nimbus icon indicating copy to clipboard operation
nimbus copied to clipboard
verified publisher icon 5GSEC

Network Segmentation: Addresses Multiple intents

Open nandhued opened this issue 1 year ago • 4 comments

Generate zero-trust policies generated by the discovery engine based on application behaviour

The attacks that can be mitigated are:

  • Exploit public-facing applications
  • Registration of malicious network functions
  • Software Deployment Tools
  • Malicious VNF installation

Techniques:

  1. Radio control manipulation via rogue xApps
  2. Trusted Relationship
  3. Registration of malicious network functions
  4. Software Deployment Tools
  5. gNodeB Component Manipulation
  6. Network Sniffing [Tactic: Credential Access]
  7. Adversary-in-the-Middle [Tactic: Credential Access]
  8. Network Sniffing [Tactic: Resource Development]
  9. Adversary-in-the-Middle [Tactic: Resource Development]

Parameters need to be provided such which container is to be isolated

The adapters that are involved are:

KubeArmor, Network Policy, Service Mesh

Design doc

nandhued avatar Mar 18 '24 04:03 nandhued

Document WIP

nandhued avatar Jul 01 '24 03:07 nandhued

Detailed Design for API cataloging

nandhued avatar Aug 14 '24 03:08 nandhued

Look into API clarity/Traceble setup nginx ingress controller and visibility into north-south traffic.

nandhued avatar Aug 16 '24 03:08 nandhued

PR in review

nandhued avatar Aug 19 '24 03:08 nandhued