National Cybersecurity Center of ExcellenceIncreasing the adoption of standards-based cybersecurity technologies

Midsize Enterprise Summit: IT Security

March 27, 2019 Harry Perper, Cybersecurity Engineer

2nccoe.nist.govNational Cybersecurity Center of Excellence

• NCCoE Overview

• Privileged Account Management

• Reference Architecture

• Example Solutions

• Identity and Access Management

• Reference Architecture

• Engage with NCCoE

• Join the COI

• Give us your feedback on our documentsnccoe.nist.gov

Agenda

3nccoe.nist.govNational Cybersecurity Center of Excellence

NCCoE Mission

Accelerate adoption of secure technologies: collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs

4nccoe.nist.govNational Cybersecurity Center of Excellence

Collaborative Hub The NCCoE works on critical national problems in cybersecurity.

The NCCoE has access to a wealth of expertise, resources, relationships, and experience.

NCCoE

Academia

Government

Businesses

Cybersecurity Industry

NCCoE Model

6nccoe.nist.govNational Cybersecurity Center of Excellence

Engagement & Business Model

OUTCOME: Define a scope of work with industry to solve a pressing cybersecurity challenge

OUTCOME: Assemble teams of industry orgs, govt. agencies, and academic institutions to address all aspects of the cybersecurity challenge

OUTCOME: Build a practical, usable, repeatable implementation to address the cybersecurity challenge

OUTCOME: Advocate adoption of the example implementation using the practice guide

ASSEMBLE ADVOCATEBUILDDEFINE

Publications

8nccoe.nist.govNational Cybersecurity Center of Excellence

NIST NCCoE SP 1800 Series

Practice Guide PublicationVolume A: Executive Summary• High-level overview of the project, including summaries of

the challenge, solution, and benefits

Volume B: Approach, Architecture, and Security Characteristics• Deep dive into challenge and solution, including approach,

architecture, and security mapping to NIST Cyber Security Framework (CSF) and other relevant standards

Volume C: How-To Guide • Detailed instructions on how to implement the solution,

including components, installation, configuration, operation, and maintenance

9nccoe.nist.govNational Cybersecurity Center of Excellence

Map to Financial Industry Guidance

NCCoE Portfolio

11nccoe.nist.govNational Cybersecurity Center of Excellence

Portfolio • Attribute Based Access Control (SP 1800-3)

• Consumer/Retail: Multifactor Authentication for e-Commerce (SP 1800-17)

• Data Integrity: Identifying and Protecting

• Data Integrity: Detecting and Responding

• Data Integrity: Recovering (SP 1800-11)

• Derived PIV Credentials (SP 1800-12)

• DNS-Based Email Security (SP 1800-6)

• Energy: Identity and Access Management (SP 1800-2)

• Energy: Situational Awareness (SP 1800-7)

• Financial Services: Access Rights Management (SP 1800-9)

• Financial Services: IT Asset Management (SP 1800-5)

• Financial Services: Privileged Account Management (SP 1800-18)

• Healthcare: SecuringElectronic Health Records on Mobile Devices (SP 1800-1)

• Healthcare: Securing Picture Archiving and Communication Systems (PACS)

• Healthcare: Securing Wireless Infusion Pumps (SP 1800-8)

• Hospitality: Securing Property Management Systems

• Mitigating IoT-Based DDoS

• Manufacturing: Capabilities Assessment for Securing Manufacturing Industrial Control Systems

12nccoe.nist.govNational Cybersecurity Center of Excellence

Portfolio • Mobile Device Security: Cloud and Hybrid Builds (SP 1800-4)

• Mobile Device Security: Enterprise Builds

• Mobile Threat Catalogue

• Privacy-Enhanced Identity Federation

• Public Safety/First Responder: Mobile Application SSO (SP 1800-13)

• Secure Inter-Domain Routing (SP 1800-14)

• TLS Server Certificate Mgmt(SP 1800-16)

• Transportation: Maritime: Oil & Natural Gas

• Trusted Cloud (SP 1800-19)

Privileged Account Management

14nccoe.nist.govNational Cybersecurity Center of Excellence

Privileged Account Management

Project StatusDraft practice guide published September 28, 2018

Read to demo

Collaborate with Us

Email financial_nccoe@nist.gov to join the Community of Interest (COI) for this project

Securing privileged accounts for the financial services sector

DEFINE ASSEMBLE BUILD ADVOCATE

Challenges• Many privileged accounts provide the “keys to the

kingdom” for attackers or insiders. These accounts provide elevated, often unrestricted access to corporate resources and critical systems (e.g. “crown jewels”)

• System administrators often share passwords, and directly access the systems they administer

• Organizations need the ability to manage and monitor the access administrators have to data and systems

15nccoe.nist.govNational Cybersecurity Center of Excellence

Privileged Account Management (PAM)

Administrators, service accounts and other “privileged” users

Security Monitoring

(X)aaSApplications Infrastructure

Multi-factor Authentication

Typical Environment

16nccoe.nist.govNational Cybersecurity Center of Excellence

Privileged Account Management (PAM)Securing privileged access for the financial services sector

ObjectivesThis project aims to help organizations in the financial sector design and implement a PAM system that:

• controls and monitors (and audits) use of privileged accounts

• manages the lifecycle of privileged accounts

• ensures personal accountability among privileged users

• enforces least privilege and separation of duties policies

BenefitsOrganizations implementing this solution can expect

• reduced insider malicious activities

• reduced abuse of rights

• reduced employee mistakes

• secured administrative access to cloud infrastructure

• reduced malware account escalation and account take over

• 3rd party access management

17nccoe.nist.govNational Cybersecurity Center of Excellence

Reference Architecture

Legend

Session Management Security Monitoring,

Logging and

Auditing

PAM policyadministrators

PrivilegedUsers

User Interface (Access Control)

Emergency Access

Multi-factor Authentication

High Availability/ Replication

Monitoring Session ReplayAutomated Account Discovery

Identity Store(LDAP)

Policy Management

(X)aaSdirectories applications infrastructure

Privileged Account Management

Password Vault

Password Management

Security Monitoring Data Flow

User Data FlowA

B

A, B, and C are connected

CManagement Data Flow

User Behavior Analytics

PAM Example for Infrastructure

EKRAN Agent

Remediant SecureONE

Web interface

LDAPS

Microsoft Active

Directory

Direct connection

Workstation

System Administrator

Privilege escalation

1

2

34

6

Google Authenticator App

One-time passcode

Mariadb database

Production environment

Fileserver

Legend

Data flow

Numbers Communication order

5

PAM Example for Application Layer

Microsoft Active

Directory

RSA SecureID

App

RSA Authentication

Manager

BOMGAR Application Launcher

EKRAN Agent

WorkstationBOMGAR Privileged

Identity

Web interface

Direct connection

RADIUS

Privileged users

Windows auth

1

2

3

4

56

Remote Desktop Services (RemoteApp)

7

8

Legend

Data flow

Numbers Communication order

(Internal Communications)

One-time passcode registration

MSSQL database

Production environment

Twitter accountCloud

PAM Example Implementation for SIEM

EKRAN Agent

TDi ConsoleWorks

OneSpan Authentication

Server

Radiant LogicRadiantOne FID

Microsoft Active

Directory

Web interface Proxy connection

RADIUS

LDAPS

LDAPS

WorkstationSecurity Analyst

One-time passcode

1

2

3

4

5

6

7

8

DIGIPASS App

EKRAN server

Production environment

Splunk Enterprise

pfSense Firewall/Router

Legend

Data flow

Numbers Communication order

Access Rights Management

22nccoe.nist.govNational Cybersecurity Center of Excellence

Access Rights Management SP 1800-9

Overview• Identity and access systems in the financial

sector are often disjointed, complex to operate, and vulnerable to attackers or insider threats

• Organizations need the ability to easily issue, validate, and modify access rights from a central location

• This project demonstrates ways to link the management of existing and separate systems into a comprehensive solution

• Project Status• Draft Practice Guide published, ready to demo in our

lab at the NCCoE

Collaborate with Us

• Read Access Rights Management Practice Guide

• Email financial_nccoe@nist.gov to join the Community of Interest (COI) for this project

Securing access for the financial services sector

DEFINE ASSEMBLE BUILD ADVOCATE

23nccoe.nist.govNational Cybersecurity Center of Excellence

Access Rights Management (ARM)

Security Monitoring Data Flow User Information Data Flow

Legend

VirtualDirectory

Access rulesadministrators

Security Analyst

Security Monitoring

Policy Administration Policy Management

User Access Information Provisioning(groups, roles, attributes, etc.)

AD LDAP RACF

HR and useradministrators

Privileged Access Management

This project demonstrates ways to link existing and separate systems into a comprehensive solution

Get Involved

25nccoe.nist.govNational Cybersecurity Center of Excellence

Ways to Participate in NCCoE Projects

Comment on the draft document

Become a contributor

Attend COI events

Sign up for email alerts

Attend an NCCoE

Presentation

Adopt all or part of the practice guide

Harry PerperCybersecurity EngineerNCCoE

Teresa ThomasOutreach SpecialistNCCoE

Email us at: nccoe@nist.gov

Rate This Session in the App!

1. Tap on Agenda icon

2. Tap on the session you want to rate

3. Rate session on scale of 1 – 7

(7 being the highest!)

4. Write a comment (if you want)

5. Hit Submit!