Cessation of Misconfigurations: Common Network Misconfiguration Risks & How to Avoid Them

CESSATION OF MISCONFIGURATIONS:
COMMON NETWORK MISCONFIGURATION
RISKS & HOW TO AVOID THEM!
Avivi Siman-Tov
Director, Product Management

WELCOME
Have a question? Submit it via the chat tab or email us:
This webinar is being recorded!
The recording will be emailed to you after the webinar
And the slides will be available in the attachments tab
Follow AlgoSec online !
2
marketing@algosec.com

Taking it to the next level
Automation, automation,
automation!
How to avoid misconfigurations?
AGENDA
Understanding the problem:
misconfigured network devices

THE BALANCING ACT
Security
Business
Continuity
Prevent Cyber Attacks
Firewall Breaches
Enable Business Applications
Data Center Automation
4

SECURITY
Security
Prevent Cyber Attacks
Firewall Breaches
5% Vulnerabilities
95% Misconfiguration
5

THE BALANCING ACT
Business
Continuity
Enable Business Applications
Data Center Automation
Resource Time to Provision
Server
Storage
Security
Minutes
Minutes
Days/Weeks
6

HOW CAN A DEVICE BE MISCONFIGURED?
100.77.28.98
Database Servers on
100.77.28.32 network
7

access-list dmz2_acl permit tcp 100.77.28.64 255.255.255.224 64.46.252.0 255.255.255.0 eq 1400
access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601
access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1600 1601
access-list dmz2_acl permit tcp host WEBSRV 100.77.28.32 255.255.255.240 neq 1433
………………………………
8

access-list dmz2_acl permit tcp host WEBSRV 100.77.28.32 255.255.255.240 neq 1433
………………………………
9

access-list dmz2_acl permit tcp host WEBSRV 100.77.28.32 255.255.255.240 neq1433
………………………………
10

MISCONFIGURED EXAMPLE – THE IMPACT
• The web server can not access the database on port 1433…
• The web server can access ANY OTHER SERVICE on that network!!
FTP, Active Directory, File Sharing, SSH, RPC, etc.
• over 65,000+ ports are available
• One simple “n” out of place! neq
11

IT’S THE SAME IN THE CLOUD
12

13
Traffic does
not go
through the
firewall!

14

Application connectivity
Security – Application is vulnerable
• One simple routing mistake on AWS VPC configuration
15

CLEAN-UP GONE BAD
…Unfortunately one of the removed rules was in use by a
critical application. Service was down for a significant amount
of time before the mistake was found and resolved.”
- Network Security Manager, Large Enterprise
“We performed a periodic policy clean-up and
removed multiple unused rules in preparations
for an audit.
16

AGENDA
Automation, automation, automation
02
03
Taking it to the next level04
Understanding the problem: misconfigured network devices01
17

HOW TO AVOID MISCONFIGURATIONS
Resource intensive | Not scaable >>> SLOWS DOWN BUSINESS
Automation, Automation, Automation
01| Separation of duties, permission enforcement
02| Strict process, mandatory approval steps
03| Peer review
04| Careful validation of changes
05| Hire qualified personnel, training
18

THE SOLUTION: AUTOMATION
• Make sure you have proper visibility and control
19

AUTOMATION
• Avoid human error
• business agility
• Saves time even when human intervention is
required
• Full and accurate documentation
20

AUTOMATION – FIND RELEVANT SECURITY DEVICES
21

AUTOMATION – RISK CHECK
CHANGE
22

AUTOMATION – PUSH CHANGE TO DEVICE
24

AUTOMATION – VALIDATE CHANGE
25

DETECT OUT-OF-BAND CHANGES
26
MonitorAlertVerify

AGENDA
Automation, automation, automation
02
03
Taking it to the next level04
Understanding the problem: misconfigured network devices01
27

TAKING IT TO THE NEXT LEVEL
Think in terms of:
• Applications
• Connectivity
• Servers
Think in terms of:
• Firewall rules
• Routing
• IP Addresses
• Subnets
• Vulnerabilities
SECURITY/NETWORKING
Mind the gap!
APPLICATION DELIVERY
28

TAKING IT TO THE NEXT LEVEL
Miscommunication
“Reverse engineering”
Lack of visibility
“Holes” in policy left behind
How is this relevant to device misconfigurations?
29

BUSINESS-DRIVEN SECURITY MANAGEMENT
30

HOW DOES A BUSINESS-DRIVEN APPROACH HELP?
Manage security policy changes “top down”
• E.g. application decommissioning
Consistency between policies
No more “reverse engineering” of connectivity requirements
Clear business context and impact analysis
31

PRO-ACTIVELY DETECT MISCONFIGURATIONS
• Connectivity is there – but is it secure?
32

• Application tags automatically attached to all firewall rules
• Know what you may break!
BUSINESS CONTEXT (“BOTTOM UP”)
33

SUMMARY
• Device misconfigurations create severe security
and operational issues
• Automation is key to prevent misconfigurations
• A comprehensive, intelligent automation solution
can ensure continuous operations and compliance
• Business-driven approach enables taking control
and holistically managing security policies
34

Connect with AlgoSec
Where You Are
Q&A
36
Send us your questions
Request a Free Evaluation:
marketing@algosec.com youtube.com/user/AlgoSec
linkedin.com/company/AlgoSec
facebook.com/AlgoSec
twitter.com/AlgoSec
www.AlgoSec.com/blog

THANK YOU!
Contact us: marketing@algosec.com

Cessation of Misconfigurations: Common Network Misconfiguration Risks & How to Avoid Them

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Cessation of Misconfigurations: Common Network Misconfiguration Risks & How to Avoid Them

Similar to Cessation of Misconfigurations: Common Network Misconfiguration Risks & How to Avoid Them (20)

More from AlgoSec

More from AlgoSec (20)

Recently uploaded

Recently uploaded (20)

Cessation of Misconfigurations: Common Network Misconfiguration Risks & How to Avoid Them

Editor's Notes