BSidesChicago 2017

Many organizations have IT environments with zones of varying security requirements. These zones are usually networks that are created to encompass systems that serve different functions, from production web applications to PCI in-scope database servers.

An organization has to make a decision about implementing a security boundary that protects high-security areas from low-security areas. Designing and deploying these solutions can be a complex task, contending with hurdles from compliance requirements and management all the way to just making sure the users can remember how to access all the necessary systems. This complexity leaves many holes that can be exploited by bad guys to get access to the most sensitive data. Most penetration testers will tell you that getting past these barriers, even ones that implement fancy security features such as multi-factor authentication, become bypassable through race conditions and configuration flaws.

This talk will review several common solutions of separating and accessing network zones such as VPNs, bastion hosts, and virtualization along with each solution's most common pitfalls. As we review each implementation, I will talk about both low-hanging and high-hanging fruit in terms of bypass methodologies, while giving real-world examples of leveraging weaknesses such as race conditions and configurations flaws to gain access to secured networks. I will do a deep dive into the architectures that most efficiently secure protected networks such as Microsoft's Privilege Access Workstations (PAWs) as well the management practices that create effective long-term security barriers.