Zero Trust - CompTIA Security+ SY0-701 - 1.2.5

Zero Trust

A security model based on the principle of maintaining strict access controls and not trusting anyone by default, even those already inside the network.

Zero trust security

- Every person and every device that accesses a network must be secured

• Within the organization

• Outside of the organization

- Least-privilege access

• User is only given access needed to perform job

- Microsegmentation

• Break up security perimeters into small zones

• Maintain separate access

- Multifactor authentication (MFA)•Single access method is not adequate

Planes of Operation

Defined as splitting networks into functional planes

- Physical

- Virtual

- Cloud Components

Data plane

Used for Tunneling, User data and application data

- Process the frames, packets, and network data

- Processing, forwarding, trunking, encrypting, NAT

Control Plane

The process of decision making, such as routing, blocking, and forwarding, that is performed by protocols.

- Manages the actions of the data plane

- Define policies and rules

- Determines how packets should be forwarded

- Routing tables, session tables, NAT tables

Adaptive Identity

- Consider the source and the requested resources

- Multiple risk indicators - relationship to the organization, physical location, type of connection, IP address, etc

- Make the authentication stronger, if needed

Threat Scope Reduction

Decrease the number of possible entry points

Policy-Driven Access Control

Entails developing, managing, and enforcing user access policies based on their roles and responsibilities

security zone

A method of isolating a system from other systems or networks.

Can be implemented by creating different groups of the following

- Trusted zone, untrusted zone

- Internal network, external network

- VPN 1, VPN 5, VPN 11

- Marketing, IT, Accounting, HR

Policy Enforcement Point (PEP)

Part of ABAC Architecture.

Protects the resources being access.

Generates authorization request and send to the PDP.

Policy decision point

a process for making an authentication decision

Policy Engine

It is a security component that validates whether an actor is allowed to access a protected resource, following the requirements in an access policy.

Policy administrator

An employee responsible for the creation, revision, distribution, and storage of a policy in an organization.

Zero Trust Model/Architecture

Replaces Trust, but verify as security design principle by asserting that all activities attempted, by all users or entities, must be subject to control, authentication, authorization, and management at the most granular level possible. NIST and others have proposed zero trust architectures as guidance frameworks for organizations to use as they combine microsegmentation, access control, behavior modeling, and threat intelligence (among other techniques) in moving toward a zero trust implementation.