With AWS NACLs you can manage security tasks in a way that you cannot do with security groups alone. However, an AWS instance inherits security rules from both the security groups, and from the NACLs – so how do these interact? In this post Professor Wool provides some tips and tricks on how to use these two features together for the most effective and flexible traffic filtering for your enterprise.
During a merger and acquisition, you have two enterprises each running complex IT infrastructures with hundreds if not thousands of applications. Usually, these applications don’t just simply integrate together – rather, some perform overlapping functions and need to be altered or extended; some need to be used in parallel; while others need to be decommissioned and removed. This means amending, altering and updating firewall policies to accommodate new connectivity, new applications and new servers and often new firewalls – crucially, without creating IT security risks or outages.
IT security often believe that business managers may not be interested in an application-centric approach, as the effort to get there appears to be too much, when there is so much else to do. The key here is how to frame the issue to the business. If the business isn’t interested, the value proposition hasn’t been framed properly. It should be structured, above all, around business enablement, and the IT security team needs to see itself and be perceived as a trusted advisor to the rest of the business by ‘translating’ its own jargon into concrete business benefits.
The key to an application centric approach is being able to identify and map critical applications and their respective traffic flows, and then associate them to vulnerabilities. This is critical in order to prioritize risk mitigation efforts based on business needs.
Rather than viewing security from the traditional posture of infrastructure and firewall rules, Security needs to be assessed from an application-centric perspective – specifically the business applications that actually generate revenue. Through this approach businesses identify and map their critical applications and their respective traffic flows, in order to understand how both the firewall rules and vulnerabilities affect them. In turn this enables IT teams to implement security policies and operational risk management which is entirely focused on serving the needs of the business.
As we get older we’ve all experienced that feeling of time passing faster and faster. What used to seem like a long year ahead to get various IT and security projects accomplished has turned into, Wow – where did the year go; we haven’t gotten hardly anything done! Experts say this is related to how aging brains view time and past experiences. There’s also the reality of more and more responsibilities as we move up through the ranks. The trouble with all of this, however, is the reality that the security of our network systems often takes a backseat and isn’t getting the attention it dese
In preparation for VMworld next week Professor Wool has created a new whiteboard-style course on Network Security for VMware NSX. Each lesson focuses on a specific challenge of and provides technical tips for managing security policies across the VMware NSX software-defined data center and traditional data center.
Last week I blogged about understanding the security implications when migrating Greenfield and Brownfield applications to VMware NSX. Today, we’re examining the next steps after you’ve successfully deployed your virtualized datacenter – how you should approach managing, reporting on and auditing its security.
With VMworld 2016 fast approaching, let’s discuss a challenge facing many businesses when migrating to a virtualized platform: security. First of all, we need to separate between two scenarios. In a ‘Greenfield’ scenario, you’re building and deploying brand new applications into a virtualized data center. Clearly, this is an ideal situation, because you can essentially bake in security from the ground up. It is more likely, however, that you’ll have a ‘Brownfield’ scenario, where you are migrating existing business applications to a virtualized data center. In this case you need to migrate and adjust existing security policies for the new virtual environment.
Network segmentation is an effective strategy for protecting access to key data assets, and impeding the lateral movement of threats and cyber criminals inside your data center. With network virtualization, such as VMware NSX, now a reality it’s now far easier and quicker to set up granular security policies for east-west traffic within the data center. Yet the added granularity of securities policies creates significant complexity.
2,300 flights grounded across the US costing airlines an estimated $10 million in lost bookings alone. A bank’s customers’ losing access to their accounts. Businesses in New England losing telephone services. A flash flood warning mistakenly issued for Washington DC ……..the list goes on and on. What links all of these incidents? They are all the result of network outages during the month of July – costing millions of dollars in lost revenue and remediation costs, inconveniencing large numbers of customers, and damaging business reputations.
Despite its rising popularity, SDN can also drive fear, thanks to loss of visibility and control. In a networking model in which IT teams and managers have little to no physical visibility into their networks, how does security work? If you can’t see into the network, how do you control and manage it?