network from the Internet and only allow access to the inside network through its Firewall. The Firewall filters all network communication according to predefined policies, so only re- sponses to communication originating inside the organisation, e.g., loading webpages or communication from authenticated and authorised outsiders, will be allowed through the Firewall. One consequence of the perimeter security model, enforced by firewalls, is that an attacker who manages to breach the perimeter has easy access to all systems on the inside network; this is why perimeter security is sometimes called the eggshell model because it has a hard outer shell, but is all soft and goo- ey on the inside. With the increasing integration of systems across organisations and aggregation of services from different Cloud providers, the security perimeter has blurred. Zero Trust Architectures (ZTA) have emerged to address many problems with open orches- tration of servers and services from different providers. By re- moving implicit trust in other entities, ZTA promises security based on verifiable attributes, such as identities (user and de- vice), credentials, and policies. Zero Trust Architectures Zero Trust Architectures are often defined through several fundamental principles (aka. the tenets of Zero Trust,) which typically include variations of the following five major tenets: Assume a Hostile Environment; Presume Breach; Scrutinize Explicitly; Apply Unified Analytics; and, perhaps most impor- tant, Never Trust, Always Verify. Implementing a ZTA requires all users, devices, and applications to be continuously authenticated so that it becomes harder to exploit existing trust relationships between components in the system. The context of interactions must be considered and only be allowed to proceed if they fit the policy or profile for the specific users and devices. This means that interaction must be aborted outside the user’s regular working hours or origin (workstation or physical location) and the device requesting a service to be performed. In many ways, ZTA implements perim- eter security for every system component, so the single large shell is replaced with many smaller shells; this can be visualized by thinking that the ostrich egg is replaced by caviar.
techniques, such as the ISO 31,000 family of standards, the ISO 27,005 standard on information security risk management, or NIST Special Publication 800-37 Rev2, provide a good founda- tion for risk analysis, but it is important to adapt the analysis to the specific system or infrastructure. Threat Model The threat model describes how an attacker may harm the system and its components. The focus is not so much on the assets and resources managed by the system but on the ad- versaries’ motives, tactics, techniques, and procedures (TTP). It is common to focus on external attackers, such as cyberespi- onage, cybercrime, cyber-activism, and cyber-terror, but the threats from insiders must also be considered. The motives and capabilities of an external attacker determine the efforts employed to address the threats, e.g., cybercrimi- nals aim to maximize profits and minimize threats, so they will not spend much effort attacking a low-yielding target. How- ever, small organisations with low ransom payment capabili- ty may be hurt by cybercriminals if they share technology or infrastructure with larger organisations. The NotPetya attack that hit Maersk in 2017 is most likely an example of this, where Maersk was collateral damage in the conflict between Russian hackers and Ukraine. The technical controls described in the next section primarily focus on the threats from external at- tackers. Insider threats are typically attributed to disgruntled or incom- petent employees who destroy or leak data maliciously or by mistake. We must, however, also consider the threats from so- cial engineering, where loyal and competent employees are tricked into disclosing information or providing system access to an unauthorised outsider. This suggests that all systems should be configured according to the Principle of Least Priv- ilege, where employees can only access information and sys- tems relevant to their current tasks. Technological Considerations Traditional security technologies focus on fortifying the perim- eter, so malicious outsiders find it hard to enter and harm the internal systems. Most organisations separate their internal
Made with FlippingBook - Online magazine maker