Successfully reported this slideshow.
Your SlideShare is downloading. ×

Secure by untrust

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Proposed building plan
Proposed building plan
Loading in …3
×

Check these out next

1 of 8 Ad

More Related Content

Advertisement

Secure by untrust

  1. 1. Secure by Untrust Dark Cloud
  2. 2. About Sam Endpoint and Network security Gopi Network and Embedded security
  3. 3. Service Discovery ❏ Network boundary ❏ Public facing Domain/IP ❏ Scanning IP range / Enumerating subdomains ❏ Whois and reverse whois information ❏ Network Equipment ❏ Gateway router org info ❏ Shodan services ❏ Any previous Breach ❏ User credentials with VPN access
  4. 4. Dark Cloud ❏ Information Hiding ❏ No DNS or Visible port ❏ Pre-Authentication ❏ Device identity determined ❏ Pre-Authorization ❏ User role identified ❏ Adaptive firewall rule ❏ Dynamic pinhole
  5. 5. KnockKnock Design Decision ❏ Written in Safe language - Python ❏ Not to run in kernel ❏ No new service binding to port - /var/log/kern.log ❏ No UDP for SPA - SYN ❏ No port knock sequence ❏ Not more than one packet ❏ Secure crypto for SPA - AES CTR mode HMAC-SHA1
  6. 6. knockknock Demo .......................
  7. 7. Puzzle ❏ Network is not trusted ❏ Breaks traditional perimeter security ❏ Also VPN service ❏ Device Security to be known ❏ Create security profile of device ❏ User activity to be Analyzed ❏ Behaviour analysis ❏ Limit and restrict allowed resource
  8. 8. Resource https://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-ba ckdoor-script-eng-ver/ - Facebook bugbounty https://cloudsecurityalliance.org/group/software-defined-perimeter/#_overview - SDP specification http://www.waverleylabs.com/services/software-defined-perimeter/ - open SDP implmentation http://www.cipherdyne.org/fwknop/ - Single packet Authentication [SPA] https://moxie.org/software/knockknock/ - SPA python based https://cloud.google.com/beyondcorp/ - Google Zero trust

×