Intro
While most shops think that a firewall and antivirus is enough, the latest round of CVEs prove this is not the case. With the majority of these being software bugs “professional tools”.
One has to security that is not solely dependent at the software, os, or application level to be-sure they are safe.
The way to do this is to include network level security.
General idea
All traffic must go though a bastion host. This host runs as a firewall and vlan manager which when
traffic comes in from a selected vlan to the api gateway (kong/pfsense) gets analyzed for malicious payloads (fuzzing, bruteforce attacks, etc…). If enough packets match then traffic is redirected to honeynet for capture, analysis, tar pitting, and reporting.
caveat
There is no silver bullet to security and this is not meant as a end all security but as an additional layer to the onion. Particularly as one that helps gain visibility into what is going on. Think of it as a B-cell to the traditional NIDS’s T-cell or as a way to give you NK cells (infosec guys) a proactive chance of preventing issues without rising the red alarms.