Network Segmentation: Addresses Multiple intents - Githubissues

5GSEC / nimbus

Intent driven security automation framework

Apache License 2.0

19 stars 9 forks source link

Network Segmentation: Addresses Multiple intents #85

Open nandhued opened 3 months ago

nandhued commented 3 months ago

Generate zero-trust policies generated by the discovery engine based on application behaviour

The attacks that can be mitigated are:

Exploit public-facing applications
Registration of malicious network functions
Software Deployment Tools
Malicious VNF installation

Techniques:

Radio control manipulation via rogue xApps
Trusted Relationship
Registration of malicious network functions
Software Deployment Tools
gNodeB Component Manipulation
Network Sniffing [Tactic: Credential Access]
Adversary-in-the-Middle [Tactic: Credential Access]
Network Sniffing [Tactic: Resource Development]
Adversary-in-the-Middle [Tactic: Resource Development]

Parameters need to be provided such which container is to be isolated

The adapters that are involved are:

KubeArmor, Network Policy, Service Mesh

nandhued commented 5 days ago

Document WIP