Information contained on this page is provided by an independent third-party content provider. WorldNow and this Station make no warranties or representations in connection therewith. If you have any questions or comments about this page please contact firstname.lastname@example.org.
SOURCE 360 Advanced
"Castle walls" are no longer your best defense against data breaches
TAMPA, Fla., June 23, 2014 /PRNewswire/ -- There is a major paradigm shift occurring in data security in the service-provider industry, and according to 360 Advanced, it has to do with the very foundations of how networks are protected.
"System administrators traditionally have protected corporate networks like a castle," observes 360 Advanced's Dave Smith. "They built layers of impenetrable walls to prevent an outside attacker from getting a foothold into the network to begin with."
However, as we know now, some of the biggest threats on any network are the users and devices that are perfectly authorized to be on the network, inside the network, inside those castle walls.
"Throughout our work in penetration testing for various clients across diverse industries, one constant remains true: one of the most universally successful attack vectors is through people," Smith observes. "When crafted right, we can almost always find someone to click a link and either download an exploit or voluntarily give up their credentials."
Enter the zero-trust model, where trust is not granted merely because a device/user/process/file exists on the inside of the network boundary. Now, care is taken that there are no open shares, unnecessary services, abandoned network devices or even internet access to rogue or unauthenticated devices on the network. Here, the guiding strategy is the principle of least privilege, which states that no user, device, application, etc., should have any more access than absolutely necessary to complete its job function.
Best practices in a zero-trust model include encryption of network traffic wherever possible. On the outside of a network, technologies such as SSL have been around for some time. Inside the network, the predominant mentality has historically been that there was far less need for such protections because the perimeter was the main area of concern. Those days are gone.
The most extreme examples of zero-trust networking even segment unfamiliar machines to a separate VLAN (virtual network) until they prove they are authorized to access the main network, and then and only then they are allowed to communicate with other devices on the trusted network.
YOUR NEW PARADIGM ACTION LIST
For more information, please visit www.360Advanced.com.
©2012 PR Newswire. All Rights Reserved.