We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Sneaking In Network Security

132
 Cite
 Share
 Related Material
 Download
 Purchase
Logo of Chaos Computer Club e.V.Chaos Computer Club e.V.
 Burkhardt, Maximilian

Formal Metadata

Title
Sneaking In Network Security
Subtitle
Enforcing strong network segmentation, without anyone noticing
Title of Series
Number of Parts
165
Author
License
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date2018
LanguageEnglish

Content Metadata

Subject Area
Genre
Abstract
Highly compartmentalized network segmentation is a long-held goal of most blue teams, but it's notoriously hard to deploy once a system has already been built. We leveraged an existing service discovery framework to deploy a large-scale TLS-based segmentation model that enforces access control while automatically learning authorization rules and staying out of the way of developers. We also did it without scheduling downtime or putting a halt to development. This talk covers how we engineered this, and shares lessons learned throughout the process.
Keywords