Castle-and-Moat Security Died With Mobile Devices
Think for yourself. Network security used to be simple: hard shell, soft interior. Firewall keeps bad guys out, everything inside is trusted.
That model is dead. Has been for years. But consultants keep selling it because it's easy to explain to executives who don't understand technology.
Nothing is true. Everything is permitted. Including attackers already inside your "secure" network. Plan for it.
Our Network Security Policy is public because network security through obscurity assumes attackers can't run port scans.
Illumination: If your security model assumes attackers are outside, your security model is from 1995. Update it or get pwned.
Why the Network Perimeter Is Fantasy
Question authority that still talks about "inside" and "outside" networks:
1. Mobile Devices Roam
Laptop leaves the office? It's "outside." Comes back? It's "inside" again. With whatever malware it picked up. VPN doesn't make devices trustworthy—it just encrypts their attacks.
Illumination: Every device that crosses the perimeter is a potential Trojan horse. The Greeks taught this lesson 3000 years ago.
2. Cloud Services Are "Outside"
Office 365? AWS? GitHub? All outside your perimeter. Yet essential to business. The perimeter doesn't include what you actually use.
Illumination: Defending a perimeter that doesn't include your data is LARPing security.
3. Insider Threats Exist
Malicious insiders. Compromised accounts. Social engineering. Threat is already inside. Your firewall doesn't stop Susan in accounting from clicking phishing links.
Illumination: The call is coming from inside the house. It always was.
4. Supply Chain Compromises
Trusted vendor gets hacked. Pushes malicious update. Through your firewall. Because you trust signed updates from "inside" the perimeter. SolarWinds, anyone?
Illumination: Trust is how supply chain attacks work. Zero trust is how they get detected.
5. APTs Are Patient
Advanced Persistent Threats don't bang on your firewall. They live inside for months. Quietly. The perimeter didn't save you—you're already compromised and don't know it.
Illumination: The average dwell time for breaches is measured in months. Your perimeter failed months ago.
Zero Trust: Verify Everything, Trust Nothing
Zero trust networking isn't paranoia. It's accepting reality and designing accordingly:
- Authenticate every request — Location on network doesn't grant trust. Verify identity, device health, context every time.
- Authorize least privilege — Just because you're authenticated doesn't mean you get access to everything. Minimum required, time-limited when possible.
- Encrypt everything in transit — Internal network isn't trusted. TLS everywhere. mTLS for service-to-service.
- Microsegment the network — Lateral movement is how breaches spread. Segment. Isolate. Contain blast radius.
- Monitor all traffic — Log everything. Alert on anomalies. Assume breach means detecting it fast, not preventing it perfectly.
All hail Eris! Chaos teaches: trust enables betrayal. Verification prevents surprises.
Firewalls: Necessary But Insufficient
Firewalls aren't useless. They're just not sufficient:
✅ Firewalls Block Port Scans
Deny-by-default is good. Reducing attack surface is good. Basic perimeter defense is necessary.
❌ Firewalls Don't Stop Malware
Malware uses allowed ports (80/443). Encrypted in TLS. Your firewall sees encrypted traffic and says "looks fine to me."
✅ Firewalls Provide Defense in Depth
Layer in a security stack. One control among many. Not the only control.
❌ Firewalls Create False Confidence
"We have a firewall, we're secure!" No. You have one control. You need twenty more.
Think for yourself. Firewalls are tools, not magic force fields. Use them. Don't worship them.
Network Segmentation: Limit the Blast Radius
Assume breach. Design so that when (not if) attackers get in, they can't move laterally:
- VLANs for different functions — Development, staging, production in different network segments
- Firewall rules between segments — Default deny. Explicit allow only what's needed.
- Jump boxes for admin access — No direct SSH/RDP to production. Through a logged, monitored, hardened jump host.
- Service mesh for microservices — mTLS between services. Network policy enforcement at pod level.
- Database in separate subnet — Application tier can reach it. Nothing else can. Principle of least privilege at network layer.
CHAOS ILLUMINATION: Flat networks are how one compromised WordPress blog becomes a full domain admin compromise. Segment or suffer.
Network Monitoring: Seeing the Invisible
Can't defend what you can't see. Network monitoring isn't optional:
- Flow logs — Who's talking to who, when, how much. Baseline normal, alert on anomalies.
- IDS/IPS — Intrusion detection. Not prevention (that's usually brittle), but detection and alerting.
- DNS monitoring — Exfiltration often uses DNS tunneling. Monitor queries for anomalies.
- TLS inspection (carefully) — Decrypt at perimeter, inspect, re-encrypt. Privacy implications, but blind spots kill.
- SIEM integration — Network logs into security monitoring. Correlate with other signals.
Question authority: If your network team says "we can't monitor that," ask why. Usually it's "we don't want to" not "we can't."
Network Security Is About Containment, Not Prevention
Nothing is true. The perimeter isn't real. "Inside" isn't trusted. Firewalls aren't magic.
Everything is permitted. Including designing networks that assume breach and minimize damage.
All hail Eris! All hail Discordia!
Read our full Network Security Policy on GitHub. Zero trust. Segmented. Monitored.
FINAL ILLUMINATION: The security-industrial complex sells firewalls and perimeter defense because they're easy to sell. "Buy this box, you're secure!" Reality: Network security is architecture, monitoring, and accepting that perfect prevention is impossible. Design for containment. Plan for detection. Respond with speed.
— Hagbard Celine
Captain of the Leif Erikson
"The perimeter is dead. Long live the perimeter-less architecture."
🍎 23 FNORD 5