Network Security

 Technologies and processes that I have designed and implemented for network security (defensive):

  • Firewalls at the network perimeter and also for establishment of DMZ (demilitarized zone) networks, including Cisco, Juniper, Checkpoint, Sonicwall, Watchguard, OPNSense, OpenBSD PF, IP tables, more,
  • Network segmentation design using routers, firewalls, and VLANs,
  • VPN (Virtual Private Networks), primarily using IPsec for both site-to-site and user access connections, but I've also helped users setup and troubleshoot TLS-based VPNs. Most commonly I've set these up using a firewall configuration, but sometimes through Windows or Linux services.
  • Access control via router access control lists, switch port management and port-based 802.1x configuration, RADIUS services
  • Intrusion Prevention systems (IPS) as implemented through next-generation firewalls,
  • Wireless security using 802.1x
  • Antivirus / malware using Symantec Enterprise and McAfee products
  • Network traffic analysis using Wireshark and tcpdump to understand baselines and identify potentially malicious traffic and provide feedback to IDS rule development.
Technologies and approaches I've used to test and break network security (offensive):
  • Firewalls - Exploit of system vulnerabilities and misconfigurations, configuration review and audit.
  • Network segmentation - Exploit of configuration weaknesses.
  • VPNs - Exploit of poor TLS certificate management and configuration. Exploit of remote hosts with VPN access.
  • Access controls - Exploit of configuration misalignment to business need, audit. I've also performed analysis of the alignment of security group permissions and assignment within AWS environments to standards and business needs .
  • IDS / IPS - Testing of rules and alerts as part of purple team exercises to ensure simulated malicious traffic raises alerts.
  • Antivirus / malware - bypass using packing of exploit code.
  • Network traffic analysis for the purpose of capturing traffic for replay, capture credentials, redirect traffic through my attack host, decryption of captured data.

The defensive security work has taken place over many years working with multiple employers and consulting clients. I did many of those kinds of tasks doing systems engineering, integration, and consulting. I performed much of the offensive security work as a consultant at Info@Risk, but I also did a lot of audit and controls testing to identify such flaws while working at Jackson National Life Insurance in my multiple roles, and at Zoom Video Communications.

Given the size and business models of Jackson and Zoom, and the sheer number of consulting clients in banking, healthcare, government, and the energy industry that I assisted with systems engineering and penetration testing, it is no exaggeration to say that the impact of these efforts has been to help protect the personal data of millions people and the business capabilities and intellectual property of hundreds of companies.

Professional certifications supporting this work include: CISSP, CISA, CISM

No comments:

Post a Comment

Subscribe to: Posts (Atom)