This is what I was thinking tonight, one day I would like to see organizations or corporates run business without security experts because we have enables them with tools to take care of security configurations across there networks in all layers.
To achieve this, we must have developed a tool that will do analysis of network traffic and dynamically come up with security implementation plan, send it to the top management for approval then push this configuration into all network equipments dynamically without human intervention.!
After which keep monitoring and upgrade and enforce security policies as business changes. What a simple life and assurance for businesses.
What I am saying is organization install networking equipment {routers, switches, firewalls, IPS, IDS etc) perform basic routing to enable traffic flow. Then deploy this little "Wizard" and get reports via email regarding what need to be configured switches, router, firewalls based on what is happening on business in real-time.
When the CTO replies that email by a "Yes", this little "Wizard" should then go ahead and apply these security changes to relevant network equipment, while updating syslog server on what changes were implemented when and thats how we start. Keep upgrading as business changes using same model (i.e business must be made aware with this little "wizard" on what it intends to do).
Along the way, we should be able to track Security hardening maturity, at day one our dashboard with show RED, as we go along color will change to amber for example, stay there for a couple of months, then change to "Green" which means we have finished basics, and keep doing minor changes as we change business rules.
Do we have similar solutions somewhere or do you think this is new Idea? Let me know you opinion regarding this.
To achieve this, we must have developed a tool that will do analysis of network traffic and dynamically come up with security implementation plan, send it to the top management for approval then push this configuration into all network equipments dynamically without human intervention.!
After which keep monitoring and upgrade and enforce security policies as business changes. What a simple life and assurance for businesses.
What I am saying is organization install networking equipment {routers, switches, firewalls, IPS, IDS etc) perform basic routing to enable traffic flow. Then deploy this little "Wizard" and get reports via email regarding what need to be configured switches, router, firewalls based on what is happening on business in real-time.
When the CTO replies that email by a "Yes", this little "Wizard" should then go ahead and apply these security changes to relevant network equipment, while updating syslog server on what changes were implemented when and thats how we start. Keep upgrading as business changes using same model (i.e business must be made aware with this little "wizard" on what it intends to do).
Along the way, we should be able to track Security hardening maturity, at day one our dashboard with show RED, as we go along color will change to amber for example, stay there for a couple of months, then change to "Green" which means we have finished basics, and keep doing minor changes as we change business rules.
Do we have similar solutions somewhere or do you think this is new Idea? Let me know you opinion regarding this.
This Idea sounds like we are looking for a Policy-based IPS/IDS, lets explore further on this direction and see if there is a room for improvement.
ReplyDeleteWhat they say is, IPS/IDS can be configured to tell third-part appliances prevent what we call malicious traffic,
If that is the case, why not load IPS/IDS with Company Security Policy, then tell IPS/IDS to instruct relevant network devices (Routers, Switches, Firewalls etc) to action against policy violation activities dynamically.
This will include, telling routers/firewalls to develop ACLs for actioning against policy violations etc.
Lets say, logging should be there by as usual for each instruction sent by IPS/ISP to other equipments as well as for each action taken by these network equipments.
If this is a possibility, lets say we might save a lot of cost keeping Security Admini onsite, we might rather employ consultant one time to populate IPS/IDS with company security policy and probably keep them on call when policy changes.
Isnt that we wanted IPS/IDS to learn Company Policy dynamically and not wait to be told regarding changes in company policies?
I am not sure if this is a viable idea, lets explore on posibilities together and see what is good, what is better and what is best!!