Between you me and the network security boundary
- 1. 1 Between You Me And The Network Security Boundary
- 4. Introduction: This Presentation Agenda: • Establish some common ground • Review some common implementations • Secure design concepts 4
- 5. Some Common Ground 5 Stuff I’m Talking About Things You Think I’m Talking About A Venn Diagram of This Talk
- 6. Some Common Ground 6 Stuff I’m Talking About Things You Think I’m Talking About A Venn Diagram of This Talk
- 7. Some Common Ground 7 Marketing Call Center HR Wireless Production Typical Penetration Test
- 8. Some Common Ground 8 Stuff gets hacked
- 9. Some Common Ground 9 Marketing Call Center HR IT Production Security Zones
- 10. Some Common Ground 10 Marketing Call Center HR IT Production Security Zones
- 11. Some Common Ground 11 Marketing Call Center HR IT Production Security Zones
- 12. Some Common Implementations, Flaws, and Bypasses
- 13. Common Implementations 13 • Nothing exists in a vacuum • Simplified version of each implementation
- 14. • Firecall • VPN • Jumpbox • VDI • Cloud Firecall
- 15. Common Implementation: Firecall 15PSC – Proprietary and Confidential. All Rights Reserved. POKING HOLES Granting Temporary Access Allowing Designated Systems Access Manual or Automated
- 16. Common Implementation: Firecall 16PSC – Proprietary and Confidential. All Rights Reserved.
- 17. Common Implementation: Firecall 17PSC – Proprietary and Confidential. All Rights Reserved.
- 18. Common Implementation: Firecall 18PSC – Proprietary and Confidential. All Rights Reserved. Marketing Call Center HR IT Production Attacker
- 19. Common Implementation: Firecall 19PSC – Proprietary and Confidential. All Rights Reserved.
- 20. Common Implementation: Firecall 20PSC – Proprietary and Confidential. All Rights Reserved. Hacking 101: How to Pivot Marketing Call Center HR IT Production Attacker Target Network 10.1.13.0/24
- 21. Common Implementation: Firecall 21PSC – Proprietary and Confidential. All Rights Reserved. • Overall…not ideal • Limiting exposure is tricky • If this is your model • Separate High-Security User Systems • Build in Auto-Close • Short time windows • Regular testing and confirmation of changes Takeaways:
- 22. • Firecall • VPN • Jumpbox • VDI • Cloud VPN
- 23. Common Implementation: VPN 23PSC – Proprietary and Confidential. All Rights Reserved. Office/Corporate Network Remote/Production NetworkInternet Split Tunnel
- 24. Common Implementation: VPN 24PSC – Proprietary and Confidential. All Rights Reserved. en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether a4:5e:60:f0:4e:83 inet6 fe80::1c13:257b:625b:46ec%en0 prefixlen 64 secured scopeid 0x4 inet 192.168.0.199 netmask 0xffffff00 broadcast 192.168.0.255 nd6 options=201<PERFORMNUD,DAD> media: autoselect status: active utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 172.16.25.114 --> 172.16.25.114 netmask 0xffffff00
- 25. Common Implementation: VPN 25PSC – Proprietary and Confidential. All Rights Reserved. Office/Corporate Network Remote/Production NetworkInternet Full Tunnel
- 26. Common Implementation: VPN 26PSC – Proprietary and Confidential. All Rights Reserved. Wait for shellz!
- 27. Common Implementation: VPN 27PSC – Proprietary and Confidential. All Rights Reserved. Takeaways: • Again…alone this has some inherent weaknesses • Split tunnel: Creates a direct bridge • Full tunnel: Create an indirect bridge between zones
- 28. • Firecall • VPN • Jumpbox • VDI • Cloud Jumpbox
- 29. Jumpbox Common Implementation: Jumpbox 29PSC – Proprietary and Confidential. All Rights Reserved. User VLAN Production Systems Authentication Boundary Network Boundary notsecure.org secure.local secure.local
- 30. Jumpbox Common Implementation: Jumpbox 30PSC – Proprietary and Confidential. All Rights Reserved. User VLAN Production Systems Authentication Boundary notsecure.org notsecure.org notsecure.org Domain Controller
- 31. Common Implementation: Jumpbox 31PSC – Proprietary and Confidential. All Rights Reserved.
- 32. Common Implementation: Jumpbox 32PSC – Proprietary and Confidential. All Rights Reserved. JumpboxUser VLAN Production Systems notsecure.org secure.local secure.local MFA +
- 33. Common Implementation: Jumpbox 33PSC – Proprietary and Confidential. All Rights Reserved. Discover RSA Management Console Login with local or domain account Profit
- 34. Common Implementation: Jumpbox 34PSC – Proprietary and Confidential. All Rights Reserved. https://youtu.be/nzSG9f8ktTA Practical Attacks Against Multifactor – Josh Stone Derbycon 2015
- 35. Common Implementation: Jumpbox 35PSC – Proprietary and Confidential. All Rights Reserved. Takeaways: • Jumpbox with MFA is a solid approach to separating zones • Avoid tying zones together with a single authentication domain • Protect the users that access high-security zones
- 36. • Firecall • VPN • Jumpbox • VDI • Cloud VDI
- 37. Common Implementation: VDI 37PSC – Proprietary and Confidential. All Rights Reserved. VDI ServerUser VLAN Production Systems notsecure.org secure.local secure.local MFA +
- 38. Common Implementation: VDI 38PSC – Proprietary and Confidential. All Rights Reserved.
- 39. Common Implementation: VDI 39PSC – Proprietary and Confidential. All Rights Reserved.
- 40. Common Implementation: VDI 40PSC – Proprietary and Confidential. All Rights Reserved.
- 41. Common Implementation: VDI 41PSC – Proprietary and Confidential. All Rights Reserved.
- 42. Common Implementation: VDI 42PSC – Proprietary and Confidential. All Rights Reserved.
- 43. Common Implementation: VDI 43PSC – Proprietary and Confidential. All Rights Reserved. Takeaways: • High tech solutions suffer from the same security challenges • Using signed certificates for internally facing services matters
- 44. • Firecall • VPN • Jumpbox • VDI • Cloud Cloud
- 45. Common Implementation: Cloud 45PSC – Proprietary and Confidential. All Rights Reserved.
- 46. Common Implementation: Cloud 46PSC – Proprietary and Confidential. All Rights Reserved.
- 47. PSC – Proprietary and Confidential. All Rights Reserved. 47 Common Implementation: Cloud
- 48. PSC – Proprietary and Confidential. All Rights Reserved. 48 Common Implementation: Cloud
- 49. PSC – Proprietary and Confidential. All Rights Reserved. 49 Common Implementation: Cloud
- 50. PSC – Proprietary and Confidential. All Rights Reserved. 50 Common Implementation: Cloud Takeaways: • Where are the boundaries? • The cloud requires rigor • Know your boundaries
- 52. Some Common Ground 52PSC – Proprietary and Confidential. All Rights Reserved. Clean Source Principle control a system control everything that system controls
- 53. Secure Design Patterns 53PSC – Proprietary and Confidential. All Rights Reserved. User Accessing Privileged Resources Servers in High-Sec Environment Attacker Clean Source
- 54. Secure Design Patterns 54PSC – Proprietary and Confidential. All Rights Reserved. Secure Access Workstations High-security Channel Low-security Channel
- 55. Secure Design Patterns 55PSC – Proprietary and Confidential. All Rights Reserved. Careful Use of Administrative Privileges Admin Creds
- 56. Secure Design Patterns 56PSC – Proprietary and Confidential. All Rights Reserved. Avoid Exceptions
- 57. • My goals: – Present a secure architecture – Bad guy perspective – Give some insight that I have gained • Shortcomings – The reality of any implementation is very complex – You could write a book about some of these topics Summary PSC – Proprietary and Confidential. All Rights Reserved. 57
- 58. • My favorite part of talking at a conference is talking to people after I’ve delivered my presentation – I get to learn new things • I’m lonely, please come talk to me – Or at least send me messages on twitter Questions PSC – Proprietary and Confidential. All Rights Reserved. 58 Patrick Fussell pfussell@paysw.com @pfizzell http://lo-sec.ninja