Integrated Network Security With The Catalyst 6500 Series Seminar - Cisco
Cisco Systems
Integrated Network Securitywith Catalyst 6500 SeriesMartin Langloismalanglo@cisco.com 2002, Cisco Systems, Inc. All rights reserved.2
Traditional Security Solutions AreTargeting Networks of Five Years AgoClosed NetworkPSTNRemote SiteFrame RelayX.25Leased LinePSTN Simple, Static, Isolated & Trusted Environments Few Public WAN Connections to be Secured Host Security with Anti-Virus 2002, Cisco Systems, Inc. All rights reserved.3
Today’s Extended Enterprise NetworksPosing New Security commuterInternetCustomersMobile UserPSTNFrame RelayX.25Leased LineTelecommuterMobile UserPSTNBranchOffice 2002, Cisco Systems, Inc. All rights tners4
Networks of New Millennia- Posing New Security Challenges Blending of Public & Private NetworkingInfrastructure Increase in # of Distributed WANConnections Changing Profile of Campus Networks– New Access Methods (WLAN,IP Telephony)– Mobility More Complex Security Attacks TargetingComplex Networks & SophisticatedServices Everyone is a Threat Everything is a Target 2002, Cisco Systems, Inc. All rights reserved.5
Cisco’s Vision forIntegrated Network edTransparentEmbedded genceBusinessBusinessResiliencyResiliency 2002, Cisco Systems, Inc. All rights reserved.Integrated NetworkNetwork && able SystemsSystemsScalable6
Cisco Strategy forIntegrated Network edTransparentEmbedded etworksNetworks tComponentofofIPIPNetworksNetworks nologies&&ApproachesApproaches rforWideWideSpreadUse&ReduceCostSpread Use & Reduce nd 2002, Cisco Systems, Inc. All rights reserved.Integrated NetworkNetwork && able SystemsSystemsScalable7
Advancing Integrated Network SecurityServices with the Catalyst 6500NEWPIX Firewall§ Integrating security into thenetwork infrastructureVPN3000 & IOS VPN§ Enabling high performance,scalable, highly availablenetwork security services andconnectivity§ Supporting flexible and adaptivenetwork security deployments§ Delivering secure AVVID &Integrated Datacenter services§ Leveraging Best-of-BreedSecurity with Industry LeadingSwitching/Routing TechnologiesCisco IDS 2002, Cisco Systems, Inc. All rights reserved.8
Announcing New Security ServiceModules for the Catalyst 6500 SeriesNEWConvergence (AVVID) Voice, Video & Data over IPPSTNNetwork Analysis10 s VPNMultiWAN / MANT1 to Oc48c SONETChannelized & CWDMSecure ConvergedServices PlatformIntegrated5Gbps FirewallIntegrated GbpsNetwork Analysis & MonitoringFast / GigabitEthernet UplinksIntegrated Secure Content(SSL) AccelerationWAN / MANWDM / IP Optical / IP/FC 2002, Cisco Systems, Inc. All rights reserved.L4-7L4Multi--GigabitMultiContent Switching9
Catalyst 6500 Series – Enabling Flexibleand Adaptive DeploymentsACCESS ACACS RADIUSKerberosLaptopAAAServicesLaptopLaptopIBNHigh AvailabilityVACLTrust ClassificationPort SecurityRoot GuardBPDU GuardRate LimitingNBARExtended BoundaryARP InspectionDEVICE MANAGEMENTSSHIP Permit ListLocal AuthenticationAuthentication LockoutCatalyst6500ENTERPRISE EDGEISPFWNAMDISTRIBUTION LAYERIDS Unicast RPF checkCisco IOS ACLNAMCatalyst 6500with MSFCUnicast RPFVPNRate LimitingRP VPNCSMSSLIDSNAMSERVER FARM /DATA CENTERFWCSMSSLNAMHigh AvailabilityCisco IOS ACLUnicast RPF CheckRP ProtectionRate Limiting 2002, Cisco Systems, Inc. All rights reserved.Cisco IOS ACLHigh AvailabilityServerPVLANUnicast RPF CheckRP ProtectionRate LimitingServerServer Server ServerCisco Call ManagerServerE-COMMERCE / DATACENTER10
Cisco SecuritySolutions SummaryFirewallSSLNAMVPNIDSCatalyst 6500High Performance,Switch IntegratedSecurity /FW Routers8001700501PIX Firewall/VPNAppliances506ESecure Content ServiceSwitching SystemsIntrusionDetectionSystemsRemoteAccess VPNVPN 3002 2002, Cisco Systems, Inc. All rights reserved.3600515ECSS11500SeriesCatalyst IX FirewallSensors260037005257xxx535CSS 11000Secure Content AcceleratorCatalyst 6500 IDSMIDSM-1 (120 Mbps)IDSM-1Standard Sensor4210 (45 Mbps)Web Sensor4250 (500 Mbps)4235 (200 Mbps)800170026003xxx501506E515E525VPN 3005VPN 3015VPN 3030VPN 30607xxx535VPN 308011
Hardware SecurityServices ModulesFirewall Service Module 2002, Cisco Systems, Inc. All rights reserved.12
Introducing Multi-Gigabit FirewallModule for Catalyst 6500 SeriesNEW High Performance, Network Processor BasedFirewall Module for Increased Perimeter, Extranet,Campus & Datacenter Security Up to 4 Modules supported per Catalyst 6500 Systemat FCS-12Mpps, 400K CPS, 4M CSPS, 20Gbps Throughput Firewall integration into Network enables security services to scale with thenetwork, is customizable to specific security requirements (Perimeter, Extranet,Campus and Datacenter), provides a higher level of protection of corporateassets and information and improve utilization of network infrastructure,reduce TCO 2002, Cisco Systems, Inc. All rights reserved.13
Features OverviewIndustry’s highest firewallperformance!Fabric Enabled§ PIX 6.0 base Feature Set and some feature of 6.2§ High Performance Firewall, targeted OC48 or 5Gb (aggregated)§ 1 million Concurrent connections§ 3 Million pps§ 100K new connections/sec for HTTP, DNS and enhanced SMTP§ 100 VLANs§ LAN failover active/standby (both intra/inter chassis)§ Dynamic Routing I.e. OSPF§ Support multiple blades in the chassis§IPSEC for management only§ No IDS Signatures§ Supported on Native IOS only (CatOS later this year)§ Virtual firewalls (future release) 2002, Cisco Systems, Inc. All rights reserved.Q2CY0214
ACLTableAAATableSessionLookupRoutingTableNAT and 3Hardware ossbar FabricCatalyst Bus 2002, Cisco Systems, Inc. All rights reserved.15
Feature Differences With PIXFeatureFirewall ModulePIXPerformance5GB2GBVLAN tagYesNoNo. of Interfaces10010Failover LicensingNoYesOSPF RoutingYesNoVPN functionalityNoYesIDS SignaturesNoYes128K2M configRate limitedNoneNo. of ACL supportSyslog Limiting 2002, Cisco Systems, Inc. All rights reserved.16
Other Supported Features on FWSM URL Filtering Websense Server Long URL support ( 1159 bytes - PIX 6.2) Layer 7 Fixup FTP, SFTP, DNS, SMTP H.323 Version 2 SIP, SKINNY, RTSP RAS Version 2, ILS (PIX 6.2) XDMCP, SQLNET, NETBIOS over IP Object Grouping (PIX 6.2) Command Authorization (PIX 6.2) 2002, Cisco Systems, Inc. All rights reserved.17
PDM 2.1Running on PIX 2002, Cisco Systems, Inc. All rights reserved.Running on FWSM18
Support for VLAN The Proxy ARPs and Anti-Spoofing panels weremodified to support up to 100 VLAN interfaces. There are fewer parameters to monitor on alogical VLAN interface as opposed to a physicalinterface (i.e. collision counts). The amount of monitoring data sent every 10seconds is reduced significantly. This does notaffect functionality. 2002, Cisco Systems, Inc. All rights reserved.19
Support for VLAN (cont’d)System Properties, Interfaces table looks different from the PIX. Theinterfaces in this table is a combination of what is configured on theFWSM and the output from the show vlan CLI.Because of the potential mismatch, you can now delete an interface.PDM does not automatically do this for you because you may betemporarily changing the VLAN configuration on the switch. 2002, Cisco Systems, Inc. All rights reserved.20
Deployment ScenariosAccessLayerWiringClosetInternet DataCentercoreL3 switchesWith FW andIDSAccessLayerWiringCloseteCommerce DeploymentCampus Deployment 2002, Cisco Systems, Inc. All rights reserved.21
Securing Vendor/Partner Extranets withCatalyst 6500 Firewall ServiceBloombergILXCampus CoreNASDAQBear StearnsVisaA Vendor/Partner Extranet currently takes eight activenetworking devices under the Enterprise’s Management. 2002, Cisco Systems, Inc. All rights reserved.22
Securing Vendor/Partner Extranets withCatalyst 6500 Security SolutionsBloombergILXCampus CoreNASDAQBear StearnsVisa§ Multiple active devicescan be consolidated intoa high-performance,highly integrated Catalyst6500 system with highavailability and integratedsecurity servicesData FlowVendor RouterL2 SwitchInterfaceFirewallIntrusionDetectionL3 RoutedCoreInterface InterconnectCore 2002, Cisco Systems, Inc. All rights reserved.23
Traditional EnterpriseDatacenter SolutionCore Core Routers WAN Interfaces Full BGP Routing Catalyst 6500 Switches High availability Density of Interfaces High PErformanceForwarding CSS 11000 Server LoadBalancers L4-7 HTTP Inspection PIX Firewall Secure the Mission CriticalBackend Services 2002, Cisco Systems, Inc. All rights reserved.24
Secure Integrated EnterpriseDatacenter SolutionCampus CoreData ersFirewallBackendServersCore 2002, Cisco Systems, Inc. All rights reserved.25
Securing Integrated InternetDatacenter Services With Catalyst 6500 SeriesContent Caching Reverse Proxy Caching Static content requestredirectionHigh PerformanceContent SwitchingContentEngine Transform to requestingdevice format “on the fly” Content formattingrules for ready roll-out 2002, Cisco Systems, Inc. All rights reserved. Virtualization of L4-7 Content Services L4-L7 Content Services Activation L2-L7 Fault & Performance Monitoring Role & Domain based Access Customized Views/ReportsCisco ContentEngineRouter High-performance, Highavailability, IntegratedLoad Balancing ofFirewalls, Web Servers,Caches, VPN and othernetwork devices User, content andtransaction prioritization Site overload protectionContentTransformationContent Services HostingSolutionsEngine (HSE)Catalyst 6500DatacenterServices SwitchVPN RouterBranch RouterIntranetExtranetContent Site BServersContentDistributionManager High Performance, IntegratedFirewall Provides Secure Access toDatacenter Resources and Protectsfrom DOS Attacks High Performance Integrated SSLtraffic accelerator ensures efficientswitching of secure HTTP content26
Deployment Scenario #1:MSFC on the OutsideVlan 70Catalyst650010.70.1.0/24outside Vlan 3010.30.1.0/24Vlan 50dmz210.50.1.0/24FWSMdmz1insideVlan 6010.60.1.0/24 2002, Cisco Systems, Inc. All rights reserved.Vlan 4010.40.1.0/24Firewall vlan-group 1 30,40,50,60Firewall module 5 vlan-group 1!Interface VLAN 30ip address 10.30.1.1/24!Interface VLAN 70ip address 10.70.1.1/24!session slot 5 processor 1nameif 30 outside 0nameif 40 dmz1 40nameif 50 dmz2 50nameif 60 inside 100ip address outside 10.30.1.2/0route outside 0/0 10.30.1.1ip address inside 10.60.1.1/24jp address dmz1 10.40.1.1/24ip address dmz2 10.50.1.1/2427
Deployment Scenario #2:MSFC on the InsideCatalyst6500Vlan 50dmz1outsideFWSM10.50.1.0/2410.70.1.0/24Vlan 70inside10.30.1.0/24Vlan 30Vlan 40Firewall vlan-group 1 30,50,70Firewall module 5 vlan-group 1!Interface VLAN 30ip address 10.30.1.1/24!Interface VLAN 40ip address 10.40.1.1/24!Interface VLAN 60ip address 10.60.1.1/24!10.40.1.0/24Vlan 6010.60.1.0/24 2002, Cisco Systems, Inc. All rights reserved.session slot 5 processor 1nameif 30 inside 100nameif 50 dmz1 40nameif 70 outside 0ip address outside10.70.1.2/0ip address dmz1 10.50.1.2/0ip address inside 10.30.1.2/0route outside 0/0 10.70.1.128
Hardware SecurityServices ModulesIPSec VPN Service Module 2002, Cisco Systems, Inc. All rights reserved.29
Introducing Gigabit IPsec VPNModule for Catalyst 6500 SeriesShippingShipping High-Speed, Infrastructure Integrated VPN Service securesconnectivity within Campus, Site-to-Site and Datacenterenvironments- 1.9Gbps 3DES Throughput per Module- Up to 8000 Concurrent Tunnels per Module- 60 Tunnels per Second per Module- Failover Capability- Support for Converged Services Across VPN (Voice, Video, Data) Benefits include scalability of VPN services with the network, adaptabilityto different security requirements improved utilization of networkinfrastructure, leverage public IP infrastructure for reduced operationalcosts and TCO Native IOS only, no CatOS support FE & GE Interface blades; WAN, Firewall/IDS/SSL, OSM blade supports will come after FCS 2002, Cisco Systems, Inc. All rights reserved.30
VPN Throughput Performance2,000Throughput (Mbps)1,8001,6001,4001,2001 IPSec tunnels *8000 IPSec tunnels *500 GRE/IPSec Tunnels 700600500400300200640Packet Size (bytes)* Insignificant CPU utilization increase ( 1%)** 95% (64b) – 67% (1400b) CPU utilization 2002, Cisco Systems, Inc. All rights reserved.31
VPN Tunnel Creation Performance9080Tunnels/sec70600% Link Load30% Link Load60% Link Load5040302010Active Tunnels 2002, Cisco Systems, Inc. All rights * Before NBI32
Catalyst 6500 IPsec VPNApplicationsCampus VPNCampus1WAN Edge ure LAN traffic between switches, floors, building andspecific sensitive network applications such as iSCSIWAN EdgeProvide VPN termination services on theWAN aggregator routerLink-Layer EncryptionReplacementReplace old ATM and other link-layer encryption withmodern a IPSec layer 3 VPN solutionExtranetEnables partner networks to securely connect andtransfer large amounts of data 2002, Cisco Systems, Inc. All rights reserved.33
VPNSM Flow Diagram1-1 mapping between InsideVLAN and Outside VLAN via“crypto connect vlan ”cmdPortPortint Vlan 1int Vlan nSM Inside Port(slot/1)Crypto EngineInside VLANs are L3 vlansSM Outside Port(slot/2)Outside VLANs are L2 vlansAll configuration is done inNative IOS 2002, Cisco Systems, Inc. All rights reserved.Vlan 101Vlan mPortPort34
Hardware SecurityServices ModulesSSL Service Module 2002, Cisco Systems, Inc. All rights reserved.35
Introducing High Performance SSL ServiceModule for Catalyst 6500 Series High Performance SSL Acceleration for EfficientContent Distribution & Switching of Secure Web TrafficNEW- 4000 New Connections Per Second per Module- 60,000 Concurrent Connections per Second per Module- 400 Mbps Bulk Encryption Capabilities per Module- Centralized Key & Certificate Storage & Management- Multi-Module Support- Active / Standby Failover for Mission-Critical Environments Deploy in the Internet & Corporate Datacenter environments Increases Data Center Resource Utilization- Improves Efficiency of Content Delivery to Web & Application Servers- Improves Utilization of Web & Application Servers to Realize Higher Performance- Reduce Capital Expenditure- Increase Customer Satisfaction & Revenue Dollars Supported on Native IOS onlyIOS based CLI 2002, Cisco Systems, Inc. All rights reserved.36
Software Feature List SSL 3.0, SSL3.1/TLS1.0 SSL2.0 (ClientHello Only) Session Reuse Session Re-Negotiate Asymmetric Algorithms (RSA1024-bit, 2048-bit) 3K-4K Sessions/Sec Hash Algorithms (MD5, SHA1) Symmetric Algorithms (RC4, DES/3DES) 300-400 Mbps symmetric throughput 2002, Cisco Systems, Inc. All rights reserved.Key GenerationSecure Key StorageCertificate EnrollmentKey Import/Export (IOS)37
SSL Module Configuration (Logical)SSL One-Armed ProxySSL SandwichClientsClientsCatalyst 6500 withCSM and SSLSSL moduleSSL ModSSL moduleSSL moduleCatalyst 6500 withCSM and SSLSSL moduleSSL ModCatalyst 6500 withCSM and SSLServersServers 2002, Cisco Systems, Inc. All rights reserved.38
Hardware SecurityServices ModulesNetwork Analysis ModulesService Module 2002, Cisco Systems, Inc. All rights reserved.39
Introducing Fabric Enabled NAMsHigh performance NAM -1 and NAM-2FCS3CQ, 02 Greater monitoring capacity for gigabitenvironments NAM-2 for gigabit capacity, NAM-1replaces WS-X6380-NAM (EOS July27’02) Switch fabric enabled platforms Large capture buffers Embedded web-based NAM TrafficAnalyzer Easy to use and CiscoWorksReal Time Monitor Require NAM SW v 2.2 Supported with Cat OS 7.3(1) and NativeIOS 12.1(13)E 2002, Cisco Systems, Inc. All rights reserved.40
NAM OverviewNetwork Analysis Module Integrated traffic monitoringsolution in Catalyst 6500 Series Resides in a slot within theswitch Standards based monitoring(RMON1, RMON2, extendedRMON) Embedded web basedTraffic Analyzer (R2.1/2.2) Full visibility intoapplications, hosts,conversations, anddifferentiated servicesincluding VoIP and QoS 2002, Cisco Systems, Inc. All rights reserved.41
NAM in Enterprise LANWho’s usingthe bandwidth?Whichapplications aremisbehaving?Data CenterCat 6KCat 6KNAMNAMBackbone/CoreCat 6KCat 6KCat 6KNAMNAMNAMCat 4KCat 4KLAN AggregationPointsDistributionNAMServer ClusterAccessCat 6KIssues withmy criticalclients andphones?CallManager ClusterCriticalClients 2002, Cisco Systems, Inc. All rights reserved.VLAN VLAN100 200VLAN VLAN110 210VLAN VLAN120 22042
What the reviewers say.Network ComputingReview of NAM 2.1(Feb’02)“a built-in, browser based sniffingdevice capable of doing packetdecodes is downright slick”“easy to deploy, intuitive to use”“If you have free slots in yourCatalyst switches and are in need ofa strong VoIP-aware network-analysistool, it's going to be hard to find amore feature-rich, cost-effectivesolution than the Cisco .html 2002, Cisco Systems, Inc. All rights reserved.43
st 6000 NAMWS-SVC-NAM-1Catalyst 6500 NAM-1Monitoring SegmentCat6K SegmentFENon-fabricCatOS, IOScore, distr.,Typical applications ‘Small’access, datacenter, server farm 2002, Cisco Systems, Inc. All rights reserved.NAM-2WS-SVC-NAM-2Catalyst 6500 NAM -2FE, low util. GEHigh cap. GENon-fabric, fabricCatOS, IOSMainly FabricCatOS, IOSDistribution,access, smallcore, branch officeCore , Server farm,data center44
HW SpecificationsBus SupportX6380-NAMYFabric rator CardYRAM256 MB512 MB1 GBHDD10GB20GB20GBCapture YPerformanceEmbedded Traffic Analyzer 2002, Cisco Systems, Inc. All rights reserved.45
NAM features Multiple SPAN sources Ports, VLANs, EtherChannels Netflow Data Export RMON 1&2 Traffic monitoring Applications Hosts Conversations VLAN Monitoring (SMON) Response Time (ART) QoS Monitoring (DSMON) VoIP Monitoring Packet capture & decode Alarms Short term reporting/trendingwith RTM 2002, Cisco Systems, Inc. All rights reserved.46
NAM SW R2.2 Feature Enhancements Auto-detection of unknown protocols–Find the unknown ‘other’ protocols by port no. Application drill downs–Find hosts using the application protocol 2002, Cisco Systems, Inc. All rights reserved.47
NAM applications Real Time Traffic Analysis Packet flow, utilization and errors Protocol distribution, Top Talkers & Top Conversations VLAN Traffic Performance Monitoring Server, Application Response Time Voice – calls/phones/protocols QoS(DiffServ) Baselining & Planning Reporting & Trending using externalapps Troubleshooting Threshold alarms Packet capture & decode 2002, Cisco Systems, Inc. All rights reserved.48
Deployment Scenarios 2002, Cisco Systems, Inc. All rights reserved.49
Catalyst 6500 5Gb/s ScalableSecurity Solution3 Slot ChassisFirewall ServicesModule Full Layer 2 SwitchingP-VLANs, Rapid Spanning Tree,EtherChannel Full Scalable Layer 3 RoutingBGP4, ISIS, OSPF, EIGRPHSRP, M-HSRP WAN Interfaces up to OC-48MPLS capableLAN or WAN Linecard 2002, Cisco Systems, Inc. All rights reserved.50
Powerful Combinations – VPN Aggregation3-Slot Chassis 8,000 concurrent user VPN Platform Over a Gigabit of VPN throughput Full Layer 2 SwitchingVPN ModuleP-VLANs, 802.1s/w/x,EtherChannel Full Layer 3 RoutingBGP4, ISIS, OSPF, EIGRP8 or 16 GbEHSRP, M-HSRP Security ManagementCopy-Capture, VACLs, AAAServices 2002, Cisco Systems, Inc. All rights reserved.51
Integrated Datacenter Serviceswith Catalyst 6500 Security & L4-7 ServicesCatalyst 6513 Supervisor Engine 2 / MSFC 2 Full Layer 3 Internet Routing Richest Suite of L2 Functionality High Performance Forwarding Intelligent Network Layer Services Firewall Service Module for ProtectingDatacenter Access Content Switching Module forHigh bandwidth Load BalancingFirewall ModuleSSL ModuleNAMCSM SSL Service Module for improving securecontent switching performance and serverutlization NAM Service for monitoring network traffic 2002, Cisco Systems, Inc. All rights reserved.52
Summary 2002, Cisco Systems, Inc. All rights reserved.53
Catalyst 6500 SeriesRaising the Bar with Intelligent Services Industry Leading FlexibilityHigh AvailabilityScalability for LAN/WAN/MANNetwork ManagementHigh Performance Switching 2002, Cisco Systems, Inc. All rights reserved. Service ConsolidationIntegrated Security ServicesInvestment ProtectionSecure ConvergenceOperational Management54
2001, Cisco Systems, Inc. All rights reserved.55
Switch Integrated Security Solutions Integrated Security Solutions 800 1700 26002600 36003600 37003700 7xxx7xxx Secure Content Service Switching Systems CSS11500 Series CSS11500 Series CSS 11000 Secure Content Accelerator CSS 11000 Secure Content Accelerator Catalyst 6500 Sensors Catalyst 6500 IDSM --1 (120 Mbps)1 (120 Mbps)
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
Glossary of Social Security Terms (Vietnamese) Term. Thuật ngữ. Giải thích. Application for a Social Security Card. Đơn xin cấp Thẻ Social Security. Mẫu đơn quý vị cần điền để xin số Social Security hoặc thẻ thay thế. Baptismal Certificate. Giấy chứng nhận rửa tội
Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. Crawford M., Marsh D. The driving force : food in human evolution and the future.
