Difference between revisions of "Security Gateway"
(→No Gateway) |
(→No Gateway) |
||
Line 9: | Line 9: | ||
===No Gateway=== | ===No Gateway=== | ||
− | At its extreme a [[Zero Trust Architecture]] should assume that there is no such thing as a [[Security Gateway]]. But there are attacks that can be mitigated at a gateway. Several gateways stacked together like an onion can | + | At its extreme a [[Zero Trust Architecture]] should assume that there is no such thing as a [[Security Gateway]]. But there are attacks that can be mitigated at a gateway. Several gateways stacked together like an onion can block different attacks and so result in good security at the center of the onion. It is unlikely that a [[Zero Trust Architecture]], by itself, can ever be considered to be a workable solution. |
===Secure Access Service Edge=== | ===Secure Access Service Edge=== |
Revision as of 09:31, 4 March 2023
Contents
Full Title or Meme
The Security Gateway is a Firewall interposed between two networks to allow only protected traffic to pass from one security zone to another.
Problems
The assumption that no unwanted traffic passes the gateway is an impossible threshold that empirically is never met. The Gateway creates a false sense of security about what protection is actually offered.
Solutions
Many of the solutions involve attempts by existing Firewall vendors to maintain their business models even though a strict reading of zero trust was exclude any such solution. The question then comes, why not just put all resources, servers and users alike, on the open internet and then a Zero Trust Architecture to design at the level. While that is the first solution shown below, it is not likely to be feasible in the short term so intermediate solutions are considered below as well.
No Gateway
At its extreme a Zero Trust Architecture should assume that there is no such thing as a Security Gateway. But there are attacks that can be mitigated at a gateway. Several gateways stacked together like an onion can block different attacks and so result in good security at the center of the onion. It is unlikely that a Zero Trust Architecture, by itself, can ever be considered to be a workable solution.
Secure Access Service Edge
SASE is promoted by cloud providers as a way to encourage cloud solutions.[1] It does encourage thinking operationally about the total problem, but is really just a continuation of Firewall thinking which gives the impression of better security but limits the security to edge protection. The following items can be considered to be point solutions in a SASE.
Secure Web Gateway
Zero Trust Network Access
This is a false hope
References
- ↑ Rich Korn Think of SASE as a Framework - Not a Checklist (2022-07-18) https://vmblog.com/archive/2022/07/18/think-of-sase-as-a-framework-not-a-checklist.aspx#.ZADtKh_MKry