Jump to content

Zero Trust: Difference between revisions

From ICANNWiki
← Older editNewer edit →
VisualWikitext
Jessica (talk | contribs)
Bureaucrats, Check users, lookupuser, Administrators, translator
14,952 edits
Jessica (talk | contribs)
Bureaucrats, Check users, lookupuser, Administrators, translator
14,952 edits
Line 11: Line 11:


==Zero Trust Architecture==  
==Zero Trust Architecture==  
Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established.  
Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established.<ref>[https://csrc.nist.gov/publications/detail/sp/800-207/final SP 800-27, NIST]</ref>
===Components===
The following components do not make a system trusted; they work together to eliminate trust:<ref>[https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture What is a Zero Trust Architecture, Palo Alto Networks]</ref>
* Protect Surfaces generally includes the most important data, assets, applications, and services (DAAS) in an organization;
* Attack Surfaces;
* A microperimeter goes anywhere the protect surface goes;
* A segmentation gateway, aka a next-generation firewall, allows traffic or legitimate applications to access the protect surface;
* The Kipling Method defines a zero trust policy based on who, what, when, where, why, and how; and
* A Zero Trust policy determines who can cross the microperimeter, stops access to protect surfaces by unauthorized users, and prevents sensitive data exfiltration.


==References==
==References==


[[Category:Cybersecurity]]
[[Category:Cybersecurity]]

Revision as of 15:00, 10 August 2021

Zero Trust (ZT) is a set of cybersecurity paradigms that focuses on users, assets, and resources instead of static perimeters. Zero trust is a response to trends such as including remote users, bringing one's own device, and cloud-based assets not within an enterprise-owned network boundary. The network location is no longer the prime component of a resource's security.[1]

Principles

  1. Never trust, always verify.
  2. No assumptions about assets or user accounts based solely on their physical or network location or asset ownership.
  3. Protect resources (assets, services, workflows, and network accounts), not network segments.
  4. Trust is a vulnerability.

History

Zero Trust was created by John Kindervag, while he was vice president and principal analyst at Forrester Research.[2]

Zero Trust Architecture

Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established.[3]

Components

The following components do not make a system trusted; they work together to eliminate trust:[4]

  • Protect Surfaces generally includes the most important data, assets, applications, and services (DAAS) in an organization;
  • Attack Surfaces;
  • A microperimeter goes anywhere the protect surface goes;
  • A segmentation gateway, aka a next-generation firewall, allows traffic or legitimate applications to access the protect surface;
  • The Kipling Method defines a zero trust policy based on who, what, when, where, why, and how; and
  • A Zero Trust policy determines who can cross the microperimeter, stops access to protect surfaces by unauthorized users, and prevents sensitive data exfiltration.

References

  1. SP 800-27, NIST
  2. What is a Zero Trust Architecture, Palo Alto Networks
  3. SP 800-27, NIST
  4. What is a Zero Trust Architecture, Palo Alto Networks
Retrieved from "https://icannwiki.org/index.php?title=Zero_Trust&oldid=1331736"