Using AWS Security Groups and NACLs for advanced traffic filtering in the cloud

istock_54748122_small

With AWS NACLs you can manage security tasks in a way that you cannot do with security groups alone. However, an AWS instance inherits security rules from both the security groups, and from the NACLs – so how do these interact? In this post Professor Wool provides some tips and tricks on how to use these two features together for the most effective and flexible traffic filtering for your enterprise.

Tips for managing application connectivity securely through a merger or acquisition

mergers

During a merger and acquisition, you have two enterprises each running complex IT infrastructures with hundreds if not thousands of applications. Usually, these applications don’t just simply integrate together – rather, some perform overlapping functions and need to be altered or extended; some need to be used in parallel; while others need to be decommissioned and removed. This means amending, altering and updating firewall policies to accommodate new connectivity, new applications and new servers and often new firewalls – crucially, without creating IT security risks or outages.

Adopting an application-centric approach to security management: getting business leaders interested

Kyle - board

IT security often believe that business managers may not be interested in an application-centric approach, as the effort to get there appears to be too much, when there is so much else to do. The key here is how to frame the issue to the business. If the business isn’t interested, the value proposition hasn’t been framed properly. It should be structured, above all, around business enablement, and the IT security team needs to see itself and be perceived as a trusted advisor to the rest of the business by ‘translating’ its own jargon into concrete business benefits.

Adopting an application-centric approach to security management: managing resources

Kyle - expectations

The key to an application centric approach is being able to identify and map critical applications and their respective traffic flows, and then associate them to vulnerabilities. This is critical in order to prioritize risk mitigation efforts based on business needs.

Adopting an application-centric approach to security management: we mature enough?

kyle - maturity

Rather than viewing security from the traditional posture of infrastructure and firewall rules, Security needs to be assessed from an application-centric perspective – specifically the business applications that actually generate revenue. Through this approach businesses identify and map their critical applications and their respective traffic flows, in order to understand how both the firewall rules and vulnerabilities affect them. In turn this enables IT teams to implement security policies and operational risk management which is entirely focused on serving the needs of the business.

Common causes of security oversight of today’s networks

kevin blog

As we get older we’ve all experienced that feeling of time passing faster and faster. What used to seem like a long year ahead to get various IT and security projects accomplished has turned into, Wow – where did the year go; we haven’t gotten hardly anything done! Experts say this is related to how aging brains view time and past experiences. There’s also the reality of more and more responsibilities as we move up through the ranks. The trouble with all of this, however, is the reality that the security of our network systems often takes a backseat and isn’t getting the attention it dese

New Professor Wool whiteboard video course on Network Security for VMware NSX

nsx

In preparation for VMworld next week Professor Wool has created a new whiteboard-style course on Network Security for VMware NSX. Each lesson focuses on a specific challenge of and provides technical tips for managing security policies across the VMware NSX software-defined data center and traditional data center.

Blurred lines: who's responsible for security in NSX?

NSX 2

Last week I blogged about understanding the security implications when migrating Greenfield and Brownfield applications to VMware NSX. Today, we’re examining the next steps after you’ve successfully deployed your virtualized datacenter – how you should approach managing, reporting on and auditing its security.

Migrating to NSX? understand the security implications for Greenfield and Brownfield applications

green-brownfield

With VMworld 2016 fast approaching, let’s discuss a challenge facing many businesses when migrating to a virtualized platform: security. First of all, we need to separate between two scenarios. In a ‘Greenfield’ scenario, you’re building and deploying brand new applications into a virtualized data center. Clearly, this is an ideal situation, because you can essentially bake in security from the ground up. It is more likely, however, that you’ll have a ‘Brownfield’ scenario, where you are migrating existing business applications to a virtualized data center. In this case you need to migrate and adjust existing security policies for the new virtual environment.

New webinar: How to migrate and manage security policies in a segmented data center

segmentation

Network segmentation is an effective strategy for protecting access to key data assets, and impeding the lateral movement of threats and cyber criminals inside your data center. With network virtualization, such as VMware NSX, now a reality it’s now far easier and quicker to set up granular security policies for east-west traffic within the data center. Yet the added granularity of securities policies creates significant complexity.

The summer of network misconfigurations

iStock_22750897_SMALL

2,300 flights grounded across the US costing airlines an estimated $10 million in lost bookings alone. A bank’s customers’ losing access to their accounts. Businesses in New England losing telephone services. A flash flood warning mistakenly issued for Washington DC ……..the list goes on and on. What links all of these incidents? They are all the result of network outages during the month of July – costing millions of dollars in lost revenue and remediation costs, inconveniencing large numbers of customers, and damaging business reputations.

Who moved my network?

who moved my networ

Despite its rising popularity, SDN can also drive fear, thanks to loss of visibility and control. In a networking model in which IT teams and managers have little to no physical visibility into their networks, how does security work? If you can’t see into the network, how do you control and manage it?