When I first got to the client site, they had a fairly mature Network

advertisement
When I first got to the client site, they had a fairly mature Network Model
that they had neglected for a number of months. There were a large
number of unplaced objects that had been captured by their automated
configuration update system, their version was out of date and they had a
backup appliance that had been lost/misplaced in transit to their disaster
recovery datacenter. The client also wanted a full reconciliation of their
CDE, DMZ and user subnets as well as customized device hardening/Best
Practice Checks.
While working through the physical and logistical steps of locating and
deploying the backup appliance, upgrading and testing all systems, I was
able to quickly reconcile the client's master list of subnet designations
against the corresponding RedSeal containers, making adjustments where
necessary. I was able to clean up the Network Topology map by sorting and
correctly placing the objects which had been neglected over time
and additional devices and subnets discovered when I migrated the RedSeal
system over to the client’s new CMDB. I have addressed the client's Model
Issues and was able to greatly reduce the number of reported violations by
identifying devices requiring remediation, correcting device displays within
RedSeal and, where appropriate and documented, by suppressing instances
approved by client management. I have highlighted a number of legacy
network connections that RedSeal identifies as potential access (and threat)
vectors which are not in use due to routing policies and have also identified
unexpected connectivity currently available into subnets thought
secure. RedSeal was able to quickly identify the connectivity and the
firewall rules (by line number) which were permitting this access. With this
information, the client’s security architects were immediately able to
research business decisions behind this access and take appropriate
actions. In certain cases, this lead to changes in network configuration and
in others, this resulted in the business decision being documented and
approved within RedSeal itself.
One of the most effective and immediate results we were able to present
revolved around the client's desire to review, standardize and harden their
device configurations. I was also able to craft custom Best Practices Checks
(BPC), using RegEx and JavaScript, to have RedSeal automatically check
their router and firewall configurations for the company's customized list of
device hardening criteria. With these BPCs scheduled in tandem with the
daily device configuration updates, I was able to create a series of
customized reports to direct remediation efforts. For the engineering
teams, I was able to identify devices, by rule violation matched with the
configuration change steps required to correct the issue. For management,
I was able to create and schedule a periodic report which summarizes the
violations and displays the (downward) trending counts across product
lines, specific devices and specific rules.
Download