14,932
edits
Changes
→Advantages & Complications
==Principles==
==Principles==
# Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location or asset ownership.
# Never trust, always verify.<ref>[https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture What is a Zero Trust Architecture, Palo Alto Networks]</ref>
# Zero trust focuses on protecting resources (assets, services, workflows, and network accounts), not network segments.
# No assumptions about assets or user accounts based solely on their physical or network location or asset ownership.
# Protect resources (assets, services, workflows, and network accounts), not network segments.
# Trust is a vulnerability.
# least privilege<ref>[https://www.beyondtrust.com/blog/entry/what-is-least-privilege What is least privilege, Beyond Trust]</ref>
==History==
Zero Trust was created by [[John Kindervag]], while he was vice president and principal analyst at [[Forrester Research]].<ref>[https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture What is a Zero Trust Architecture, Palo Alto Networks]</ref> The COVID-19 Pandemic expedited the development and deployment of zero trust architectures.<ref>[https://finance.yahoo.com/news/zero-trust-security-market-size-113000164.html Zero Trust Security Market, Yahoo Finance]</ref>
==Zero Trust Architecture==
==Zero Trust Architecture==
Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established.
Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established.<ref>[https://csrc.nist.gov/publications/detail/sp/800-207/final SP 800-27, NIST]</ref>
===Components===
The following components do not make a system trusted; they work together to eliminate trust:<ref>[https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture What is a Zero Trust Architecture, Palo Alto Networks]</ref>
* Protect Surfaces generally includes the most important data, assets, applications, and services (DAAS) in an organization;
* Attack Surfaces;
* A microperimeter goes anywhere the protect surface goes;
* A segmentation gateway, aka a next-generation firewall, allows traffic or legitimate applications to access the protect surface;
* The Kipling Method defines a zero trust policy based on who, what, when, where, why, and how; and
* A Zero Trust policy determines who can cross the microperimeter, stops access to protect surfaces by unauthorized users, and prevents sensitive data exfiltration. More specifically,
:* the policy engine grants, revokes, or denies user access to requested enterprise resources;
:* the policy enforcement point (PEP) enables, terminates, and monitors connections between users and enterprise resources; and
:* the policy administrator sends commands to the PEP based on policy engine decisions to allow or deny users’ connections to a requested resource.<ref>[https://www.ekransystem.com/en/blog/zero-trust-security-model Zero Trust Security Model, Ekran]</ref>
===Pillars===
The seven pillars in the DOD Zero Trust Architecture include:<ref>[https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf Zero Trust Reference Architecture V.1 Feb 2021, DOD, pgs 27-28]</ref>
====User====
Securing, limiting, and enforcing person, non-person, and federated entities’ access to DAAS encompasses the use of ICAM capabilities such as multi-factor authentication and continuous multi-factor authentication.
====Device====
The capacity to identify, authenticate, authorize, inventory, isolate, secure, remediate, and control all devices is essential. Real-time attestation
and patching of devices in an enterprise are critical. Possible options include Mobile Device Managers or Comply to Connect programs and assessments for every access request: examinations of compromise state, anomaly detection, software versions, protection status, and encryption enablement.
====Network/Environment====
logically and physically segment everything in order to isolate and control organizations with granular access and policy restrictions.
====Applications/Workload====
This category spans the complete application stack from the application layer to the hypervisor.
====Data====
Zero Trust protects critical DAAS. Thus, organizations must categorize their DAAS in terms of mission criticality.
====Visibility & Analytics====
Details are needed on performance, behavior, and activity baselines across other Zero Trust pillars to detect anomalous behavior and make dynamic changes to
security policy and real-time access decisions.
====Automation & Orchestration====
Enterprises needed to automate manual security processes to take policy-based actions fast and at scale.
===Difference between Layers 3 & 7===
{| class="wikitable"
! Layer 3 !! Layer 7<ref>[https://www.paloaltonetworks.com/blog/2019/05/network-layers-not-created-equal/ All Layers Are Not Created Equal, Palo Alto Networks]</ref>
|-
| The layer where information is evaluated based only on IP address, port or protocol. || This layer is much more specific. Information is evaluated based on the application being used.
|-
| It is limited by the lack of information that can be seen. IP addresses can be spoofed. Simple port scans uncover all open ports. Thus, attackers can encapsulate stolen data and exfiltrate them across the open port. The protocol is a metadata tag to help the administrator understand the type of traffic that is supposed to be traversing a specific port. || The 4th step in the Forrester five-step methodology to a Zero Trust network is to write policy rules for the segmentation gateway based on the expected behavior of the data and the user or applications that interact with that data.
|-
| Adversaries know how to bypass Layer 3 controls || Due to the granularity of the policy, it can only be done at Layer 7.
|}
==Advantages & Complications==
Zero trust is possible, but implemented incorrectly, it can disenfranchise users.<ref>[https://www.techrepublic.com/article/zero-trust-the-good-the-bad-and-the-ugly/ Zero trust: The good, the bad and the ugly, Tech Republic]</ref><ref>[https://www.ekransystem.com/en/blog/zero-trust-security-model Zero Trust Security Model, Ekran]</ref>
{| class="wikitable"
! Pros !! Cons
|-
| Increased resource access visibility || Configuration challenges
|-
| Decreased attack surface || Insider threats
|-
| Improved monitoring || Dependence on the policy decision point
|-
| || Technical Debt (Redesigning, recoding, and redeploying internal applications can be costly and potentially disruptive)
|-
| || Legacy applications, infrastructure, and operating systems have no concept of least privilege, lateral movement, or dynamic, context-based authentication models
|-
| || Peer-to-peer (P2P)/mesh network technologies (used in Windows 10, for instance) do not work with access and microperimeter controls.
|-
| || Large deployments of a zero-trust model, such as that needed for [[Cloud Computing|Cloud]], DevOps, and [[IoT]], are going to be cost-prohibitive.<ref>[https://www.beyondtrust.com/blog/entry/why-zero-trust-is-an-unrealistic-security-model Why Zero Trust is an Unrealistic Security Model, Beyond Trust]</ref>
|}
==Addressing Misconceptions==
Kindervag is very concerned with correcting vendors and the public's misunderstandings about Zero trust. He argues,<ref>[https://www.helpnetsecurity.com/2021/04/06/john-kindervag-zero-trust/ Zero Trust creator talks about implementation, misconceptions, strategy HelpNetSecurity]</ref>
# zero trust does not make a system trusted;
# it is much more than identity and multi-factor authentication;
# there is no such thing as a zero trust product
==References==
==References==
[[Category:Cybersecurity]]
[[Category:Cybersecurity]]