SlideShare une entreprise Scribd logo
1  sur  35
Segmenting your Network for Security
The Good, The Bad and the Ugly
Our Speakers
2
Mark Wolfgang
President
Shorebreak Security
Nimmy Reichenberg
VP Strategy
AlgoSec
seg·men·ta·tion
"Getting from a procurement portal to a
cardholder data environment is a long road"
“Only highly skilled hackers could find a way
around such network segmentation”
“… If Target gave the vendor too much access
to the network the blame lies firmly with
Target…”
5
Poll
Mark Wolfgang, CISSP, RHCE
• President/CEO Shorebreak Security
• 14+ years experience in security testing
• Co-author of two Information Security books –
both on penetration testing
• Author of other whitepapers and published articles
on Information Security/pen testing
• 8 years in the U.S. Navy
About Shorebreak Security
• Veteran-owned small business
• Boutique firm, specializing in Information Security Testing
– Penetration Testing
– Vulnerability Assessments
– Risk Assessments
• Based in Cocoa Beach, Florida
“We don’t want to be the biggest, we just want to be the best”
Our Security Engineers
– Most have over 15 years of IT experience
– With at least 8 years of Information Security
experience, and most of that doing penetration
testing
– Most have TS/SCI clearances
– Most are CISSPs, with a host of other certifications
– Many are published authors and experienced
speakers
What is Penetration Testing?
• Security Testing
• An accurate determination of risk to your networks and
systems are by emulating various threat agents and
testing people, processes, and technology
• A methodology, not the use of one or two (or 10)
security tools
• Emulation of threats varying from the script kiddie to
more sophisticated and persistent attackers
What is Network Segmentation?
• Classifying and isolating
– IT assets
– Data
– Personnel
• Where’s the money Lebowski?
We Understand Basic
Segmentation
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the Ugly
How Attackers Work
• Initial entry point (access)
• Gather and analyze information
• Leverage and expand access
Example Attack – “Owned” a Large City
• Conducted a full-scope assessment of a large U.S. municipality
• Obtained access and full control of the building access system
– Any door in the city with a prox card reader, including:
– Police gun locker
– Police evidence locker
– Police Narcotics vault
– Police holding cell
– Mayor’s office
– Server rooms etc
• Obtained access and full control of CCTV and guard workstations
• Obtained access and full control of a Windows DC
• ALL FROM THE PUBLIC WIRELESS NETWORK!
Example Attack – Large City
• Initial entry point (access) – null sa password
• Gather and analyze information – dumped and cracked
local Windows passwords. Scanned network and
compiled a target list.
• Leverage and expand access – used cracked password
on ALL other Windows systems. Gained access to
hundreds.
• Same password was used on guard workstations, CCTV,
badge & building access control server etc
Why?
• Could I even see the critical computers?
• Could I attempt to logon?
• Weren’t they invisible?
Lack of proper network
segmentation!
Almost always a finding and a root cause on
our pen tests.
Common Segmentation Mistakes
• Not segmenting at all
• Not segmenting enough
• Over-segmenting
How to Segment for Security
• Understand your business or organizational drivers
• How does revenue enter the business stream?
• Which IT assets, data, and personnel are critical to
ensure continuity of business or mission?
Planning for Segmentation
• Group and inventory assets, personnel, data
• Example for assets:
– Windows servers
– Infrastructure (routers, switches, VPNS, VOIP)
– Security (IDS, firewalls, web filter, scanners)
– Financial/HR servers (Oracle, SAP, Peoplesoft, SAS)
Planning for Segmentation
• Group and inventory assets, personnel, data
• Example for personnel:
– Windows server admins
– Windows workstation admins
– Unix admins
– Security admins
– Network admins
– HR Dept
– Executive management
Determine level of access based on business
need.
E.g. Who has a business need to:
• Administer the routers, switches, VOIP phones etc?
• Access the HR, Financials and other admin-related systems?
• Access the security cameras?
• Administer the *nix servers
No business need – No access!
Implementing Segmentation
• Start somewhere – maybe with a network admin
segment
• Setup VLAN named, network-admins (for their
workstations) and network-devices (for routers &
switches)
• Log all traffic between segments – traffic analysis
• Start blocking with ultimate goal of default deny
• Make sure you have the controls to make sure
segmentation is enforced
Successful Segmentation
• Reduces risk – shuts down attackers
• Is a part of defense-in-depth
• Provides the foundation for a secure network
• Is not easy, nor is it quick
• As (or more) important than patching
Segmenting your Network for Security - The Good, the Bad and the Ugly
Defining and Enforcing
Network Segmentation
Confidentia
l
28
29
Poll
Firewall Breaches Data Center Automation
5% Vulnerabilities
95% Misconfiguration
The Security Management Balancing Act
Confidential 30
Security
Agility
Prevent Cyber
Attacks
Enable Business
Applications
Resource Time to
Provision
Server Minutes
Storage Minutes
Security
Access Days/Weeks
Security Management Challenges
Confidential 31
Complexity
• 1000s of security access rules
• Highly-connected business
critical applications
Change
• Data center consolidation,
network re-architecting
• Application connectivity
requirements
• New security devices
Compliance
• Complex regulations, industry
standards and internal
mandates
• Time-consuming audits
Collaboration
• Business owners think in
terms of applications
• Networking teams think in
terms of IPs and servers
• Security teams think in terms
of IT Risk
Challenges
Firewall
Analyzer
Security Policy
Analysis & Audit
FireFlow
Security Policy
Change Automation
BusinessFlow
Business Application
Connectivity Mgmt
Business
Applications
Security
Infrastructure
The AlgoSec Suite
32
Application Owners
AlgoSec Security Management Suite
SecurityNetwork Operations
Demonstration
Confidentia
l
33
Q&A
34
Mark Wolfgang
mark@shorebreaksecurity.com
Nimmy Reichenberg
nimrod.reichenberg@algosec.com
Recommended Resources
on AlgoSec.com
Connect with AlgoSec on:
www.AlgoSec.com
Managing Security at the Speed of Business

Contenu connexe

Tendances

Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfKlausSchwegler
 
FortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxFortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxNajahIdrissiMoulayRa
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN Ashutosh Kaushik
 
SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?Haris Chughtai
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSLarry Austin
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
security-service-edge-for-dummies (1).pdf
security-service-edge-for-dummies (1).pdfsecurity-service-edge-for-dummies (1).pdf
security-service-edge-for-dummies (1).pdfmanojc52
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and SolutionsUlf Mattsson
 

Tendances (20)

Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
 
FortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxFortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptx
 
Basic network training2
Basic network training2Basic network training2
Basic network training2
 
Fortinet
FortinetFortinet
Fortinet
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN
 
SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?
 
SD-WAN
SD-WANSD-WAN
SD-WAN
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate Training
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPS
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 
security-service-edge-for-dummies (1).pdf
security-service-edge-for-dummies (1).pdfsecurity-service-edge-for-dummies (1).pdf
security-service-edge-for-dummies (1).pdf
 
A Software Defined WAN Architecture
A Software Defined WAN ArchitectureA Software Defined WAN Architecture
A Software Defined WAN Architecture
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
Fortigate class1
Fortigate class1Fortigate class1
Fortigate class1
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and Solutions
 

En vedette

Top 10 it security architect interview questions and answers
Top 10 it security architect interview questions and answersTop 10 it security architect interview questions and answers
Top 10 it security architect interview questions and answersmikeforbush3
 
Mobile Security & Analytics: What Works and What Doesn't
Mobile Security & Analytics: What Works and What Doesn'tMobile Security & Analytics: What Works and What Doesn't
Mobile Security & Analytics: What Works and What Doesn'tSkycure
 
Learn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiencyLearn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiencyAdi Gazit Blecher
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesAlgoSec
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAlgoSec
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkAlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigationTying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Maytal Levi
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarMaytal Levi
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentAlgoSec
 
Taking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesTaking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesAlgoSec
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...Adi Gazit Blecher
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management  a technical perspec...A business driven approach to security policy management  a technical perspec...
A business driven approach to security policy management a technical perspec...AlgoSec
 

En vedette (20)

Networking Technologies : Segmentation
Networking Technologies : Segmentation Networking Technologies : Segmentation
Networking Technologies : Segmentation
 
Tomorrow will be better than today...
Tomorrow will be better than today...Tomorrow will be better than today...
Tomorrow will be better than today...
 
Top 10 it security architect interview questions and answers
Top 10 it security architect interview questions and answersTop 10 it security architect interview questions and answers
Top 10 it security architect interview questions and answers
 
Mobile Security & Analytics: What Works and What Doesn't
Mobile Security & Analytics: What Works and What Doesn'tMobile Security & Analytics: What Works and What Doesn't
Mobile Security & Analytics: What Works and What Doesn't
 
Pci dss v2
Pci dss v2Pci dss v2
Pci dss v2
 
Learn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiencyLearn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiency
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
Shift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy ChangesShift Happens: Eliminating the Risks of Network Security Policy Changes
Shift Happens: Eliminating the Risks of Network Security Policy Changes
 
AWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’tsAWS Security Fundamentals: Dos and Don’ts
AWS Security Fundamentals: Dos and Don’ts
 
Dos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your NetworkDos and Don’ts for Managing External Connectivity to/from Your Network
Dos and Don’ts for Managing External Connectivity to/from Your Network
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigationTying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinarCisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
 
Taking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changesTaking the fire drill out of making firewall changes
Taking the fire drill out of making firewall changes
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the Curve
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
 
Snort
SnortSnort
Snort
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
A business driven approach to security policy management a technical perspec...
A business driven approach to security policy management  a technical perspec...A business driven approach to security policy management  a technical perspec...
A business driven approach to security policy management a technical perspec...
 

Similaire à Segmenting your Network for Security - The Good, the Bad and the Ugly

intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?PECB
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale
 
Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data CenterLancope, Inc.
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
Dncybersecurity
DncybersecurityDncybersecurity
DncybersecurityAnne Starr
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assPROIDEA
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopPriyanka Aash
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 

Similaire à Segmenting your Network for Security - The Good, the Bad and the Ugly (20)

intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
 
Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data Center
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 

Plus de AlgoSec

best practices-managing_security_in_the hybrid cloud
 best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloudAlgoSec
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarAlgoSec
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinarAlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinarAlgoSec
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.AlgoSec
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomwareAlgoSec
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler   safe secure and successful migrationsCloud migrations made simpler   safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsAlgoSec
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to executionAlgoSec
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarAlgoSec
 
Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationAlgoSec
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...AlgoSec
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...AlgoSec
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...AlgoSec
 
Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time AlgoSec
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementAlgoSec
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solutionAlgoSec
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar finalAlgoSec
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarAlgoSec
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)AlgoSec
 

Plus de AlgoSec (20)

best practices-managing_security_in_the hybrid cloud
 best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinar
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler   safe secure and successful migrationsCloud migrations made simpler   safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrations
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
 
Radically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertificationRadically reduce firewall rules with application-driven rule recertification
Radically reduce firewall rules with application-driven rule recertification
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
 
Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time Put out audit security fires, pass audits -every time
Put out audit security fires, pass audits -every time
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)
 

Dernier

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 

Dernier (20)

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 

Segmenting your Network for Security - The Good, the Bad and the Ugly

  • 1. Segmenting your Network for Security The Good, The Bad and the Ugly
  • 2. Our Speakers 2 Mark Wolfgang President Shorebreak Security Nimmy Reichenberg VP Strategy AlgoSec
  • 4. "Getting from a procurement portal to a cardholder data environment is a long road" “Only highly skilled hackers could find a way around such network segmentation” “… If Target gave the vendor too much access to the network the blame lies firmly with Target…”
  • 6. Mark Wolfgang, CISSP, RHCE • President/CEO Shorebreak Security • 14+ years experience in security testing • Co-author of two Information Security books – both on penetration testing • Author of other whitepapers and published articles on Information Security/pen testing • 8 years in the U.S. Navy
  • 7. About Shorebreak Security • Veteran-owned small business • Boutique firm, specializing in Information Security Testing – Penetration Testing – Vulnerability Assessments – Risk Assessments • Based in Cocoa Beach, Florida “We don’t want to be the biggest, we just want to be the best”
  • 8. Our Security Engineers – Most have over 15 years of IT experience – With at least 8 years of Information Security experience, and most of that doing penetration testing – Most have TS/SCI clearances – Most are CISSPs, with a host of other certifications – Many are published authors and experienced speakers
  • 9. What is Penetration Testing? • Security Testing • An accurate determination of risk to your networks and systems are by emulating various threat agents and testing people, processes, and technology • A methodology, not the use of one or two (or 10) security tools • Emulation of threats varying from the script kiddie to more sophisticated and persistent attackers
  • 10. What is Network Segmentation? • Classifying and isolating – IT assets – Data – Personnel • Where’s the money Lebowski?
  • 15. How Attackers Work • Initial entry point (access) • Gather and analyze information • Leverage and expand access
  • 16. Example Attack – “Owned” a Large City • Conducted a full-scope assessment of a large U.S. municipality • Obtained access and full control of the building access system – Any door in the city with a prox card reader, including: – Police gun locker – Police evidence locker – Police Narcotics vault – Police holding cell – Mayor’s office – Server rooms etc • Obtained access and full control of CCTV and guard workstations • Obtained access and full control of a Windows DC • ALL FROM THE PUBLIC WIRELESS NETWORK!
  • 17. Example Attack – Large City • Initial entry point (access) – null sa password • Gather and analyze information – dumped and cracked local Windows passwords. Scanned network and compiled a target list. • Leverage and expand access – used cracked password on ALL other Windows systems. Gained access to hundreds. • Same password was used on guard workstations, CCTV, badge & building access control server etc
  • 18. Why? • Could I even see the critical computers? • Could I attempt to logon? • Weren’t they invisible?
  • 19. Lack of proper network segmentation! Almost always a finding and a root cause on our pen tests.
  • 20. Common Segmentation Mistakes • Not segmenting at all • Not segmenting enough • Over-segmenting
  • 21. How to Segment for Security • Understand your business or organizational drivers • How does revenue enter the business stream? • Which IT assets, data, and personnel are critical to ensure continuity of business or mission?
  • 22. Planning for Segmentation • Group and inventory assets, personnel, data • Example for assets: – Windows servers – Infrastructure (routers, switches, VPNS, VOIP) – Security (IDS, firewalls, web filter, scanners) – Financial/HR servers (Oracle, SAP, Peoplesoft, SAS)
  • 23. Planning for Segmentation • Group and inventory assets, personnel, data • Example for personnel: – Windows server admins – Windows workstation admins – Unix admins – Security admins – Network admins – HR Dept – Executive management
  • 24. Determine level of access based on business need. E.g. Who has a business need to: • Administer the routers, switches, VOIP phones etc? • Access the HR, Financials and other admin-related systems? • Access the security cameras? • Administer the *nix servers No business need – No access!
  • 25. Implementing Segmentation • Start somewhere – maybe with a network admin segment • Setup VLAN named, network-admins (for their workstations) and network-devices (for routers & switches) • Log all traffic between segments – traffic analysis • Start blocking with ultimate goal of default deny • Make sure you have the controls to make sure segmentation is enforced
  • 26. Successful Segmentation • Reduces risk – shuts down attackers • Is a part of defense-in-depth • Provides the foundation for a secure network • Is not easy, nor is it quick • As (or more) important than patching
  • 28. Defining and Enforcing Network Segmentation Confidentia l 28
  • 30. Firewall Breaches Data Center Automation 5% Vulnerabilities 95% Misconfiguration The Security Management Balancing Act Confidential 30 Security Agility Prevent Cyber Attacks Enable Business Applications Resource Time to Provision Server Minutes Storage Minutes Security Access Days/Weeks
  • 31. Security Management Challenges Confidential 31 Complexity • 1000s of security access rules • Highly-connected business critical applications Change • Data center consolidation, network re-architecting • Application connectivity requirements • New security devices Compliance • Complex regulations, industry standards and internal mandates • Time-consuming audits Collaboration • Business owners think in terms of applications • Networking teams think in terms of IPs and servers • Security teams think in terms of IT Risk Challenges
  • 32. Firewall Analyzer Security Policy Analysis & Audit FireFlow Security Policy Change Automation BusinessFlow Business Application Connectivity Mgmt Business Applications Security Infrastructure The AlgoSec Suite 32 Application Owners AlgoSec Security Management Suite SecurityNetwork Operations
  • 35. Connect with AlgoSec on: www.AlgoSec.com Managing Security at the Speed of Business

Notes de l'éditeur

  1. DMZ example
  2. DMZ example
  3. DMZ example
  4. More than ever, organizations today need to balance between security and business agility. The first reason we deploy security infrastructure such as firewalls, routers, secure web gateways etc. is to protect the business against cyber attacks. But with today’s complexity, advanced threats and new technologies, it is a real challenge to manage the security policy. According to Gartner 95% of firewall breaches are a result of misconfiguration, not firewall flaws. But firewalls have a second, and arguably more important objective – enabling connectivity for your business applications. (After all, most firewall are rules are not BLOCK rules, they are ALLOW rules). Modern datacenters are highly automated, and IT teams can provision a new server or database in minutes with just a few mouse clicks, sometimes this is a fully automated process which requires no human intervention. However, provisioning security for the application (I.e. ensuring all the ports and connectivity paths are enabled) is still a very manual and lengthy process that slows down the business. Security team often needs days and even weeks to identify what firewalls to change, and design and push-out the change in a secure and efficient manner.
  5. Let us examine the 4 challenges that make security management so challenging (The 4 “C”s) Complexity – over time, firewalls accumulate thousands of rules and objects (many of which are poorly documented, go unused and/or risky). Today’s modern business applications are also complex, consisting of several servers (application servers, middleware, databases) and complex connectivity requirements. This complexity creates both business disruption and security implications. Change – the security policy is ever-changing: network changes are frequent, resulting for example from consolidating data centers or migrating applications to the cloud, all requiring changes in firewalls and routers which may impact application availability. Applications change frequently as well, and newer versions often need new connectivity. New security devices (E.g. next-gen firewalls) are being introduced which require even more changes) Communication – there are different teams that need collaborate to make security management work – risk teams, network teams and application owners. But these teams are usually siloed and don’t have good processes defined to work together. Furthermore, they speak in different languages, causing translation gaps. For example, the application team does not how to communicate requirements in terms the security team can implement, and the security team often defines a policy that the network team does not know how (or care) to enforce. Compliance – everything you do from a security perspective has to comply with external regulations and internal mandates. Frequent audits take a lot of time, leaving less time for strategic initiatives.
  6. The AlgoSec Suite is made up of 3 separate yet tightly integrated products. BusinessFlow provides an application-centric approach to managing the security policy. It discovers and maintains visibility of application connectivity requirements so you can Process connectivity changes for applications faster and more accurately Securely remove access for decommissioned applications Understand the impact your network security infrastructure has on business applications, and vice-versa BusinessFlow automatically translates vague application connectivity needs into concrete firewall rules that the network teams can implement. Application owners can request connectivity in their language (E.g. connect the webserver to the database) and BusinessFlow discovers what (if any) devices and rules needs to change. Firewall Analyzer connects and understands your security infrastructure, including firewalls from all the leading vendors, routers, switches and web proxies. Firewall Analyzer pulls configurations from these devices and gives you complete visibility and control of your policy to automate and streamline daily firewall operations such as – Troubleshooting (E.g. Which firewall(s) and rule(s) are blocking traffic from point A to point B) Auditing Baseline configuration compliance Risky rule analysis and much more The third and final component of the suite is FireFlow, which automates the security change process. FireFlow adds network and firewall intelligence to the change process, and complements ticketing systems such as Remedy and ServiceNow, so you can process changes 2x-4x faster and with greater accuracy. Capabilities include automatically discovering devices and rules that need to change and automatically closing changes which “already work” – as many as 30% of requests! Optimal design of new rules and object minimize policy clutter, and automatic validation of correct implementation eliminates re-opening of tickets. FireFlow also guarantees continuous compliance by proactively simulating and checking every change before it is implements. With this approach, organizations ensure they are compliant at all times and do not have to resort to periodic “house cleaning” projects in time for an audit.