A reader wrote in expressing concerns over a vendor software management platform that had 3rd party module vulnerabilities . Reasonable risk assessment if you ask me. This comes along with the two "One Liners'' we posted yesterday  . This sounds like a case for isolation and or lockdown. Considering 2021's climate, let's be clear here, Digital not Physical :).
The problem space is the attack surface. Good thing, we've known about this for years. Bad thing, human behavior has not changed (that we are aware of) for a very long time . Given that we have something we can affect and something that is HARD to change? How do we approach the risk of vulnerabilities in our management plane? Lets also add into this problem space the idea that we cannot isolate everything (again, only talking digital here).
The Model: Zero Trust (micro-segmentation, take your pick, but you get the idea)
The Use-Case: Critical Asset that is Vulnerable
<user> - <Clientless VPN and or firewall> - <HTML5 to telnet proxy> <legacy client>
The clientless VPN solutions would be configured to use the organization's regular IDaM infrastructure with full group / user restrictions. This would point to an HTML5 proxy that provides a TLS interface to the telnet client. As long as the VPN / Firewall solution supports it, SAML becomes possible, along with MFA .
This is not easy, but also not impossible and remember, just because MFA is being “picked on” (probably with good reason) doesn’t stop us from using it . A wise Groot once said ‘It’s better than 11%’...
“Perfection is a road, not a destination” Chiun, Remo Williams
If this topic is interesting, please comment and I can dive deeper (what vendors I used, how I deployed it, results (good btw)...
Let us know in the comments.
Apr 21st 2021
Apr 21st 2021
3 weeks ago