Perimeter Security in the Digital Space

Pre-2000, the perimeter security model for most organizations, we have a picture of a castle here, is about protecting your perimeter. You have very safe borders. What we’ve seen since then is a growth in agile working, mobile technologies, cloud services. And this paradigm probably wasn’t strong enough anyway as an access control model, as an approach to identity and access management – definitely is not enough now. What we see now is the concept of defence in depth. Here, we’re differentiating and tiering our security options. There’s a picture of an onion, because what we’re doing is we’re implementing different layers of security. So from a network perspective, we have our internal network, a perimeter, a demilitarized zone. But also, we have appropriately-tiered security.

And also, we factor in other elements, like training. We tried to build a human firewall by appropriately training our staff. With zero-day threats, antivirus, or anti-malware suites, will not spot these problems. They work frequently, they work on signature recognition. And if there is no signature to recognize for a new threat, then that isn’t going to help us. So we need people to be able to spot things that are inappropriate that they shouldn’t be clicking on to help prevent those phishing attacks. Individual services protected should be protected according to their value and according to the value of the information that they contain. So here, these different layers of security, we tailor according to what we’re trying to protect.

And the way we do this is through the use of granular access models. So traditionally, access was fairly coarse. You have access or you don’t have access. In the example we gave of your home, you had access or you didn’t have access. Actually, what we’re talking about now is far more refined. We’re talking about individual levels of access. If we continue the metaphor with your home, now we’re talking about individual access to rooms in your house and what you can do within each of those rooms. So here, we see lots of different systems. And they will support different levels of granularity for privileges. And we want to confer the minimum level of privilege necessary to perform functions.

No more than that. So, many systems with varied information present us with a challenge, we said. The shared drives, the mailboxes. Things like document management systems can be far more helpful because we can structure the contents and we can apply permissions based against them. So this granular access model is important. And it’s important, therefore, that we establish the sensitivity of the things that we’re trying to protect. The access model we gave, the example we gave regarding your home, let’s try and draw that out a little bit. Think about this now as a hotel.

We have lots of different subjects coming in, lots of different security zones within the hotel, lots of different functions and features within the hotel, maybe a gym, a swimming pool, a spa. And you as a mediator, suddenly your role has changed dramatically. You’re trying to deal with all of these different requests from different types of people and trying to make sure that they only have access to the right areas. And we can start to simplify this. We can start to group people together in roles. So we may have, within the hotel example, we may have customers and staff. This could help provide broad access to different zones within the building. In the digital world, this is so very complex.

More complex than just that hotel example. And quite often, our digital systems are actually managing these physical spaces as well. So we will have zoned control for our physical access system, our RFID cards for door swipes. Typically, when we’re looking at access control models within identity and access management, a requester has a clearance or has some kind of label, security label. And the object they’re trying to access has some kind of classification or label. And what we’re doing is comparing the two levels to provide an outcome, that the access request is granted or not.

And the access request may be to read the object, to enumerate the object, to write to the object, to delete – so many different types of privilege that we can describe. So we’ll describe the control mechanism in more detail further into the course.

But at this point, think about those two components: the subject trying to make the access attempt and what we’re trying to protect. Our identity and access management needs to be able to facilitate this process, consistently, to the correct service standards reliably. And it needs to be present in every single transaction, without exception. If a single transaction can avoid this process, then our entire identity and access management system can be compromised. This is what attackers are trying to do. We’ll look at a few examples in a moment. Just before then, let’s just describe metadata. Metadata is data that provides information about other data. It’s helpful in terms of being descriptive. And it can be used for administrative purposes.

So we talked about the subjects and the objects having privileges. This is a form of metadata attached to those objects. When we look at directories that contain our users and some of our resources, typically we see metadata about those objects in the form of attributes. These can be privileges. These can be security groups or roles. This might be things like names and telephone numbers. But all of this supports the use of our identity access management system, and actually may make things like our directory service more useful, may extend some of the use for it. So the descriptive can help with discovery and identification through the use of keywords. The administrative typically helps manage access.

And we can use that to support our identity and access management model.