2.2 Zero Trust

0.0(0)
studied byStudied by 0 people
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/6

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

7 Terms

1
New cards

Zero Trust

Zero trust (ZT) is a security framework requiring all subjects, assets, and workflows to be authenticated, authorized, and continuously validated before being granted or keeping access to applications , and data.

2
New cards

Zero Trust View of a Network

No implicit zone trust

No ownership assumptions

Insecure connections assume all any remote subjects networks are assumed to be malicious

Consistent Security policy

3
New cards

Core principles of Zero Trust

Continuous Verification

Access Limitation

Limit the Blast Radius

Automate

4
New cards

Control Plane

The control plane is used by infrastructure components to maintain and configure assets, access control, and communication security. In a ZT environment, requests for access are made through the control plane.

5
New cards

Data Plane

The data plane is used for communication (moving data) between software components.

6
New cards

ZTA

Zero Trust Architecure

<p>Zero Trust Architecure</p>
7
New cards

Zero Trust Logical Components

Policy Decision Point(PDP): Functions as a gatekeeper. Has the PE and PA inside

Policy Engine (PE) Responsible for the ultimate decision to grant access to a resource for a given subject

Policy Administrator (PA) Generates any session-specific authentication and authentication token, or credential used to access an enterprise rescource.

Policy Enforcement Point (PEP) responsible for enabling, monitoring, and eventually terminating connections between a subject and an enterprise rescource.