Perimeterless Security - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Perimeterless Security

  1. #11
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    That helps some! I think I'm starting to understand. Thanks!

    - Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  2. #12
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Tiger, giving up on the "ever hated raiders". That's what we refer to them in Shanahan Land...

    You are looking at it from a literal sense. For example of course you log your devices. I am doing a poor job of explaining the concept. Where as you design an authentication system that is built across the board and evey device follows that policy. It's not general but very concise. It adresses the perimeter as only one aspect of security. You are in charge of the perimeter. But what about beyond the perimeter? Deeper inside your network into the core? There is authentication and accountability there as well and EQUAL in importance. Who audits your work on a regular basis? In my understanding of this mechanism, you looking at your own work does not constitute an Audit. You administering access, controlling authentication and looking at the logs does not take into account the principles. And I am telling you now the GOV is on to this. wink wink- trust me If you are like me, no one looks over your shoulder or even has a clue what you do all day. It makes sense to me from a policy and management umbrella at a high level, to shift security from a compartmentalized mechanism to one based on role versus location and proximity. And provide some oversight. It is true the perimerter is the first line of authentication. But as you move past the gateway and move deeper into the core you find many others. The perimeter is merely a draw bridge across the boundary but it has, in tradition been the only focus. Or if not the only focus the most watched. Shifting from a different perspective does not make it any less important but it does raise the level of other vulerabilities. If you want to think in terms of a perimeter then consider shifting the perimeter deeper inside. But I agree the wording "perimeterless" isn't appropriate.

    Take this line of thinking. The perimeter never breaks down. And that's where concepts we are proposing step in. The perimeter doesn't have to be fluid, you present it based on your assets. If a laptop is roaming in china the perimeter is useless or becomes authentication mechanisms on his laptop (a cert maybe) and you're never changing VPN gateway, which also has an authentication mechanism that matches the one contained on the lap top. Once authentication is established (note we haven't even established a password check) then we check to see if the authenticated laptop is authorized access to the mail server. Then once given access, authentication is checked again. This is over simplified I know. But all this has only taken place in the perimeter. So we tend to focus ourselves in a perimeter paradigm. Perhaps in one case, all functions exist in the perimeter. But then again if that is the case it isn't really a perimeter. It's the core? Or course it's impossible to secure laptops roaming the planet with monkeys behind the keyboard. That's why I have successfully managed to stop it's ugly head each time it breathes fire. If I did turn it on, I would have to have multiple perimeters and zones of authentication, accountability, and authorization.

    Authorization and authentication are very different. But they are all direct products, even accountability. They don't even use the same mechanism in many cases. And once again, buzz words in the GOV. For once I actually see their point of view. Out of time but if the discussion contiues I have some anologies...
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  3. #13
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    LOL... Shanahanland.... "Squinty eyed little rat bastard" is what we call him here in Tigersharkland.... Hate the little deviant and one of the most pleasurable things in my life is seeing his bright red face with his funny eye going ballistic when the Raiders beat the Broncos .

    OK.... Here's the way I see/define the process/concepts with or without a well defined perimeter:-

    Either the user, the computer or both provide authentication information to the systems authentication mechanism. The authentication mechanism accepts or rejects the authentication but for this discussion let's assume that the authentication is accepted. Subsequent requests for services/data are then arbitrated through the authorization mechanism with reference back to the authentication. Outside _both_ those concepts is that of accountability which should be a separate and independently managed system though, as we both know, it is all usually managed by us poor saps because there "isn't the money in the budget" for x, y or z that we propose....

    If all three systems function _perfectly_ then there is no real reason for a perimeter at all. The system as a whole would be aware that the computer and the user on the far end are who they say they are and thus the authorization would go as planned and just to prove it the accountability would document how smoothly everything is running .

    I consider my perimeter to be fixed if all my assets remain within my "hard" perimeter, (the corporate network), where I have full control, I can see all traffic to and from the boxes and I can walk into the office and ask for an ID if I need to. I consider my perimeter to become "expanded" when assets leave the hard perimeter and then return. During it's period of absence I have no control or knowledge of who touches it, what it gets connected to or what traffic goes in and out. It doesn't have to have any access to my network in it's absence - the absence
    itself "expands" my perimeter in that I need to try to protect the asset while I can't control it, (firewall, good authentication, IP Filtering etc.), in the hope that when it returns to the hard perimeter it does so in the same state it left in, (Think of it as a "satellite" perimeter, not joined to mine but a small ring around he asset). My perimeter becomes "fluid" when those assets both leave my control and then are expected to connect into the the system from the big wide world. That's when I require my perimeter to extend around the asset, (think of an amoeba). The difference between the extended and fluid perimeter is that I can intercept the asset from the extended perimeter and check it before allowing it back inside the hard perimeter. I can't do that with the asset in the fluid perimeter wothout vast expenditure.

    So, _my "definitions" aside, (and feel free to correct me if I'm missing something here), what is the single point of failure in the model however the implementation manifests itself?

    Quite simply put, the single point of failure is the authentication phase in _any_ scenario. Once authentication has completed the authorization is automatic. Who/whatever completed the authentication correctly is now automatically granted access to whatever the authorization process is told to. In some ways the process of authentication/authorization are a single process even though they may be carried out by utterly different systems and mechanisms. The accountability process will ring no "alarm bells" if the authenticated user only attempts to access items that the authorization process allows it to. In other words, once I beat the authorization system I have access to all the assets the authorization system allows and as long as I don't try to exceed the permissions of the "intended" user. That "intended" user could be the receptionist checking her email or the CEO who demands access to the entire network structure.

    The best authorization and accountability systems in the world have their use severely degraded once the authentication has authenticated the wrong asset, (computer, user or combination of the two). We both know that there are a multitude of ways that any of those authentication
    methods, or combinations of them, could be attacked/broken... The obvious one is the laptop with the list of logins and passwords but it goes right up to sophisticated MITM attacks, DNS poisoning, Evil Twin WAP's etc. Short of the secadmin going with each asset to "hold it's hand" and be able to recognize such things, (or at least have his suspicions raised and be able to determine the threat), the asset is alone in hostile territory. While we both might agree that following that cutie from Accounting around for 24 hours a day while she is at a conference might not be a bad idea I think we both agree that the same assignment with the CFO is not such an attractive proposition...

    So, with the inherent weakness in the assets, (both human and computer), in the authentication process how would we implement a "perimeterless" network while still assuring the integrity and confidentiality of our data? I don't believe we truly can until we come up with a foolproof system of authentication.... And they will just breed a better fool.... <LOL>
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #14
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Damn that's a response. I think it's funny too when Shanahan gets worked up. We could spend a while talking about the quality of punk asses on the Raiders but my passion really lies with Hockey. I am so pissed at the league and players I need a beer stat. Real quick, multiple downed exhanges....

    Authentication is not the single point of failure, though it may or may not be the highest risk. I am sure you agree that authenticated users, thus a perimeterless view, are the biggest risk factor. Not violation of the perimeter like traditionaly noted. They have already bypassed the authentication mechanism. The perimeter is breached, what is left? Say they aren't the culprit though, say someone copied your authentication mechanism from the laptop that tricks the perimeter into thinking the user and the machine are authentic. That does not mean they violate the integrity of an authorization mechanism (wish I had a spell checker). It would still be intact and watching. If this is windows only or course, it defeats the concept. But it could be a filter rule, machine "Bob" can never access machine "Jane" or network "monkey boys" and once it does happen, authorization policy revokes the rogue laptops authentication. Because the truly unauthenticated won't have a clue what they are authorized to access at the portal. Sounds perfect doesn't it? But it does not have to be automated. I am not introducing anything new here, just advocating a shift in the way systems are administered or policed.

    You used your VPN as an example, I look at it like they are web users. We don't know who is out there, who has a valid account or not UNTIL they hit my first leg of the perimeter. I don't consider them part of the perimeter until they invoke the authentication process and my web site verifies they are who they say they were. Once that is done, they are inside the perimeter and moving about making changes and mucking about hiting additional instances of authentication once in a while and alot of authorization checks. And most importantly they are being audited before processing requests in the core. And then once again outside IT.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides