Difference between revisions of "Security Gateway"

Revision as of 09:26, 4 March 2023

Full Title or Meme

The Security Gateway is a Firewall interposed between two networks to allow only protected traffic to pass from one security zone to another.

Problems

The assumption that no unwanted traffic passes the gateway is an impossible threshold that empirically is never met. The Gateway creates a false sense of security about what protection is actually offered.

Solutions

Many of the solutions involve attempts by existing Firewall vendors to maintain their business models even though a strict reading of zero trust was exclude any such solution. The question then comes, why not just put all resources, servers and users alike, on the open internet and then a Zero Trust Architecture to design at the level. While that is the first solution shown below, it is not likely to be feasible in the short term so intermediate solutions are considered below as well.

No Gateway

Secure Access Service Edge

SASE is promoted by cloud providers as a way to encourage cloud solutions.^[1] It does encourage thinking operationally about the total problem, but is really just a continuation of Firewall thinking which gives the impression of better security but limits the security to edge protection. The following items can be considered to be point solutions in a SASE.

Secure Web Gateway

Zero Trust Network Access

This is a false hope

References

1. ↑ Rich Korn Think of SASE as a Framework - Not a Checklist (2022-07-18) https://vmblog.com/archive/2022/07/18/think-of-sase-as-a-framework-not-a-checklist.aspx#.ZADtKh_MKry