Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Operation Center - Design & Build

84,838 views

Published on

Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.

Published in: Design, Technology
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • If you want to download or read this book, Copy link or url below in the New tab ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • If you want to download or read this book, copy link or url below in the New tab ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • If you want to download or read this book, copy link or url below in the New tab ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... ,DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Security Operation Center - Design & Build

  1. 1. Design and Build Security Operation Center Sameer Paradia
  2. 2. Contents • Presentation Objective • Security Operation Center(SOC) – What is it? Why is it required? • Designing SOC • Building Blocks – Infrastructure – People – Process – Tools – Securing the SOC • New Trends • Acronyms
  3. 3. Objective of this Presentation Useful to both enterprise and service provider Insight in design methodology & components Define framework from design to build SOC Define and roll out SOC services
  4. 4. 4
  5. 5. CFO: “Reduce TCO now, limit liability in future” IT: “Reduce risk, improve incident management ” Business Head: “Protect Brand, ALWAYS!” Why SOC?, Overcome Challenges Aligned with Business goals Shared service to reduce cost Improves Risk posture SOC Goals
  6. 6. • Operates 24x7 from central offsite location • Proactive response to security incidents • Predict security attacks and reduce its impact • Implements security policy across the enterprise • Reduce cost of security support by providing centralized remote support • SOC Delivers – Incident Management – Governance Risk Compliance – Monitoring and Management of Devices / Events – Implement security policy • Operates 24x7 from central offsite location • Complete & proactive in response to security incidents • Predict security attacks and minimize the impact • Implement security policy across the enterprise • Reduce cost of security support by providing centralized remote support • SOC Delivers – Incident Management – Governance Risk Compliance – Monitoring and Management of Devices / Events – Implement security policy What is SOC?
  7. 7. 7
  8. 8. Design Criteria • Infrastructure • Human Resources • Process Management • SOC Tools and Technologies • Security Controls – Secure the SOC • Link with Government agency and knowledge sites
  9. 9. Two ThreeOne Inputs for SOC design a) Service catalogue based on business need / client requirements b) EPS c) Number and types of devices under management Tools selection and designing a) EPS, number of devices, b) SLA, Reporting c) SIEM d) Web portal Storage/ Back up e) Connectivity f) Integration of tools Human resources a) One resource for 50 Devices management in shift of 8 hours b) One admin per 5- 7 resources, c) One analyst for 10 resources d) Tool management and Consultants based on tools and GRC services Design Flow
  10. 10. Five SixFour Service desk a) Separate function b) Receive and forward calls/ ticket opening, initial support. c) 12 -15 calls per shift of 8 hours per resource Infrastructure a) 55 Square Feet per seat(Agent) b) One seat means overall usable area including all facilities Power usage and UPS capacity to be calculated based on rated power usage of all tools and uptime SLA Design Flow
  11. 11. Eight NineSeven Security Controls – Secure the SOC a) Physical Security b) Information Security c) Authentication & Access Management Compliance Management a) Law of the region b) ISMS c) Data protection laws Process Management a) BAU Day to day process/ SOP b) Foundation process c) Service improvement d) Governance process Design Flow
  12. 12. Build SOC Approach RUN & SUPPORT BUILD & TRANSIT DESIGN/ SECURE MANAGE BUSINESS CASE ENGAGE STRATEGIC TACTICAL Risk Assessment Business requirement Business Case Planning Designing Project Management Resource Management Infra/ Tools implement SOC process setup SOC Detailed Design Process Framing SOC Security Design Day to day operations Deliver service catalog Improvement plan OPERATIONAL • SOC service catalog need to put in place • Phased wise rollout of services is advisable
  13. 13. BUILDING SOC APROACH- DETAILED STEPSBUISENSS BusinessRequirementAnalysisDemandManagement RiskAssessmentServiceLevelManagement IT Strategy Planning IT Governance Security Architecture, Policies and Standards Develop & Approve Business case Program Portfolio Management BUSINESS CASE AND PLANENGAGE STRATEGIC IT Finance & Resource Management IT Human Resource Management Project Management Knowledge Management Work Request Management Monitor &Report Performance Quality and Improvement MANAGE Security Service Catalog Supplier Management Availability and Capacity Management IT Service Continuity Management Security Management DESIGN AND SECURE Service Request Fulfillment Incident Management Problem Management Access Management SUPPORT TACTICAL BUILD AND TRANISTION Build SOC Service Transition & Planning Service Validation/ Testing Service Evaluation Release and Deployment Management Change Management Event Management Operations Device Management Application Management Service Asset and Configuration Management RUN (OPERATE AND CONTROL) OPERATIONAL SOC Detailed Engineering
  14. 14. SOC Service Catalogue Consult Assess Define Deliver Monitor Device Management Management- Incident Change Asset Design Build Plan Assessment Risk Management Security Management Framework Assessment Policy GAP Assessments Penetration Testing & Vulnerability Assessment Governance Monitoring Technology & Architecture Reviews Other Services from SOC Endpoint Security Anti-virus Web Security URL Filtering Mail Security Application Security Analytics Multi factor Authentication Encryption Federation SSO OPERATION Project Manage ment Analyze Security Assurance Services Remote Configuration & back up of logsNew projects – Remote support Firewalls/VPN IDS / IPS UTM Gateway level Datacentre DLP Patch management / Software upgradation Security Technology Device level security End user security Log analysis Event Management Reporting Content Security Identity / Access Management Perimeter/ Datacentre Policy Compliance Advance Services Forensic / Investigation Governance Risk Management Compliance Service Assurance Abuse Prevention Call Service Management IPT Availability Malware analysis Black box testing Suspicious Activity monitoring Security Strategy Define Security framework Security Policy framing Audit Policy Enforcement Advisory Services CERT Integration Risk Assessment Risk Mitigation plan VA/ PT Ethical Hacking Gap Analysis Threat Management/ Assessment Data, Voice, Video- Technological architecture assessment Risk repository Log analysis Security Policy Assessment Data Protection Assessment DLP Management Information Act compliance assessment Violation of security policy End point policy assessment Reporting Maintain BCP / DR Management Other Services Advisory Services Black box testing White box testing
  15. 15. Phase wise Service Launch 1st Phase 2nd Phase 3rd Phase • Start with basic Perimeter / Datacentre security services • Event Monitoring, Device/ Policy Management, Incident/ Change/Asset management • Integrate networking equipment security into SOC • Expand to endpoint and cloud based security • Bring in Endpoint machines / BOYD under SOC monitoring/ management • GRC related services • Consultancy services • Forensic service • Application level testing/ security • Business process monitoring and alert frauds Service Description a. Firewall/VPN (IPSEC/ SSL) b. IPS / IDS c. UTM (Unified Threat Management d. Vulnerability Assessment e. Event Co relation and Incident/ Change/ Asset management f. Gateway level Antivirus g. Datacenter security a. In the Cloud services- Clean Internet pipe, DDOS protection, Secure Mail, Secure Web access b. Endpoint Security c. URL Filter / Secure Proxy d. Information Leak Prevention e. Datacenter / Application level: Penetration Testing, Ethical Hacking a. Identity Management b. Database Security c. Application Security for Web, SAP, Portal, Database etc. d. Compliance of ISMS, Country specific IT / Data protection act e. Fraud Management f. Forensic / Investigation
  16. 16. 16
  17. 17. Infrastructure Blocks of SOC • SOC office Space: Minimum 55 Sq ft per seat – Structured and secured LAN cabling – Same types of furniture and PC/ Monitors, Hardware – Video Walls – Scalable area on same floor/ Building – Card access and biometric access controls • Power: Mains and Back up UPS/ DG set. Electrician available for emergency – PDP-Power Distribution Panels / Emergency power switching panel – DG set: Diesel storage area – Lighting in facility / Energy saving plan • Precision Air conditioning • Datacentre: Rack space to host tools and customer facing portals – Hosts customer facing portal, SIEM, NMS, Service desk ,Storage, Back up tools – Storage for logs and configurations of IT assets – Back up devices and Tape library
  18. 18. • Various control rooms need to be in place as below: – Building Management System (BMS) room: Centralized room to monitor integrated with video surveillance, visitor management system and Fire management system – Security surveillance room: same room as BMS – Fire management systems: Same room as BMS • Connectivity: – To connect various Telecom from customer premise- MUX room – Feasibility for same must be in place, – VPN concentrator: To connect to customer over Internet using IPSEC VPN/ SSL VPN Infrastructure Blocks of SOC
  19. 19. Visitor lounge / Presentation area Visitor lounge • Customers visit SOC to audit the infra as per contract signed • Must be in quarantine area to interact with SOC staff • Secured PC to be provided, in case visitors need to access their systems • NDA must be signed by visitors Presentation area • SOC need a separate area at entrance which is physically isolated using a glass wall with curtain from SOC sitting area • Presentation conference hall should be able to accommodate enough people • Equipped with projectors/ Video Conferencing facility
  20. 20. War Room • War room is a dedicated space where entire team responsible for major incident resolution meet up and handle the issue. • They need to interact with customers and partners to resolve the incident • Equipped with communication like LAN, voice, Video Conference • Separate War room is required to ensure other SOC operations teams are not disturbed and customer issue confidentiality is ensured
  21. 21. 21 -
  22. 22. SOC TEAM SOC Governance Model Board/ Share Holders SOC Manager CISO CFO/ CIO CEO/ COO Risk Manager Auditor/ Consultant Incident Response Monitoring Team Technical/ Tools Admin Analyst/ SME Organization Risk Management Information Security Forensic Expert Service Desk Business Head Admin/HR Legal Compliance Sales Branding Partners Vendors/ Suppliers Internal Teams External Stake Holders Country Legislation Data Protection Laws Industry specific Compliance Industry Best Practice
  23. 23. SOC PEOPLE 23 Analyst • Expert of Security Technology and process • Understand attacks and threat matrix • Good at low level programming language • Extremely good at reaching to root cause • Think out of box • Understand Virus, Trojans, backdoor, malicious code • Drive people • Proactive by nature Tech admins • Expert of Security, OS, Network, Web technology, Database • Configure tools and security technologies • Great at low level designing • Frame and implement security policies in technologies under SOC • Forensic expert • Quick at Incident response • Can interact and drive vendors, OEM, Government bodies Management • Leadership to take all stakeholders together • Stitch the solutions from different teams and drive it to conclusion • Understand security posture and able to guide the team • Good communication skills
  24. 24. -
  25. 25. SOC Process Framework BAU SOC Operation Process Tools& Technology Human Resources Process GRC Forensic Consultancy BCP-DR Foundation Process People Operations, Shift Scheduling, Daily Checklist, Training, Talent Management, New Project Management Reporting, Realtime Dashboard, Analysis, Portal KGI Best Practice CERT Feed SOC ISMS/ Law Compliance Support Log Management Testing Advisory QMS/KEDB/Documentation/Improvement SOP- Develop/ Review QMS / SOC Process KPI System Modeling Configuration Management Access/ User Management Event Triage of Correlation, Monitoring, Routing SOC Infra/ Application Management Event Fusion Use Cases Project Management Fusion, Analysis, Reporting Existing Tool Management, Updation, Testing Security tools like SIEM, VA, NMS/EMS, Service Desk, Web Portal, Back up, Storage, Middleware Integration with current & new tools, Client systems Transition and on boarding of new devices with tools POC of new release and upcoming technologies SOC Governance Incident Management Major Attack response Incident Analysis Event Correlation Problem Management Release Management Configuration Management Change Management Event Monitoring Service Desk
  26. 26. SOC Process Number of processes and procedures for an SOC is determined by its scope, how many services are offered, the number of customers supported, and the number of different technologies in use. An established global SOC environment may have tens or even hundreds of procedures. At a minimum, the basic procedures that are required for maintaining the SOC are: • Monitoring procedure • Notification procedure (email, mobile, home, chat, etc.) • Notification and escalation processes • Transition of daily SOC services • Shift logging procedures • Incident logging procedures • Compliance monitoring procedure • Report development procedure • Dashboard creation procedure • Incident investigation procedures (malware, etc.) SIEM monitoring and correlation • Antivirus monitoring and logging • Network and host IDS/IPS monitoring and logging • Network and host DLP monitoring and logging • Centralized logging platforms (syslog, etc.) • Email and spam gateway and filtering • Web gateway and filtering • Threat monitoring and intelligence • Firewall monitoring and management • Application whitelisting or file integrity monitoring • Vulnerability assessment and monitoring
  27. 27. GRC Define Risk Control - Risk Governance  Framing of Security policy based on Gap analysis  Implementation  Mapping of IT laws with security policy  Set objective and form steering committee  Review of security posture and risk profile  Periodic assessment/ Audit  Reporting of compliance status to Management Periodic Assessment  Implement & manage IT controls / checkpoints Sustain Controls State of Control State of Control Compliance To Law of region, Data protection law, InfoSec Policy
  28. 28. Forensics Process • Acquisition • Physically or remotely obtaining possession of the computer, all network mappings from the system, and external physical storage devices • Identification (Technical Analysis) • Identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites • Evaluation (What the Lawyers Do) • Evaluating the information/data recovered to determine if and how it could be used again the suspect for employment termination or prosecution in court • Presentation • Presentation of evidence in a manner understood by lawyers, non-technically staff and suitable as evidence determined by court of law.
  29. 29. Acquisition  Handling Huge volume  Indentifying and taking control of equipment Identification (Technical Analysis)  Co relating data from various technologies and equipments  Speed of processing Evaluation (What the Lawyers Do)  Defending evidence in court by Police Presentation  Relating evidence with Law clauses(IPC)  Creation of supporting cases Challenges in Forensics
  30. 30. 30 -
  31. 31. SOC Tools Modules 1. Event generators • All devices/ software under SOC • Log generators • External feed viz. CERT 2. Event collectors • Local as well as central devices to collect and normalize huge events/ logs into few useful messages, device status and alerts • NMS/ EMS / Service Desk 3. Message database • Analyze and display messages as per configured policy 4. Knowledge base • System Modelisation is configured based on Risk Management, Threats and action taken by security controls/policy deployed • Real time event correlation and create incidents based on Risk posture feed into it 5. Client / User facing portal hosts • Reports, Analysis, Knowledge management, Real-time status & events
  32. 32. Working of SOC Tools VA / RA Tools IPS Network Equip OS Applications Firewall Events Polling Syslog, SNMP, SMTP, HTTP/XML, Proprietary Message Status Alerts Incident Handling Analysis Real time Monitor Correlation Client Config records Analysis Security Policy Customer Status Vulnerability DB System Modelisation Status Integrity Risk Evaluation Security Activity System Status
  33. 33. Key Tools for SOC - • Storage & Back up • Syslog server • FTP server • Client facing Webportal for Reports / Status update • Device Management servers Service Desk ITIL Process Automation Strengthen Service Desk and SOC Process Management SOC Core Technology & Services Support Tools Analytics / Reporting Network and OS scanner Traffic Generator Forensic Tools Certificate Authority Log analyzer/ Storage Encryption Key Generator NMS/EMS OS/DB/ Network Scanner SIEM Password Recovery/ EH Tool VA/ PT Assessment Registry Scanner Honeypot Web Portal Device Manageme nt Servers GRC Tool Patch Manageme nt Packet Analyzer Authenticat ion / IDM PreventAssess Device Management & Client facing portal
  34. 34. Tools Integration Portal (Reports / Analysis / Realtime Dashboard) Middleware API Correlation -Integration Layer SIEM SD/NMS/ EMS Devicestatus Database / KEDB GRC Tools PollingEngine/DataFlow Events Incidents Device Management VA/PT/EH System Modelisation Security Policy USERS
  35. 35. 35 -
  36. 36. Securing the SOC- Security Controls It is imperative to protect SOC environment with following controls • Layered security – Information security for SOC users and Information – Physical security for SOC users, visitors and Infrastructure – Common security layer for entire information and based on contract additional security controls implemented • Information Security for SOC users and Infrastructure – Process level: ISMS(Information Security Management System) – Integration of security controls with SIEM/ Service desk tools – IDM: Authentication and Identity access management, Multi factor authentication – Network level: Firewall, IPS, VPN, Antivirus, Web filter software` – Desktop level: Antivirus, security compliance, Strong authentication and access control – Datacentre level: Firewall, IPS, VPN, Antivirus, Host based IDS – Access log: Syslog server for user audit trail and analysis
  37. 37. Securing the SOC- Physical Security Controls For SOC users, visitors and Infrastructure – Security guards on round the clock duty – Video Surveillance: monitor human movement – Biometric controls: For access to Datacenter and critical SOC areas – Tape vault: To store the logs generated in tapes and backup. This is statutory requirements – Access card: to operate doors and movement in and out of SOC – Visitor Management System: Register entry and pass generators, badge card for visitors – Glass and other barriers for dedicated space for certain clients in SOC
  38. 38. 38
  39. 39. Summary of future SOC and new trends: • Future SOC will spend more time on security analytics and less time on device monitoring • New age SOC will use more resources to identify new, unknown threats/ malware/ malicious code and less time blacklisting known threats after attacks • Big Data will be part of SOC tool set • Out of the box SOC with lesser integration with different tool set in SOC • Integrated with Social sites to know human behavior and predict the attacks • Integrated with national agencies and international CERT to have uniform and instant response to attacks • Able to counter attack and stop all future activities from attackers from internet/ internal users • SOC will act as single agency to prevent security incidents, frauds happening in E- Systems, compliance of regional laws across geography boundaries • Will proactively provides alerts for financial frauds and violation in business process New trends
  40. 40. Acronyms • API- Application Programming Interface • BAU- Business As Usual – Daily operations • BCP/ DR- Business Continuity Plan/ Disaster Recovery Plan • BYOD- Bring Your Own Device • CEO- Chief Executive Officer • CFO-Chief Finance Officer • COO- Chief Operating Officer • CERT- Computer Emergency Response Team • CISO- Chief Information Security Officer • DDOS- Distributed Denial of Service attack • DG-Diesel Generator • DLP- Data Leak Prevention • EH- Ethical Hacking • EMS- Enterprise Management System, used for Datacenter device monitoring • EPS- Events Per Second • GRC- Governance, Risk, Compliance • IDS- Intrusion Detection System • IPS- Intrusion Prevention System • ISMS(Information Security Management System) • ITIL- Information Technology Infrastructure Library • KPI- Key Performance Indicator • KGI- Key Goal Indicator • KEDB- Known Error Database • OEM- Original Equipment Manufacturer • OS- Operating System • NOC- Network Operation center • NDA- Non Disclosure Agreement • NMS- Network Management System • PC- Personal Computer • PT- Penetration testing • SD- Service Desk • SIEM- Security Incident and Event Management • SLA- Service Level Agreement • SOC- Security Operation Center • UTM-Unified Threat Management • VA- Vulnerability Assessment • VPN- Virtual Private Network
  41. 41. Sameer Paradia (CGEIT, CISM, CISSP) (sameer_m_paradia@yahoo.com) Practicing IT Security Services and Outsourcing for past 22+ years Photo acknowledgment: https://www.flickr.com/photos/babalas_shipyards/5339531237/in/photostream/ http://www.flickr.com/photos/forgetmeknottphotography/7003899183/sizes/l/in/photostre

×