Examining the Principles of Zero Trust

Description: In this episode, we'll examine Zero Trust, which is a modern security strategy, and we'll explore how the Zero Trust model is applied to the control and data planes in networking.

What is the Zero Trust model?

The Zero Trust model is built on the principles of Never Trust, Always Verify approach to modern security, and it assumes no user or device should be inherently trusted.

What is the NIST SP-800-207?

NIST SP-800-207 = Zero Trust (ZT) provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege, per-request access decisions in information systems and services should a network be viewed as compromised.

How to manage the security perimeters with Zero Trust?

Zero Trust helps ensure that an organization's data and components are secure by utilizing network and traffic segmentation. It's important to first understand these concepts from a network perspective and then advance to the security aspect.

There are two types of data flow:

• North-to-south: Data moves from the internal network to the external network, often involving communications from inside an organization's infrastructure to the internet or external servers.

• East-to-west: Data moves between devices or systems within the same network or security zone, highlighting internal communication of threats. This also is known as lateral movement.

What is the control plane?

In networking, the control plane manages and directs the configuration and behavior of networking devices, making high-level decisions about how data traffic is forwarded and controlled within a network.

To implement Zero Trust in the control plane, you must have:

• Adaptive identity

• Threat scope reduction

• Policy-driven access control

• A policy administrator

• A policy engine

What is Adaptive identity?

Is constantly evaluating and adjusting how users are identified and how privileges and access are determined.

What is Threat scope reduction?

Minimizes an organization's potential attack surface and vulnerabilities.

What is Policy-driven access control?

Governs and restricts user access to resources based on predefined rules and conditions, ensuring compliance with security policies and minimizing potential risks.

What is a policy administrator?

Is responsible for establishing or shutting down the communication path between a subject and a resource, using commands to relevant Policy Enforcement Points (PEPs).

What is a policy engine?

Is responsible for the ultimate decision to grant access to a resource for a given subject.

What is the data plane?

In networking, the data plane is responsible for handling the actual forwarding and routing of data packets within a network, facilitating the movement of information between devices.

To implement Zero Trust in the data plane, you must have:

• Implicit trust zones

• Subjects

• System (NIST SP 800-34)

• PEPs

What is Implicit trust zones?

Network segments where communication and data transfer are assumed to be secure. These should be reduced.

What are the subjects?

End users, applications, and other non-human entities that request information from resources.

What is System (NIST SP 800-34)?

A discrete set of resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

What is PEPs?

Responsible for enabling, monitoring, and terminating connections between subject and resources. erminating connections between subject and resources.