1. @NTXISSA The Evolving DMZ John Fehan Regional Practice Lead
OpenSky Corp 24 April 2015
2. @NTXISSA An Evolution A brief history The principles are
important Some stay the same Other have progressed A couple are
rapidly evolving 2 Copyright John Fehan 2015. All rights reserved.
NTX ISSA Cyber Security Conference April 24-25, 2015
3. @NTXISSA The DMZ in the Past Medieval towns walls around a
marketplace The gate controlled access The marketplace limited risk
as the transactions were closely watched 3 Copyright John Fehan
2015. All rights reserved. NTX ISSA Cyber Security Conference April
24-25, 2015 The keep was off limits
4. @NTXISSA The DMZ in the Present Bank lobby is a modern DMZ
Building around a lobby The guard controls access The lobby limits
risk as transactions are closely watched Protected by a cage and
the safe, the money is off limits 4 Copyright John Fehan 2015. All
rights reserved. NTX ISSA Cyber Security Conference April 24-25,
2015
5. @NTXISSA The DMZ in IT Infrastructure Firewall around the
DMZ DMZ segments limit risk as transactions are closely watched
Protected by another firewall, the inside network is off limits 5
Copyright John Fehan 2015. All rights reserved. NTX ISSA Cyber
Security Conference April 24-25, 2015
6. @NTXISSA The Principles of a DMZ All traffic is exposed and
examined. Access is granted only as needed. Security incidents are
minimized, compromises more contained and recovery more swift.
Compliance with audit requirements is effective. 6 Copyright John
Fehan 2015. All rights reserved. NTX ISSA Cyber Security Conference
April 24-25, 2015
7. @NTXISSA DMZ Networking Use of multiple DMZ segments contain
breaches and speed recovery VLAN extension risky HA DNS must be
split and hardened Network services should be static and limited
within the DMZ 7 Copyright John Fehan 2015. All rights reserved.
NTX ISSA Cyber Security Conference April 24-25, 2015
8. @NTXISSA DMZ Networking Management VLAN should be enforced
Jump boxes must be hardened but enabled Powerful tools Two factor
authentication Secured logging Management systems must be protected
from the DMZ 8 Copyright John Fehan 2015. All rights reserved. NTX
ISSA Cyber Security Conference April 24-25, 2015
9. @NTXISSA Partner Connections Represent a great risk Isolate
from revenue generating, business applications Dont deserve to
bypass examination Should be assessed once a year 9 Copyright John
Fehan 2015. All rights reserved. NTX ISSA Cyber Security Conference
April 24-25, 2015
10. @NTXISSA Cloud Connections Requires large file transfer
capability occasionally Should be built out with its own media
store for reimaging Authentication should integrate but be
subordinate 10 Copyright John Fehan 2015. All rights reserved. NTX
ISSA Cyber Security Conference April 24-25, 2015
11. @NTXISSA DMZ Hosting No durable data within the DMZ Remote
access evolving to virtual desktop infrastructure (VDI) and
client-less VPN 11 Copyright John Fehan 2015. All rights reserved.
NTX ISSA Cyber Security Conference April 24-25, 2015
12. @NTXISSA Virtualization Virtualization has enabled great
improvements Restoral can be faster Rebalancing of application
workloads Capacity management easier Firewall rules can be
distributed and be portable 12 Copyright John Fehan 2015. All
rights reserved. NTX ISSA Cyber Security Conference April 24-25,
2015
13. @NTXISSA Virtualization Challenges that remain Security of
the shared hypervisor Improved management capabilities yet to be
tapped; CLI addiction Helps with understanding the application
flows 13 Copyright John Fehan 2015. All rights reserved. NTX ISSA
Cyber Security Conference April 24-25, 2015
14. @NTXISSA Virtualization 14 Copyright John Fehan 2015. All
rights reserved. NTX ISSA Cyber Security Conference April 24-25,
2015 Networks can now be virtualized.
15. @NTXISSA Virtualization Virtualize the appliances and then
the network Share the glass Invest in the understanding 15
Copyright John Fehan 2015. All rights reserved. NTX ISSA Cyber
Security Conference April 24-25, 2015
16. @NTXISSA DMZ Value Remains The technology evolves The
principles remain All traffic is exposed and examined Access is
granted only as needed Security incidents are minimized,
compromises more contained and recovery more swift Compliance with
audit requirements is effective 16 Copyright John Fehan 2015. All
rights reserved. NTX ISSA Cyber Security Conference April 24-25,
2015
17. @NTXISSA@NTXISSA The Collin College Engineering Department
Collin College Student Chapter of the North Texas ISSA North Texas
ISSA (Information Systems Security Association) NTX ISSA Cyber
Security Conference April 24-25, 2015 17 Thank you