Preview Mode Links will not work in preview mode

May 9, 2017

 Zero trust networking may be a foreign concept to you, but Google and others have been utilizing this method of infrastructure and networking for quite a while now. It stands more traditional networking on it's head by not having a boundry in the traditional sense. There's no VPN, no ACLs to audit, no firewall to maintain... Sounds crazy right?

Well, it's all about trust, or the lack of it. No one trusts anyone without a proper chain of permission. Utilizing 2FA, concepts of port knocking, and CA certificates are used to properly vet both the host and the server and are used to keep the whole system safe and as secure as possible.

Sounds great right? Well, and you can imagine, with our interview this week, we find out that it's not prefect, people have to implement their own Zero Trust Networking solution, and unless you are a mature organization, with things like complete asset management, data flow, and configuration management, you aren't ready to implement it.

Join us as we discuss Zero Trust Networking with Doug Barth (@dougbarth), and Evan Gilman (@evan2645)


Direct Link:

Youtube Channel:

iTunes Store Link: 

#Google Play Store:



Jay Beale’s Class “aikido on the command line: hardening and containment”

JULY 22-23 & JULY 24-25    AT BlackHat 2017



Join our #Slack Channel! Sign up at


#iHeartRadio App:


Comments, Questions, Feedback:

Support Brakeing Down Security Podcast on #Patreon:

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Player.FM :

#Stitcher Network:

#TuneIn Radio App:



show notes:


The lines are blurring:







2FA authentication

All good points, except no one wants to do the needful bits (ID’ing information, data flow, proper network design)


Where is this Google article???,1-2608.html


Who benefits from this? Network engineers, apparently… :)



Sounds like a security nightmare… who would get the blame for it failing


How do we keep users from screwing up the security model? Putting certs on their personal boxes?


Prior BrakeSec shows:  Software Defined Perimeter with Jason Garbis


Doug Barth Twitter: @dougbarth


Evan Gilman Twitter:  @evan2645


Runs counter, right? We are used to not trusting the client…


A Mature company can only implement

Device inventory

Config management

Data flow

Asset management



Brownfield networks

Sidecar model -

Certain OSes not possible