←back to thread

I read the federal government’s Zero-Trust Memo so you don’t have to

(www.bastionzero.com)
656 points EthanHeilman | 3 comments | 27 Jan 22 15:06 UTC | HN request time: 0.618s | source
Show context
uncomputation ◴[27 Jan 22 17:33 UTC] No.30103419[source]
> “Enterprise applications should be able to be used over the public internet.”

Isn’t exposing your internal domains and systems outside VPN-gated access a risk? My understanding is this means internaltool.faang.com should now be publicly accessible.

replies(10): >>30103496 #>>30103558 #>>30103584 #>>30103588 #>>30103623 #>>30104344 #>>30104669 #>>30105221 #>>30106774 #>>30106879 #
formerly_proven ◴[27 Jan 22 17:45 UTC] No.30103584[source]
It's a different framing to get rid of figleafs. Everything has to be built so that it actually has a chance of being secure - if your state of mind is "this is exposed to the public internet", BS excuses like "this is only exposed to the TotallySecure intranet" don't work any more, because they don't work in the first place. Perimeter security only works in exceedingly narrow circumstances which don't apply - and haven't applied for a long time[1] - to 99.999 % of corporate networks.

[1] Perimeter-oriented security thinking is probably the #1 enabler for ransomware and lateral movement of attackers in general.

replies(2): >>30103686 #>>30120243 #
1. 3np ◴[27 Jan 22 17:52 UTC] No.30103686[source]
For anyone confused about the term "figleaf", I assume it's a reference to fig leafs being used by Renaissance artists to mask genitalia. So "things concealing the naked truth" approximately.
replies(1): >>30103892 #
2. jsmith99 ◴[27 Jan 22 18:09 UTC] No.30103892[source]
It's older than that: it's a biblical reference to Adam and Eve covering themselves.
replies(1): >>30104063 #
3. 3np ◴[27 Jan 22 18:19 UTC] No.30104063[source]
My memory serves me wrong; thought that it being a fig leaf in particular was newer than the Bible but it's not (Genesis 1:3:7)