Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Secure by Untrust
Dark Cloud
About
Sam
Endpoint and Network security
Gopi
Network and Embedded security
Service Discovery
❏ Network boundary
❏ Public facing Domain/IP
❏ Scanning IP range / Enumerating subdomains
❏ Whois and re...
Dark Cloud
❏ Information Hiding
❏ No DNS or Visible port
❏ Pre-Authentication
❏ Device identity determined
❏ Pre-Authoriza...
KnockKnock
Design Decision
❏ Written in Safe language - Python
❏ Not to run in kernel
❏ No new service binding to port - /...
knockknock
Demo .......................
Puzzle
❏ Network is not trusted
❏ Breaks traditional perimeter security
❏ Also VPN service
❏ Device Security to be known
❏...
Resource
https://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-ba
ckdoor-script-eng-ver/ - Facebook bu...
Upcoming SlideShare
Loading in …5
×

Secure by untrust

46 views

Published on

Software defined perimeter

Published in: Engineering
  • Be the first to comment

  • Be the first to like this

Secure by untrust

  1. 1. Secure by Untrust Dark Cloud
  2. 2. About Sam Endpoint and Network security Gopi Network and Embedded security
  3. 3. Service Discovery ❏ Network boundary ❏ Public facing Domain/IP ❏ Scanning IP range / Enumerating subdomains ❏ Whois and reverse whois information ❏ Network Equipment ❏ Gateway router org info ❏ Shodan services ❏ Any previous Breach ❏ User credentials with VPN access
  4. 4. Dark Cloud ❏ Information Hiding ❏ No DNS or Visible port ❏ Pre-Authentication ❏ Device identity determined ❏ Pre-Authorization ❏ User role identified ❏ Adaptive firewall rule ❏ Dynamic pinhole
  5. 5. KnockKnock Design Decision ❏ Written in Safe language - Python ❏ Not to run in kernel ❏ No new service binding to port - /var/log/kern.log ❏ No UDP for SPA - SYN ❏ No port knock sequence ❏ Not more than one packet ❏ Secure crypto for SPA - AES CTR mode HMAC-SHA1
  6. 6. knockknock Demo .......................
  7. 7. Puzzle ❏ Network is not trusted ❏ Breaks traditional perimeter security ❏ Also VPN service ❏ Device Security to be known ❏ Create security profile of device ❏ User activity to be Analyzed ❏ Behaviour analysis ❏ Limit and restrict allowed resource
  8. 8. Resource https://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-ba ckdoor-script-eng-ver/ - Facebook bugbounty https://cloudsecurityalliance.org/group/software-defined-perimeter/#_overview - SDP specification http://www.waverleylabs.com/services/software-defined-perimeter/ - open SDP implmentation http://www.cipherdyne.org/fwknop/ - Single packet Authentication [SPA] https://moxie.org/software/knockknock/ - SPA python based https://cloud.google.com/beyondcorp/ - Google Zero trust

×