Difference between revisions of "Security Gateway"

From MgmtWiki
Jump to: navigation, search
(Secure Access Service Edge)
(References)
 
(3 intermediate revisions by the same user not shown)
Line 9: Line 9:
  
 
===No Gateway===
 
===No Gateway===
 +
At its extreme a [[Zero Trust Architecture]] should assume that there is no such thing as a [[Security Gateway]]. But there are attacks that can be mitigated at a gateway. Several gateways stacked together like an onion can block different attacks and so result in good security at the center of the onion. It is unlikely that a [[Zero Trust Architecture]], by itself, can ever be considered to be a workable solution.
  
 
===Secure Access Service Edge===
 
===Secure Access Service Edge===
Line 14: Line 15:
  
 
===Secure Web Gateway===
 
===Secure Web Gateway===
 +
There is little difference between a Secure Gateway and a Firewall there than the hype.
  
 
===Zero Trust Network Access===
 
===Zero Trust Network Access===
Line 21: Line 23:
  
 
[[Category: Glossary]]
 
[[Category: Glossary]]
[[Category: Network]]
+
[[Category: Networking]]

Latest revision as of 16:28, 25 July 2023

Full Title or Meme

The Security Gateway is a Firewall interposed between two networks to allow only protected traffic to pass from one security zone to another.

Problems

The assumption that no unwanted traffic passes the gateway is an impossible threshold that empirically is never met. The Gateway creates a false sense of security about what protection is actually offered.

Solutions

Many of the solutions involve attempts by existing Firewall vendors to maintain their business models even though a strict reading of zero trust was exclude any such solution. The question then comes, why not just put all resources, servers and users alike, on the open internet and then a Zero Trust Architecture to design at the level. While that is the first solution shown below, it is not likely to be feasible in the short term so intermediate solutions are considered below as well.

No Gateway

At its extreme a Zero Trust Architecture should assume that there is no such thing as a Security Gateway. But there are attacks that can be mitigated at a gateway. Several gateways stacked together like an onion can block different attacks and so result in good security at the center of the onion. It is unlikely that a Zero Trust Architecture, by itself, can ever be considered to be a workable solution.

Secure Access Service Edge

SASE is promoted by cloud providers as a way to encourage cloud solutions.[1] It does encourage thinking operationally about the total problem, but is really just a continuation of Firewall thinking which gives the impression of better security but limits the security to edge protection. The following items can be considered to be point solutions in a SASE.

Secure Web Gateway

There is little difference between a Secure Gateway and a Firewall there than the hype.

Zero Trust Network Access

This is a false hope

References

  1. Rich Korn Think of SASE as a Framework - Not a Checklist (2022-07-18) https://vmblog.com/archive/2022/07/18/think-of-sase-as-a-framework-not-a-checklist.aspx#.ZADtKh_MKry