIntroduction5G Core Security Threat Landscape Threat Mitigation5G Security S
6、tandardsInfrastructure SecurityUse casesConclusion8BRKSPM-2027Introduction:5G Use Cases 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUse CasesEnhanced Mobile Enhanced Mobile BroadbandBroadband(eMBBeMBB)Massive Machine Type Communication(mMTC)Ultra-Reliable and Low Laten
7、cy Communication(uRLLC)Gigabytes in seconds3D video,UHD ScreensWork and Play in the cloud Augmented realityIndustrial AutomationSelf-driving CarsSmart Home/BuildingVoiceMission Critical,healthSmart City10BRKSPM-2027Introduction:Changes in the Architecture 2023 Cisco and/or its affiliates.All rights
8、reserved.Cisco Public#CiscoLive5G End to End DeploymentPacket CorePacket CoreRANRANxHaulxHaulxHaulxHaulgNBgNBTransportTransportEdgeEdgeMECMECInternetInternetIndicates enhancements with 5GIndicates enhancements with 5G12RAN:Radio Access NetworkRAN:Radio Access NetworkMEC:MultiMEC:Multi-access Edge Co
9、mputeaccess Edge ComputeBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOpen RANRUDUCUUPFN6N6BackhaulBackhaulN6N6BackhaulBackhaulMidhaulMidhaulFronthaulFronthaulRUDUDUCUUPFRU:Radio UnitRU:Radio UnitDU:Distributed UnitDU:Distributed UnitCU:Centralized UnitCU:Cen
10、tralized UnitUPF:User Plane FunctionUPF:User Plane FunctionBaseband unitBaseband unitCell SiteCell SiteAccessAccessEdgeEdgeAggregationAggregationCoreCoreInternetInternetMECMEC13BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe Shift to Cloud NativeService Orc
11、hestratorBaremetalVIMVNFVNFVNFService OrchestratorBaremetalKubernetesVNFCNFCNFVMKubevirt*114VIM:Virtual Infrastructure Manager VIM:Virtual Infrastructure Manager VNF:Virtual Network Function VNF:Virtual Network Function CNF:Container Network FunctionCNF:Container Network Function2BRKSPM-20275G Threa
12、t LandscapePerimeter 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveStarting at the perimeterPacket CoreRANTransportEdgeMECMECInternet17BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCoreFront HaulIn 10,000s across countryUEBreachin
13、g Perimeter Front Haul18UEUE:User Endpoint:User EndpointBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive5G Security Controls Front HaulFront HaulToRComputevDUAFPort SecurityDynamic ARP inspectionTrusted HardwareSecure DHCPToR Controls19ToRToR:Top of Rack:Top of
14、 RackvDUvDU:Virtualized Distributed Unit:Virtualized Distributed UnitAF:Application FunctionAF:Application FunctionCoreBRKSPM-2027Roaming 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRoamingRoamingRoaming21Packet CoreRANTransportEdgeMECMECInternetBRKSPM-2027 2023 Cisco
15、and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRoaming ThreatsVisiting PLMNHome PLMNAccess to Core functionsSignaling vulnerabilitiesInadequate ControlsUPFAMFSMFFraud($10.6B a year)*Denial of ServiceDisrupt Billing 22PLMN:Public Land Mobile NetworkPLMN:Public Land Mobile NetworkAMFA
16、MF:Access and Mobility:Access and Mobility Management FunctionManagement FunctionSMF:Session Management FunctionSMF:Session Management FunctionUPF:User Plane FunctionUPF:User Plane Function*2019 report by Europols European Cybercrime CentreBRKSPM-2027 2023 Cisco and/or its affiliates.All rights rese
17、rved.Cisco Public#CiscoLiveRoaming ThreatsAMFSMFUPFSEPPSMFAMFUPFSEPPN32Security Edge Protection Proxy(SEPP)Protect signaling traffic across operator networksAuthentication protectionSecure Application level security protocol on the N32 interfaceVisiting PLMN 5G CoreHome PLMN 5G Core23BRKSPM-2027 202
18、3 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRoaming ThreatsVisiting PLMN 4G CoreHSS/UDMSGW/AMFPGW/UPFPCFAMF/SGWUPF/SGWUDM/HSSHome PLMN 4G/5G CoreVisiting PLMN 5G Core3GPP SEPP24BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRoaming
19、ThreatsVisiting PLMN 4G CoreHSS/UDMSGW/AMFPGW/UPFPCFAMF/SGWUPF/SGWUDM/HSSHome PLMN 4G/5G CoreVisiting PLMN 5G Core3GPP SEPPGTP-FWDiameter FW25BRKSPM-2027DDoS 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDDoSPacket CorePacket CoreRANRANxHaulxHaulxHaulxHaulgNBgNBTransport
20、TransportEdgeEdgeMECMECInternetInternet27BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDDoSCUDUDUDDoSService Provider28BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDDoSCUDUDUDDoS29Service ProviderBRKSPM-2027 2023 Cisc
21、o and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDDoSCUDUDUDDoS30Service ProviderBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDDoSCUDUDUDDoSEdge31Service ProviderBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#C
22、iscoLiveDDoSCUDUDUDDoSPacket Core32Service ProviderBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDDoSInternetCUDUDURIUDDoSPacket CoreService ProviderPublic33BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive5G Security Con
23、trols-DDoSCUgNBDUDUAdjustable threshold Analytics algorithmsVolumetric anomaly detectionPacket Core34BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive5G Security Controls-DDoSPacket CorePacket CoreRANRANMidhaulMidhaulBackhaulBackhaulTransportTransportEdgeEdgeMEC
24、MECInternetInternet35BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive5G Security Controls-DDoSFrontHaul/MidhaulBackHaulCentralizedPacket CoreN6InternetAnti-DDoSController36BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive5G
25、 Security Controls-DDoS37UPFvCUvDUEdgevCUEdgeFar EdgevDUFar EdgeDDoSCGNATCisco Secure Edge ProtectionJune 6|1:00 pmBRKSPGBRKSPG-24012401Cisco Secure Edge Protection Protecting the 5G Edge against DDoS AttacksBRKSPM-20275G Core Enhancements 2023 Cisco and/or its affiliates.All rights reserved.Cisco P
26、ublic#CiscoLive5G Security Enhancements:mTLS,OAUTH39NSSFNEFAUSFPCFUDMNRFAMFSMFSCPSEPPSCPSEAF3GPP specificationOAUTH on the Service Based InterfacemTLS on the Service Based InterfaceNSSF:Network Slice Selection FunctionAUSF:Authentication Server FunctionPCF:Policy Control FunctionUDM:Unified Data man
27、agement NRF:Network Repository FunctionSEPP:Secure Edge Protection ProxyUPF:User Plane FunctionvDU:Distributed UnitvCU:Centralized UnitAF:Application FunctionAMF:Access and Mobility Function SMF:Session Management FunctionSCP:Secure Communication ProxyNEF:Network Exposure FunctionBRKSPM-2027 2023 Ci
28、sco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive5G Security Enhancements:NEF40NSSFNEFAUSFPCFUDMNRFAMFSMFSCPSEPPSCPSEAFNEF(Network Exposure Function)Enterprise AEnterprise BAFAFProvides access to the mobile core for third party servicesNeeds adequate API security protection and vi
29、sibility supportAPI GWBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive5G Core Signalling ImprovementsUPFvCUvDUEdgevCUEdgeFar EdgevDUFar EdgeDDoSCGNATControl PlaneDATA PATHControl PathvDU:Distributed UnitvCU:Centralized UnitSecGW:Security GatewayUPF:User Plane F
30、unctionSubscriber Privacy with SUCINF SEAF(Security Anchor Function)Improved protocols such as PDCPNF SCP(Secure Communication Proxy)NF AUSF(Authentication Server Function)41NF SEPP(Secure Edge Protection Proxy)BRKSPM-2027Where do you start?2023 Cisco and/or its affiliates.All rights reserved.Cisco
31、Public#CiscoLiveRisk AnalysisRisk Analysis to prioritize security controls that matter the most5234671234567Network Policy on the CoreContainer Runtime SecurityImage Signing at buildGTP compliance for roamingDiameter firewalls for LTEEncryption on F1-UIntegrity on F1-C113243BRKSPM-2027Infrastructure
32、 SecurityOperating System/HypervisorHardwareNetwork#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaDistribution of a 5G NetworkCloud Native LandscapeModel driven deploymentUse Case 1:SegmentationUse Case 2:Service Release ManagementUse Case 3:Secure OnboardingConclu
33、sion45BRKSPM-2027Distribution of a 5G network 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCoverageCentral DatacenterEdge DatacenterFar Edge Datacenter47BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCentral DCEdge DCFar Edge DC5G
34、 Telco deploymentFar Edge DC1000+locationsMicrosecond latencyCentral DC2-10+locationsEdge DC100+locationsMillisecond latency48BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAsset Coverage100,000+Assetsto manageand secure49BRKSPM-2027 2023 Cisco and/or its affi
35、liates.All rights reserved.Cisco Public#CiscoLiveOverall LandscapeApplication Function50AF:Application FunctionAF:Application FunctionBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOperating System/HypervisorHardwareApplication FunctionApplication ThreatsAFVul
36、nerability of one virtual assetNetwork ThreatsOperating System ThreatsHardware ThreatsCNF:Container Network FunctionVNF:Virtual Network FunctionPNF:Physical Network FunctionNF:Network FunctionNetwork51BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAsset Covera
37、ge100,000+Assetsto manageand secure52Operating System/HypervisorHardwareApplication FunctionNetworkBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive53How do you scale?BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOverall
38、LandscapeHolistic approach to scale54BRKSPM-2027The Cloud Native landscape 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Native introduces security complexity SecOps has to keep up with the speed of app development and have an integrated workflowKubernetes is not s
39、ecure by default;Traditional security tools dont meet the needs for cloud native app development56BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe state of microservices57Quarterly increase in API attacks,which will be the mostfrequent attack vector in the f
40、uture according to Gartner286%increase in API attacks93%of companies had a Kubernetes security incident in the last 12 monthsAverage cost of a data breach in 2022$4.35 millionBRKSPM-2027Model driven deployments 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat are decla
41、rative models?User declares the desired state of a resource59A controller or a system keeps the current state of the resources in sync with the declared desired stateBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat are declarative models?60apiVersion:v2acti
42、on:installnfType:cnfnfSubType:upfvlargelocation:DC2rack:bs2c1BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat are declarative models?61Deployment ControllerInfrastructureNetworkApplicationsAFapiVersion:v2action:installnfType:cnfnfSubType:upfvlargelocation:D
43、C2rack:bs2c1BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat are declarative models?62MidhaulMidhaulBackhaulBackhaulMECMECInternetInternetDeployment ControllerBRKSPM-2027Use Case 1:Segmentation 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publ
44、ic#CiscoLive5G Core Trust ModelNSSFNRFAFNEFAMFSMFSCPSEPPTrust Layer 2Trust Layer 3AUSFPCFUDMTrust Layer 1Segmentation Policy(*derived from 3GPP 1975-sec_5g)NSSF:Network Slice Selection FunctionAUSF:Authentication Server FunctionPCF:Policy Control FunctionUDM:Unified Data management NRF:Network Repos
45、itory FunctionSEPP:Secure Edge Protection ProxyUPF:User Plane FunctionvDU:Distributed UnitvCU:Centralized UnitAF:Application FunctionAMF:Access and Mobility Function SMF:Session Management FunctionSCP:Secure Communication ProxyNEF:Network Exposure FunctionService Based Interface(HTTP/S)64BRKSPM-2027
46、 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhere do you apply segmentation?NSSFNRFAUSFPCFUDMAFNEFAMFSMFSCPSEPP65BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhere do you apply segmentation?NSSFNRFAUSFPCFUDMAFNEFAMFSMFSCPSEPP6
47、6nicNetworkKernel SpaceBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInterface typesAFCNIKernel SpaceBaremetalpNICeth067AFOVSSwitchpNICnet0eth0AFpNICnet0eth0sriovVFNetworkK8s Network policyOVS Security Groups-ACI contracts-L3-L7 FirewallBRKSPM-2027 2023 Cisco
48、 and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe if statementK8s Network PolicyOVS Security GroupL3/L7 FirewallACI ContractsService Mesh ifinterface=CNIinterface=OVSinterface=SRIOV68BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUplevelling
49、 to CNFK8s Network PolicyOVS Security GroupL3/L7 FirewallACI ContractsService Mesh ifinterface=N4interface=N2interface=N669ifCNF=SMFCNF=AMFCNF=UPFDeployment ControllerBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveI would like to deploy a UPFOSSOperational Sup
50、port System70BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive71How does this look like on OSSK8s Network PolicyOVS Security GroupL3/L7 FirewallACI ContractsService Mesh Which location?rack:,compute:,interface:dc2fe201rc01,c02,eth01BRKSPM-2027 2023 Cisco and/or
51、its affiliates.All rights reserved.Cisco Public#CiscoLiveThe role of OSSOSSIntentLocationComputePort TypeSupported Control72BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOSSOSSIntentResource DefinitionInfrastructureNetworkApplicationsAFSecurity Embedded73Depl
52、oyment ControllerapiVersion:v2action:installnfType:cnfnfSubType:upfvlargelocation:DC2rack:bs2c1segmentation:CalicoBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOSSOSSIntentResourceDefinitionInfrastructureNetworkApplicationsAF74Deployment ControllerapiVersion:
53、v2action:installnfType:cnfnfSubType:upfvlargelocation:DC2rack:bs2c1segmentation:CalicoSMFBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOSSOSSIntentResourceDefinitionInfrastructureNetworkApplicationsAF75Deployment ControllerapiVersion:v2action:installnfType:cn
54、fnfSubType:upfvlargelocation:DC2rack:bs2c1segmentation:L3 FWUPFBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSummary of Use Case 1To scale segmentation,embed security policies into deployment automation using declarative models76BRKSPM-2027Use Case 2:Service
55、Release Management 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplication deployment flowCodeBuildArtifactStorageDeployBaremetalNFViAFDatacenterImageIntegrationDeployment78BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVulnerabi
56、lities in Application deployment flowCodeBuildArtifactStorageDeployBaremetalNFViAFImageIntegrationDeployment-Vulnerabilities in libraries and dependancies-Bad coding practices(Passwords,Secrets)-Code MisconfigurationsDatacenter79BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco
57、Public#CiscoLiveVulnerabilities in Container deployment flowCodeBuildArtifactStorageDeployBaremetalNFViAFDatacenterImageIntegrationDeployment-Vulnerabilites in libraries-New field vulnerabilities-Untrusted images-Configuration defects80BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved
58、.Cisco Public#CiscoLiveVulnerabilities in Container deployment flowCodeBuildArtifactStorageDeployBaremetalNFViAFDatacenterImageIntegrationDeployment-Vulnerabilites on the Host System-Shared kernel-Resource allocation81BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisc
59、oLiveVulnerabilities in Container deployment flowCodeBuildArtifactStorageDeployBaremetalNFViAFDatacenterImageIntegrationDeployment-Supply Chain Vulnerabilities82BRKSPM-2027Reducing the threat surface 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Native Application
60、Protection PlatformCode RepoImage buildRuntimeCNAPPCisco Panoptica-Code Scan-Software BOM-Image Verification-Vulnerability Scan-Admission Control-Runtime Vulnerabilities84BRKSPM-2027An example of Admission Control 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAdmission C
61、ontrolCodeBuildArtifactStorageDeployBaremetalNFViAFImageIntegrationDeploymentDatacenter86Admission ControlCreate guardrails in terms of customized policies to control runtime processesBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAdmission ControlCodeBuildArt
62、ifactStorageDeployImageIntegrationDeployment87No segmentation policy definedAdmission ControlVerify if deployments have security embeddedBaremetalNFViDatacenterBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Panoptica88BRKSPM-2027 2023 Cisco and/or its af
63、filiates.All rights reserved.Cisco Public#CiscoLiveSummary of Use Case 2Build using CI/CD on Cloud Native principles and use a CAPP to automate security across application development lifecycle.89BRKSPM-2027Use Case 3:Secure Onboarding 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publi
64、c#CiscoLiveVulnerabilities in Application FunctionsBaremetalNFViAFDatacenter-Local or Default passwords-Expired Certificates-Non-compliance to standards-Running unwanted services-Vulnerable configurations-No Audit logs91BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Ci
65、scoLiveReducing the threat surfaceBaremetalNFViAFDatacenterLogging to SOCIntegrated to PKIIntegrated to VaultVulnerability TestingPenetration TestingHardened ConfigCompliance TestingChange Management92BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveReducing the
66、 threat surfaceBaremetalNFViAFDatacenterLogging to SOCIntegrated to PKIIntegrated to VaultVulnerability TestingPenetration TestingHardened ConfigCompliance TestingChange Management93BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow do we do this?Central Datac
67、enterEdge DatacenterFar Edge Datacenter100,000+Assetsto manageand secure94BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow do we do this?Central DatacenterEdge DatacenterFar Edge Datacenter100,000+Assetsto manageand secureEnterprise 2SliceEnterprise 1Slice95
68、BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow do we reduce the threat surfaceAFProduct Onboarding ProcessVendor ProductIntegration to SOCIntegration to PKIIntegration to VaultSecurity TestingHardened ConfigCustomized TestingResource Definition ModelsOSS96
69、BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeploying FunctionsBaremetalNFViAFSOCPKIVaultTestingConfig ComplianceDatacenterCrawl97Resource Definition ModelsOSSDeployment ControllerBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public
70、#CiscoLiveResource Definition ModelsOSSBaremetalNFViAFSOCPKIVaultTestingConfig ComplianceDatacenterDeploying FunctionsCrawl98Deployment ControllerBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBaremetalNFViFWWAFSSLLBDMZ StackSOCPKIVaultTestingConfig Compliance
71、DatacenterDeploying SolutionsWalk99Resource Definition ModelsOSSDeployment ControllerBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBaremetalNFViFWWAFSSLLBDMZ StackSOCPKIVaultTestingConfig ComplianceDatacenterDeploying SolutionsWalk100Resource Definition Model
72、sOSSDeployment ControllerBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCentral DCEdge DCFar Edge DCResource Definition ModelsOSSEdge DCFar Edge DCThe Slicing use case Run101Deployment ControllerBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.
73、Cisco Public#CiscoLiveCentral DCEdge DCFar Edge DCResource Definition ModelsOSSEdge DCFar Edge DCSecurity IntegrationEmbeddedRunThe Slicing use case 102Deployment ControllerBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCentral DCEdge DCFar Edge DCResource Def
74、inition ModelsOSSEdge DCFar Edge DCRunThe Slicing use case 103Deployment ControllerBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSummary of Use Case 3Use Declarative model driven automation to build and integrateapplication functions with your security infras
75、tructure 104BRKSPM-2027Conclusion 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConclusionTo manage a highly dynamic and distributed 5G network,Model driven automated security is not just a convenience but a requirement106BRKSPM-2027 2023 Cisco and/or its affiliates.All
76、rights reserved.Cisco Public#CiscoLiveResourcesEU coordinated risk assessment of 5G networks security:https:/ec.europa.eu/commission/presscorner/detail/en/ip_19_60495G security blog:https:/ Trust 5GC security:https:/ in 5G security:https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco P
77、ublic#CiscoLiveFrom technology training and team development to Cisco certifications and learning plans,let us help you empower your business and Learning and CertificationsHere at the event?Visit us at The Learning and Certifications lounge at the World of SolutionsPay for Learning with Pay for Lea
78、rning with Cisco Learning Credits Cisco Learning Credits(CLCs)are prepaid training vouchers redeemed directly with Cisco.Cisco Training BootcampsIntensive team&individual automation and technology training programsCisco Learning Partner ProgramAuthorized training partners supporting Cisco technology
79、 and career certificationsCisco Instructor-led and Virtual Instructor-led trainingAccelerated curriculum of product,technology,and certification coursesCisco Certifications and Specialist CertificationsAward-winning certification program empowers students and IT Professionals to advance their techni
80、cal careersCisco Guided Study Groups180-day certification prep program with learning and supportCisco Continuing Education ProgramRecertification training options for Cisco certified individualsLearnCisco U.IT learning hub that guides teams and learners toward their goalsCisco Digital LearningSubscr
81、iption-based product,technology,and certification trainingCisco Modeling LabsNetwork simulation platform for design,testing,and troubleshootingCisco Learning Network Resource community portal for certifications and learningTrainCertify108BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserv
82、ed.Cisco Public#CiscoLiveJune 4|2:00 pmTECSPGTECSPG-24322432New Adventures in Wireless:The Journey of WiFi6 and Private 5G Networks for the EnterpriseJune 5|8:30 amBRKSPGBRKSPG-20422042Architecting Private 5G for resiliency,security,and enterprise network convergenceJune 5|10:30 amBRKSPMBRKSPM-10061
83、006The 5G System as a Spectrum Management SolutionJune 7|2:30 pmPSOGENPSOGEN-10331033Unlock business outcomes from connectivity with a Private 5G solutionStartStartCisco Private 5G Learning Map109June 5,|8:00 amBRKSECBRKSEC-20852085Architecting Enterprise Security in a Wi-Fi plus Private 5G WorldJun
84、e 5|11:00 amBRKENSBRKENS-29502950Is your Enterprise Network Ready for P5G June 8|09:30 amBRKSPGBRKSPG-204420445G Use Cases Flight Line of the Future and Smart Warehouse June 6|3:00 pmBRKEWNBRKEWN-20302030WiFi6 and Private 5G for the Enterprise a Better Together JourneyJune 8|1:00 pmBRKGENBRKGEN-2001
85、2001Cisco P5G-A Robust and Secure ArchitectureFinishFinishJune 8|01:00 pmIBOSPGIBOSPG-20072007Getting Started with Private 5GJune 7|4:00 pmBRKSPGBRKSPG-30043004Monolithic or Polylithic packet cores?The case for specialized use-case-based mobile packet coresJune 5|11:30 amPSOSPGPSOSPG-10021002Leading
86、 Your Digital Transformation with Cisco Private 5G Network OfferBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveJune 4|9:00 amTECIOTTECIOT-25842584Designing IoT Wireless NetworksJune 5|1:00 pmBRKSPGBRKSPG-20632063Design,Deploy and Manage Transport Slicing using
87、 SDN Controller and AssuranceJune 5|1:00 pmBRKARCBRKARC-20942094Hiking the Band Canyon with 5G:New Use Cases,New Business Outcomes June 6|10:30 amBRKSPGBRKSPG-23152315Cloud-Ready Converged SDN TransportStartStartCisco 5G Learning Map110June 5,|8:30 amBRKNWTBRKNWT-22032203Automation-first Approach to
88、 Network Infrastructure Modernization for 5G&BeyondJune 5|2:30 pmBRKSPGBRKSPG-10021002Dont Just Connect,Grow your IoT Business with Cisco IoT Cellular Connectivity ManagementJune 6|2:30 pmIBOSPMIBOSPM-203020305G Transport Design Considerations Combining Onsite and Cloud-Based DeploymentsJune 7|10:30
89、 amBRKSPGBRKSPG-21332133Evolution of the Transport Network Architecture in the Context of 5G and Open RANJune 6|4:00 pmBRKSPMBRKSPM-20272027Holistic Security in 5G DeploymentsJune 6|1:00 pmBRKSPGBRKSPG-24012401Cisco Secure Edge Protection Protecting the 5G Edge against DDoS AttacksJune 5|3:00 pmBRKI
90、OTBRKIOT-11261126Connecting Moving Assets with Cisco IoT Solutions June 8|8:30 amBRKSPGBRKSPG-30503050Synchronizing 5G Mobile NetworksBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveJune 8|10:30 amBRKNWTBRKNWT-23012301DevNetOps Automation Approach to Network In
91、frastructure Modernization for 5G and BeyondJune 8|1:00 pmBRKMERBRKMER-20012001Postcards from the 5G Edge:Meraki Cellular GatewaysCisco 5G Learning Map111June 8,|11:00 amBRKSPGBRKSPG-20402040Troubleshooting 5G ArchitecturesFinishFinishJune 8|9:30 amIBOSPGIBOSPG-20062006DISH Wireless,Worlds first 5G
92、Network with a Hybrid CloudBRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!These points he
93、lp you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.112BRKSPM-2027 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco S
94、howcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive115
95、Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:1234115 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSPM-2027#CiscoLive