VPN vs SDP?

gjacobse

Because - a LinkedIN advert is where you want to learn from - but taking a referenced technology FROM there and doing your search and learn.

This advert implied that SDP is the next thing to replace a VPN - Oh-kay what is it. What is an SDP and why would I want to investigate it.

---

SDP: Software Defined Perimiter
Software Defined Perimeter (SDP), also called a "Black Cloud", is an approach to computer security which evolved from the work done at the Defense Information Systems Agency (DISA) under the Global Information Grid (GIG) Black Core Network initiative around 2007.[1] Software-defined perimeter (SDP) framework was developed by the Cloud Security Alliance (CSA) to control access to resources based on identity. Connectivity in a Software Defined Perimeter is based on a need-to-know model, in which device posture and identity are verified before access to application infrastructure is granted.[2] Application infrastructure is effectively “black” (a DoD term meaning the infrastructure cannot be detected), without visible DNS information or IP addresses.[dubious – discuss] The inventors of these systems claim that a Software Defined Perimeter mitigates the most common network-based attacks, including: server scanning, denial of service, SQL injection, operating system and application vulnerability exploits, man-in-the-middle, pass-the-hash, pass-the-ticket, and other attacks by unauthorized users.[3]

Time to get some popcorn and read a little..

travisdh1

@gjacobse said in VPN vs SDP?:

Because - a LinkedIN advert is where you want to learn from - but taking a referenced technology FROM there and doing your search and learn.

This advert implied that SDP is the next thing to replace a VPN - Oh-kay what is it. What is an SDP and why would I want to investigate it.

---

SDP: Software Defined Perimiter
Software Defined Perimeter (SDP), also called a "Black Cloud", is an approach to computer security which evolved from the work done at the Defense Information Systems Agency (DISA) under the Global Information Grid (GIG) Black Core Network initiative around 2007.[1] Software-defined perimeter (SDP) framework was developed by the Cloud Security Alliance (CSA) to control access to resources based on identity. Connectivity in a Software Defined Perimeter is based on a need-to-know model, in which device posture and identity are verified before access to application infrastructure is granted.[2] Application infrastructure is effectively “black” (a DoD term meaning the infrastructure cannot be detected), without visible DNS information or IP addresses.[dubious – discuss] The inventors of these systems claim that a Software Defined Perimeter mitigates the most common network-based attacks, including: server scanning, denial of service, SQL injection, operating system and application vulnerability exploits, man-in-the-middle, pass-the-hash, pass-the-ticket, and other attacks by unauthorized users.[3]

Time to get some popcorn and read a little..

So they came up with a new term for what @scottalanmiller has been talking about for YEARS?

Obsolesce

@travisdh1 said in VPN vs SDP?:

@gjacobse said in VPN vs SDP?:

Because - a LinkedIN advert is where you want to learn from - but taking a referenced technology FROM there and doing your search and learn.

This advert implied that SDP is the next thing to replace a VPN - Oh-kay what is it. What is an SDP and why would I want to investigate it.

---

SDP: Software Defined Perimiter
Software Defined Perimeter (SDP), also called a "Black Cloud", is an approach to computer security which evolved from the work done at the Defense Information Systems Agency (DISA) under the Global Information Grid (GIG) Black Core Network initiative around 2007.[1] Software-defined perimeter (SDP) framework was developed by the Cloud Security Alliance (CSA) to control access to resources based on identity. Connectivity in a Software Defined Perimeter is based on a need-to-know model, in which device posture and identity are verified before access to application infrastructure is granted.[2] Application infrastructure is effectively “black” (a DoD term meaning the infrastructure cannot be detected), without visible DNS information or IP addresses.[dubious – discuss] The inventors of these systems claim that a Software Defined Perimeter mitigates the most common network-based attacks, including: server scanning, denial of service, SQL injection, operating system and application vulnerability exploits, man-in-the-middle, pass-the-hash, pass-the-ticket, and other attacks by unauthorized users.[3]

Time to get some popcorn and read a little..

So they came up with a new term for what @scottalanmiller has been talking about for YEARS?

I don't remember him talking about it in 2007/2008 when it became prominent as I understand.

travisdh1

@obsolesce said in VPN vs SDP?:

@travisdh1 said in VPN vs SDP?:

@gjacobse said in VPN vs SDP?:

Because - a LinkedIN advert is where you want to learn from - but taking a referenced technology FROM there and doing your search and learn.

This advert implied that SDP is the next thing to replace a VPN - Oh-kay what is it. What is an SDP and why would I want to investigate it.

---

SDP: Software Defined Perimiter
Software Defined Perimeter (SDP), also called a "Black Cloud", is an approach to computer security which evolved from the work done at the Defense Information Systems Agency (DISA) under the Global Information Grid (GIG) Black Core Network initiative around 2007.[1] Software-defined perimeter (SDP) framework was developed by the Cloud Security Alliance (CSA) to control access to resources based on identity. Connectivity in a Software Defined Perimeter is based on a need-to-know model, in which device posture and identity are verified before access to application infrastructure is granted.[2] Application infrastructure is effectively “black” (a DoD term meaning the infrastructure cannot be detected), without visible DNS information or IP addresses.[dubious – discuss] The inventors of these systems claim that a Software Defined Perimeter mitigates the most common network-based attacks, including: server scanning, denial of service, SQL injection, operating system and application vulnerability exploits, man-in-the-middle, pass-the-hash, pass-the-ticket, and other attacks by unauthorized users.[3]

Time to get some popcorn and read a little..

So they came up with a new term for what @scottalanmiller has been talking about for YEARS?

I don't remember him talking about it in 2007/2008 when it became prominent as I understand.

I wouldn't call it prominent yet. In halfway competent companies, yes. But those are quite rare.

IRJ

@gjacobse said in VPN vs SDP?:

Because - a LinkedIN advert is where you want to learn from - but taking a referenced technology FROM there and doing your search and learn.

This advert implied that SDP is the next thing to replace a VPN - Oh-kay what is it. What is an SDP and why would I want to investigate it.

That's not really a great comparison. VPN and SDP are truly apples and oranges. Alot of websites do try to compare SDN to VPN for some reason. I think that might be because some legacy places think VPN equals security. Yet they have flat networks with virtually no firewall rules.

I think it's easier to think about zero trust model which will require you to use SDN concepts. Zero Trust has been industry standard for probably a decade. Many companies are choosing to make the transition to ZT as they move workloads in the cloud. Cleaning up enterprise on premise networks can be a nightmare which is why many have made the transition in tandem with moving to public clouds.

Another reason they are being done on cloud workloads is because the major public clouds deny traffic by default. The fact that things don't work out of box with all access blocked. It does alot to encourage only opening what you absolutely need.

Zero Trust defends your biggest threat, internal actors. Internal actors can be malicious or just plain stupid. Both are extremely dangerous in an on premise network. VPN does nothing to protect you since they are employees who have VPN access.

scottalanmiller

@travisdh1 said in VPN vs SDP?:

@gjacobse said in VPN vs SDP?:

Because - a LinkedIN advert is where you want to learn from - but taking a referenced technology FROM there and doing your search and learn.

This advert implied that SDP is the next thing to replace a VPN - Oh-kay what is it. What is an SDP and why would I want to investigate it.

---

SDP: Software Defined Perimiter
Software Defined Perimeter (SDP), also called a "Black Cloud", is an approach to computer security which evolved from the work done at the Defense Information Systems Agency (DISA) under the Global Information Grid (GIG) Black Core Network initiative around 2007.[1] Software-defined perimeter (SDP) framework was developed by the Cloud Security Alliance (CSA) to control access to resources based on identity. Connectivity in a Software Defined Perimeter is based on a need-to-know model, in which device posture and identity are verified before access to application infrastructure is granted.[2] Application infrastructure is effectively “black” (a DoD term meaning the infrastructure cannot be detected), without visible DNS information or IP addresses.[dubious – discuss] The inventors of these systems claim that a Software Defined Perimeter mitigates the most common network-based attacks, including: server scanning, denial of service, SQL injection, operating system and application vulnerability exploits, man-in-the-middle, pass-the-hash, pass-the-ticket, and other attacks by unauthorized users.[3]

Time to get some popcorn and read a little..

So they came up with a new term for what @scottalanmiller has been talking about for YEARS?

Yup. I've pointed it out before that it's just a marketing term for several semi-specific VPN deployments.

scottalanmiller

@irj said in VPN vs SDP?:

I think that might be because some legacy places think VPN equals security.

Where "some" is "almost everyone." From general public to IT pros, everyone repeats "VPN" as "security panacea".

scottalanmiller

This post is deleted!

IRJ

@DustinB3403 I'd love to hear your thoughts so you downvoted my post. I have no problem debating you and anytime I downvote you it is because I don't agree with you. You also know that I upvote you as well even if we aren't best buds

Any vote of yours that I've downvoted is because what you said is wrong or at a minimum disagree. You've been downvoting people out of spite, unless you have a really good argument to what I've posted then I recant the above statement and welcome your debate.

Also everyone that's downvoted you except maybe @stacksofplates has downvoted me before when they disagreed with stuff I've said. @JaredBusch @Obsolesce , @travisdh1 but they've had a reason or an argument to why they've disagreed with me. That's how it's supposed to work.