Wow that's interesting, cuz I share zero trust with the NSA, too.
this post was submitted on 06 Mar 2024
70 points (98.6% liked)
Cybersecurity
5687 readers
26 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 1 year ago
MODERATORS
It's highly recommended to follow these advices if you want an it architecture where nobody can do their jobs anymore.
Really depends on the implementation. Deploying an immature level of zero trust is definitely more headache than benefit for end users. It boils down to the design and implementation. Haphazardly isolating networks without proper access authentication/authorization processes/technologies will definitely be hell.
Given how dependent we are with third-party companies, libraries, and cloud-based services, it is impossible to be in a zero-trust state that is anywhere near comfortable. The whole world is in a "move fast and break shit" mentality that is killing our privacy and security.
We need more standards, and we need them now. Everybody keeps inventing their own shit and hoarding it for themselves, which we are forced to use, and we just have to put up with the potential for data breaches and hacker intrusions.
We are slowly getting there. But the bosses love their stupid labels and certifications.
So they recommend reinstating all the silos that efficiency experts have been telling us to break down for decades?
Has anyone found NSA’s backdoor in the proposal?
That's not what (the new hype buzzwords) Zero Trust Architecture means. Like at all.
Instead of the crunchy shell network perimeter and gooey center paradigm of enterprise networks of the past 30 years, ZTA is a response to the nebulous and disappearing permitted. It's supposed to control access to anything anywhere anytime but securely.
The main feature is dynamic attribute-based network access control. Access can be granted or revoked moment to moment based on who you are, where you are, even attributes of your computer like patch level.
Let's say a patch just came out for your laptop yesterday but it isn't applied yet. ZTA approach denies you access to sensitive networks, but not to patching infrastructure. Once patched, your access is permitted. Or say you turn off your antivirus mid-download. Access revoked within moments.
Rather than erect silos it sort of makes access more transparent to the end user and so remote vs on site access basically seems the same to them.
Yeah, yeah, I know, NSA bad-- I am wearing the EFF T-shirt that says so right now.
But in addition to wrecking privacy and spying on the innocent (hi, you fuckers, .l..), they also do offer somewhat legit advice now and then.
Yes, siloing info is less efficient. However, it is significantly more secure. NSA unlikely to purposefully backdoor themselves.
Security and efficiency make up 2 corners of an iron triangle. You generally have to sacrifice one of them to get the other (or increase the project cost/schedule).