Hi Jim,
I have been reading a lot and the NIST document is actually printed and
sitting on my desk. I would love to talk with you privately, feel free
to call me, or we can setup a time to meet in person, just give a few
different times that you are available and I can see which one works for
me and put it in my calendar.
Randy
Randy Morgan
CSR
Department of Chemistry and Biochemistry
Brigham Young University
801-422-4100
On 5/17/2016 2:54 PM, Jim Thompson wrote:
Hi Randy,
Ex-BYU student here. M.E. ’84, but I started in Chem, and maintained a vacuum
distillation apparatus in the basement of ESC that was part of the Chem
departments research in lasing emulsion dyes.
I have a relative (Steve Walker) in the English department, too.
If you’ve read the original Forester / NIST paper(*), there are three tenants
to the Zero Trust Model:
• Ensure all resources are accessed securely regardless of location.
• Adopt a least privilege strategy and strictly enforce access control.
• Inspect and log all traffic.
We are in the process of building a segmentation gateway, leveraging Open
Daylight as a controller, but this isn’t going to be “pfSense”. It will be a
Netgate product.
I don’t really talk about it much outside Netgate. There are a few people here
working on it (one of them just up the road from you in SLC.)
The idea is that one could then take pfSense 3.0, which is being re-architected
to have a central management console (this used to be called “pfCenter” or
“pfCentral”), and manage pfSense as a (set of) distributed access nodes.
This also serves to explain why we’re making the investment in ARM hardware
(see several recent tweets,
e.g.https://twitter.com/gonzopancho/status/731245772721651712), though that
side will scale to multicore as well. We can take the same userland-based
(DPDK/netmap) networking codebase and running it on anything from a tiny ARM to
a device with a dozen 40G interfaces and dozens of cores.
If you’d like to speak (privately) about this, I’m happy to do so, but I’m not
ready to share further details publicly. (Heck, most people here don’t know
that this is one of the potential uses for what we’re building in the lab. :-)
Aloha,
Jim
(*)
http://csrc.nist.gov/cyberframework/rfi_comments/040813_forrester_research.pdf
On May 17, 2016, at 3:17 PM, Randy Morgan <ran...@chem.byu.edu> wrote:
I have been doing some reading on zero trust networks, there is much to learn
and this is a major paradigm shift in security thinking. Can pfSense be
configured to work in zones without a trusted zone, or is that something that
is planned for a future release?
Randy
--
Randy Morgan
CSR
Department of Chemistry and Biochemistry
Brigham Young University
801-422-4100
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold