다음을 통해 공유

If only we could easily define the boundaries of our networks - roll on deperimiterisation

  • 아티클

If only it was as easy as it used to be to define our network boundaries. Wouldn't it be nice to be able to paint a line around what we (enterprises) manage and what we have to rely upon from others. Many corporate networks are highly complex from a security perspective due to the ever increasing range of inbound and outbound network access. My corporate network includes the follows entry points:

  • Virtual Private Networking - Routing and Remote Access Services 
  • Internet access including Outlook communicating via Remote Procedure Call over HTTP & Terminal Services
  • Wireless

The Jericho Forum (named after the first walled City) coined the term "deperimeterisation" a couple of years ago - their aim included defining THEIR requirements for the security features/architectures to be provided by software vendors. Many observers viewed this as a radical concept. I reality this was the first time (I'm aware of) a large group of customers joined forces to lobby vendors to accept reality - it is no longer reasonable (in many scenarios) to architect security solutions based on the premise of "big high walls" surrounding all corporate infrastructure.

Given the range of entry points for fixed assets such as corporate offices combined with the roaming nature of laptops and increasingly powerful smartphones it's rarely feasible to hide everything behind a defined perimeter.

Just think about how you use your laptop from a connectivity standpoint:

  • Working from the corporate office - sharing a network with other employees, contractors and possibly partners&customers too
  • Working from home utilising broadband
  • Staying in hotels - sharing broadband with other hotel guests
  • Working @ customer/client sites - sharing a network with unknown individuals

Cybercafes present their own security challenges - specifically you may not be able to trust the machine OR the network. HTTPS / SSL won't protect you from these threats, nor will fancy authentication technologies assuming you can use them.

ACTION: Think carefully about what data is important to your organisation, the impact of it not being available, falling into malicious hands and look at where improved controls, awareness, and procedures may help.

Note: The picture has not been edited - it was taken @ Old Street station in London. The Green line exists to guide those with impaired eyesight to the nearby eye hospital.