Why does your network endpoints need to authenticate before connection? – Importance of zero trust.
Traditional network solutions such as IPVPN or SSL VPN (even some SDWAN solutions) follow the authentication mechanism where the network endpoint initiates a request to the headend node / concentrator / firewall / controller first and then the endpoint is authenticated against parameters. This is a weak link in security opening up chances for hackers to hack username / passwords, impersonate endpoint & endpoint IPs.
In today’s hyper connected world with sophisticated cyber security attacks, Zero Trust Dark Networks incorporate various mechanisms that authenticates the endpoint before connection to the other network endpoints or the network controller itself. Here is how we have implemented Zero Trust Dark Network – Authenticate before connect @NetFoundry
When a new network endpoint is created in the NetFoundry Network instance, a registration key is created. This is a one-time use key used to authenticate the device to the registration service. A connection will be made to the registration service over HTTPS, and the registration code provided. These codes do expire, to clean up any endpoints that may fall out in the downstream process. The process of registration creates the two way trust between the endpoint and the network controller. On the endpoint, a X.509 certificate is created, using 4096 bit RSA encryption, and SHA256 authentication. A certificate signing request is then generated and sent to the registration service. Each NFN instance has its own certificate authority, and that CA certificate is used to sign the certificate of the endpoint. In this way, the actual private certificate never leaves the endpoint, as per accepted best practices. Additionally, the public certificate of the certificate authority is downloaded to the client, to be used to authenticate the network controller. This helps businesses to stop rogue endpoints from registering to the network preventing endpoint impersonation or endpoints being compromised.
We help improve the security posture of your internet network and there are more security features to NetFoundry’s Zero Trust Dark Network or Software Defined Perimeter.
