SoylentNews is people
SoylentNews
Submitted via IRC for chromas
Google may have sent the tired castle analogy of network security's soft center protected by a tough exterior out to pasture for good.
On Tuesday at RSA Conference, Google shared the seven-year journey of its internal BeyondCorp rollout where it affirms trust based on what it knows about its users and devices connecting to its networks. And all of this is done at the expense—or lack thereof—of firewalls and traditional network security gear.
Director of security Heather Adkins said the company's security engineers had their Eureka moment seven years ago, envisioning a world without walls and daring to challenge the assumption that existing walls were working as advertised.
"We acknowledged that we had to identify [users] because of their device, and had to move all authentication to the device," Adkins said.
Google, probably quicker than most enterprises, understood how mobility was going to change productivity and employee satisfaction. It also knew that connecting to corporate resources living behind the firewall via a VPN wasn't a longterm solution, especially for those connecting on low-speed mobile networks where reliability quickly became an issue.
The solution was to flip the problem on its head and treat every network as untrusted, and grant access to services based on what was known about users and their device. All access to services, Adkins said, must then be authenticated, authorized and on encrypted connections.
"This was the mission six years ago, to work successfully from untrusted networks without the use of a VPN," Adkins said.
Source: https://threatpost.com/no-firewalls-no-problem-for-google/123748/
(Score: 3, Informative) by mth on Friday February 17 2017, @05:23AM
I think you're more or less right, but perhaps a better analogy would be for a midevil town to fortify every house in a town and then leave the town gates open, instead of relying on the town walls to keep unwanted people out. In the physical world this is inefficient, but in a digital world it might actually be easier to secure a bunch of individual servers rather than a huge and diverse network.
It surprises me that the traditional model of a single corporate network behind a big firewall is even considered secure. Employees take their work laptops home, to airports, restaurants and hotels, to guest networks of other companies etc. So they are connected to unprotected networks quite often, meaning that they could get infected with all kinds of malware. And once those same laptops are later on the corporate network (directly or via VPN), attackers could benefit from the lower security of services on that network.
(Score: 0) by Anonymous Coward on Friday February 17 2017, @06:31AM
Analogies are terrible for the digital world buy I think this is a decent one. At the very least it makes it more difficult to compromise each device instead of a single point of failure.
(Score: 1) by tftp on Friday February 17 2017, @06:54AM
At the very least it makes it more difficult to compromise each device instead of a single point of failure
I'm not sure if that is so. The "single point of failure" is often built, configured and maintained by professionals, is properly patched up, has IDS running, and so on. You can afford it because there are not too many such points. However securing "each device" is all but impossible, because devices are procured and deployed by thousands of workers for all kinds of reasons, and you can be sure that they are never patched.
It might be better to compare the traditional LAN to thousands of sheep that seek protection behind some decent walls. The walls protect the sheep from a casual wolf, but if one is found that manages to dig under the wall or jump over - the sheep are dead, as there are no internal protections.
The proposed scheme gives armor to each sheep and removes the walls. The wolves are free to roam around, look at the sheep, try to bite one or two... even if they manage to break through the armor once or twice, the gain may be limited as eating one sheep does not make it easier to eat others.
But in the real world once the hacker breaks through the weakest firewall and gains access to the stored secrets, he can then proceed to exploit the network under the identity of the user or users who had their secrets stored on that workstation. Most likely this will be access to servers where the real stuff is. Nobody cares to hack into each and every workstation - the hacker only needs to hack into the local Git server using the ssh keys that he found on this PC. Once that is done, he has the company's IP and trade secrets and whatnot.
To summarize, the proposed solution increases the maintenance efforts at least thousandfold, requires specialized software to remotely monitor each protected asset. But these assets vary wildly - how can you be sure that your network printer cannot become someone's Trojan horse? There are no software updates, there are no security guarantees, and everyone knows that such things are terribly insecure. Perhaps you don't store your Git keys on the printer - but will it make you happy knowing that every print job instantly is copied by the adversary? Will you be OK knowing that all security cameras also stream to a third party? Is it not a problem that, say, the building's access control system can be remotely hacked to allow physical entry with an unauthorized access token and PIN? Those are important things. All that is also vulnerable if the classical firewall is breached, but you keep an eye on it and run IDS. If there is no LAN and no firewall, each device is on its own. Most of those devices are not securable in principle. You will end up having to build an individual secure LAN for each vulnerable device. Who can afford that? Who can maintain that? And what is the actual gain?
(Score: 0) by Anonymous Coward on Friday February 17 2017, @05:57PM
If people actually do this, then they should be fired. I suppose laptops could be chained to desks; maybe do both.
At my workplace we physically remove WiFi chips. The main network doesn't route to the Internet; you use a separate computer on a separate network if you want to browse the web. Nobody would walk out with a computer. Even the obsolete equipment is secured: we physically destroy hard drives before we discard them.
Anything less, and you should expect a Chinese competitor to replicate your product (they have the plans) and underbid you (they know your pricing tactics). You should also expect to get screwed by any Chinese suppliers you may have (they know how much you would pay before walking away from a deal).
(Score: 2) by Bot on Saturday February 18 2017, @09:14AM
OK you sell products. Google products is people and they do not need to secure them, only to keep them enticed. Are you going to put your webmail in china? Alphabet not dangerous enough? Even the search and ranking algorithms might not need to be secret, as long as their parameters are.
Their laptops are probably glorified terminals anyway.
Account abandoned.