Cybersecurity

5687 readers

31 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

NSA shares zero-trust guidance to limit adversaries on the network (www.bleepingcomputer.com)

submitted 8 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

9 comments fedilink hide all child comments

The NSA has issued guidance on adopting zero-trust principles to counter internal network threats. Zero-trust architecture prevents unauthorized access and movement within networks by assuming threats exist and enforcing strict access controls. The approach includes data flow mapping, segmentation, and software-defined networking to minimize breach impacts. No CVEs are associated with this guidance.

you are viewing a single comment's thread
view the rest of the comments

[–] 1984 8 points 8 months ago (2 children)

It's highly recommended to follow these advices if you want an it architecture where nobody can do their jobs anymore.

[–] scytale@lemm.ee 5 points 8 months ago (1 children)

Really depends on the implementation. Deploying an immature level of zero trust is definitely more headache than benefit for end users. It boils down to the design and implementation. Haphazardly isolating networks without proper access authentication/authorization processes/technologies will definitely be hell.

[–] p03locke@lemmy.dbzer0.com 2 points 8 months ago

Given how dependent we are with third-party companies, libraries, and cloud-based services, it is impossible to be in a zero-trust state that is anywhere near comfortable. The whole world is in a "move fast and break shit" mentality that is killing our privacy and security.

We need more standards, and we need them now. Everybody keeps inventing their own shit and hoarding it for themselves, which we are forced to use, and we just have to put up with the potential for data breaches and hacker intrusions.

[–] fibojoly@sh.itjust.works 1 points 8 months ago

We are slowly getting there. But the bosses love their stupid labels and certifications.