Zero Trust (SEC+ 1.2)( DONE)

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/15

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

16 Terms

1
New cards

Zero Trust

Network security covers every device, process, and person whether you are a trusted person or not.

2
New cards

Functional planes of operations

Taking current security devices and breaking them into small individual components

3
New cards

Data Plane

the part of the device that is performing the actual security process and movement of data (Ex. Switch, router, firewall)

4
New cards

Control Plane

Where you manage all of the actions that are occurring in the data plane

5
New cards

Adaptive Identity

Adjusting security measures based on real-time data

6
New cards

What is an example of Adaptive Identity?

Someone is requesting data located in the US but is using an IP address that’s in China. So we gather additional info to confirm if the user is who they say they are.

7
New cards

Threat Scope Reduction

Limiting how many places can be used to get into the network

8
New cards

Policy driven access control

Combine the adaptive identity with a predefined set of rules

9
New cards

Security zones

instead of seeing a user logging in to a server as a 1 to 1 relationship we look at the overall path of the connection

10
New cards

Policy enforcement point (PEP)

multiple devices working together to provide identification of the users and the traffic

11
New cards

What is an example of using zones to deny access?

Rules that automatically denies access from someone coming from an untrusted zone trying to communicate with someone in a trusted zone

12
New cards

Policy Decision Point (PDP)

This process has 2 parts to make a decision on whether a request is allowed

13
New cards

What are the two policies that make up a PDP?

Policy engine and Policy administrator

14
New cards

Policy engine

Evaluates each access decision based on policy and decides to grant, deny, or revoke

15
New cards

Policy Administrator

Takes the decision from the policy engine and provides it to the PEP. Creating access tokens or credentials

16
New cards

How does the whole zero trust process work?

request from an untrusted zone over the data plane > send to PEP > if need for a policy enforcement, it will tell the policy administrator > sent to policy engine for a decision > policy administrator passes result back to PEP > if allowed, the PEP provides access to the trusted zone / resource