VPNs have been a cornerstone of secure networking for the last 20+ year. They provide employees and third parties with secure remote access to corporate networks and services. However, as technology evolves, most VPNs lack the ability to enforce the narrow, granular permissions that enterprises require.
Although organizations realize the need to upgrade their approach to user access control. The deployment of existing technologies is holding back the introduction of Software Defined Perimeter (SDP). A recent report carried out by the Cloud Security Alliance (CSA) on the “State of Software Defined Perimeter” states that the main barrier to adopting SDP is the existing in-place security technologies.
Back in 2010, John Kindervag, the then-principal analyst at Forrester, coined the term Zero Trust. The idea behind this edgy-sounding concept was that when it comes to network security, nothing can be trusted and everything — and everyone — should be verified.
The foundations that support our systems are built with connectivity and not security as an essential feature. TCP connects before it authenticates. Security policy and user access based on IP lack context and allow architectures that exhibit overly permissive access. Most likely, this will result in a brittle security posture.
You’re probably at least a bit familiar with Citrix, the software giant responsible for desktop virtualization, networking and SaaS services that are in use at millions of companies around the world. It is used by Fortune 500 organizations, the US Military and many government agencies It is a central element of how many businesses conduct their operations today.
Over the last few weeks, Safe-T has provided a basic introduction to the tools and operating systems that you’ll use as a member or leader of a red team. Now, let’s contextualize them – how would you use these tools in the context of an actual security exercise?