Penetration Testing with Kali Linux OffSec
|
|
Security Controls
73 This might feel overwhelming at first. In particular, a defense-in-depth strategy involves people and technologies creating layers of barriers to protect resources. In the CIA Triad Learning Unit, we mentioned that a consequence to strong security can be reduced availability. If a system’s security is prioritized over availability, then there may be increased downtime and ultimately increased user frustration. An example of this could be using the Kerberos 74 authentication protocol without a fall back authentication method. In GNU/Linux, Kerberos might be configured without a failsafe: no alternate network access authorization method. This can result in no one being able to access network services if there is a Kerberos issue. If security is the top priority, this could be ideal depending on the organization’s goals . However, if availability is the top priority, such an approach could damage the system by improving its security without care. 72 (Wikipedia, 2021), https://en.wikipedia.org/wiki/Defense_in_depth_(computing) 73 (NIST, 2022), https://csrc.nist.gov/glossary/term/security_control 74 (MIT, 2022), https://web.mit.edu/kerberos/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 46 Security controls can also be extremely time consuming to properly use and maintain. If a control is expensive enough, an organization could lose profitability. Security controls must also be balanced with financial resources and personnel restraints. Next, let’s explore a variety of different security controls that an organization might implement. 3.4.3 Shift-Left Security One of the best ways to avoid extra costs and impacts to availability is to design an entire system so that security is built into the service architecture, rather than requiring many additional software layers. In order to design systems with built-in security, the idea of shift-left security 75 can improve efficiency. The idea of shift-left security is to consider security engineering from the outset when designing a product or system, rather than attempt to bake it in after the product has been built. Without shift-left security, we might have developers shipping products without security, and then need to add in additional layers of security on top of, or along with, the product. If the security team is involved in the development process, we have a better chance of creating a product with controls built in, making a more seamless user experience as well as reducing the need for additional security services. Most applications do not have security built in and instead rely on platform-level security controls surrounding the services. This can work well; however, it can result in security being weaker or easier to bypass. For example, if a specific technology (for example, Kubernetes modules) are providing all of the security services, then someone that controls that technology (in this case, a Kubernetes administrator) could remove or tamper with it and bypass security for all services. However, we once again need to consider business impact. In particular, shifting left can potentially cause slower production times because developers will need to explicitly think about security in addition to the product specifications. An organization therefore will need to decide what trade-offs they can make in their particular circumstance. Despite the potential reduction in security posture, focusing on platform-level security controls can provide the lowest friction to development efforts and the fastest time to market for application developers while producing reasonable security posture. 3.4.4 Administrative Segmentation It may seem okay to have an administrator bypass security controls based on their role and functional needs. Shouldn’t we trust our administrators? However, when a threat is internal or otherwise able to obtain valid administrative credentials, our security posture becomes weaker. In order to defeat internal threats and threats that have acquired valid credentials or authentication capability, we must segment controls so that no single authority can bypass all controls. In order to accomplish this, we may need to split controls between application teams and administrators, or split access for administration between multiple administrators, as with Yüklə Dostları ilə paylaş:
|