Zero trust networks are quickly becoming all the rage in the IT world. Building proper defenses into each endpoint and relying on strong authentication schemes seems intuitively right. I’ve had several recent discussions with smart people about how dull the old world of network-based firewalls which grant implicit permissions based on the network location of a particular device (i.e., inside vs. outside the firewall), which is just another way of saying that we should move toward zero trust.
But all this presumes that the “endpoints” can be secured. Many pieces of IT infrastructure, including switches, servers, firewalls, and many other devices contain administrative interfaces that have security that is on par with, or slightly worse than, the average home router. In the past few years, we’ve seen many, many problems with the lights-out management interfaces for various servers; we’ve seen a (so far) non-stop parade of authentication bypass/hardcoded passwords in Cisco devices; and we’ve seen many other devices using various badly configured or exploitable services running on these interfaces, like dropbear, libssh, and others.
These interfaces should NOT be exposed to untrusted networks. That, sadly, means that we need to continue on with architecting, at least to some extent, well thought out networks.
The concept of a “management network” is not new. I was first introduced to the concept over 20 years ago, and I suspect the idea was already old by that point. Remember that a management network, by definition, is a concentration of sensitive interfaces and user sessions that have administrative privileges. A lot has been written about the design of management networks by people much smarter than I am, but I’ll give some ideas/observations here:
- Ensure that only authorized people and devices are able to connect to the management network
- Monitor activities on the management network for indications of unauthorized devices or users
- Keep the number of devices on the management network as small as possible – A one to one relationship would be optimal, but often impractical