Zero trust networking may be a foreign concept to you, but Google and others have been utilizing this method of infrastructure and networking for quite a while now. It stands more traditional networking on it's head by not having a boundry in the traditional sense. There's no VPN, no ACLs to audit, no firewall to maintain... Sounds crazy right?
Well, it's all about trust, or the lack of it. No one trusts anyone without a proper chain of permission. Utilizing 2FA, concepts of port knocking, and CA certificates are used to properly vet both the host and the server and are used to keep the whole system safe and as secure as possible.
Sounds great right? Well, and you can imagine, with our interview this week, we find out that it's not prefect, people have to implement their own Zero Trust Networking solution, and unless you are a mature organization, with things like complete asset management, data flow, and configuration management, you aren't ready to implement it.
Join us as we discuss Zero Trust Networking with Doug Barth (@dougbarth), and Evan Gilman (@evan2645)
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-017-Zero_Trust_Networks.mp3
Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw
iTunes Store Link: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2
#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast
---------
Jay Beale’s Class “aikido on the command line: hardening and containment”
JULY 22-23 & JULY 24-25 AT BlackHat 2017
---------
Join our #Slack Channel! Sign up at https://brakesec.signup.team
#RSS: http://www.brakeingsecurity.com/rss
#iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/
#SoundCloud: https://www.soundcloud.com/bryan-brake
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
show notes:
The lines are blurring:
DevOps
NetOps
SDN
SDP
docker/containerization
2FA authentication
https://devcentral.f5.com/articles/load-balancing-versus-application-routing-26129
All good points, except no one wants to do the needful bits (ID’ing information, data flow, proper network design)
https://en.wikipedia.org/wiki/Software_Defined_Perimeter
Where is this Google article???
http://www.tomsitpro.com/articles/google-zerotrust-network-own-cloud,1-2608.html
https://cloud.google.com/beyondcorp/
https://www.theregister.co.uk/2016/04/06/googles_beyondcorp_security_policy/
Who benefits from this? Network engineers, apparently… :)
Devs?
IT?
Sounds like a security nightmare… who would get the blame for it failing
How do we keep users from screwing up the security model? Putting certs on their personal boxes?
Prior BrakeSec shows: Software Defined Perimeter with Jason Garbis
http://traffic.libsyn.com/brakeingsecurity/2017-011-Software_Defined_Perimeter.mp3
http://shop.oreilly.com/product/0636920052265.do
Doug Barth Twitter: @dougbarth
Evan Gilman Twitter: @evan2645
Runs counter, right? We are used to not trusting the client…
A Mature company can only implement
Device inventory
Config management
Data flow
Asset management
Micro-services?
Brownfield networks
Sidecar model -
Certain OSes not possible
