On page 12 of the PITAC report, in Costa Rica WhatsApp Number List chapter “Fundamentally New Security Models, Methods Needed” we find the quote “The weakness of the perimeter defense strategy has become painfully clear”. The report explains that the vast majority of work in cybersecurity has, so far (reminder: we are in 2005), been based on the concept of perimeter defense. In this model, we distinguish the inside of the company from the outside. Everything is done to protect the inside of the IS or the network, from an attacker who comes from outside and seeks to penetrate or control resources located inside. For those who have worked with network

administrators, or security managers, you have, for example, certainly heard of DMZ. Well, the DMZ (DeMilitariZed Area in English) is typically an isolated perimeter and protected from the rest of the network by elements supposed to ensure security (firewalls for example). However, and no matter how difficult the task, as soon as the attacker has managed to compromise any system and get inside, he then has phenomenal leverage and rock-solid peace of mind to do whatever he wants. In short, we are close to the Maginot Line effect where once the line is bypassed, it is no longer useful. he then has a phenomenal leverage and rock-solid peace of mind to do what he wants.

What the PITAC Report

In short, we are close to the Maginot Line effect where once the line is bypassed, it is no longer useful. he then has a phenomenal leverage and rock-solid peace of mind to do what he wants. In short, we are close to the Maginot Line effect where once the line is bypassed, it is no longer useful. In addition, the distinction between an “exterior” and an “interior” explodes in flight with the proliferation of equipment and interconnected networks -> the countermeasure of perimeter defense then consisting in defining multiple sub-assemblies each defended by a line of defense , or even to add lines of defense on sub-assembly unions themselves protected by a line of defense, in short we end up putting walls

Costa-Rica-Whatsapp-Number-List

everywhere: it is very expensive and we also add security loopholes each time . I’m not far from thinking that security breaches are increasing exponentially, The PITAC report outlines a more realistic, more effective and in my opinion less costly model in the long run: what it calls the principle of mutual suspicion. Every component of a system or network is always wary of all other components whatever they are, (whether they are “inside” or “outside” is no longer the question) and access to resources should always be re-interrogated and re-authorized. This means that each time there is a request for access to a resource, at least 3 key security elements must be validated:

Light at the end of the tunnel

While these principles seem obvious, I have hardly heard of them for the past 15 years. Or to be more precise, they were used but to deal with subjects of authorization of the users for application accesses or subjects of electronic signature. During this time the network administrators continued in their corner to compartmentalize, filter, add DMZs, there you go, and VPNs to access IS resources from the outside … I tried to talk about it with my clients, when by chance my missions led me to flirt with these subjects. But it is an understatement to say that I did not meet much echo (or whereas I only met echo precisely).

I have tried to find these concepts in the literature and I do not consider that I have found much. For example on the ANSSI site I found the documents of Cyberedu which is an association aiming to “introduce the notions of cybersecurity into all computer training in France” (source: Wikipedia ). Module 3 “Network and applications”, for example, talks about network perimeter security, and addresses the concepts of authentication, integrity and confidentiality with examples of identity theft techniques for web applications, but nowhere does these general principles of mutual suspicion are discussed.

Leave a Reply

Your email address will not be published.