How do we model VPNs in coreLang? Also, how do we represent authenticated network connections? #56
Comments
|
I think that we can probably have authenticated traffic represented by connecting the identity to both end points of the network communication and use a credentials asset belonging to that identity to encrypt the data assets transmitted over the network. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Even though we have broached the subject before it isn't entirely clear to me how we wish to represent VPNs in coreLang. More generally, I am unsure how to model authenticated communications over networks.
This issue resurfaced when trying to implement the Limit Access to Resource Over Network. The technique itself is very broad and depending on the technique it is applied to slightly different mechanisms come into play. Both VPNs and authentication protocols over the network are used by the mitigation.
Presumably we would like to implement authenticated communications via ConnectionRules, but how do we want to represent a network with both authenticated and unauthenticated traffic. The manInTheMiddle defence on the network asset can be used too, but the question regarding how to mix types of traffic remains, splitting one Network asset into two seems cumbersome.
The text was updated successfully, but these errors were encountered: