Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Friday February 17 2017, @03:31AM   Printer-friendly
from the trust-no-one dept.

Submitted via IRC for chromas

Google may have sent the tired castle analogy of network security's soft center protected by a tough exterior out to pasture for good.

On Tuesday at RSA Conference, Google shared the seven-year journey of its internal BeyondCorp rollout where it affirms trust based on what it knows about its users and devices connecting to its networks. And all of this is done at the expense—or lack thereof—of firewalls and traditional network security gear.

Director of security Heather Adkins said the company's security engineers had their Eureka moment seven years ago, envisioning a world without walls and daring to challenge the assumption that existing walls were working as advertised.

"We acknowledged that we had to identify [users] because of their device, and had to move all authentication to the device," Adkins said.

Google, probably quicker than most enterprises, understood how mobility was going to change productivity and employee satisfaction. It also knew that connecting to corporate resources living behind the firewall via a VPN wasn't a longterm solution, especially for those connecting on low-speed mobile networks where reliability quickly became an issue.

The solution was to flip the problem on its head and treat every network as untrusted, and grant access to services based on what was known about users and their device. All access to services, Adkins said, must then be authenticated, authorized and on encrypted connections.

"This was the mission six years ago, to work successfully from untrusted networks without the use of a VPN," Adkins said.

Source: https://threatpost.com/no-firewalls-no-problem-for-google/123748/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Friday February 17 2017, @06:31AM

    by Anonymous Coward on Friday February 17 2017, @06:31AM (#468113)

    Analogies are terrible for the digital world buy I think this is a decent one. At the very least it makes it more difficult to compromise each device instead of a single point of failure.

  • (Score: 1) by tftp on Friday February 17 2017, @06:54AM

    by tftp (806) on Friday February 17 2017, @06:54AM (#468117) Homepage

    At the very least it makes it more difficult to compromise each device instead of a single point of failure

    I'm not sure if that is so. The "single point of failure" is often built, configured and maintained by professionals, is properly patched up, has IDS running, and so on. You can afford it because there are not too many such points. However securing "each device" is all but impossible, because devices are procured and deployed by thousands of workers for all kinds of reasons, and you can be sure that they are never patched.

    It might be better to compare the traditional LAN to thousands of sheep that seek protection behind some decent walls. The walls protect the sheep from a casual wolf, but if one is found that manages to dig under the wall or jump over - the sheep are dead, as there are no internal protections.

    The proposed scheme gives armor to each sheep and removes the walls. The wolves are free to roam around, look at the sheep, try to bite one or two... even if they manage to break through the armor once or twice, the gain may be limited as eating one sheep does not make it easier to eat others.

    But in the real world once the hacker breaks through the weakest firewall and gains access to the stored secrets, he can then proceed to exploit the network under the identity of the user or users who had their secrets stored on that workstation. Most likely this will be access to servers where the real stuff is. Nobody cares to hack into each and every workstation - the hacker only needs to hack into the local Git server using the ssh keys that he found on this PC. Once that is done, he has the company's IP and trade secrets and whatnot.

    To summarize, the proposed solution increases the maintenance efforts at least thousandfold, requires specialized software to remotely monitor each protected asset. But these assets vary wildly - how can you be sure that your network printer cannot become someone's Trojan horse? There are no software updates, there are no security guarantees, and everyone knows that such things are terribly insecure. Perhaps you don't store your Git keys on the printer - but will it make you happy knowing that every print job instantly is copied by the adversary? Will you be OK knowing that all security cameras also stream to a third party? Is it not a problem that, say, the building's access control system can be remotely hacked to allow physical entry with an unauthorized access token and PIN? Those are important things. All that is also vulnerable if the classical firewall is breached, but you keep an eye on it and run IDS. If there is no LAN and no firewall, each device is on its own. Most of those devices are not securable in principle. You will end up having to build an individual secure LAN for each vulnerable device. Who can afford that? Who can maintain that? And what is the actual gain?