Has been developed by Richard Bejtlich to help defenders to give themselves a fighting chance by deploying a defensible network architecture. There are three common ways to help protect data they are

• Network physical design (How the organization’s physical network got designed)
• Knowing where valuable data is (Important because then you know what to protect)
• Threat enumeration (It is helpful to know whether your systems are vulnerable and easy to attack)

The rest of this concept mainly consists of seven pillars.

• Monitoring
  • Software products and services combine security information and event management. They provide real-time analysis of security alerts generated by applications and network hardware

• Inventoried
  • Identifying asset location, purpose, Data classification, Criticality, Owner, and contact method (CIS- top18)
• Controlled
  • Enforces access control at the host, network, and application levels to permit authorized activities and deny everything else
• Claimed
  • The Asset owner listed in the inventory is
• Minimized
  • Disabled unnecessary services, protocols, and software
• Current
  • Keep assets patch status and configuration up-to-date with the latest standards
• Measured
  • Measure the progress against the previous step using key performance metrics

Source: Richards Diagram for the security process:

Defensible Network Design

Traditional data center networks utilize a three-tier design that consists of a core, distribution, and access layer of switches. Designing a network with these drawings is crucial to understand the networking architecture better. Do remember to consider an exemplary network architecture compared to a bad one. One more important consideration is knowing the adversary will break in and how to protect the most precious data. Think of using a SIEM and performing regular auditing if files got accessed without proper authorization.

• Conceptual Design
  • The high-level design of the network (the diagram)
• Logical Design
  • Information access (data flow)
• Physical design
  • Physical devices interconnect together (technical diagram)

Segment the network into security zones: 

• Public
  • No trust (the Internet)
• Demilitarized Zone
  • Low Trust (web, DNS, and email servers)
• Middleware
  • Separate DMZ from the corporate network (Proxy Server)
• Private
  • Internal systems (printers, databases, and file servers)

` Example of a tiered network design

Source:
https://miro.medium.com/max/4800/0*95r6GhTBRv3PMy15.png

System and Network Authorization 

After making these considerations, it is essential to understand that we must implement access control to protect the systems from unauthorized access. There are many kinds of authorization systems.

• Role-Based Access Control
  • Allows granting access by roles
• Attribute-based access control
  • Let us determine access by user characteristics, object characteristics, action types, and more

Zero Trust Network Architecture

In the modern security posture, traditional security methods have only sometimes worked out great for companies. Why are many cybersecurity vendors and organizations trying to move over to ZTNA? It allows them to establish a way safer. Never trust and always verify that the model gets used. Zero-Trust modeling is usually gets applied to

• Users
• Devices
• Network Traffic
• Applications
• Data

The policies that apply for logins for Zero-Trust are

• User identity and type of credential (human, programmatic)
• Credential privileges on each device
• Normal connections for the credential and device (behavior patterns)
• Endpoint hardware type and function
• Geo location
• Just in time access (JIT)
• Firmware versions
• Authentication protocol and risk
• Operating system versions and patch levels
• Applications installed on endpoint
• Security or incident detections including suspicious activity and attack recognition

 If needed, more guidance on applying ZTNA. Microsoft has a great guide on implementing ZTNA.

Source:
Implementing a Zero Trust security model at Microsoft
Zero Trust Architecture

Video:

SANS Webcast – Zero Trust Architecture

Login authentication

Authentication is the process of verifying the identity of a user, device, or system in a secure system. It is a critical component of security in any organization, as it helps to ensure that only authorized users have access to sensitive information and resources. Several authentication methods can get used in a secure system, including

• Passwords
  • The most common method of authentication where a user is required to enter a unique combination of letters, numbers, and symbols to gain access to a system
• Two-factor authentication (2FA)
  • Requires a user to provide a second form of authentication, such as a code sent to a mobile phone, in addition to a password
• Biometric authentication
  • Physical characteristics, such as a fingerprint or facial recognition, to verify a user’s identity
• Token-based authentication
  • A physical token, such as a key fob or card, that generates a unique code to gain access to a system

To prevent unauthorized access and potential security breaches, organizations must regularly update and maintain robust authentication protocols. It may include updating passwords regularly, implementing 2FA, and staying up-to-date with the latest biometric and token-based technologies.

FIDO

To protect businesses from online threats such as phishing and password-based breaches, the FIDO Alliance standard, or Fast IDentity Online, is an open, interoperable authentication standard.

A key characteristic of FIDO is robust and two-factor authentication (2FA), such as biometrics or hardware tokens. Users must also provide a second factor to access their accounts, such as a fingerprint or security key. Because of this, attackers must obtain both the password and the device or biometric information in addition to the password to gain unauthorized access.

Because it helps prevent unauthorized access to sensitive data and systems, FIDO is essential for organizations to protect themselves. Cyber-attacks are rising, so organizations need robust security measures to protect themselves. Organizations can significantly reduce their vulnerability to password-based attacks and cybercrime by implementing FIDO.

Source:

FIDO Alliance

SANS Webcast – Trust No One: Introducing SEC530: Defensible Security Architecture

Video:

Video: APAC 2021: FIDO Technology and Standards Update