I might have written on this subject before so this feels kinda deja vue but that’s not going to stop me… and it’ll be short.
Recently I wrote about zero trust and proposed a dynamic software defined network. And as my day progressed I’m reminded about a project called Apcera (acquired by Ericson). One thing that made the project interesting is that in some software defined network based application the database credentials were known to the client application and plain. The demo showed that the client application could connect to the remote DB, however, a user with access to tools like psql could not even with the credentials.
I’m constantly scratching my head in this space because passwords are stupid simple. For example I use the fossil SCM tools. While there is a web GUI with login credentials once you have access to the fileserver the password is meaningless. [a] you can change it [b] it’s a sqlite database and unless you pay for the encryption it’s in the clear. and so on.
Apcera did something interesting… they built an encrypted SDLan and then fingerprinted the containers (built on docker) and that backplane managed permissions.
Consider a multitier web application… If you can penetrate the external firewall and just find yourself resting on the webapp server then you have it all. In fact there may be more. Sure there can be an all or nothing to the ZERO trust but everyone knows when it goes wrong managers want boots on the ground and fingers in the data. If the prescribed lights-out functionality does not work or is too time consuming everyone heads to the backplane. Back in the day we used to put the ont-time passwords in envelopes in a safe. It would take a conspiracy to gain access.
Well… it’s worse than that now. I had a client once that had been called out by the courts. As a result a lot of data had to be extracted from the customer DB.Sure it was important to manage PII, however, PCI has a draconian approach that is not covered by this.
So here’s the thing. Passwords are not necessarily the thing. Contact needs to be made from the inside out. And network segments need to be dynamic and user based with user defined routing not host based routing.