Hey all,
I am working on standing up the networking portion of a stack in a Azure Gov DC operating under Fedramp rules/guidelines. I am getting pressure to put an IDS/IPS system as the gateway between every single internal subnet, not just traffic leaving our network. None of the machines will even have access to the internet. The Fedramp guidelines say:
The organization:
(a) Monitors the information system to detect:
(1) Attacks and indicators of potential attacks in accordance with [Assignment: organization-defined monitoring objectives]; and
(2) Unauthorized local, network, and remote connections;
(b) Identifies unauthorized use of the information system through [Assignment: organization-defined techniques and methods];
(c) Deploys monitoring devices (i) strategically within the information system to collect organization-determined essential information; and (ii) at ad hoc locations within the system to track specific types of transactions of interest to the organization;
Doing this in Azure is a colossal pain in the ass, because then you have to put something like a Barracuda in, and multiple devices like that because Azure instances only support 4 NICs. Its vastly complicates the network and I really don't want to move forward with this if we don't have to.
Wondering if anyone else here works in this type of environment and can shed some light. Thanks!
No comments:
Post a Comment