Step: A New Open Source "Swiss Army Knife" for Zero Trust Security
In Summary : The way most software systems are secured today is fundamentally flawed. They rely on “perimeter” security: a firewall guard...
https://updatesinfosec.blogspot.com/2018/08/step-new-open-source-swiss-army-knife.html
In Summary :
The way most software systems are secured today is fundamentally flawed. They rely on “perimeter” security: a firewall guarding access to a protected network. Inside the perimeter traffic is mostly trusted. This paradigm relies on assumptions that nobody actually believes are true: that people are never careless or dishonest and never make mistakes. One slip up that allows an attacker inside the perimeter and it’s game over.
Security considerations aside, perimeter security is expensive and annoying. Maintaining a perimeter is an operational burden. VPNs are notoriously frustrating for users. Access requests that would help someone do their job faster are frequently denied because the perimeter is all-or-nothing and fine-grained access cannot be granted.
A better security model exists. Instead of relying on IP and MAC addresses to determine access we can cryptographically authenticate the identity of people and software making requests. It’s a simple concept, really: what matters is who or what is making a request, not where a request comes from. In short, access should be based on identity. [...]
kindly refer the following link as follow up :
https://ift.tt/2vLYLum
The way most software systems are secured today is fundamentally flawed. They rely on “perimeter” security: a firewall guarding access to a protected network. Inside the perimeter traffic is mostly trusted. This paradigm relies on assumptions that nobody actually believes are true: that people are never careless or dishonest and never make mistakes. One slip up that allows an attacker inside the perimeter and it’s game over.
Security considerations aside, perimeter security is expensive and annoying. Maintaining a perimeter is an operational burden. VPNs are notoriously frustrating for users. Access requests that would help someone do their job faster are frequently denied because the perimeter is all-or-nothing and fine-grained access cannot be granted.
A better security model exists. Instead of relying on IP and MAC addresses to determine access we can cryptographically authenticate the identity of people and software making requests. It’s a simple concept, really: what matters is who or what is making a request, not where a request comes from. In short, access should be based on identity. [...]
kindly refer the following link as follow up :
https://ift.tt/2vLYLum
