Difference between revisions of "Security Gateway"
(Created page with "==Full Title or Meme== The Security Gateway is a Firewall interposed between two networks to allow only protected traffic to pass from one security zone to another. =...") |
(→References) |
||
(8 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
The [[Security Gateway]] is a [[Firewall]] interposed between two networks to allow only protected traffic to pass from one security zone to another. | The [[Security Gateway]] is a [[Firewall]] interposed between two networks to allow only protected traffic to pass from one security zone to another. | ||
+ | |||
+ | ==Problems== | ||
+ | The assumption that no unwanted traffic passes the gateway is an impossible threshold that empirically is never met. The Gateway creates a false sense of security about what protection is actually offered. | ||
+ | |||
+ | ==Solutions== | ||
+ | Many of the solutions involve attempts by existing [[Firewall]] vendors to maintain their business models even though a strict reading of zero trust was exclude any such solution. The question then comes, why not just put all resources, servers and users alike, on the open internet and then a [[Zero Trust Architecture]] to design at the level. While that is the first solution shown below, it is not likely to be feasible in the short term so intermediate solutions are considered below as well. | ||
+ | |||
+ | ===No Gateway=== | ||
+ | At its extreme a [[Zero Trust Architecture]] should assume that there is no such thing as a [[Security Gateway]]. But there are attacks that can be mitigated at a gateway. Several gateways stacked together like an onion can block different attacks and so result in good security at the center of the onion. It is unlikely that a [[Zero Trust Architecture]], by itself, can ever be considered to be a workable solution. | ||
+ | |||
+ | ===Secure Access Service Edge=== | ||
+ | SASE is promoted by cloud providers as a way to encourage cloud solutions.<ref>Rich Korn ''Think of SASE as a Framework - Not a Checklist'' (2022-07-18) https://vmblog.com/archive/2022/07/18/think-of-sase-as-a-framework-not-a-checklist.aspx#.ZADtKh_MKry</ref> It does encourage thinking operationally about the total problem, but is really just a continuation of Firewall thinking which gives the impression of better security but limits the security to edge protection. The following items can be considered to be point solutions in a SASE. | ||
+ | |||
+ | ===Secure Web Gateway=== | ||
+ | There is little difference between a Secure Gateway and a Firewall there than the hype. | ||
+ | |||
+ | ===Zero Trust Network Access=== | ||
+ | This is a false hope | ||
==References== | ==References== | ||
[[Category: Glossary]] | [[Category: Glossary]] | ||
− | [[Category: | + | [[Category: Networking]] |
Latest revision as of 16:28, 25 July 2023
Contents
Full Title or Meme
The Security Gateway is a Firewall interposed between two networks to allow only protected traffic to pass from one security zone to another.
Problems
The assumption that no unwanted traffic passes the gateway is an impossible threshold that empirically is never met. The Gateway creates a false sense of security about what protection is actually offered.
Solutions
Many of the solutions involve attempts by existing Firewall vendors to maintain their business models even though a strict reading of zero trust was exclude any such solution. The question then comes, why not just put all resources, servers and users alike, on the open internet and then a Zero Trust Architecture to design at the level. While that is the first solution shown below, it is not likely to be feasible in the short term so intermediate solutions are considered below as well.
No Gateway
At its extreme a Zero Trust Architecture should assume that there is no such thing as a Security Gateway. But there are attacks that can be mitigated at a gateway. Several gateways stacked together like an onion can block different attacks and so result in good security at the center of the onion. It is unlikely that a Zero Trust Architecture, by itself, can ever be considered to be a workable solution.
Secure Access Service Edge
SASE is promoted by cloud providers as a way to encourage cloud solutions.[1] It does encourage thinking operationally about the total problem, but is really just a continuation of Firewall thinking which gives the impression of better security but limits the security to edge protection. The following items can be considered to be point solutions in a SASE.
Secure Web Gateway
There is little difference between a Secure Gateway and a Firewall there than the hype.
Zero Trust Network Access
This is a false hope
References
- ↑ Rich Korn Think of SASE as a Framework - Not a Checklist (2022-07-18) https://vmblog.com/archive/2022/07/18/think-of-sase-as-a-framework-not-a-checklist.aspx#.ZADtKh_MKry