A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


The Benefits in Externalizing DMZ-as-a-Service in the Cloud - (BSides Boston 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

The Benefits in Externalizing DMZ-as-a-Service in the Cloud

Israel Barak

BSides Boston 2015

Organizations often place critical infrastructure in the DMZ which means that attackers able to enter the DMZ can inflict damage to the network. A more recent approach is to implement a DMZ below the traditional DMZ (adds a security layer). However, when a website is attacked, all DMZ layers frequently fail along with the local network. A more effective approach is to extend the DMZ into the Cloud. Unlike traditional web security implementations (WAFs) that inspect all incoming traffic to your websites and can be extremely difficult to properly implement and maintain (particularly as websites become more dynamic), deploying a DMZ in the Cloud consistently eliminates more than 99% of a website/web system's attack surface. As such, strong persistent white listing is now implementable in a "fail-closed" configuration, regardless of how dynamic web content might be. Unpatched or misconfigured systems, application vulnerabilities, Zero-days, DDOS, SQLi, XSS, are all automatically mitigated. This session will explore existing problems with current WAF implementations (including examples of current exploitations) as well as what is currently being done to address these problems: More importantly, this session will review how newer cloud-based architectures will replace the WAF as a more effective and efficient security fabric. These sorts of cloud-based platforms are only now made possible through a combination of service providers such as AWS/Azure/IBM and newer cloud-centric DMZ architectures which leverage the cloud service provider as the point-of-presence for an organization's Enterprise DMZ. This sort of security architecture will likely become a best practice.

Bio: Israel Barak is the co-founder of Sentrix, co-founding the company in 2011. Mr. Barak currently functions as Sentrix GM business operations for the Americas. Israel Barak specializes in developing and assimilating innovative technologies and enhancing organizations' capacity to withstand cyber-attacks. Mr. Barak draws from his extensive background in various security and military bodies, including serving as the Head of the Israeli Defense Forces Cyber Red Team Unit for 5 Years. Mr. Barak also founded one of Israel's leading national cyber security consulting groups (now part of CITI Group). He is an active member of OWASP, the Cloud Security Alliance, ISSA, and is also a member of the Boston Security Meetup.

Back to BSides Boston 2015 list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast