1700 PERPER Harry NIST - The Channel Company1DWLRQDO &\EHUVHFXULW\ &HQWHU RI ([FHOOHQFHQFFRH QLVW...
Transcript of 1700 PERPER Harry NIST - The Channel Company1DWLRQDO &\EHUVHFXULW\ &HQWHU RI ([FHOOHQFHQFFRH QLVW...
National Cybersecurity Center of ExcellenceIncreasing the adoption of standards-based cybersecurity technologies
Midsize Enterprise Summit: IT Security
March 27, 2019 Harry Perper, Cybersecurity Engineer
2nccoe.nist.govNational Cybersecurity Center of Excellence
• NCCoE Overview
• Privileged Account Management
• Reference Architecture
• Example Solutions
• Identity and Access Management
• Reference Architecture
• Engage with NCCoE
• Join the COI
• Give us your feedback on our documentsnccoe.nist.gov
Agenda
3nccoe.nist.govNational Cybersecurity Center of Excellence
NCCoE Mission
Accelerate adoption of secure technologies: collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs
4nccoe.nist.govNational Cybersecurity Center of Excellence
Collaborative Hub The NCCoE works on critical national problems in cybersecurity.
The NCCoE has access to a wealth of expertise, resources, relationships, and experience.
NCCoE
Academia
Government
Businesses
Cybersecurity Industry
NCCoE Model
6nccoe.nist.govNational Cybersecurity Center of Excellence
Engagement & Business Model
OUTCOME: Define a scope of work with industry to solve a pressing cybersecurity challenge
OUTCOME: Assemble teams of industry orgs, govt. agencies, and academic institutions to address all aspects of the cybersecurity challenge
OUTCOME: Build a practical, usable, repeatable implementation to address the cybersecurity challenge
OUTCOME: Advocate adoption of the example implementation using the practice guide
ASSEMBLE ADVOCATEBUILDDEFINE
Publications
8nccoe.nist.govNational Cybersecurity Center of Excellence
NIST NCCoE SP 1800 Series
Practice Guide PublicationVolume A: Executive Summary• High-level overview of the project, including summaries of
the challenge, solution, and benefits
Volume B: Approach, Architecture, and Security Characteristics• Deep dive into challenge and solution, including approach,
architecture, and security mapping to NIST Cyber Security Framework (CSF) and other relevant standards
Volume C: How-To Guide • Detailed instructions on how to implement the solution,
including components, installation, configuration, operation, and maintenance
9nccoe.nist.govNational Cybersecurity Center of Excellence
Map to Financial Industry Guidance
NCCoE Portfolio
11nccoe.nist.govNational Cybersecurity Center of Excellence
Portfolio • Attribute Based Access Control (SP 1800-3)
• Consumer/Retail: Multifactor Authentication for e-Commerce (SP 1800-17)
• Data Integrity: Identifying and Protecting
• Data Integrity: Detecting and Responding
• Data Integrity: Recovering (SP 1800-11)
• Derived PIV Credentials (SP 1800-12)
• DNS-Based Email Security (SP 1800-6)
• Energy: Identity and Access Management (SP 1800-2)
• Energy: Situational Awareness (SP 1800-7)
• Financial Services: Access Rights Management (SP 1800-9)
• Financial Services: IT Asset Management (SP 1800-5)
• Financial Services: Privileged Account Management (SP 1800-18)
• Healthcare: SecuringElectronic Health Records on Mobile Devices (SP 1800-1)
• Healthcare: Securing Picture Archiving and Communication Systems (PACS)
• Healthcare: Securing Wireless Infusion Pumps (SP 1800-8)
• Hospitality: Securing Property Management Systems
• Mitigating IoT-Based DDoS
• Manufacturing: Capabilities Assessment for Securing Manufacturing Industrial Control Systems
12nccoe.nist.govNational Cybersecurity Center of Excellence
Portfolio • Mobile Device Security: Cloud and Hybrid Builds (SP 1800-4)
• Mobile Device Security: Enterprise Builds
• Mobile Threat Catalogue
• Privacy-Enhanced Identity Federation
• Public Safety/First Responder: Mobile Application SSO (SP 1800-13)
• Secure Inter-Domain Routing (SP 1800-14)
• TLS Server Certificate Mgmt(SP 1800-16)
• Transportation: Maritime: Oil & Natural Gas
• Trusted Cloud (SP 1800-19)
Privileged Account Management
14nccoe.nist.govNational Cybersecurity Center of Excellence
Privileged Account Management
Project StatusDraft practice guide published September 28, 2018
Read to demo
Collaborate with Us
Email [email protected] to join the Community of Interest (COI) for this project
Securing privileged accounts for the financial services sector
DEFINE ASSEMBLE BUILD ADVOCATE
Challenges• Many privileged accounts provide the “keys to the
kingdom” for attackers or insiders. These accounts provide elevated, often unrestricted access to corporate resources and critical systems (e.g. “crown jewels”)
• System administrators often share passwords, and directly access the systems they administer
• Organizations need the ability to manage and monitor the access administrators have to data and systems
15nccoe.nist.govNational Cybersecurity Center of Excellence
Privileged Account Management (PAM)
Administrators, service accounts and other “privileged” users
Security Monitoring
(X)aaSApplications Infrastructure
Multi-factor Authentication
Typical Environment
16nccoe.nist.govNational Cybersecurity Center of Excellence
Privileged Account Management (PAM)Securing privileged access for the financial services sector
ObjectivesThis project aims to help organizations in the financial sector design and implement a PAM system that:
• controls and monitors (and audits) use of privileged accounts
• manages the lifecycle of privileged accounts
• ensures personal accountability among privileged users
• enforces least privilege and separation of duties policies
BenefitsOrganizations implementing this solution can expect
• reduced insider malicious activities
• reduced abuse of rights
• reduced employee mistakes
• secured administrative access to cloud infrastructure
• reduced malware account escalation and account take over
• 3rd party access management
17nccoe.nist.govNational Cybersecurity Center of Excellence
Reference Architecture
Legend
Session Management Security Monitoring,
Logging and
Auditing
PAM policyadministrators
PrivilegedUsers
User Interface (Access Control)
Emergency Access
Multi-factor Authentication
High Availability/ Replication
Monitoring Session ReplayAutomated Account Discovery
Identity Store(LDAP)
Policy Management
(X)aaSdirectories applications infrastructure
Privileged Account Management
Password Vault
Password Management
Security Monitoring Data Flow
User Data FlowA
B
A, B, and C are connected
CManagement Data Flow
User Behavior Analytics
PAM Example for Infrastructure
EKRAN Agent
Remediant SecureONE
Web interface
LDAPS
Microsoft Active
Directory
Direct connection
Workstation
System Administrator
Privilege escalation
1
2
34
6
Google Authenticator App
One-time passcode
Mariadb database
Production environment
Fileserver
Legend
Data flow
Numbers Communication order
5
PAM Example for Application Layer
Microsoft Active
Directory
RSA SecureID
App
RSA Authentication
Manager
BOMGAR Application Launcher
EKRAN Agent
WorkstationBOMGAR Privileged
Identity
Web interface
Direct connection
RADIUS
Privileged users
Windows auth
1
2
3
4
56
Remote Desktop Services (RemoteApp)
7
8
Legend
Data flow
Numbers Communication order
(Internal Communications)
One-time passcode registration
MSSQL database
Production environment
Twitter accountCloud
PAM Example Implementation for SIEM
EKRAN Agent
TDi ConsoleWorks
OneSpan Authentication
Server
Radiant LogicRadiantOne FID
Microsoft Active
Directory
Web interface Proxy connection
RADIUS
LDAPS
LDAPS
WorkstationSecurity Analyst
One-time passcode
1
2
3
4
5
6
7
8
DIGIPASS App
EKRAN server
Production environment
Splunk Enterprise
pfSense Firewall/Router
Legend
Data flow
Numbers Communication order
Access Rights Management
22nccoe.nist.govNational Cybersecurity Center of Excellence
Access Rights Management SP 1800-9
Overview• Identity and access systems in the financial
sector are often disjointed, complex to operate, and vulnerable to attackers or insider threats
• Organizations need the ability to easily issue, validate, and modify access rights from a central location
• This project demonstrates ways to link the management of existing and separate systems into a comprehensive solution
• Project Status• Draft Practice Guide published, ready to demo in our
lab at the NCCoE
Collaborate with Us
• Read Access Rights Management Practice Guide
• Email [email protected] to join the Community of Interest (COI) for this project
Securing access for the financial services sector
DEFINE ASSEMBLE BUILD ADVOCATE
23nccoe.nist.govNational Cybersecurity Center of Excellence
Access Rights Management (ARM)
Security Monitoring Data Flow User Information Data Flow
Legend
VirtualDirectory
Access rulesadministrators
Security Analyst
Security Monitoring
Policy Administration Policy Management
User Access Information Provisioning(groups, roles, attributes, etc.)
AD LDAP RACF
HR and useradministrators
Privileged Access Management
This project demonstrates ways to link existing and separate systems into a comprehensive solution
Get Involved
25nccoe.nist.govNational Cybersecurity Center of Excellence
Ways to Participate in NCCoE Projects
Comment on the draft document
Become a contributor
Attend COI events
Sign up for email alerts
Attend an NCCoE
Presentation
Adopt all or part of the practice guide
Harry PerperCybersecurity EngineerNCCoE
Teresa ThomasOutreach SpecialistNCCoE
Email us at: [email protected]
Rate This Session in the App!
1. Tap on Agenda icon
2. Tap on the session you want to rate
3. Rate session on scale of 1 – 7
(7 being the highest!)
4. Write a comment (if you want)
5. Hit Submit!