In recent times the security industry has lamented the dissolution of the network perimeter. The era of strong perimeter defenses is now PAST because of:
- Phishing attacks - adversaries within the perimeter
- Asset migration - to the cloud
- Storage – small, high capacity storage devices
- Traversal – of the perimeter by countless end points.
With cyber attacks growing increasingly sophisticated, it’s time we rethink how we secure the network perimeter. The Software Defined Perimeter (SDP) model provides a framework that helps to articulate this important paradigm shift.
The SDP model evolved from work done at the Defense Information Systems Agency (DISA) under the Global Information Grid (GIG) Black Core Network initiative. The SDP model secures access from the device/user down to the application server, all centrally managed via a controller. The concept relies on rendering an organization’s infrastructure “invisible;” it then delivers access to authorized resources only, verifying user and device variables before granting access to an application.
How SDP Works
In the SDP model, all user access policies are managed via the central controller. A user’s identity is verified and his/her devices are preregistered with the central controller. When the user needs to access resources on the network, he/she authenticates to the controller, which provisions access based on the security context of the device and user.
When a new device is on a public network or a device that previously failed to log in attempts to reconnect, additional requirements can be enforced (such as two-factor authentication) or access can be denied. Because the user must have a pre-registered device and multifactor, it is more difficult to access sensitive networks or applications with stolen credentials.
The SDP concept introduces Single Packet Authorization (SPA), which is used to initiate communications. SPA is based on the IETF’s RFC4226 (HMAC-Based One-Time Password algorithm). This model requires adoption within TLS and IKE protocols, as it uses a form of the Online Certificate Status Protocol stapling which allows an initial handshake to be effectively "signed."
Clearly the SDP model represents a great move forward for Internet security in general and would eliminate many potential types of threats as well as things like DDoS attacks. Some challenges exist. For instance, to get the full advantages of SDP, all accepting hosts would need to be running the latest software, which supports the SPA concept. SDP also requires devices to be on-boarded – a weakness in any system. The architects of SDP may want to consider the degree of flexibility in any implementation of SDP such that a "trusted" device that supports SPA might be allowed more access than a "new" device, or that the user of a "new" device might be required to present additional credentials.
SDP secures based on the user and device profile. SDP model early adopters may want to consider a richer selection that might include temporal measures, IP information, even current security status. Better still, context should be measured at the time that any specific access is attempted. The reasoning being that context is not a one-off measurement taken at login time, but something that is reassessed continuously.
Today, the SDP model is primarily being used for web-based access (to host). However, it can also be used on the network layer as a new approach to virtualized network access control and dynamic firewall policies by use of a gateway protecting micro-segments inside the enterprise network. And this will work inside or outside the network because it uses the TLS protocol.
However, until the widespread adoption of SPA, virtualized and physical gateways are the only way to implement an SDP-like solution. And gateways have some huge advantages, which would be hard to realize within hosts. First, they can look at traffic and make security decision based on what a user or device appears to be doing; second, they offer a line of defense against zero-days and other forms of attack which the host may be vulnerable to; and last, they offer a unified log reporting mechanism for compliance audits.
The SDP model aims to help organizations secure their infrastructures from an ever more sophisticated, well-armed, and well-funded set of attackers and it will be exciting to see its use evolve. The concept of Single Packet Authorization is very powerful and is a welcome addition to the armory. As organizations realize the need for truly agile access security, SDP represents an opportunity to move the traditional security model in a better direction, operating on the assumption that you cannot attack what you cannot see.