Difference between revisions of "Security Gateway"
(→Solutions) |
|||
| Line 6: | Line 6: | ||
==Solutions== | ==Solutions== | ||
| + | Many of the solutions involve attempts by existing [[Firewall]] vendors to maintain their business models even though a strict reading of zero trust was exclude any such solution. The question then comes, why not just put all resources, servers and users alike, on the open internet and then a [[Zero Trust Architecture]] to design at the level. While that is the first solution shown below, it is not likely to be feasible in the short term so intermediate solutions are considered below as well. | ||
===No Gateway=== | ===No Gateway=== | ||
| Line 13: | Line 14: | ||
===Zero Trust Network Access=== | ===Zero Trust Network Access=== | ||
This is a false hope | This is a false hope | ||
| − | |||
==References== | ==References== | ||
Revision as of 17:00, 3 March 2023
Contents
Full Title or Meme
The Security Gateway is a Firewall interposed between two networks to allow only protected traffic to pass from one security zone to another.
Problems
The assumption that no unwanted traffic passes the gateway is an impossible threshold that empirically is never met. The Gateway creates a false sense of security about what protection is actually offered.
Solutions
Many of the solutions involve attempts by existing Firewall vendors to maintain their business models even though a strict reading of zero trust was exclude any such solution. The question then comes, why not just put all resources, servers and users alike, on the open internet and then a Zero Trust Architecture to design at the level. While that is the first solution shown below, it is not likely to be feasible in the short term so intermediate solutions are considered below as well.
No Gateway
Secure Web Gateway
Zero Trust Network Access
This is a false hope
