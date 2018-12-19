from the what's-old-is-new-again dept.
VPNs are a way of stitching together separate networks, often physically separate ones, such that they resemble a single logical network. They are (mis-)used heavily these days on the mistaken premise that the network inside any given firewall is somehow secure and the network outside that firewall is somehow less secure. The idea of not trusting the network at all, the foundation of several of the services developed in the 1980s under MIT's Project Athena, such as Kerberos, is returning. Zero Trust is the new name for the networking concept in which no part of the network is considered secure, whether inside or outside a firewall. The pendulum is swinging back and multiple articles this year cover the fact that Zero Trust Networking is trending.
VPNs are part of a security strategy based on the notion of a network perimeter; trusted employees are on the inside and untrusted employees are on the outside. But that model no longer works in a modern business environment where mobile employees access the network from a variety of inside or outside locations, and where corporate assets reside not behind the walls of an enterprise data center, but in multi-cloud environments.
Gartner predicts that by 2023, 60% of enterprises will phase out most of their VPNs in favor of zero trust network access, which can take the form of a gateway or broker that authenticates both device and user before allowing role-based, context-aware access.
Is this a case of what's old is new again or merely a case of being so obvious that no one bothered to mention it and thus it got forgotten because it largely went unsaid? VPNs have a place, but they way in which they are often used amounts to just more snake oil. Many have long pointed out that if a product or service cannot exist online without a firewall then it should never have been connected to the network in the first place.
(Score: 4, Insightful) by maxwell demon on Wednesday December 18, @09:00PM
The article sounds as if the VPN would be the magic key that allows you access to everything. That is not my experience. The VPN gives me exactly two things: First, a way to get my packets from my computer to the target network without anyone in between being able to observe or modify them. All an outsider sees is the VPN tunnel itself. And second, when accessing anything in the internet, it goes through that internal network, so from an outside point of view, it originates there.
If I want to access anything inside the network (other than the things that are freely accessible from outside anyway), I still need to authenticate to the computer or web interface in question. Just like I do when working from the desktop computer in the office; well, actually even more so, because to access e.g. my files, I still have to remote login into that internal computer.
(Score: 2) by nobu_the_bard on Wednesday December 18, @09:04PM (2 children)
I haven't yet seen anything substantive about this. I keep hearing stuff like "the problem with VPNs is they have this restriction and that limitation" and then "Zero Trust solves those problems! Brought to you by Startup Company!" instead how they actually accomplish the claim.
(Score: 0) by Anonymous Coward on Wednesday December 18, @09:08PM
I'm sure the is a formal name for the outdated model that VPNs have been used to keep around longer than has been useful, but it can be summed up as hard on the outside and chewy on the inside.
(Score: 2) by epitaxial on Wednesday December 18, @09:16PM
All part of the "not invented here" mentality. They didn't invent the idea therefor its garbage. Also that and not knowing history. Like when someone discovers the virtues of thin clients and fat servers? Gee we haven't seen that idea over the decades.