Zero Trust

Question 1

Zero Trust

Answer 1

It is a holistic approach to network security that covers every device, every process, every person

Question 2

More facts about zero trust

Answer 2

Everything must be verified, nothing is inherently trusted. Multi-factor authentication, encryption, system permissions, additional firewalls, monitoring and analytics, etc

Question 3

Planes of Operation

Answer 3

Split the network into functional planes. Applies to physical, virtual, and cloud components

Question 4

Data plane

Answer 4

-Process the frames, packets, and network data
-Processing, forwarding, trunking, encrypting, NAT

Question 5

Control Plane

Answer 5

-Manages the actions of the data plane
-Defines policies and rules
-Determines how packets should be forwarded
-Routing tables, session tables, NAT tables

Question 6

Adaptive identity

Answer 6

-Consider the source and the requested resources
-Multiple risk indicators - relationship to the organization, physical location, type of connection, IP address, etc
-Make the authentication stronger, if needed

Question 7

Threat Scope Reduction

Answer 7

-Decrease the number of possible entry points

Question 8

Policy-Driven Access Control

Answer 8

-Combine the adaptive identity with a predefined set of rules

Question 9

Security zones

Answer 9

Security is more than a one-to-one relationship. Broad categorizations provide a security-related foundation.

Question 10

Where are you coming from and where are you going?

Answer 10

-Trusted, untrusted
-internal network, external network
-VPN 1, VPN 5, VPN 11
-Marketing, IT, Accounting, Human Resources

Question 11

Zones

Answer 11

Using the zones may be enough by itself to deny access. For example: Untrusted to Trusted zone traffic. Some zones are implicitly trusted. For example: Trusted to Internal zone traffic

Question 12

Policy Enforcement Point

Answer 12

You can think of it as a gatekeeper.
Subjects and Systems
-End users, applications, non-human entities
-Allow, monitor, and terminate connections can consist of multiple connections working together

Question 13

PEP

Answer 13

Policy enforcement point

Question 14

PDP

Answer 14

Policy Decision Point

Question 16

Applying trust in planes

Answer 16

-Policy Decision Point
There’s a process for making an authentication decision
-Policy Engine
Evaluates each access decision based on policy and other information sources. Grant, deny, revoke
-Policy Administrator
Communicates with the policy enforcement point, generates access tokens or credentials. Tells the PEP to allow or disallow access