Intro to SDP - Traditional Architecture Issues & SDP Solutions Flashcards
What critical issues does SDP address?
The changing perimeter, the IP address challenge, and the integration of security controls
SDP (Software-Defined Perimeter) is designed to enhance network security by addressing these three core issues.
What is the shifting perimeter in network security?
The transition from fixed network perimeters to virtualized networks due to mobile and IoT devices, and cloud computing
Traditional security measures are ineffective against the dynamic nature of modern IT environments.
How does the cloud impact network security?
It changes the composition of IT environments, complicating the security of physical perimeters due to factors like BYOD and remote access
The cloud introduces challenges in securing organizational resources as devices and users become more diverse.
What challenges arise from the IP address dependence in network security?
IP addresses do not validate user identity, making them unreliable for security
TCP/IP focuses on connectivity but lacks mechanisms for ensuring trustworthiness of endpoints.
Why is relying on IP addresses for network location problematic?
IP addresses are location-dependent and can change, complicating access control
Users may be assigned new IP addresses when relocating, which can lead to security vulnerabilities.
How does SDP address the IP address challenge?
By securing connections while being IP address agnostic
SDP does not rely on IP addresses for authorizing access, enhancing security.
What is a significant challenge in integrating security controls?
Achieving compliance while ensuring that disparate security controls work together effectively
Integration challenges can lead to resource-intensive processes and potential security gaps.
What is required for a single point of trust for network connections?
- Information about users from applications
- Information about the network from firewalls
- Information about devices from clients
Each of these components is essential for establishing a secure and trusted network environment.
What difficulties arise from integrating identity management with firewall access?
It requires routing packets to a different service, which is resource-intensive
This complexity can hinder effective security management and increase overhead.
What is a consequence of allowing individual applications to control their own security posture?
It may lead to security catastrophes
This decentralized approach can create vulnerabilities if not managed properly.
How does SDP simplify the management of security controls?
By providing a unified location for implementing and managing controls across the entire environment
This contrasts with traditional methods that utilize distributed controls, which can be inefficient.
What is the primary purpose of SDP in cybersecurity?
To reduce cyber risk and mitigate threats.
What does CSA’s Egregious 11 refer to?
A list of well-known threats/cyber risks.
What are the consequences of data breaches?
- Reputational damage
- Loss of customer/partner trust
- Loss of intellectual property
- Regulatory implications
- Financial expenses
How does SDP prevent data breaches?
By utilizing a drop-all firewall that drops packets not explicitly configured.
What role does SDP play in change control?
It provides access configured for changes only after approval.
What financial consequences can arise from inadequate cloud security architecture?
- Financial loss
- Reputational damage
- Legal repercussions
- Fines
What is the core of SDP’s security architecture?
Authentication, authorization, and mutual factor authorization (MFA).
How does SDP enhance visibility in cloud usage?
By logging all inbound activity.
What can excessive metered cloud use lead to?
Financial losses.
What does SDP do to mitigate phishing and social engineering attacks?
Integrates with domain-based message authentication and requires MFA.
What are the results of web application attacks?
Stolen credentials and unauthorized access to IT assets.
How does SDP prevent ransomware?
By preventing the installation of unapproved software.
What does MFA help minimize the impact of?
Stolen credentials.
What is a consequence of DoS attacks?
Loss of service or service disruption.
What type of attacks does SDP help mitigate through its MFA and SPA/drop-all approach?
Unauthorized access and data exposure.
What are some threats that SDP helps protect against?
- Server exploitation
- Hijacking threats
- Phishing
- Keyloggers
- Brute force attacks
What types of attacks can server exploitation threats include?
- DoS/DDoS attacks
- Code injection attacks
- Server misconfigurations/vulnerabilities
Which threats does SDP protect against in hijacking scenarios?
- Man-in-the-middle (MITM) attacks
- Certificate forgery
- DNS poisoning
- Code injections
What does SDP enforce to ensure security logging and monitoring?
Comprehensive and continuous monitoring.
What is the purpose of mTLS in SDP?
To enforce cryptography requirements.
What does SDP require prior to accessing applications and server resources?
Authentication.
What does the integration of SDP with enterprise IAM do?
Reduces the attack surface.
What is the impact of insufficient identity and access management?
Unauthorized access and data exfiltration.
Fill in the blank: SDP has a _______ firewall that drops packets not explicitly configured.
[drop-all]
What does NAC stand for?
Network Access Control
NAC controls what devices can connect to a network and their access levels.
At which layer of the OSI model does NAC typically operate?
Layer 2 (data link layer)
NAC uses standards-based hardware like 802.1X for validation.
What is a primary function of NAC?
Device validation and network segment assignment
NAC assigns devices to networks like guest, employee, and production.
How does SDP differ from NAC?
SDP does not require specific network hardware and supports cloud environments
SDP integrates users and provisions device access without a dedicated network appliance.
What is a Virtual Private Network (VPN)?
A secure private network connection over untrusted networks
VPNs use TLS/SSL or IPSec to establish encrypted tunnels.
What are the risks associated with VPNs?
- Unrestricted access to network segments
- VPN servers expose the network on the internet
- Increased complexity in cloud migrations
VPNs can lead to compromised credentials and unauthorized access.
What does IAM stand for?
Identity & Access Management
IAM provides a unified mechanism for validating, authenticating, and authorizing users and devices.
Which protocols does SDP support for IAM integration?
- LDAP
- Active Directory (AD)
- SAML
These protocols enable access control and identity management.
What is the purpose of identity lifecycle management in IAM?
To maintain the identity lifecycle (JML process)
It standardizes how identity information is used to control access to resources.
What capabilities do Next Generation Firewalls (NGFWs) have?
- Application awareness
- Intrusion detection/prevention system (IDPS)
- Identity awareness
- VPN capabilities
NGFWs enhance traditional firewall functionalities.
What are some limitations of NGFWs?
- Latency
- Scalability issues
- Rule complexity
NGFWs may cause delays and require robust hardware.
How does SDP complement NGFWs?
By providing secure user access policies while leveraging NGFW core functions
SDP enforces zero visibility principles with NGFW traffic inspection capabilities.
Fill in the blank: SDP is fundamentally based on a need to know _______.
security principle
This principle hides unauthorized services from users.
True or False: NGFWs are designed to function with a zero visibility principle.
False
NGFWs typically result in more visible and higher risk environments compared to SDP.
What does SDP enable in terms of access control?
Granular access rules based on business rules and telemetry data
This ensures only authorized users on registered devices gain access.
What are the three core tenets of SDP?
Assume nothing, trust no one or thing, validate everything
What does SDP stand for?
Software-Defined Perimeter
What type of environments is SDP designed to secure?
Dynamic workloads in cloud mobile environments
What is the first core tenet of SDP?
Assume nothing
What is the second core tenet of SDP?
Trust no one or thing
What is the third core tenet of SDP?
Validate everything
What type of validation does SDP provide?
Software-defined, dynamic, endpoint validation
What paradigm does SDP use for connections?
Connection-based paradigm
What components are integrated into SDP?
- Firewalls
- Identity and access
- Session management
- Encryption
- Device management
Where can the design features of SDP be found?
CSA’s SDP Specification v214
Why should IP addresses not be used as anchors for network locations?
They are location-dependent and change when users relocate.
Users’ devices are assigned new IP addresses when they move, making IP-based access unreliable.
What challenge does SDP address regarding IP addresses?
SDP secures connections while being IP address agnostic.
This means it is aware of IP addresses but does not rely on them for authorizing access.
What is typically required for a single point of trust in network connections?
- Information about users, provided by applications
- Information about the network, provided by firewalls
- Information about devices, provided by the client
What is a significant challenge in integrating multiple security controls?
Correlating disparate streams of security data for deeper insights is resource intensive.
What do most DevOps teams consider as an afterthought in security?
Application layer firewalls and anti-denial of service/distributed denial of service (DoS/DDoS) protection.
What does SDP provide for managing controls in the environment?
A unified location for implementing and managing controls instead of traditional distributed controls.
What are the main threats that SDP protects against according to the document?
- Data breaches
- Misconfigurations & inadequate change control
- Lack of cloud security architecture & strategy
- Insufficient identity, credential, access, & key management
- Account hijacking
- Insider threat
- Insecure interfaces & APIs
- Weak control plane
- Metastructure/application infrastructure failures
- Limited cloud usage visibility
- Abuse of cloud services
What are the consequences of data breaches?
- Reputational damage
- Loss of customer/partner trust
- Loss of intellectual property
- Regulatory implications
- Legal and contractual liabilities
How does SDP mitigate data breaches?
By using a drop-all firewall that drops packets not explicitly configured.
What role does SDP play in change control?
It provides access configured for changes only after approval.
What is the result of insufficient identity, credential, access, & key management?
- Unauthorized access
- Data exfiltration
- Modification and deletion of data
- Eavesdropping on data in transit
What does the core of SDP include for preventing account hijacking?
Authentication, authorization, and mutual factor authorization (MFA).
What is a strategy included in SDP to address insider threats?
Microsegmentation of the organizational environment to limit access on a need-to-know basis.
What does SDP do to provide better visibility and situational awareness?
Logs all inbound activity.
What is the impact of weak control planes according to the document?
Data loss, regulatory punishment, and significant business impacts.
How does SDP limit the impact of misconfigurations?
By hiding resources behind the gateway/controller.
What type of financial losses can result from abuse of cloud services?
Excessive metered cloud use.
Fill in the blank: SDP safeguards access to _______ and stateless firewall configurations.
stateful
