By Sanjay Seth
7 months ago
65
0

The Evolution of Network Security and the Imperative of Zero-Trust

I have been around this game since early 90s; network admin from 1993, managing voice and data multiplexing over PSTN. Back in the days when network security, for the most part, meant trying to keep weather off the wires and hoping nobody accidentally unplugged something important. Then came the Slammer worm. That was a harsh reality check for all of us. I experienced my first live demonstration of how a single line of malicious script could disrupt the installation in minutes. Cybersecurity got very real very fast for me — much more than a simple IT checkbox.

Fast forward to today. I own a security company, P J Networks Pvt Ltd, and completed zero trust upgrade for 3 banks. I’m still catching my breath after DefCon, in particular the hardware hacking village which left me full of ideas (and some mild anxiety). The true story for zero-trust is that it is not another buzzword. It’s a necessity. And I want to tell you why, because believe me as someone who is going through it right now, with many a cup of coffee under my belt and an occasional misplaced semicolon or two.

Why Zero-Trust? Old School Network Mindset Deceased

The old days networks were as closed as locked garages…you had a key to 100 garages.–a password. But now, that is a huge bet. Slammer worm: A public health cyber attack of its time, propagating everywhere within networks due to trust. Things have changed. Solution architects will no longer be able to rely on perimeter-based security like a moat placed around them, with once inside the gates that fortress was your true blessing.

This term is otherwise called ZERO-TRUST and it simply means never trust, always verify. No exceptions. It goes way beyond just access control — it is authenticating everyone, every device, every time.

Thing that recently brought me to realize working with banks on implementation of this concept was following two:

Every request to access is malicious until it proves otherwise.
Devices should be monitored live and not just when you login

Segmentation is also your friend because, avoid a walking key to everything for the attackers.

MFA is not voluntary; it is an MFA must have.

Yes, I know that some organizations just think all this is annoying. But here is the dealie, your security policy should be risotto level strict. You can’t rush it. Take shortcuts, and you get gumption.

Examples From Personal Life- Success And Failures

One of the banks I was taking to at that time just wanted a quick-win on their “old insecure legacy systems” and believed if they found an antivirus with AI-powered detection mechanisms they could solve everything. I was skeptical from day one. Yes, AI can lend a hand, of course… but call me old-fashioned; Ive seen how ‘AI-powered’ often feels like marketing fluff.

We instead fell back to network segmentation and rigorous zero trust policies with the continuous monitoring of everything.

And guess what? Malware that would have been able to run free after a phishing hit was stonewalled — not by AI, but thanks to a strict policy and user training (yes, people still count!)

I watched a demo one time at DefCon’s hardware hacking village which changed my perspective on security hardware entirely. Originally, the hacker demonstrated — with no small amount of irritation and eyes rolling — how a so-cool vintage router exactly like the ones I used to setup in 90s can have its physical self-tampered-with to grant persistentspawn access. That means no software, or firewall etc. just a fancy detection. Just good old hardware vulnerabilities.

Hardware security is just one example, and for our purposes, I will still argue it is often overlooked.

When you invest in physical devices, firewalls, servers or routers, do not forget: parasites are everywhere. The physical layer still bites.

Fast Take: Next Steps for You as a Company

I get you. You’re busy, probably drowning in jargon and wondering where to start. Here’s a quick checklist for zero-trust based immediate cybersecurity posture upgrade:

Inventory Your Assets. Know every device and user on your network; never guess.
Segment your Network crazily. Don’t leave any room for roam to attackers
Enforce MFA. Everywhere and anywhere possible
Implement Continuous Monitoring. Think alerts, not reports.
Hardware Security, too: locks, access controls, firmware updates
Your People, too: phishing is going nowhere

Why Password Policies Drive Me Crazy

I will level with you: I hate passwords. Companies either make them too weak or too complicated, leading to their users writing them on sticky notes on the monitor. A brief summary of passwords:

Complexity helps, but it never solves
Regular password changes are more a loss of time unless you have proofs of the contrary
Again, combine, educate your users—unlocked car keys never stopped a car theft.

Reflecting on My Early Days vs Today

I remember pensioning multiplexers for the PSTN – it was like handling a mechanical wristwatch when compared to today’s 4G smartwatch. Back then, an attack was a brute force. Today, it is a small-package delivered by a drone. Yet, wisdom never changes:

Security is first a matter of people, then of technology.
Always expect the unexpected: attacks, but your teams, too.
I made lame errors, too—I accidentally disabled a firewall ruleset once and noticed it hours later. Taught me that double-checking was not optional—it was vital.

Skeptical About AI? You’re Not Alone

Look, AI is the hot topic. Yet I am hedging my bets a little. FAR too many ‘AI-powered’ tools claim to be magic wands that will do everything with minimal effort. Alright, reality check: AI is a tool, not a magic wand. You still need solid fundamentals.

The biggest risk? This can give businesses an illusion of safety, leading them to depend too much on AI. “our AI will detect all”—famous last words

However, I am an open-minded person and keep the tab of this space very closely. It is exciting; however, do not throw your firewalls and zero-trust policies to the side just yet.

Conclusions by This Just Marginally Jacked on Coffee Consultant

The security landscape is always changing, but some fundamentals remain steady. Zero-trust architecture is not an IT luxury, but rather it has become a necessity for any business, which deals with sensitive shareholder information (e. g., Banks or Healthcare) to prevent a continuous set of external threats.

My one off-the-cuff piece of advice, if I could give you? Be this:

As you ponder these questions, never stray too far from the basics—solid policies, segmented networks, hardware security and employee training are all part of your armoury, so make sure they remain firmly in place as you dabble with AI.

Just that this battle is never won (if there is anything to be taken from my 30+ years). At the end of the day you just have to layer your defense and hold onto a little skepticism so you can sleep at night.

Oh, by the way—if you need someone to talk about routers, zero-trust, or why password policies must die in a fire—drop me a note. Iʼm just sitting here with my fourth coffee because I’m sad and lonely and desperate to shop.

Sanjay Seth
P J Networks Pvt Ltd
Cybersecurity Consultant since 1993