How zero-trust SDP can work with a VPN for remote work – TechTarget


Businesses have used VPNs for decades to establish secure, encrypted remote communications services. As cyberthreats increase in frequency and sophistication, however, VPNs don’t necessarily provide the most secure environment to remotely access an internal network and its associated systems.

Establishing a truly secure and nonporous perimeter is a top priority for network engineers and managers today and for the foreseeable future. Existing technologies, such as firewalls and intrusion prevention systems, provide good protection from malware and cybercriminals. However, their design still allows skilled intruders to bypass the existing perimeter protection and access internal networks.

What is needed is something that establishes an impenetrable barrier around internal networks and makes it virtually impossible for threat actors to breach the perimeter. One of these technologies is a software-defined perimeter (SDP), and the other is a zero-trust environment to prevent unauthorized access and enhance authentication measures.

Figure 1 depicts a traditional network where a VPN is configured to link remote users into a headquarters’ systems and resources. Despite the measures in place to protect the perimeter, it’s still possible to get past existing security and access internal networks and resources.

Figure 1. Remote access network configuration shows traditional VPN setup linking remote users to the headquarters.

By contrast, an SDP establishes a virtual boundary or wall around IT resources at the network layer, as opposed to the application layer. The SDP authenticates the requesting user and verifies the status of the device being used before it permits access to an internal network.

The process begins by the SDP authenticating both the user and device. It then establishes a single network connection between the user’s device and the resources it’s trying to access, such as a server. The network connection is unique and cannot be used by anyone else. The user is granted access only to services for which they have been approved.

One way to visualize the SDP process is getting access to a car that’s in a garage. First, the garage door must be opened, typically with a key. If the garage is a large, multivehicle facility, it may be necessary to use a proximity card or enter a code into a keypad to gain access.

Next, once the car has been reached, a process for accessing the car must be performed. Today’s cars usually have a remote access feature that uses a fob that connects to the car using radio transmission to unlock the doors with a unique code. In this example, accessing the car requires multiple layers of verification and authentication.

Figure 2 depicts a network that …….


RSS Feeds

Related Posts