For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Verify, but Never Trust?

Much is being written lately about so-called "Zero Trust Model" security, which prompts me to ask, "Since when did we security folk trust anyone?"  On the NIST site, you'll find a thorough report NIS...
Published Mar 19, 2014
Version 1.0
application
design
http
network
perimeter
security
security model
ssl
tls
zero trust
BAMcHenry's avatar
Ret. Employee
Brian McHenry leads product management for Security solutions on the BIG-IP, NGINX, and Distributed Cloud data planes. In this role, he sets strategy for the growing $750M annual business for the Advanced WAF, SSL Orchestrator, Access Policy Manager, and NGINX App Protect products. McHenry takes pride in enabling F5’s customers to be successful as well as in improving their security postures to make the Internet a safer place. McHenry works across multiple groups at F5, including the Strategy Office, Office of the CTO, Marketing, Services, Support, and Sales. He is also a published writer and a frequent speaker at infosec conferences and events. He is a co-founder of Security B-Sides NYC, and committed to giving back to the Infosec community.
View Profile
BAMcHenry's avatar
Ret. Employee
Brian McHenry leads product management for Security solutions on the BIG-IP, NGINX, and Distributed Cloud data planes. In this role, he sets strategy for the growing $750M annual business for the Advanced WAF, SSL Orchestrator, Access Policy Manager, and NGINX App Protect products. McHenry takes pride in enabling F5’s customers to be successful as well as in improving their security postures to make the Internet a safer place. McHenry works across multiple groups at F5, including the Strategy Office, Office of the CTO, Marketing, Services, Support, and Sales. He is also a published writer and a frequent speaker at infosec conferences and events. He is a co-founder of Security B-Sides NYC, and committed to giving back to the Infosec community.
View Profile
amolari's avatar
amolari
Icon for Cirrostratus rankCirrostratus
Mar 20, 2014
Nice paper! I have to trust the BIGIP admins as they're root on the CLI and no way to change that (tmsh access only or appliance mode? no way). How does that fit in the zero trust model? Or is it only applying to the data path? ;-)