andrewbwm
commented
2 years ago I think that we can probably have authenticated traffic represented by connecting the identity to both end points of the network communication and use a credentials asset belonging to that identity to encrypt the data assets transmitted over the network.
Even though we have broached the subject before it isn't entirely clear to me how we wish to represent VPNs in coreLang. More generally, I am unsure how to model authenticated communications over networks.
This issue resurfaced when trying to implement the Limit Access to Resource Over Network. The technique itself is very broad and depending on the technique it is applied to slightly different mechanisms come into play. Both VPNs and authentication protocols over the network are used by the mitigation.
Presumably we would like to implement authenticated communications via ConnectionRules, but how do we want to represent a network with both authenticated and unauthenticated traffic. The manInTheMiddle defence on the network asset can be used too, but the question regarding how to mix types of traffic remains, splitting one Network asset into two seems cumbersome.