July 21, 2016 |

Financial Company Network Configuration Case Study

The customer had a fairly mature Network Model that they had neglected for a number of months. There were a large number of unplaced objects that had been captured by their automated configuration update system, their version was out of date and they had a backup appliance that had been lost/misplaced in transit to their disaster recovery datacenter. The customer also wanted a full reconciliation of their CDE, DMZ and user subnets as well as customized device hardening/Best Practice Checks.

  • While working through the physical and logistical steps of locating and deploying the backup appliance, upgrading and testing all systems, we quickly reconciled the client's master list of subnet designations against the corresponding containers, making adjustments where necessary. We were able to clean up the Network Topology map by sorting and correctly placing the objects which had been neglected over time and additional devices and subnets discovered when we migrated the system over to the new CMDB. We addressed the client's Model Issues and was able to greatly reduce the number of reported violations by identifying devices requiring remediation, correcting device displays within the tool and, where appropriate and documented, by suppressing instances approved by client management. We highlighted a number of legacy network connections that were identified as potential access (and threat) vectors which are not in use due to routing policies and have also identified unexpected connectivity currently available into subnets thought secure. We were able to quickly identify the connectivity and the firewall rules (by line number) which were permitting this access. With this information, the security architects were immediately able to research business decisions behind this access and take appropriate actions. In certain cases, this lead to changes in network configuration and in others, this resulted in the business decision being documented and approved within the tool itself.
  • One of the most effective and immediate results we were able to present revolved around the client's desire to review, standardize and harden their device configurations. We also were able to craft custom Best Practices Checks, using RegEx and JavaScript, to automatically check their router and firewall configurations for the company's customized list of device hardening criteria.   With these BPCs scheduled in tandem with the daily device configuration updates, we were able to create a series of customized reports to direct remediation efforts. For the engineering teams, we identified devices, by rule violation matched with the configuration change steps required to correct the issue. For management, we created and scheduled a periodic report which summarizes the violations and displays the (downward) trending counts across product lines, specific devices and specific rules.

Other Articles

  • July 21, 2016 Retail Company SIEM Upgrade Case Study The customer required that their SIEM infrastructure be upgraded and modified. 15 additional security based applications and their logs needed to be implemented and integrated in the SIEM solution. This SIEM solution was implemented in […]
  • July 21, 2016 Retail Company SIEM Deployment Case Study The customer was faced with a problem with the implementation of their SIEM from hardware to VM. The old hardware had become overrun with log noise and unnecessary devices sending logs. They had purchased the VM version with licensing for […]

Published in: Resources