Call for participation: CSA NHP whitepaper peer review #1293
Description
Peer Review : Applying ZT Principles with Network-Infrastructure Hiding Protocol - Stealth Mode for Network Infrastructure
The CSA Zero trust Network Pillar workgroup has been enhancing the CSA's suite of Software Defined Perimeter (SDP) research, including adding a Network-Infrastructure Hiding Protocol (NHP) specification that enhances the earlier SDP Single Packet Authorization (SPA) protocol. This whitepaper presents NHP as a strategic solution for protecting network infrastructures against all threats, with comprehensive technical specifications to support its implementation. Review comments can be added as replies to this post and/or as comments and suggestions in the document itself.
ABSTRACT: Our core TCP/IP networking systems and protocols have been with us since the 1970s, and have in many ways served us well. Their inherent openness and interoperability have sparked incredible innovation and significantly changed our world. However, these systems were designed to facilitate easy connection, rather than to fend off malicious actors. As Vint Cerf, who personally designed many of these components, stated, "We didn't focus on how you could wreck this system intentionally. You could argue with hindsight that we should have, but getting this thing to work at all was non-trivial." [see The real story of how the Internet became so vulnerable | The Washington Post]
It should be clear that TCP/IP's default network visibility has enabled much of today's malicious activity. Given our current threat landscape and the widespread adoption of Zero Trust as a set of principles and best practices, we believe that we now have an imperative to pivot our core networking technologies to a default-deny stance.
The Network-infrastructure Hiding Protocol (NHP) introduces an innovative Zero Trust security approach that significantly reduces the attack surface and prevents unauthorized access before exploitation can occur. NHP builds upon and extends the Single-Packet Authorization (SPA) technology initially outlined in the Cloud Security Alliance Software-Defined Perimeter (SDP) specification, representing the third generation of network hiding technology.
This whitepaper presents NHP as a strategic solution for protecting network infrastructures against all threats, with comprehensive technical specifications to support its implementation.