Uploaded byAlgoSec
Segmenting your Network for Security - The Good, the Bad and the Ugly
The document discusses the importance of network segmentation for enhancing security against potential attacks, highlighting expert insights from Mark Wolfgang of Shorebreak Security. It outlines various methods of segmentation, common mistakes organizations make, and the steps needed to effectively implement segmentation in a business context. The need for a comprehensive understanding of assets, personnel, and their access requirements is emphasized as crucial for reducing risks and improving network security.
Technologyā¦
More Related Content
Similar to Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the Ugly
- 1. Segmenting your Networkfor Security The Good, The Bad and the Ugly
- 2. Our Speakers 2 Mark Wolfgang President ShorebreakSecurity Nimmy Reichenberg VP Strategy AlgoSec
- 3.
- 4. "Getting from aprocurement portal to a cardholder data environment is a long road" āOnly highly skilled hackers could find a way around such network segmentationā āā¦ If Target gave the vendor too much access to the network the blame lies firmly with Targetā¦ā
- 5.
- 6. Mark Wolfgang, CISSP,RHCE ā¢ President/CEO Shorebreak Security ā¢ 14+ years experience in security testing ā¢ Co-author of two Information Security books ā both on penetration testing ā¢ Author of other whitepapers and published articles on Information Security/pen testing ā¢ 8 years in the U.S. Navy
- 7. About Shorebreak Security ā¢Veteran-owned small business ā¢ Boutique firm, specializing in Information Security Testing ā Penetration Testing ā Vulnerability Assessments ā Risk Assessments ā¢ Based in Cocoa Beach, Florida āWe donāt want to be the biggest, we just want to be the bestā
- 8. Our Security Engineers āMost have over 15 years of IT experience ā With at least 8 years of Information Security experience, and most of that doing penetration testing ā Most have TS/SCI clearances ā Most are CISSPs, with a host of other certifications ā Many are published authors and experienced speakers
- 9. What is PenetrationTesting? ā¢ Security Testing ā¢ An accurate determination of risk to your networks and systems are by emulating various threat agents and testing people, processes, and technology ā¢ A methodology, not the use of one or two (or 10) security tools ā¢ Emulation of threats varying from the script kiddie to more sophisticated and persistent attackers
- 10. What is NetworkSegmentation? ā¢ Classifying and isolating ā IT assets ā Data ā Personnel ā¢ Whereās the money Lebowski?
- 11.
- 15. How Attackers Work ā¢Initial entry point (access) ā¢ Gather and analyze information ā¢ Leverage and expand access
- 16. Example Attack āāOwnedā a Large City ā¢ Conducted a full-scope assessment of a large U.S. municipality ā¢ Obtained access and full control of the building access system ā Any door in the city with a prox card reader, including: ā Police gun locker ā Police evidence locker ā Police Narcotics vault ā Police holding cell ā Mayorās office ā Server rooms etc ā¢ Obtained access and full control of CCTV and guard workstations ā¢ Obtained access and full control of a Windows DC ā¢ ALL FROM THE PUBLIC WIRELESS NETWORK!
- 17. Example Attack āLarge City ā¢ Initial entry point (access) ā null sa password ā¢ Gather and analyze information ā dumped and cracked local Windows passwords. Scanned network and compiled a target list. ā¢ Leverage and expand access ā used cracked password on ALL other Windows systems. Gained access to hundreds. ā¢ Same password was used on guard workstations, CCTV, badge & building access control server etc
- 18. Why? ā¢ Could Ieven see the critical computers? ā¢ Could I attempt to logon? ā¢ Werenāt they invisible?
- 19. Lack of propernetwork segmentation! Almost always a finding and a root cause on our pen tests.
- 20. Common Segmentation Mistakes ā¢Not segmenting at all ā¢ Not segmenting enough ā¢ Over-segmenting
- 21. How to Segmentfor Security ā¢ Understand your business or organizational drivers ā¢ How does revenue enter the business stream? ā¢ Which IT assets, data, and personnel are critical to ensure continuity of business or mission?
- 22. Planning for Segmentation ā¢Group and inventory assets, personnel, data ā¢ Example for assets: ā Windows servers ā Infrastructure (routers, switches, VPNS, VOIP) ā Security (IDS, firewalls, web filter, scanners) ā Financial/HR servers (Oracle, SAP, Peoplesoft, SAS)
- 23. Planning for Segmentation ā¢Group and inventory assets, personnel, data ā¢ Example for personnel: ā Windows server admins ā Windows workstation admins ā Unix admins ā Security admins ā Network admins ā HR Dept ā Executive management
- 24. Determine level ofaccess based on business need. E.g. Who has a business need to: ā¢ Administer the routers, switches, VOIP phones etc? ā¢ Access the HR, Financials and other admin-related systems? ā¢ Access the security cameras? ā¢ Administer the *nix servers No business need ā No access!
- 25. Implementing Segmentation ā¢ Startsomewhere ā maybe with a network admin segment ā¢ Setup VLAN named, network-admins (for their workstations) and network-devices (for routers & switches) ā¢ Log all traffic between segments ā traffic analysis ā¢ Start blocking with ultimate goal of default deny ā¢ Make sure you have the controls to make sure segmentation is enforced
- 26. Successful Segmentation ā¢ Reducesrisk ā shuts down attackers ā¢ Is a part of defense-in-depth ā¢ Provides the foundation for a secure network ā¢ Is not easy, nor is it quick ā¢ As (or more) important than patching
- 28. Defining and Enforcing NetworkSegmentation Confidentia l 28
- 29.
- 30. Firewall Breaches DataCenter Automation 5% Vulnerabilities 95% Misconfiguration The Security Management Balancing Act Confidential 30 Security Agility Prevent Cyber Attacks Enable Business Applications Resource Time to Provision Server Minutes Storage Minutes Security Access Days/Weeks
- 31. Security Management Challenges Confidential31 Complexity ā¢ 1000s of security access rules ā¢ Highly-connected business critical applications Change ā¢ Data center consolidation, network re-architecting ā¢ Application connectivity requirements ā¢ New security devices Compliance ā¢ Complex regulations, industry standards and internal mandates ā¢ Time-consuming audits Collaboration ā¢ Business owners think in terms of applications ā¢ Networking teams think in terms of IPs and servers ā¢ Security teams think in terms of IT Risk Challenges
- 32. Firewall Analyzer Security Policy Analysis &Audit FireFlow Security Policy Change Automation BusinessFlow Business Application Connectivity Mgmt Business Applications Security Infrastructure The AlgoSec Suite 32 Application Owners AlgoSec Security Management Suite SecurityNetwork Operations
- 33.
- 34.
- 35. Connect with AlgoSecon: www.AlgoSec.com Managing Security at the Speed of Business
Editor's Notes
- #11Ā DMZ example
- #12Ā DMZ example
- #13Ā DMZ example
- #31Ā More than ever, organizations today need to balance between security and business agility. The first reason we deploy security infrastructure such as firewalls, routers, secure web gateways etc. is to protect the business against cyber attacks. But with todayās complexity, advanced threats and new technologies, it is a real challenge to manage the security policy. According to Gartner 95% of firewall breaches are a result of misconfiguration, not firewall flaws. But firewalls have a second, and arguably more important objective ā enabling connectivity for your business applications. (After all, most firewall are rules are not BLOCK rules, they are ALLOW rules). Modern datacenters are highly automated, and IT teams can provision a new server or database in minutes with just a few mouse clicks, sometimes this is a fully automated process which requires no human intervention. However, provisioning security for the application (I.e. ensuring all the ports and connectivity paths are enabled) is still a very manual and lengthy process that slows down the business. Security team often needs days and even weeks to identify what firewalls to change, and design and push-out the change in a secure and efficient manner.
- #32Ā Let us examine the 4 challenges that make security management so challenging (The 4 āCās) Complexity ā over time, firewalls accumulate thousands of rules and objects (many of which are poorly documented, go unused and/or risky). Todayās modern business applications are also complex, consisting of several servers (application servers, middleware, databases) and complex connectivity requirements. This complexity creates both business disruption and security implications. Change ā the security policy is ever-changing: network changes are frequent, resulting for example from consolidating data centers or migrating applications to the cloud, all requiring changes in firewalls and routers which may impact application availability. Applications change frequently as well, and newer versions often need new connectivity. New security devices (E.g. next-gen firewalls) are being introduced which require even more changes) Communication ā there are different teams that need collaborate to make security management work ā risk teams, network teams and application owners. But these teams are usually siloed and donāt have good processes defined to work together. Furthermore, they speak in different languages, causing translation gaps. For example, the application team does not how to communicate requirements in terms the security team can implement, and the security team often defines a policy that the network team does not know how (or care) to enforce. Compliance ā everything you do from a security perspective has to comply with external regulations and internal mandates. Frequent audits take a lot of time, leaving less time for strategic initiatives.
- #33Ā The AlgoSec Suite is made up of 3 separate yet tightly integrated products. BusinessFlow provides an application-centric approach to managing the security policy. It discovers and maintains visibility of application connectivity requirements so you can Process connectivity changes for applications faster and more accurately Securely remove access for decommissioned applications Understand the impact your network security infrastructure has on business applications, and vice-versa BusinessFlow automatically translates vague application connectivity needs into concrete firewall rules that the network teams can implement. Application owners can request connectivity in their language (E.g. connect the webserver to the database) and BusinessFlow discovers what (if any) devices and rules needs to change. Firewall Analyzer connects and understands your security infrastructure, including firewalls from all the leading vendors, routers, switches and web proxies. Firewall Analyzer pulls configurations from these devices and gives you complete visibility and control of your policy to automate and streamline daily firewall operations such as ā Troubleshooting (E.g. Which firewall(s) and rule(s) are blocking traffic from point A to point B) Auditing Baseline configuration compliance Risky rule analysis and much more The third and final component of the suite is FireFlow, which automates the security change process. FireFlow adds network and firewall intelligence to the change process, and complements ticketing systems such as Remedy and ServiceNow, so you can process changes 2x-4x faster and with greater accuracy. Capabilities include automatically discovering devices and rules that need to change and automatically closing changes which āalready workā ā as many as 30% of requests! Optimal design of new rules and object minimize policy clutter, and automatic validation of correct implementation eliminates re-opening of tickets. FireFlow also guarantees continuous compliance by proactively simulating and checking every change before it is implements. With this approach, organizations ensure they are compliant at all times and do not have to resort to periodic āhouse cleaningā projects in time for an audit.