Hi Randy,
Ex-BYU student here. M.E. ’84, but I started in Chem, and maintained a vacuum
distillation apparatus in the basement of ESC that was part of the Chem
departments research in lasing emulsion dyes.
I have a relative (Steve Walker) in the English department, too.
If you’ve read the original Forester / NIST paper(*), there are three tenants
to the Zero Trust Model:
• Ensure all resources are accessed securely regardless of location.
• Adopt a least privilege strategy and strictly enforce access control.
• Inspect and log all traffic.
We are in the process of building a segmentation gateway, leveraging Open
Daylight as a controller, but this isn’t going to be “pfSense”. It will be a
Netgate product.
I don’t really talk about it much outside Netgate. There are a few people here
working on it (one of them just up the road from you in SLC.)
The idea is that one could then take pfSense 3.0, which is being re-architected
to have a central management console (this used to be called “pfCenter” or
“pfCentral”), and manage pfSense as a (set of) distributed access nodes.
This also serves to explain why we’re making the investment in ARM hardware
(see several recent tweets,
e.g.https://twitter.com/gonzopancho/status/731245772721651712), though that
side will scale to multicore as well. We can take the same userland-based
(DPDK/netmap) networking codebase and running it on anything from a tiny ARM to
a device with a dozen 40G interfaces and dozens of cores.
If you’d like to speak (privately) about this, I’m happy to do so, but I’m not
ready to share further details publicly. (Heck, most people here don’t know
that this is one of the potential uses for what we’re building in the lab. :-)
Aloha,
Jim
(*)
http://csrc.nist.gov/cyberframework/rfi_comments/040813_forrester_research.pdf
> On May 17, 2016, at 3:17 PM, Randy Morgan <[email protected]> wrote:
>
> I have been doing some reading on zero trust networks, there is much to learn
> and this is a major paradigm shift in security thinking. Can pfSense be
> configured to work in zones without a trusted zone, or is that something that
> is planned for a future release?
>
> Randy
>
> --
>
> Randy Morgan
> CSR
> Department of Chemistry and Biochemistry
> Brigham Young University
> 801-422-4100
>
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
