1.2e - Zero Trust: Professor Messer (Security+)

Zero Trust

A security model requiring strict verification and authentication for resource access, applied to every device, user, and process.

Data Plane

The part of a network that carries user traffic and is responsible for forwarding network data (packets) to their destination.

Control Plane

Network component that manages actions such as port forwarding policies and controls over what data traverses the network.

Adaptive Identity

Examination of an individual’s identity based on gathered information during authentication, using proper credentials and contextual data.

Limiting Access Points

Restricting the ways individuals can access internal resources, such as connection to specific IP addresses or VPNs.

Policy-Driven Access Control

Enforces security policies determining who can access which resources based on predefined criteria.

Security Zones

Specific areas within a network to minimize the attack surface by separating and controlling access based on security requirements.

Implicit Trust

Use of a security zone to provide access based on pre-established criteria.

Policy Enforcement Point (PEP)

A component in Zero Trust architecture that validates user identities and device security before granting access.

Policy Decision Point (PDP)

Component in Zero Trust architecture that makes authentication decisions and forwards them to the Policy Enforcement Point.

Policy Administrator

Communicates with the Policy Enforcement Point to manage access and generates access tokens or credentials.

Policy Engine

Evaluates and makes authentication decisions based on security policies.