Difference between revisions of "skybox notes"

From thelinuxwiki
Jump to: navigation, search
(Created page with "skybox Firewall Optimization and Cleanup shadowed rules redundant rules rule usage, unused identified Firewall Policy Compliance out of the box cis benchmarks exampl...")
 
 
(4 intermediate revisions by one user not shown)
Line 1: Line 1:
skybox
+
skyboxsecurity
  
Firewall Optimization and Cleanup
+
'''Firewall Optimization and Cleanup'''
  shadowed rules
+
*shadowed rules
  redundant rules
+
*redundant rules
  rule usage, unused identified
+
*rule usage, unused identified
  
Firewall Policy Compliance
+
'''Firewall Policy Compliance'''
out of the box cis benchmarks
+
*out of the box cis benchmarks
 +
*examples: snmp community string violations
 +
*access (rule) policy violations
 +
*example: login services to dmz
  
examples: snmp community string violations
 
  
access (rule) policy violations
+
'''Network Visibility and Intelligence'''
example: login services to dmz
+
*firewall map
 +
*zones
 +
*validation
 +
*missing hops
 +
*export as image or visio
 +
*access analyzer!! will show which firewalls allow and which deny, identify which devices need rules
  
 +
'''Vulnerability Control - Actionable Remediation'''
 +
*risk = impact x likelyhood
 +
*remediation tickets and tracking
  
 
+
'''Vulnerability Control -Context-Aware Prioritization'''
Network Visibility and Intelligence
+
*GUI Analytics Center
firewall map
+
*hotspots mapped to business units, geography, vendor platforms and/or security bulletins
zones
+
*threat origins defined
validation
+
  example: inside or outside
    missing hops
+
export as image or visio
+
 
+
access analyzer!! will show which firewalls allow and which deny, identify which devices need rules
+

Latest revision as of 18:25, 17 February 2016

skyboxsecurity

Firewall Optimization and Cleanup

  • shadowed rules
  • redundant rules
  • rule usage, unused identified

Firewall Policy Compliance

  • out of the box cis benchmarks
  • examples: snmp community string violations
  • access (rule) policy violations
  • example: login services to dmz


Network Visibility and Intelligence

  • firewall map
  • zones
  • validation
  • missing hops
  • export as image or visio
  • access analyzer!! will show which firewalls allow and which deny, identify which devices need rules

Vulnerability Control - Actionable Remediation

  • risk = impact x likelyhood
  • remediation tickets and tracking

Vulnerability Control -Context-Aware Prioritization

  • GUI Analytics Center
  • hotspots mapped to business units, geography, vendor platforms and/or security bulletins
  • threat origins defined
 example: inside or outside