Zero Trust 1.2

Question 1

Zero Trust

Answer 1

Many networks are relatively open on the inside. Once you get through the firewall there are few security controls.

Zero trust is a holistic approach to network security. Covers every device, every process, and every person.

Everything has to be verified. Nothing is inherently trusted. Multi factor authentication, encryption, system permissions, additional firewalls, monitoring & analytics, etc.

Question 2

Planes of operation

Answer 2

Split the network into functional planes. Applies to physical, virtual, and cloud components.

Data Plane. Process the frames, packets, and network data, processing, forwarding, trunking, encypting, NAT.

Control Plane. Manages the actions of the data plane. Define policies and rules, determines how packets should be forwarded, routing tables, session tables, and NAT tables.

Question 3

Extend the physical architecture (see vid example)

Answer 3

Separate into functional tasks. Incorporate into hardware or software.

Question 4

Controlling trust (adaptive identity)

Answer 4

Consider the course and requested resources. Multiple risk indicators- relationship to the organization, physical location, type of connection, IP address, etc. Make the authentication stronger if needed.

Threat scope reduction- Decrease the number of possible entry points.

Policy driven access control- Combine the adaptive identity with a predefined set of rules.

Question 5

Security Zones

Answer 5

Secuirty is more of a 1 to 1 relationship/ Broad categorizations provided a security related foundation.

Where are you coming from and where are you going. Trusted, untrusted. Internal network, external network. VPN 1, VPN 5, VPN 11. Marketing, IT, Accounting, Human resources.

Using the zones may be enough by itself to deny access. For example, untrusted to trusted zone traffic.

Some zones are implicitly trusted. For examples trusted to internal zone traffic.

Question 6

Policy enforcement point

Answer 6

Subjects and systems- End users, applications, non-human entities.

Policy enforcement point (PEP). The gatekeeper.

Allow, monitor, and terminate connections. Can consist of multiple components working together.

Question 7

Applying trust in the planes

Answer 7

Policy decision point. Theres a process for making an authentication decision.

Policy engine. Evaluates each access decision based on policy and other information sources. Grant, deny, or revoke.

Policy administrator. Communicates with the policy enforcement point, Generates access tokens or credentials. Tells the PEP to allow or disallow access.

Question 8

Zero Trust across planes (See video)