April 06, 2017
Shannon Room - Maxell building a.105
The traditional approach to networking security is to use a firewall based on Layer3/Layer4 information.
However, the industry has evolved over the last decade from monolithic predictive processes that would translate to a couple network endpoints to the massive scaling that you get today with scaled micro-services and
cloud-native applications. The dynamic nature and scale of micro-services make it difficult to keep a typical White/Black list firewall model for a network.
This talk will explain the concept behind Zero-Trust networking, and how adding the endpoints context and identity to a network stack can alleviate these issues.
More specifically, we will look into how the TCP stack can be modified in order to add any endpoint’s metadata and how this can be used with Orchestration systems such as Kubernetes to provide large-scale distributed
network policing.
Bernard Van de Walle is a former student of the UCL and is currently working for a startup company in California, Aporeto.