AlgoSec, profile picture
Uploaded byAlgoSec
PPT, PDF1,776 views

Cessation of Misconfigurations: Common Network Misconfiguration Risks & How to Avoid Them

The document outlines the risks associated with network misconfigurations and highlights the importance of avoidance through automation and rigorous processes. It emphasizes common mistakes that can lead to vulnerabilities and operational downtime, underscoring the significance of trained personnel and strict change validation. Additionally, it presents examples showcasing the potential impacts of misconfigurations on business continuity and security.

Embed presentation

Download to read offline
CESSATION OF MISCONFIGURATIONS: COMMON NETWORK MISCONFIGURATION RISKS & HOW TO AVOID THEM! Avivi Siman-Tov Director, Product Management
WELCOME Have a question? Submit it via the chat tab or email us: This webinar is being recorded! The recording will be emailed to you after the webinar And the slides will be available in the attachments tab Follow AlgoSec online ! 2 marketing@algosec.com
Taking it to the next level Automation, automation, automation! How to avoid misconfigurations? AGENDA Understanding the problem: misconfigured network devices
THE BALANCING ACT Security Business Continuity Prevent Cyber Attacks Firewall Breaches Enable Business Applications Data Center Automation 4
SECURITY Security Prevent Cyber Attacks Firewall Breaches 5% Vulnerabilities 95% Misconfiguration 5
THE BALANCING ACT Business Continuity Enable Business Applications Data Center Automation Resource Time to Provision Server Storage Security Minutes Minutes Days/Weeks 6
HOW CAN A DEVICE BE MISCONFIGURED? 100.77.28.98 Database Servers on 100.77.28.32 network 7
HOW CAN A DEVICE BE MISCONFIGURED? access-list dmz2_acl permit tcp 100.77.28.64 255.255.255.224 64.46.252.0 255.255.255.0 eq 1400 access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.4 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.5 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.193.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.194.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.4 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.5 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host WEBSRV 100.77.28.32 255.255.255.240 neq 1433 access-list dmz2_acl permit tcp 64.46.193.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.194.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.64 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.96 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.32 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.193.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.194.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.64 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.96 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.32 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.193.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.194.0 255.255.255.0 range 1900 1901 ……………………………… 8
HOW CAN A DEVICE BE MISCONFIGURED? access-list dmz2_acl permit tcp 100.77.28.64 255.255.255.224 64.46.252.0 255.255.255.0 eq 1400 access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.4 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.5 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.193.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.194.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.4 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.5 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host WEBSRV 100.77.28.32 255.255.255.240 neq 1433 access-list dmz2_acl permit tcp 64.46.193.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.194.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.64 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.96 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.32 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.193.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.194.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.64 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.96 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.32 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.193.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.194.0 255.255.255.0 range 1900 1901 ……………………………… 9
HOW CAN A DEVICE BE MISCONFIGURED? access-list dmz2_acl permit tcp 100.77.28.64 255.255.255.224 64.46.252.0 255.255.255.0 eq 1400 access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.4 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.5 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.193.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.194.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.4 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.5 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host WEBSRV 100.77.28.32 255.255.255.240 neq1433 access-list dmz2_acl permit tcp 64.46.193.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.194.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.64 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.96 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.32 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.193.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.194.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.64 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.96 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.32 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.193.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.194.0 255.255.255.0 range 1900 1901 ……………………………… 10
MISCONFIGURED EXAMPLE – THE IMPACT • The web server can not access the database on port 1433… • The web server can access ANY OTHER SERVICE on that network!! FTP, Active Directory, File Sharing, SSH, RPC, etc. • over 65,000+ ports are available • One simple “n” out of place! neq 11
IT’S THE SAME IN THE CLOUD 12
IT’S THE SAME IN THE CLOUD 13 Traffic does not go through the firewall!
IT’S THE SAME IN THE CLOUD 14
IT’S THE SAME IN THE CLOUD Application connectivity Security – Application is vulnerable • One simple routing mistake on AWS VPC configuration 15
CLEAN-UP GONE BAD …Unfortunately one of the removed rules was in use by a critical application. Service was down for a significant amount of time before the mistake was found and resolved.” - Network Security Manager, Large Enterprise “We performed a periodic policy clean-up and removed multiple unused rules in preparations for an audit. 16
AGENDA How to avoid misconfigurations? Automation, automation, automation 02 03 Taking it to the next level04 Understanding the problem: misconfigured network devices01 17
HOW TO AVOID MISCONFIGURATIONS Resource intensive | Not scaable >>> SLOWS DOWN BUSINESS Automation, Automation, Automation 01| Separation of duties, permission enforcement 02| Strict process, mandatory approval steps 03| Peer review 04| Careful validation of changes 05| Hire qualified personnel, training 18
THE SOLUTION: AUTOMATION • Make sure you have proper visibility and control 19
AUTOMATION • Avoid human error • business agility • Saves time even when human intervention is required • Full and accurate documentation 20
AUTOMATION – FIND RELEVANT SECURITY DEVICES 21
AUTOMATION – RISK CHECK CHANGE 22
AUTOMATION – PLAN CHANGE 23
AUTOMATION – PUSH CHANGE TO DEVICE 24
AUTOMATION – VALIDATE CHANGE 25
DETECT OUT-OF-BAND CHANGES 26 MonitorAlertVerify
AGENDA How to avoid misconfigurations? Automation, automation, automation 02 03 Taking it to the next level04 Understanding the problem: misconfigured network devices01 27
TAKING IT TO THE NEXT LEVEL Think in terms of: • Applications • Connectivity • Servers Think in terms of: • Firewall rules • Routing • IP Addresses • Subnets • Vulnerabilities SECURITY/NETWORKING Mind the gap! APPLICATION DELIVERY 28
TAKING IT TO THE NEXT LEVEL Miscommunication “Reverse engineering” Lack of visibility “Holes” in policy left behind How is this relevant to device misconfigurations? 29
BUSINESS-DRIVEN SECURITY MANAGEMENT 30
HOW DOES A BUSINESS-DRIVEN APPROACH HELP? Manage security policy changes “top down” • E.g. application decommissioning Consistency between policies No more “reverse engineering” of connectivity requirements Clear business context and impact analysis 31
PRO-ACTIVELY DETECT MISCONFIGURATIONS • Connectivity is there – but is it secure? 32
• Application tags automatically attached to all firewall rules • Know what you may break! BUSINESS CONTEXT (“BOTTOM UP”) 33
SUMMARY • Device misconfigurations create severe security and operational issues • Automation is key to prevent misconfigurations • A comprehensive, intelligent automation solution can ensure continuous operations and compliance • Business-driven approach enables taking control and holistically managing security policies 34
Connect with AlgoSec Where You Are Q&A 36 Send us your questions Request a Free Evaluation: marketing@algosec.com youtube.com/user/AlgoSec linkedin.com/company/AlgoSec facebook.com/AlgoSec twitter.com/AlgoSec www.AlgoSec.com/blog
THANK YOU! Contact us: marketing@algosec.com

More Related Content

DOCX
Prueba 2 2015
byDaniel Viveros Sepulveda
 
DOCX
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
byIT Tech
 
PDF
Packet Tracer Simulation Lab Layer3 Routing
byJohnson Liu
 
PDF
Deploy Failover/High Availability in ASA Firewall
byKHNOG
 
PDF
Algosec how to avoid business outages from misconfigured devices final
byMaytal Levi
 
DOCX
Configuracion EIGRP
byalexis marck Huiza Canchanya
 
TXT
Ipsec
byEddy Barzallo
 
PDF
보안위협 관리통제
byMunkyeonggu
 
Prueba 2 2015
byDaniel Viveros Sepulveda
 
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
byIT Tech
 
Packet Tracer Simulation Lab Layer3 Routing
byJohnson Liu
 
Deploy Failover/High Availability in ASA Firewall
byKHNOG
 
Algosec how to avoid business outages from misconfigured devices final
byMaytal Levi
 
Configuracion EIGRP
byalexis marck Huiza Canchanya
 
Ipsec
byEddy Barzallo
 
보안위협 관리통제
byMunkyeonggu
 

What's hot

PDF
Tri aoi training-supplementary_2011.01
byRalph Nguyen
 
PDF
Spoto updated new
byAmolDhoke3
 
PDF
Stu t17 a
bySelectedPresentations
 
PPTX
Policy Based Routing
byNetProtocol Xpert
 
PDF
Server room cable clean up Project
byGS CHO
 
DOCX
Cisco asa active,active failover configuration
byIT Tech
 
PDF
DMVPN Lab WorkBook
byRHC Technologies
 
PPTX
Basic BGP Configuration
byNetProtocol Xpert
 
PDF
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
byNaoto MATSUMOTO
 
PDF
PBR-LB - Direct Server Return Load Balancing using Policy Based Routing (MEMO)
byNaoto MATSUMOTO
 
PDF
IS-IS Routing Lab WorkBook
byRHC Technologies
 
DOCX
How to configure dhcp on a cisco asa 5505
byIT Tech
 
DOC
Eigrp on a cisco asa firewall configuration
by3Anetwork com
 
DOC
Seriales
byyexia
 
PDF
NEW! Sourcecut Industries Inc - Network Core Layout
byJeremy Jones
 
ODP
FreeLix: Semplicità & Controllo
byValerio Balbi
 
DOCX
Gns3moi
byKhỉ Lùn
 
DOC
Ejercicio 4 vtp
bySebastian Hevia
 
PDF
BSidesROC 2016 - Nick Piazza - Fault Tolerant Command and Control Networks
byBSidesROC
 
PDF
IPv6 Basics
byRHC Technologies
 
Tri aoi training-supplementary_2011.01
byRalph Nguyen
 
Spoto updated new
byAmolDhoke3
 
Stu t17 a
bySelectedPresentations
 
Policy Based Routing
byNetProtocol Xpert
 
Server room cable clean up Project
byGS CHO
 
Cisco asa active,active failover configuration
byIT Tech
 
DMVPN Lab WorkBook
byRHC Technologies
 
Basic BGP Configuration
byNetProtocol Xpert
 
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
byNaoto MATSUMOTO
 
PBR-LB - Direct Server Return Load Balancing using Policy Based Routing (MEMO)
byNaoto MATSUMOTO
 
IS-IS Routing Lab WorkBook
byRHC Technologies
 
How to configure dhcp on a cisco asa 5505
byIT Tech
 
Eigrp on a cisco asa firewall configuration
by3Anetwork com
 
Seriales
byyexia
 
NEW! Sourcecut Industries Inc - Network Core Layout
byJeremy Jones
 
FreeLix: Semplicità & Controllo
byValerio Balbi
 
Gns3moi
byKhỉ Lùn
 
Ejercicio 4 vtp
bySebastian Hevia
 
BSidesROC 2016 - Nick Piazza - Fault Tolerant Command and Control Networks
byBSidesROC
 
IPv6 Basics
byRHC Technologies
 

Similar to Cessation of Misconfigurations: Common Network Misconfiguration Risks & How to Avoid Them

PPTX
Openstack Quantum Security Groups Session
byDavid Lapsley
 
PDF
Unmasking the Subnet - Lookalike IP Ranges in Cloud Environments
byAsaf Aprozper
 
PPT
9534715
byPavel Odintsov
 
PPTX
ciplaasfqewfefewtwegndkvndsgjbsdz-dfafd.pptx
bykreshenka
 
PDF
Mcse 70293 Exam Prep Planning And Maintaining A Microsoft Windows Server 2003...
byiurrieprap
 
PPT
Basic dns-mod
byJames Wong
 
PDF
Simple Misconfiguration Equals Network Vulnerability!
byshira koper
 
PDF
The Art of Grey-Box Attack
byPrathan Phongthiproek
 
PDF
Cisco Equipment Security
byConferencias FIST
 
PDF
Financial institution security top it security risk
byRedspin, Inc.
 
PPTX
Vmug 2017 Guido Frabotti
byVMUG IT
 
PDF
PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian Pasternacki
byPROIDEA
 
PPT
Event Graphs - EUSecWest 2006
byRaffael Marty
 
PPT
Basic dns-mod
byTony Nguyen
 
PPT
Basic dns-mod
byLuis Goldster
 
PPT
Basic dns-mod
byDavid Hoen
 
PPT
Basic dns-mod
byYoung Alista
 
PPT
Basic dns-mod
byFraboni Ec
 
PPT
Basic dns-mod
byHarry Potter
 
PPTX
Linux routing and firewall for beginners
byn|u - The Open Security Community
 
Openstack Quantum Security Groups Session
byDavid Lapsley
 
Unmasking the Subnet - Lookalike IP Ranges in Cloud Environments
byAsaf Aprozper
 
9534715
byPavel Odintsov
 
ciplaasfqewfefewtwegndkvndsgjbsdz-dfafd.pptx
bykreshenka
 
Mcse 70293 Exam Prep Planning And Maintaining A Microsoft Windows Server 2003...
byiurrieprap
 
Basic dns-mod
byJames Wong
 
Simple Misconfiguration Equals Network Vulnerability!
byshira koper
 
The Art of Grey-Box Attack
byPrathan Phongthiproek
 
Cisco Equipment Security
byConferencias FIST
 
Financial institution security top it security risk
byRedspin, Inc.
 
Vmug 2017 Guido Frabotti
byVMUG IT
 
PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian Pasternacki
byPROIDEA
 
Event Graphs - EUSecWest 2006
byRaffael Marty
 
Basic dns-mod
byTony Nguyen
 
Basic dns-mod
byLuis Goldster
 
Basic dns-mod
byDavid Hoen
 
Basic dns-mod
byYoung Alista
 
Basic dns-mod
byFraboni Ec
 
Basic dns-mod
byHarry Potter
 
Linux routing and firewall for beginners
byn|u - The Open Security Community
 

More from AlgoSec

PDF
Microsegmentation from strategy to execution
byAlgoSec
 
PDF
2020 04-07 webinar slides -turning network security alerts into action change...
byAlgoSec
 
PDF
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
byAlgoSec
 
PDF
Compliance made easy. Pass your audits stress-free.
byAlgoSec
 
PDF
Radically reduce firewall rules with application-driven rule recertification
byAlgoSec
 
PPTX
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
byAlgoSec
 
PPTX
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
byAlgoSec
 
PDF
Cloud migrations made simpler safe secure and successful migrations
byAlgoSec
 
PPT
More Things You Can Do with the AlgoSec Security Policy Management Suite
byAlgoSec
 
PPTX
Put out audit security fires, pass audits -every time
byAlgoSec
 
PPTX
2019 02-20 micro-segmentation based network security strategies (yoni geva)
byAlgoSec
 
PDF
2021 01-27 reducing risk of ransomware webinar
byAlgoSec
 
PDF
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
byAlgoSec
 
PPTX
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
byAlgoSec
 
PDF
2021 01-13 reducing risk-of_ransomware
byAlgoSec
 
PDF
The state of the cloud csa survey webinar
byAlgoSec
 
PDF
best practices-managing_security_in_the hybrid cloud
byAlgoSec
 
PDF
Build and enforce defense in depth - an algo sec-cisco tetration webinar
byAlgoSec
 
PPTX
2019 08-13 selecting the right security policy management solution
byAlgoSec
 
PDF
compliance made easy. pass your audits stress-free webinar
byAlgoSec
 
Microsegmentation from strategy to execution
byAlgoSec
 
2020 04-07 webinar slides -turning network security alerts into action change...
byAlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
byAlgoSec
 
Compliance made easy. Pass your audits stress-free.
byAlgoSec
 
Radically reduce firewall rules with application-driven rule recertification
byAlgoSec
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
byAlgoSec
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
byAlgoSec
 
Cloud migrations made simpler safe secure and successful migrations
byAlgoSec
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
byAlgoSec
 
Put out audit security fires, pass audits -every time
byAlgoSec
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
byAlgoSec
 
2021 01-27 reducing risk of ransomware webinar
byAlgoSec
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
byAlgoSec
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
byAlgoSec
 
2021 01-13 reducing risk-of_ransomware
byAlgoSec
 
The state of the cloud csa survey webinar
byAlgoSec
 
best practices-managing_security_in_the hybrid cloud
byAlgoSec
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
byAlgoSec
 
2019 08-13 selecting the right security policy management solution
byAlgoSec
 
compliance made easy. pass your audits stress-free webinar
byAlgoSec
 

Recently uploaded

PDF
Lab 4.4 More Cloud Logging and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Lab 4.1 Cloud IAM - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Lab 5.1 Architecture + Threat Modeling Exercise - 2nd Sight Lab Cloud Securit...
by2nd Sight Lab
 
PDF
Lab 4.3 Automated security scans with Jenkins - 2nd Sight Lab Cloud Security ...
by2nd Sight Lab
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
DMVPN Tunnels to multi sites in networks
byMahboabAliGhalib
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
Raman Bhaumik - A Junior Software Developer
byRaman Bhaumik
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PPTX
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Lab 4.4 More Cloud Logging and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Lab 4.1 Cloud IAM - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Lab 5.1 Architecture + Threat Modeling Exercise - 2nd Sight Lab Cloud Securit...
by2nd Sight Lab
 
Lab 4.3 Automated security scans with Jenkins - 2nd Sight Lab Cloud Security ...
by2nd Sight Lab
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
DMVPN Tunnels to multi sites in networks
byMahboabAliGhalib
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
Raman Bhaumik - A Junior Software Developer
byRaman Bhaumik
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 

Cessation of Misconfigurations: Common Network Misconfiguration Risks & How to Avoid Them

  • 1.
    CESSATION OF MISCONFIGURATIONS: COMMONNETWORK MISCONFIGURATION RISKS & HOW TO AVOID THEM! Avivi Siman-Tov Director, Product Management
  • 2.
    WELCOME Have a question?Submit it via the chat tab or email us: This webinar is being recorded! The recording will be emailed to you after the webinar And the slides will be available in the attachments tab Follow AlgoSec online ! 2 marketing@algosec.com
  • 3.
    Taking it tothe next level Automation, automation, automation! How to avoid misconfigurations? AGENDA Understanding the problem: misconfigured network devices
  • 4.
    THE BALANCING ACT Security Business Continuity PreventCyber Attacks Firewall Breaches Enable Business Applications Data Center Automation 4
  • 5.
    SECURITY Security Prevent Cyber Attacks FirewallBreaches 5% Vulnerabilities 95% Misconfiguration 5
  • 6.
    THE BALANCING ACT Business Continuity EnableBusiness Applications Data Center Automation Resource Time to Provision Server Storage Security Minutes Minutes Days/Weeks 6
  • 7.
    HOW CAN ADEVICE BE MISCONFIGURED? 100.77.28.98 Database Servers on 100.77.28.32 network 7
  • 8.
    HOW CAN ADEVICE BE MISCONFIGURED? access-list dmz2_acl permit tcp 100.77.28.64 255.255.255.224 64.46.252.0 255.255.255.0 eq 1400 access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.4 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.5 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.193.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.194.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.4 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.5 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host WEBSRV 100.77.28.32 255.255.255.240 neq 1433 access-list dmz2_acl permit tcp 64.46.193.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.194.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.64 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.96 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.32 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.193.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.194.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.64 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.96 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.32 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.193.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.194.0 255.255.255.0 range 1900 1901 ……………………………… 8
  • 9.
    HOW CAN ADEVICE BE MISCONFIGURED? access-list dmz2_acl permit tcp 100.77.28.64 255.255.255.224 64.46.252.0 255.255.255.0 eq 1400 access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.4 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.5 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.193.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.194.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.4 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.5 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host WEBSRV 100.77.28.32 255.255.255.240 neq 1433 access-list dmz2_acl permit tcp 64.46.193.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.194.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.64 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.96 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.32 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.193.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.194.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.64 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.96 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.32 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.193.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.194.0 255.255.255.0 range 1900 1901 ……………………………… 9
  • 10.
    HOW CAN ADEVICE BE MISCONFIGURED? access-list dmz2_acl permit tcp 100.77.28.64 255.255.255.224 64.46.252.0 255.255.255.0 eq 1400 access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.4 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp host 100.77.28.5 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.193.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.194.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 100.77.28.96 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.4 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.5 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host 100.77.28.9 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp host WEBSRV 100.77.28.32 255.255.255.240 neq1433 access-list dmz2_acl permit tcp 64.46.193.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.194.0 255.255.255.224 64.46.252.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.64 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.96 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.32 255.255.255.224 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.193.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.194.0 255.255.255.0 range 1600 1601 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.64 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.96 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 100.77.28.32 255.255.255.224 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.193.0 255.255.255.0 range 1900 1901 access-list dmz2_acl permit tcp 64.46.252.0 255.255.255.0 64.46.194.0 255.255.255.0 range 1900 1901 ……………………………… 10
  • 11.
    MISCONFIGURED EXAMPLE –THE IMPACT • The web server can not access the database on port 1433… • The web server can access ANY OTHER SERVICE on that network!! FTP, Active Directory, File Sharing, SSH, RPC, etc. • over 65,000+ ports are available • One simple “n” out of place! neq 11
  • 12.
    IT’S THE SAMEIN THE CLOUD 12
  • 13.
    IT’S THE SAMEIN THE CLOUD 13 Traffic does not go through the firewall!
  • 14.
    IT’S THE SAMEIN THE CLOUD 14
  • 15.
    IT’S THE SAMEIN THE CLOUD Application connectivity Security – Application is vulnerable • One simple routing mistake on AWS VPC configuration 15
  • 16.
    CLEAN-UP GONE BAD …Unfortunatelyone of the removed rules was in use by a critical application. Service was down for a significant amount of time before the mistake was found and resolved.” - Network Security Manager, Large Enterprise “We performed a periodic policy clean-up and removed multiple unused rules in preparations for an audit. 16
  • 17.
    AGENDA How to avoidmisconfigurations? Automation, automation, automation 02 03 Taking it to the next level04 Understanding the problem: misconfigured network devices01 17
  • 18.
    HOW TO AVOIDMISCONFIGURATIONS Resource intensive | Not scaable >>> SLOWS DOWN BUSINESS Automation, Automation, Automation 01| Separation of duties, permission enforcement 02| Strict process, mandatory approval steps 03| Peer review 04| Careful validation of changes 05| Hire qualified personnel, training 18
  • 19.
    THE SOLUTION: AUTOMATION •Make sure you have proper visibility and control 19
  • 20.
    AUTOMATION • Avoid humanerror • business agility • Saves time even when human intervention is required • Full and accurate documentation 20
  • 21.
    AUTOMATION – FINDRELEVANT SECURITY DEVICES 21
  • 22.
    AUTOMATION – RISKCHECK CHANGE 22
  • 23.
  • 24.
    AUTOMATION – PUSHCHANGE TO DEVICE 24
  • 25.
  • 26.
  • 27.
    AGENDA How to avoidmisconfigurations? Automation, automation, automation 02 03 Taking it to the next level04 Understanding the problem: misconfigured network devices01 27
  • 28.
    TAKING IT TOTHE NEXT LEVEL Think in terms of: • Applications • Connectivity • Servers Think in terms of: • Firewall rules • Routing • IP Addresses • Subnets • Vulnerabilities SECURITY/NETWORKING Mind the gap! APPLICATION DELIVERY 28
  • 29.
    TAKING IT TOTHE NEXT LEVEL Miscommunication “Reverse engineering” Lack of visibility “Holes” in policy left behind How is this relevant to device misconfigurations? 29
  • 30.
  • 31.
    HOW DOES ABUSINESS-DRIVEN APPROACH HELP? Manage security policy changes “top down” • E.g. application decommissioning Consistency between policies No more “reverse engineering” of connectivity requirements Clear business context and impact analysis 31
  • 32.
    PRO-ACTIVELY DETECT MISCONFIGURATIONS •Connectivity is there – but is it secure? 32
  • 33.
    • Application tagsautomatically attached to all firewall rules • Know what you may break! BUSINESS CONTEXT (“BOTTOM UP”) 33
  • 34.
    SUMMARY • Device misconfigurationscreate severe security and operational issues • Automation is key to prevent misconfigurations • A comprehensive, intelligent automation solution can ensure continuous operations and compliance • Business-driven approach enables taking control and holistically managing security policies 34
  • 35.
    Connect with AlgoSec WhereYou Are Q&A 36 Send us your questions Request a Free Evaluation: marketing@algosec.com youtube.com/user/AlgoSec linkedin.com/company/AlgoSec facebook.com/AlgoSec twitter.com/AlgoSec www.AlgoSec.com/blog
  • 36.
    THANK YOU! Contact us:marketing@algosec.com

Editor's Notes

  • #4 Welcome everyone and thank you for joining. In Today’s session we will talk about various misconfigurations to network devices and the potential destructive impact they cause Later, we will discuss best practices and recommended approaches on how to avoid such misconfigurations.
  • #5 People who own security in any organization needs to carry the delicate balancing act between: protecting the company’s assets and Enabling business continuity. It’s hard: A mistake in security configuration can not only compromise the organization to outside threats but can also cause a downtime to a critical applications which can cost millions.
  • #6 Few recent examples demonstrate how a simple misconfiguration in AWS S3 storage - resulted in an attack Just last month, Capital One was hurt by one hacker who managed to took data from more than 30 companies Nobody wants to be the next headline
  • #7 Other examples can show how a misconfiguration can bring your business down: United Airlines had a router misconfigure resulting in hundreds of flights grounded With DevOps trend today the business is also expecting security to be agile: So, if we have less time to evaluate the security change (which traditionally took days/weeks), the risk of making mistakes gets higher. So, why does it happen? Let’s have a closer look on few examples:
  • #8 In this example we have a small network where traffic is filtered using a Cisco ASA FW. Let’s say my job is to allow access from a new application/web server (100.77.28.98) to the DB. Sounds like a pretty simple task right? All I have to do is open the command line and update the access list…. Let do so:
  • #9 As you can see, this is not the only line in the firewall configuration….. In many cases there could be thousands of entries in the ACL of the firewall or router. I added the line and guess what…. It does not work…. Let’s try to see why…….
  • #10 The highlighted line is the one I added….
  • #11 Taking a closer look you will see that we have the NEQ  not equals to the DB port. This can be a small typo or a big disaster….
  • #12 The impact; It does not work: the application server tried to connect to the DB on port 1433 and it was not working…. Imagine the frustration on the other side (developer / project ) who needs this to be working….. 2. From the security perspective every other port can access the DB……. What I am trying to emphasis here is that: A . These things can happen B. When it does happen, its is not always trivial to find the source of the problem. At this point, you might think that this is a simple example, a legacy setup…. And in today’s world, anything is better in the cloud…. Is it?
  • #13 In this example, I have my Amazon cloud where we are looking into a specific VPC In orange, I have an internet gateway providing access to my applications and data And I also have a checkpoint FW, filtering the traffic to the internal zones.
  • #14 To make sure things are configured right, I choose to use my AlgoSec system to run a network simulation query to test: how traffic from the internet (8.8.8.8) goes to one of my data servers (172.31.18.240) [Click] And guess what…. Traffic goes directly without any filtering… Now, I try to understand why this is happening
  • #15 On AWS console I see the routing definitions for my data network, The default GW (the default route here) goes to the internet GW and not to the FW. Since AWS routing is symmetric it also means that traffic from the outside (from the internet) is allowed to my data NW…. The results of this mistake: [CLICK]
  • #16 Application connectivity works fine (nobody complaints about a thing) And it is hard to notice that the application is now vulnerable Firewall policy is set, and we *think* it’s securing application servers Incoming traffic from the internet goes directly to the servers, and is not filtered by the Check Point virtual firewall Everything is open This is similar to the S3 storage incidents I mentioned….. Where the application was working and nobody noticed until it was too late
  • #17 One last example – something we heard about (in a large enterprise company) A routine policy cleanup resulted in a downtime to a critical application And that is because somebody removed a rule that was in use. Again, like in the other examples, it is really hard to find the root cause. By now I assume that most of you can relate to some of the examples…
  • #18 Now that we understand that bad things can happen and this can be our fault, let’s see what we can do about it:
  • #19 There are many approaches I am sure you already using today: Some has to do with methodology: like separation of duties and peer review Some with processes and some with getting the right people onboard But as you know, these are resource intensive and takes time - which can slow our business The solution that can address these challenges is of course Automation!
  • #20 The reasons are simple: Automation is fast and scalable since its done by machines. Its easier to scale with CPU, than with people…. But most important Automation can be accurate, reliable and auditable. We know, there is a concern about automation [CLICK] Paul R. Erlich said: “ To err is human, but to really foul things up you need a computer”…. So we need to remember [CLICK] that whenever we introduce automation to the process, we need to make sure we have the proper viability and control.
  • #21 Let’s see what are the benefits of using automation in our network security: Avoid typos and human error Enables zero-touch changes within minutes – business agility Saves time even when human intervention is required Full and accurate documentation (That allows audit and undo change) What are the steps we can actual automate: [NEXT SLIDE]
  • #22 Find which security devices are in the path, and are currently blocking the requested traffic Firewall policies, Router ACLs, SDN segmentation, cloud security groups
  • #23 Define ‘allowed connectivity’ between zones Whatever is not pre-approved – should raise a risk
  • #24 Vendor-specific decisions – choose policy, zones, ACLs, objects Implement in an optimal way (avoid rule/object duplications)
  • #25 Push change to device management (via APIs) or directly to the device (CLI)
  • #26 Verify change was implemented successfully and requested traffic is now allowed
  • #27 Verify all changes go through the process! Alert in the event of out-of-band changes Monitor the entire security infrastructure Alert in case of non-compliant configuration
  • #28 It is clear that automation is key to avoid misconfiguration. Now, let’s talk about how we can take it to the next level: [CLICK]
  • #29 Up until now, we have been talking about the security…. Networking…. Firewalls rules…. ACLs…. and other network components / terms And, although its important, we need to remember that these elements exists mainly to serve the business needs  actually, the business applications. So while we focus on the network elements, we need to pay attention to the knowledge gap we have on the right side…. But, how is this relevant to our topic?
  • #30 Let me try to explain: This gap can be a good reason for misconfiguration. Why? Because: Misconfiguration are not always typos, they can be a result of miscommunication: The application team asked something which was interpreted and implemented not as required…. Sometimes, the Application teams don’t care about security…. This may cause security engineers to feel like they have to do “Reverse engineering” to the connectivity requirements so they can understand what is really needed…. On the other side, Lack of visibility to business needs can have a bad impact like in the cases of: Cleanup / Security incidents / Maintenance Imagine someone cleaning a rule that is used by a critical application That can even bring to “Holes” in policy left behind
  • #31 AlgoSec can help you to bridge the gap between the network and the business. We call it: “Business-driven security management” And…it is based on: Application connectivity described in abstract terms and…. A Smart engine that translates it to network infrastructure actions
  • #36 Resources: Network Security Policy Management Lifecycle Whitepaper Network Security Policy Management Across The Next Generation Data Center Professor Wool Course Webinar Slides LinkedIn Links
  • #37 Seed Questions Seed1 : What about other misconfigurations such as routing or VPN tunnels? Seed2: How are the firewall rules being tagged with relevant applications they support? Seed3: What cloud environments do you support? Seed 4: do you have tips for auditing the group that manages your enterprises' cloud envt?
  • #38 And, before we part – AlgoSummit and Upcoming webinars
  • #39 And, before we part – AlgoSummit