3. Service Discovery
❏ Network boundary
❏ Public facing Domain/IP
❏ Scanning IP range / Enumerating subdomains
❏ Whois and reverse whois information
❏ Network Equipment
❏ Gateway router org info
❏ Shodan services
❏ Any previous Breach
❏ User credentials with VPN access
4. Dark Cloud
❏ Information Hiding
❏ No DNS or Visible port
❏ Pre-Authentication
❏ Device identity determined
❏ Pre-Authorization
❏ User role identified
❏ Adaptive firewall rule
❏ Dynamic pinhole
5. KnockKnock
Design Decision
❏ Written in Safe language - Python
❏ Not to run in kernel
❏ No new service binding to port - /var/log/kern.log
❏ No UDP for SPA - SYN
❏ No port knock sequence
❏ Not more than one packet
❏ Secure crypto for SPA - AES CTR mode HMAC-SHA1
7. Puzzle
❏ Network is not trusted
❏ Breaks traditional perimeter security
❏ Also VPN service
❏ Device Security to be known
❏ Create security profile of device
❏ User activity to be Analyzed
❏ Behaviour analysis
❏ Limit and restrict allowed resource
8. Resource
https://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-ba
ckdoor-script-eng-ver/ - Facebook bugbounty
https://cloudsecurityalliance.org/group/software-defined-perimeter/#_overview -
SDP specification
http://www.waverleylabs.com/services/software-defined-perimeter/ - open SDP
implmentation
http://www.cipherdyne.org/fwknop/ - Single packet Authentication [SPA]
https://moxie.org/software/knockknock/ - SPA python based
https://cloud.google.com/beyondcorp/ - Google Zero trust