New security ideology - perimeter security...
Posted: Fri Jan 01, 2010 10:01 pm
Hi forum friends,
Traditionally security models are structured around the ports where hackers may attack -there firewalls, Network Intrusion Detection, Network Access Controls and similar software (Threatfire,pktfltr. etc.) are used to keep an eye on what goes on at the access ports of the computer to see what threats may come in from the ugly world out. But this traditional outward protection, does it help much? In the other model we do not watch the borders but guard the source against outward manipulation and help in the cloud security so it can be better set and checked and handled.
It seems weird in stead of checking ports, keyholes and walls to tear them down, the user now should feel quite naked when such a thing happens. To have full security under such circumstances one may choose for a very robust data level classification combined with access control and/or cryptography and key-managment.
Deperimeterisation compared with traditional security traditions so is radically different. For users it means adhering another ideology. The benefits are many. It fundamentally changes the way information is being shared. But mind you when one does it the wrong way the results can be utterly disastrous.
A solution is effective when cryptographic solutions are being used effectively to protect data. Keymanagement does play a major role here, because we handle quite some interrelations (rights, trust, users, groups, members, trusted members). Look how to handle these relations to a program like Public Key Infrastructures (PKI): http://nl.wikipedia.org/wiki/Public_key_infrastructure
Mentioned technique can make cryptography scalable like no other.
Tools for access control, whether they are found to hide inside the access layer (for applications) or inside the management console (for larger user populations) are also to play an essential role where access control is concerned, we mean to determine who has access to what secured data and who has not,
luntrus
Traditionally security models are structured around the ports where hackers may attack -there firewalls, Network Intrusion Detection, Network Access Controls and similar software (Threatfire,pktfltr. etc.) are used to keep an eye on what goes on at the access ports of the computer to see what threats may come in from the ugly world out. But this traditional outward protection, does it help much? In the other model we do not watch the borders but guard the source against outward manipulation and help in the cloud security so it can be better set and checked and handled.
It seems weird in stead of checking ports, keyholes and walls to tear them down, the user now should feel quite naked when such a thing happens. To have full security under such circumstances one may choose for a very robust data level classification combined with access control and/or cryptography and key-managment.
Deperimeterisation compared with traditional security traditions so is radically different. For users it means adhering another ideology. The benefits are many. It fundamentally changes the way information is being shared. But mind you when one does it the wrong way the results can be utterly disastrous.
A solution is effective when cryptographic solutions are being used effectively to protect data. Keymanagement does play a major role here, because we handle quite some interrelations (rights, trust, users, groups, members, trusted members). Look how to handle these relations to a program like Public Key Infrastructures (PKI): http://nl.wikipedia.org/wiki/Public_key_infrastructure
Mentioned technique can make cryptography scalable like no other.
Tools for access control, whether they are found to hide inside the access layer (for applications) or inside the management console (for larger user populations) are also to play an essential role where access control is concerned, we mean to determine who has access to what secured data and who has not,
luntrus
.