microsegment.io

segment all the things

A short history of segmentation

Let’s start this with quoting wikipedia on what network segmentation is according to a encyclopedia. Network segmentation in computer networking is the act or practice of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for boosting performance and improving security. How did this start? Some of the readers might actually be old enough to remember how local area networks started out in the early 90s.

Posted by     Alexander Goller on Monday, August 19, 2019

A collection of zero trust resources

Work in progress This list is work in progress, if you have suggestions on what to add, please add a comment below or drop me a mail or note. The origins Zero Trust is not exactly a new idea, but a name for a architecture that takes least privilege as the first design principle and assumes nothing can be trusted. I am not sure who established the category at this moment, but it seems Google and Forrester Research have both been working on this. John Kindervag (@kindervag) originally published the model in 2010. That paper is still valid 9 years after the first publication and it shows great foresight and vision. Kudos to that.

Posted by     Alexander Goller on Saturday, August 10, 2019

Visualization of an attack in a Zero Trust Network

Video by Forrester Research

Posted by     Alexander Goller on Saturday, August 10, 2019

Microservices and microsegmentation

Microsegmentation and microservices found this article on DZone and wanted to quickly share my thoughts on it. “Micro is big these days” - This statement is from a article showing the similarities and differences between microservices and microsegmentation. Of course we all know the differences, but we might have never thought about the similarities between the two approaches. Microservices are about dissecting applications to smaller units and run those units independently instead of running them in a monolithic application. This creates the ability to decouple those functions and makes the service more scalable, independent from the other services and easier to maintain a single functionality. Often one team is responsible for one microservice. They maintain their interface, but consumers of the service do not have to worry about the inner workings as long as they stick to the public interface.

Posted by     Alexander Goller on Wednesday, August 7, 2019

Kubernetes podcast on attacking k8s

The current Kubernetes Podcast gives a great view into how to attack kubernetes clusters. I have been talking about this all the time when i see OpenShift or kubernetes clusters that are trying to protect the container infrastructure with tools made for protecting pods, but hardly protect the container orchestration platform itself. Securing the container infrastructure is hard and not doing it may lead to things like cluster takeover or host escapes.

Posted by     Alexander Goller on Tuesday, August 6, 2019

avatar

Principal Solutions Architect, Zero Trust Evangelist, BSD enthusiast

FEATURED TAGS
2026 attacks containers hard-truths identity kubernetes lateral-movement links management-plane metrics microsegmentation microservices mitre segmentation supply-chain weekly-roundup zero-trust