建立和維護對服務提供商網絡的信任.pdf

1、#CiscoLive#CiscoLiveRakesh Kandula,Technical Marketing EngineerBRKSPG-2868Building&Maintaining Trust in Service Provider Networks 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public3BRKSPG-2868About MeTechnical Marketing Engineer Cisco15+Years in CiscoCurrent Focus AreasTrustworthy Sys

2、temsPlatform Security ChipsSecure BootPost Quantum SecurityDDoS Solutions,etc.Outdoor enthusiast&marathoner who loves trail ultrasAgenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicTrustworthy Platforms OverviewIOS-XR Operational SecurityQuantum Safe SecurityConclusionBRKSPG-286

3、84 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 5Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go dir

4、ectly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12345https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSPG-2868 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveT

5、hreat Landscape For Service Provider NetworksBRKSPG-28686Untrusted Remote LocationsGlobal ScaleSupport Critical InfrastructureLoss of RevenueBrand Reputation LossImpact to SLAsLegal ImplicationsImpact of Attacks on Service ProvidersDeployment Challenges For Service ProvidersTrustworthy Platforms Ove

6、rview 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCiscos Trustworthy Platforms OverviewBRKSPG-28688TrustworthyTrust Begins in HardwareTrust Anchor Module with anti-counterfeit designEnabling Trust in the Network OSHardware Anchored Cisco Secure Boot,Chip GuardMaintaini

7、ng Trust at RuntimeRun-time Defenses,Config Encryption,DDoS Protection Visualize and Report on TrustTrust Dossier&Crosswork Trust Insights 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive9Enabling Trust in Hardware Ciscos TAm*ChipBRKSPG-2868PKPKKEKKEKdbCiscodbxCiscoRevoked

8、 KeysValid KeysMicroloaderPK,KEKUEFI DB/DBxImprint DBCerts Repo(SUDI,AIK etc.)On-Chip Secure storageTAmTAmUEFI Secure Boot specificationUEFI Compliant Key Storage/ManagementProvides Chip Guard functionalityProvides unique device identityStores additional keys,certs,flags,etc.Anchor for Secure boot*T

9、rust Anchor ModuleIOS-XR Operational Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIOS-XR Operational Security FeaturesBRKSPG-286811Data ProtectionData-at-rest protection&data sanitizationOwnership Ownership CertificateCertificateOwnership EstablishementOwnershi

10、p Vouchers&MASA ServiceConsent Based Security FeaturesAdditional consent for critical security featuresCounterfeit ProtectionSUDI Authentication For Hardware IntegrityBRANDBRAND 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIOS-XR Operational Security FeaturesBRKSPG-2868

11、12Data ProtectionData-at-rest protection&data sanitizationOwnership Ownership CertificateCertificateOwnership EstablishementOwnership Vouchers&MASA ServiceConsent Based Security FeaturesAdditional consent for critical security featuresCounterfeit ProtectionSUDI Authentication For Hardware IntegrityB

12、RANDBRAND 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSPG-286813Config Encryption For RoutersProvides data-at-rest protectionEncrypts disk partition holding configuration data12Encryption key protected by TAm3Zeroization CLI for RMA scenarios4 2023 Cisco and/or its affiliates

13、.All rights reserved.Cisco Public#CiscoLive14Data Protection and the missing elementBRKSPG-2868Data In TransitData At RestData In UseAnd 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive15Data Protection and the missing elementBRKSPG-2868Data In TransitData At RestData In U

14、seData Sanitization 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSPG-286816Data SanitizationSetup de-commissioning process for data-bearing componentsUse IOS-XRs factory reset feature12Statement of Volatility available on Trust portal guide3Data sanitization must be part of yo

15、ur organizations data security policies 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIOS-XR Operational Security FeaturesBRKSPG-286817Data ProtectionData-at-rest protection&data sanitizationOwnership Ownership CertificateCertificateOwnership EstablishementOwnership Vouc

16、hers&MASA ServiceConsent Based Security FeaturesAdditional consent for critical security featuresCounterfeit ProtectionSUDI Authentication For Hardware IntegrityBRANDBRAND 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat is Ownership Establishment?BRKSPG-286818Transpor

17、t AuthorityCustomerPhysical World ExamplePurchases a carCar delivered to customerChassis S/N+Receives registration cardCustomer Ownership EstablishedInitiate registration requestCustomer SSN,etc.Car DealerOwner identity verified 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisco

18、LiveWhat is Ownership Establishment?BRKSPG-286819CustomerNetworking World ExamplePurchases a routerRouter S/N+Validate ownershipReceives ownership voucherCustomer Ownership EstablishedInitiate Ownership Voucher requestOwner CertificateRouter delivered to customerInstall ownership voucher on the rout

19、erTransport AuthorityMASA ServiceMASA ServicebecomesRouter S/NOwner CertificateOwnership VoucherChassis S/NSSN/user identityRegistration CardbecomesbecomesbecomesMASA-Manufacturer Authorized Signing Authority 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSPG-286820Own

20、ership Voucher(O.V)(RFC 8366)Reference:https:/tools.ietf.org/html/rfc8366Yang model for O.V.Ownership Voucher is an artifact coming from the manufacturer(MASA*)of the router being bootstrapped into the network.*MASA Manufacturer Authorized Signing AuthorityJSON artifact modeled as shown in YANG and

21、signed using a CMS structure.The primary purpose of an Ownership Voucher is to securely convey a customer provided certificate,the Pinned-Domain-Cert”(PDC)to the router being onboarded.Pinned-domain-cert(PDC):The owner cert is rooted to the chain of trust leading to the pinned-domain cert.This means

22、 PDC can be the root cert for OC or an intermediate cert for OC or the same as OC(self-signed).2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow To Establish Ownership?Automated MASA Service WorkflowBRKSPG-286821MASA BackendCustomer premisesZTP OR Management ServerAudit

23、log123,56789HSM4MASA-Manufacturer Authorized Signing AuthorityServer using MASA APIsMASA ServiceValidate the S/N&log the requestSign the OVsProvision OVs on RoutersMASA DemoWhy Establish Ownership?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOwnership Establishment Use

24、casesBRKSPG-286824Application SigningOnboard Key Package for Signed AppsSecure Zero Touch Provisioning(SZTP)RFC8572 compliant secure zero touch provisioning of routersConsent Based Security FeaturesAdditional consent for critical security features 2023 Cisco and/or its affiliates.All rights reserved

25、.Cisco Public#CiscoLiveOwnership Establishment Use casesBRKSPG-286825Application SigningOnboard Key Package for Signed AppsSecure Zero Touch Provisioning(SZTP)RFC8572 compliant secure zero touch provisioning of routersConsent Based Security FeaturesAdditional consent for critical security features 2

26、023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive26Application Signing Use case Step#1BRKSPG-2868Factory-shipped Initial StateCisco Public KeyCustomer Private KeyCustomer Public KeyOwnership Established StateManagement ServerCustomer PremisesOwnership Voucher RequestOwnershi

27、p Voucher1.The router has only Ciscos public key2.This key can verify only Cisco signed artefacts3.Customer signed artefacts cannot be verified at this stage 1.The router now has Ciscos&customer public keys2.The customer key will be used to verify signed artefacts from customers like signed apps3.Mu

28、ltiple keys can be onboarded using key packagesMASA Service 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive27Application Signing Use case Step#2BRKSPG-2868Cisco Public KeyCustomer Private KeyCustomer Public KeyCustomers Build ServerCustomers Management ServerCustomer Sign

29、ed AppsInstall Signed Apps1.Customers can build their apps in their own environment and sign them with their own private key.2.The signed customer app can then be installed on the router through their management or provisioning servers.3.The same ownership key can be used to sign the apps or custome

30、rs can create different keys for each of their use cases.4.Multiple keys can be onboarded on the router using key packages once the ownership is established.5.Customers can sign their own key packages with the ownership key 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveO

31、wnership Establishment Use casesBRKSPG-286828Application SigningOnboard Key Package for Signed AppsSecure Zero Touch Provisioning(SZTP)RFC8572 compliant secure zero touch provisioning of routersConsent Based Security FeaturesAdditional consent for critical security features 2023 Cisco and/or its aff

32、iliates.All rights reserved.Cisco Public#CiscoLive29CLI Challenge/Response Consent WorkflowBRKSPG-2868Network AdminNetwork Admin1)Enable/Disable a feature5d9474c0309b7ca09a182d888f73b37a8fe1362cccf271b7830882da1791852baeca1737fcbe4b90d3964f9dad9f60363c81b688324d95b4ec7c80382)Generate unique nonce5)V

33、alidate&enable/disable the featureIOSIOS-XRXRSigning Service Customer/Cisco(HSM)3)Send nonce for signing4)Return signed nonceOff-box workflowOn-box workflowCustomers Public Key*Customers Private Key*Applicable for Customer Consent Only 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publi

34、c#CiscoLive30Consent Based Security FeaturesBRKSPG-2868Re-Image ProtectionProvides re-image protection for routers to deter theftsGating Lawful InterceptionAbility to control enable/disable of Lawful InterceptionDisabling Secure ZTPConsent to downgrade the security posture of Zero Touch Provisioning

35、(ZTP)Factory ResetConsent to perform factory reset,manufacturing key restore,etc.And moreRESET 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive31Consent Based Security FeaturesBRKSPG-2868Re-Image ProtectionProvides re-image protection for routers to deter theftsGating Lawf

36、ul InterceptionAbility to control enable/disable of Lawful InterceptionDisabling Secure ZTPConsent to downgrade the security posture of Zero Touch Provisioning(ZTP)Factory ResetConsent to perform factory reset,manufacturing key restore,etc.And moreRESET 2023 Cisco and/or its affiliates.All rights re

37、served.Cisco Public#CiscoLiveRe-Image Protection For RoutersConsent Based Security Features Use case BRKSPG-2868321.Increasing incidents of cell site routers in remote locations being stolen2.The stolen routers are factory reset by booting through USB or PXE boot that erases the older running config

38、 too3.These routers are then sold in illegal markets4.Some incidents involve rogue internal employees too 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSPG-2868331.New XR CLI with additional consent to disable USB/PXE boot2.Store the flag in the tamper-resistant on-chip TAm sec

39、ure storage3.Persistent across disk erasure&reload4.BIOS disables USB/PXE boot if flag is enabledWorkflowRe-Image Protection For Routers 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive34Re-Image Protection Consent WorkflowBRKSPG-2868Network AdminNetwork Admin1)Enable/Disa

40、ble Re-Image Protection5d9474c0309b7ca09a182d888f73b37a8fe1362cccf271b7830882da1791852baeca1737fcbe4b90d3964f9dad9f60363c81b688324d95b4ec7c80382)Generate unique nonce5)Validate&enable/disable the protectionIOSIOS-XRXRSigning Service Customer/Cisco(HSM)3)Send nonce for signing4)Return signed nonceOff

41、-box workflowOn-box workflowCustomers Public Key*Customers Private Key*Applicable for Customer Consent Only 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive35Recovery Utility in BIOSBRKSPG-2868BIOSPXEPXECustomer Signing ServiceCustomer Signing Service(HSM)(HSM)Ciscos Signi

42、ng ServiceCiscos Signing Service(HSM)(HSM)ENABLE USB/PXE BOOTENABLE USB/PXE BOOTCLEAR TAM SECURE OBJECTSCLEAR TAM SECURE OBJECTSCLEAR CUSTOMER KEYSCLEAR CUSTOMER KEYSENABLE USB/PXE BOOTENABLE USB/PXE BOOTCustomer RecoveryCustomer RecoveryRecovery at CiscoRecovery at CiscoCONSENT TOKENCONSENT TOKEN 2

43、023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIOS-XR Operational Security FeaturesBRKSPG-286836Data ProtectionData-at-rest protection&data sanitizationOwnership Ownership CertificateCertificateOwnership EstablishementOwnership Vouchers&MASA ServiceConsent Based Security F

44、eaturesAdditional consent for critical security featuresCounterfeit ProtectionSUDI Authentication For Hardware IntegrityBRANDBRAND 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive37BRKSPG-2868Secure Unique Device Identity(SUDI)Unique cryptographic key embedded in hardware

45、trust anchor module within every IOS XR RouterSecure Unique Device Identifier(SUDI)Provides 802.1AR Secure Device IdentityImmutable key imbedded in Trust Anchor Module at time of manufactureSigned by Cisco for proof of authenticityIncludes PID and Serial number of deviceCryptographically strong iden

46、tification of remote hardwareEstablishes unique,immutable hardware identity“How do I know this is really my router?”2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSUDI Workflow For Hardware Integrity ValidationBRKSPG-286838MANAGEMENT SERVERROUTER IN A REMOTE LOCATION121.C

47、ustomer challenges the remote router with a unique nonce to provide its SUDI certificate.2.Router responds back with the SUDI certificate chain signed by the device unique SUDI private key.3.Verify the SUDI response using the verification steps listed on the right.SUDI Verification Steps1.Fetch the

48、Root CA&SUDI sub-CA from *2.Verify the SUDI leaf certificate of the device using the root&Sub-CA certs3.Verify the signature of the SUDI response using the public key extracted from the SUDI leaf cert4.Extract the PID&SN from the certificate after validation*Links to Root CA&Sub-CA3 2023 Cisco and/o

49、r its affiliates.All rights reserved.Cisco Public#CiscoLive39SUDI Based CLI Signature UtilityBRKSPG-2868IOS-XR supports a CLI signature utility based on SUDI private key1.Any IOS-XR CLI output can be signed by SUDI private key using the signature utility2.This is to ensure the output is from a genui

50、ne device and not a replay from meddler-in-the-middle(MITM)attack3.The signature of the signed CLI response can be validated first using the SUDI public key before consuming the CLI output 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive40SUDI Based CLI Signature Utility-E

51、xampleBRKSPG-2868RP/0/RP0/CPU0:Galapagos#show version|utility sign nonce ABCDTue Mar 7 06:31:00.071 UTCcli-output:Cisco IOS XR Software,Version 7.4.1 LNTnCopyright(c)2013-2021 by Cisco Systems,Inc.nnBuild Information:n Built By:ingunawan Built On:Wed Aug 04 08:28:43 UTC 2021n Build Host:iox-lnx-021n

52、 Workspace:/auto/srcarchive17/prod/7.4.1/ncs540l-aarch64/wsn Version:7.4.1n Label:7.4.1nncisco NCS540Lncisco N540X-8Z16G-SYS-A processor with 8GB of memorynGalapagos uptime is 6 weeks,6 days,19 hours,9 minutesnCisco NCS 540 Series Fixed Router 12x1G,4xCu,8x1/10G,ACnn,signature-envelop:nonce:ABCD,sig

53、nature-version:02,sudi-signature:Ugj00 x78n3hXD1nzymEOpUsR143N3Zgz8g15m40eQmrO6yQ0etqGM+10vkSEoz9zTnQ+qicufZyp+Vx4MRLagnFXOoQubAY94CB/85qmrLi1is9phjPJ0uDhK5bpF8bQZtZbQ3PcLOyfx1sG8Gk13I0 xQaWdgbB1daz3setsjHkjvHzFSu2aTtKW+DdZSUOxOaCXgSxazwDbE/v826Lng31JzFfgh9SLQEijp3IfdmKFeRpdK4fOSZN1tXdwlfXRo2YpRPEf9

54、oPEYXI91/b5Bjaz+kCamGintVeqV5XiBxLvpVLtxIymoZtJuDdX/NYe/5UGtjG/wAMcgbN/1JKlBQ=Quantum Safe Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive42BRKSPG-2868People are making incremental efforts in developing a Quantum Computer.Once they have one which is sufficiently

55、large and reliable,they could use it to Break Current Encryption!(public key algorithms)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive43Quantum Computing Impact on CryptographyBRKSPG-2868Secure Session Secure Session(MACsec/IPsec/TLS)AuthenticationKey EstablishmentData E

56、ncryption&IntegrityPublic-privateKey-pairsSharedSession keyBased on mathematically related public-private key-pairsUsed for control plane operationsAuthentication,Key establishmentExample:RSA,DH,ECCAsymmetric CryptographySymmetric CryptographyBased on shared keyUsed for bulk data encryption&integrit

57、yProtection level based on key strength Key size&entropyExample:AES-GCMQuantum-Resistant?Large reliable Quantum computers can break RSA,DH,ECC!Symmetric crypto with large and high-entropy keys is resistant to Quantum computer attacks 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#

58、CiscoLive44Available OptionsBRKSPG-2868Replace current public key algorithms with new onesStill need to vet the algorithms and update the protocolsUse Quantum Mechanics to protect the dataSerious limitationsLong symmetric keys are Quantum SafeIssues with distributing keys and trustSymmetric Cryptogr

59、aphyQuantum Key DistributionPostquantum Cryptography 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive45BRKSPG-2868Quantum-Safe MACsec Symmetric CryptographyPrePre-Shared Key(PSK)Shared Key(PSK)Site 1Site 1Site 2Site 2Manual PSKManual PSKPeer#1Peer#2Quantum-Resistant MACsec

60、LimitationsLimitations Operational Overhead1.Manual configuration of same PSK on both sides2.Manual key rotationKey entropy,length concerns1.MACsec with PSK option is already supported and used by customers.2.There is no need for additional hardware(like QKD)or software upgrade.3.Quantum safe as thi

61、s is based on symmetric cryptography which is Quantum resistant.Pre-Shared Key(PSK)Option 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive47BRKSPG-2868Quantum Key Distribution OptionsSecure Session Secure Session(MACsec/IPsec/TLS)AuthenticationKey EstablishmentData Encrypt

62、ion&IntegrityPublic-privateKey-pairsSharedSession keySecure Session Secure Session(MACsec/IPsec/TLS)AuthenticationKey EstablishmentPublic-privateKey-pairsSoftware OptionExternal QKD Hardware with Ciscos SKIP(Secure Key Import Protocol)Hardware OptionCiscos SKS(Session Key Service)server on a router

63、2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive48BRKSPG-2868Quantum Key Distribution OptionsCiscos Session Key Service(SKS)OptionSKS EngineIOS-XR Router1.SKS engine on the router generates the keys2.No additional hardware required3.The SKS engine must be seeded with the s

64、ame seed on both the peers4.The seed is protected by McEliece cryptosystem which is quantum resistant5.Only key-id is sent on the wire,and the peer derives the key from its local SKS enginePeer-1Peer-2SKS ServerSKS ClientStep#1Generate McEliece Key PairStep#2Generate seed for SKS engineStep#3Export

65、McEliece Public KeyStep#4Encrypt the seed with clients public keyExport Encrypted SeedStep#5Step#6Decrypt&Import the seed to SKS engineReady For Key NegotiationSKS Engine Seeding StepsSKS Engine Seeding Steps 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive49BRKSPG-2868Qua

66、ntum Key Distribution OptionsExternal QKD Hardware With Ciscos Session Key Import Protocol(SKIP)QKD HardwareIOS-XR Router1.Dedicated hardware to generate the session keys and key-ids2.The QKD hardware for a given pair of devices would be in-sync3.Each peer fetches the key&key-id from the QKD hardwar

67、e over a TLS connection4.Only key-id is sent on the wire,and the peer fetches the key from the QKD hardwarePeer-1Peer-2Step#2Use Step#3Both peers derive the same keySKIPServerClientFetch from QKD hardwareStep#1Fetch from QKD hardware using 2023 Cisco and/or its affiliates.All rights reserved.Cisco P

68、ublic#CiscoLive50BRKSPG-2868Quantum-Safe MACsecQuantum Key Distribution OptionsSAKs from SKS via SKIP APISAKs from SKS via SKIP APISite 1Site 1Site 2Site 2Peer#1Peer#2Quantum-Resistant MACsec Quantum safe key generation Auto-key management Auto-key refresh,entropy One-time additional manual stepSKIP

69、 APICisco SKSSKIP APICisco SKSCisco SKS Server1.Software-based key source2.No dedicated circuit or distance limitations3.No additional hardware requirement4.No additional cost5.Supported from IOS-XR 7.4.1 releaseSAKs from QKD via SKIP APISAKs from QKD via SKIP APISite 1Site 1Site 2Site 2Peer#1Peer#2

70、Quantum-Resistant MACsec Quantum safe key generation Auto-key management Auto-key refresh,entropySKIP APIQKDQuantum ChannelSKIP APIQKDExternal QKD Hardware1.Hardware-based key source2.Dedicated optical fiber(up to 100km supported)3.QKD hardware per-site/peer4.Very expensive5.Supported from IOS-XR 7.

71、9.1 releaseSAK Security Association KeyConclusion 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public52BRKSPG-2868Key TakeawaysTRUSTWORTHY VENDOROPERATIONAL SECURITYQUANTUM SAFE SECURITY 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive53BRKSPG-2868Session on

72、New DDoS Solution 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive54BRKSPG-2868Interactive Breakout Session on SecurityIBOSPG-2000Lets Talk Security:A Service Providers Perspective06/08/23 11 AM 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFil

73、l out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!55BRKSPG-2868These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will

74、also earn 100 points in the Cisco Live Challenge for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capt

75、ure the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive58Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123458 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSPG-2868#CiscoLive