Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security Architecture & Engineering, Cloud Security Architecture and…
Security Architecture & Engineering
Stephen Northcutt describes ex of attack surface
Code that process incoming data, email, XML, office docs, industry specific custom data exchange formats (EDI)
Interfaces, SQL, Web forms
Service available on the inside of the firewall
An employee with access to sensitive information is socially engineered
Open ports on outward facing web & other servers, code listening on those ports
When considering Attack surface to develop defense-in-depth architecture, there are 3 basic interrelated considerations that develop from our examples:
Software attack surface: with a primary focus on web applications
Human attack surface: Social engineering, errors, trusted insider, death & disease
NW attack surface: Attack will often be delivered via a network
Ask yourself
"How does this connect?", or, "how is this managed"
Techniques such as threat modeling operate more in the application architecture purview.
OWASP suggests that fundamentally
threat modeling can be
considered by answering four questions:
What are we building?
What can go wrong?
What are we going to do about that?
Did we did our good enough job?
https://owasp.org/www-community/Application_Threat_Modeling
What is a Security Architecture
Focusing on designing & building security in every single layer, including above in a bottom up approach, starting from NW up, while we take into consideration strategies & methodologies that allow us to align sec business goals & objectives
Designing & building security in: NW & Infra, Applications, Endpoint, Cloud
To communicate a future state
To architect to reduce the scope & severity of the incidents you'll have no matter what
What Makes a Good Security Architect
Think RED: What are the threats that are likely to cause an impact ?
Act BLUE: What are the architectural designs and technologies that will help me defend against them?
Understanding of NWs, Infra, Applications, Information & business architecture .. and how each of those layers deal with risk.
Can balance business & tec communication
Good prj mgmt skills & has a strategic & tactical vision
as a security architect you must REALIZE that SECURITY IS PROBABLY NOT THE CORE BUSINESS OF YOUR ORGANIZATION.architect must do what it’s best for the business, mitigating the impact that security risks can have on it. This adds value to the organization and makes you win the trust of those working with you
Must also have understanding of:
Business requirements
Regulatory landscape
Threat landscape
IT landscape
A good security architect can also see the big picture (strategic) and tactical, and can zoom out and zoom in depending on what is required or the phase of the security architecture lifecycle she’s in
architecture is a combination of people, process and technology
Mindset of Defensible security architecture
Ex: your team configures robust logging using a secure template as part of their new router deployment process- This logging later helps detect an operational issue that is impacting performance- The problem is solved before users are aware of any issue
Security is not in opposition to operations: when performed properly, security enhances operations
It is much more efficient to bake security in at the outset, rather than retrofitting it later
"Not a security problem." It took some arm wrestling to convince the engineers it was both a security and an operational issue. They finally made the change, and client sites (connected via point-to-point VPN connections) reported a significant boost in application speeds
Mindset is "build it once, build it right"
Defensible security architecture
Defensible nw limits an intruders freedom to maneuver
Defensible nw offers a minimum number of services
Defensible networks can be watched
Defensible nw can be kept current
Richard Bejtlich is 1 of the godafther of blueteam - wrote Defensible NW architecture 2.0
Different Types of Security Architects & wearing different Hats
Solution Security Architect (technology project focused)
Security Engineers (technology implementation focused)
Enterprise Security Architect (strategic and program mgmt)
Focus on how to design and build security into the organization. However, the chances are that you’ll have to wear quite a few hats in your organization
, and maybe even design build, oversee, operate and monitor yourself! That’s never a good idea, but it’s not uncommon.
The convergence of security and IT roles due to the “move to the Cloud” have this effect in many organizations
Approach to Security Architecture & Engineering
Risk driven - Mapped to best practices and standards
While assessing risk is an important part of doing security architectures, that by itself will not stop any attacks. It
would be fantastic if we could tell our attackers to wait and do not attack us until we are done with our risk
assessment, but that’s not how things work. One of the authors has worked in risk assessment projects that have
extended way over what it’s considered practical, while the organization was lacking some obvious security
controls that could have been implemented with little overhead. Is that practical?
Focused on implementation - Blueteam approach
OSI Model
Layer 4: Transport (TCP & UDP, Ports ,Segments)
Layer 3: Network Layer (IP addresses, routers, routing, packets)
Layer 5: Session (Netbios, RPC)
Layer 2: Data Link (Frames & switches)
Layer 6: Presentation (Graphics, Character sets)
Layer 1: Physical electricity, light, radio waves, copper, fiber, cabling, bits, hubs, etc.
Layer 7: Data (application & data)
Traditional Security Architecture Deficiencies
Predominantly network-centric
Compliance-driven security
Most (and sometimes virtually all) controls emphasize exploitation prevention
Introducing technology without analysis & resistance to change
Emphasis on perimeter
Flat Networks Fail Catastrophically
There must also be ACLs (Access Control Lists) firewall rules, etc.
Note that VLANs are certainly a good idea, but filtering must also take place
Simply separating systems does not address this issue
A flat NW will allow intruder to reach a large no of other systems.
For example: if an intruder can compromise one system, and then scan TCO Port 445 (SMB) on hundreds or thousands of others: that network is too flat
Flat nw offers little or no filtering at OSI layers 2(DataLink), 3(Network), and 4(Transport)
These networks fail catastrophically because one compromised system can
Internal network segmentation is required to address this risk
While segmenting traffic at layer 2 is certainly a good idea VLANs do not automatically filter traffic. Additional steps must be taken, such as VLANs ACLs, filtering IP addresses at layer 3 and or ports at layer 4, etc
The problem: if it's easy for any two internal systems to connect, that also makes it easy for an intruder to pivot from one compromised system to another
Cloud Security Architecture and Operations
Intro:
Focused on security: will most benefit those who need to help their organizations navigate to the cloud securely
Geared towards security admins, security architects, and most other roles in risk management
Cloud: What Is It?
System services, applications, storage, and many other services are available in a cloud format or model
Applications are scalable, and basically decoupled from hardware, in a “pay for what you use” model
Fundamentally, cloud computing is delivery of computing in a service format
Cloud Concepts:
Platform as a service PaaS
APIs are often extended to consumers for development or other use cases
Security responsibility is divided between CSP and consumers
Are hosted service application platforms such as Microsoft Windows servers or .NET platforms that can be provisioned and used by consumers
Salesforce, a leader in the SaaS space, has also created a number of different PaaS environments that allow developers to create and run sophisticated software stacks.
Infrastructure as a Service - IaaS
Consumers provision VMs and networks and must update and configure these components continuously
Consumers are responsible for all patching and configuration in IaaS environments, just like their own data centers
IaaS model, consumers and providers share in the security responsibility
addition of dynamic provisioning and virtualization for scalability and rapid resource availability
In this service provider hosts a complete VM or network for customers. More similar to traditional hosting providers than the other models mentioed.
EC2 (Elastic Compute Cloud) is one of the primary IaaS services from Amazon Web Services
EC2 is the IaaS offering, which complements the Simple Storage Service (S3) and others
Service Delivery Models—SaaS
Infrastructure is owned and operated by the SaaS provider
Most responsibility is on the CSP
SAS is an application hosted by a cloud service provider (CSP) that consumers interact with
simplest, as it really just represents a hosted application on the internet.
SAS provider provisions application, granting access to consumers based on specific business use cases
vast majority of the responsibility for developing and maintaining the security controls for SaaS application and supporting infrastructure reside with the SaaS provider, which means security teams will not need to maintain the controls for the most part. They will, however, need to thoroughly vet the provider
SaaS has become delivery model for manu business app, including office, messaging software, payroll, DBMS MIS,ERP,HRM
Deployment Models
Public
Within a public model, SaaS, PaaS, and IaaS models are common and growing rapidly, and are the least discriminating (most flexible) in terms of deployment scenarios
Service is offered up on the internet as a whole and is usually made available to anyone that can access the cloud services and is willing to pay for it.
http://jameskaskade.com/?p=371
Private
Alternately, the private cloud can be RUN in a service provider environment, but the responsibility for data security and overall governance still comes from one org
is deployed internally to one organization, and that organization’s staff maintains all components of the infrastructure and services available in many cases.
Hybrid
some assets are maintained internally, and others are moving into more public cloud environments.
This model is becoming much more common as organizations look to migrate certain assets into the cloud to save money and realize certain efficiencies