How to Quickly Implement a Secure Cloud for Government and Military | Webinar
-
Upload
plumgrid -
Category
Technology
-
view
57 -
download
1
Transcript of How to Quickly Implement a Secure Cloud for Government and Military | Webinar
![Page 1: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/1.jpg)
WEBINAR | JULY 14, 2016
Quickly Implement a Secure Cloud for Government and Military
Rick KundigerCEO & FounderAwnix
![Page 2: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/2.jpg)
2
Security Today
* Contains 0% snake
EVERYTHING YOU NEED!NO OTHER SECURITY REQUIRED!
VLAN SNAKE OILEXLIXER
GUARANTEED RELIEF FROMHACKERS | PHISHERS | CRACKERS |SNIFFING | SPOOFING
SPAMMING | SPYING |EXPLOITING | SNARFINGSCRIPT KIDDIES |TARDS | & OTHERWISE BEING SNOWDEN’D
DON’T FORGET TO
ASK ABOUT OUR
BONUS ACL
OINTMENT!
COMBINE A LITTLE
ACL WITH THE VLAN
ELIXER TO CURE
WHAT AILS YOU!
![Page 3: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/3.jpg)
Security Today
Traditional firewalls, while better than simple VLANs and ACLs, are only marginally better
• Firewalls can only inspect traffic that traverses them
• They rarely prevent server-to-server traffic we have VLANs and ACLs for that!(see previous slide)
• More and more rules are added as holes are found or exploited or assumed, making rule management nearly impossible
3
![Page 4: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/4.jpg)
Security Today
• Silo’d network and security is inefficient • Frequent miscommunication between
customer / network & security which causes mistakes
• These errors lead to security incidents
What Customers Think of IT Security
What Customers Think of Networking
Customer to IT Security and Network
4
![Page 5: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/5.jpg)
5
What’s Needed
• Network Micro-Segmentation• Tenant/Project Isolation• App Tier Isolation• Increased Security Behind the Firewall• Defense-in-Depth• Increased Agility in Network and Security• Increased Ability to Quickly Respond
Traditional physical networking and security tools, designs, appliances and methods cannot meet these needs in a timely and cost effective manner
![Page 6: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/6.jpg)
Security Tenant
Internet – Common Provider Network w/ public floating IPs
vFirewall
vSec UTM, IDS, IPS, Etc.…Security Groups
Internal Provider Network 0 w/ private floating IPs
Web
DB
Mid-TierWeb Mid-Tier
DB
Internal Provider Network 1 w/ private floating IPs
Simple Tenant More Complex Tenant Security Tenant
6
![Page 7: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/7.jpg)
App Tier Isolation
vFirewallMid
Mid
MidWeb Web
Web
Web Tenant Mid-Tier Tenant Security Tenant
DB DB
DB
DB Tenant
7
Internet – Common Provider Network w/ public floating IPs
Internal Provider Network 0 w/ private floating IPs
Internal Provider Network 1 w/ private floating IPs
Internal Provider Network 2 w/ private floating IPs
vSec
![Page 8: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/8.jpg)
8
Forensics
Internet – Common Provider Network w/ public floating IPs
Mid
Mid
MidWeb Web
Web
Compromised Tenant Mid-Tier Tenant Security Tenant
DB DB
DB
Internal Forensics Network with no Gateway to Internet
DB Tenant
Web WebWeb Sec Tool Sec Tool
vFirewall
Move GW IP to
Forensic Network
vFirewall
vSec
Forensics tools for
Analysis / Remediation
![Page 9: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/9.jpg)
9
Integrating new or existing threat management tools with APIs available via the SDN Controller or Neutron for automated remediation
IDS consumes
SDN metrics / telemetry via API
IDS Identifies
a Problem
IDS Sends Instructions
via API
Instruction is Executed
Offending Instance or
Network Remediate
d
Detection / Remediation
![Page 10: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/10.jpg)
10
Security Groups vs FW Rules
• Security Groups are like a FW on every vNIC
• If Attacker get in one server they can’t jumpbox anywhere
• All traffic in separate encrypted domain• Granular strategic + tactical control• Attacker must compromise every node
individually
• If an Attacker compromises a server they can normally jump around to others because the internal network is “trusted”
• Attacker can sniff traffic as it isn’t encrypted
• Blanket FW rules, no granularity• Individual servers have little, if any
protection
DB
Mid-TierWeb 2
DB
Mid-TierWeb Mid-Tier
DB
Allow Mid
Allow WebAllow 80/443
Web
VLAN 234VLAN 567
VLAN Hopping
Packet Capture
Malicious Payload
![Page 11: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/11.jpg)
11
Demo
![Page 12: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/12.jpg)
Questions?
![Page 13: How to Quickly Implement a Secure Cloud for Government and Military | Webinar](https://reader035.fdocuments.net/reader035/viewer/2022070516/587140031a28abf0568b7d3d/html5/thumbnails/13.jpg)
Thank you!