[Discuss] Port Scanning
Rich Pieri
richard.pieri at gmail.com
Thu Aug 1 14:03:57 EDT 2024
On Thu, 1 Aug 2024 10:03:28 -0700
Kent Borg <kentborg at borg.org> wrote:
> P.P.S. My decades long dislike of firewalls is *finally* getting
> trendy with the impressive name "Zero Trust Architecture", it even
> has a TLA: "ZTA". Nice when the world finally catches up here and
> there.
Zero Trust does not mean no firewalls. Exactly the opposite: it means
firewalls everywhere.
A traditional network architecture looks like an M&M candy: a hard
shell surrounding the sweet network goodness inside. Sometimes there
are two firewalls and the network resembles a peanut M&M with the hard
shell of the perimeter firewall and second firewall separating the
chocolaty DMZ from the valuable peanut in the middle.
A Zero Trust network looks like a bag of M&Ms. Each candy is one node
on the network, each node enclosed in a hard firewall shell. Nothing is
allowed into or out of any of these shells without first validating
itself with the security system. Every service or system must validate
itself every time it tries to connect to anything else on the network.
Never trust, always validate.
--
\m/ (--) \m/
More information about the Discuss
mailing list