🌐

Network Security Evolution

Jun 11, 2025

Overview

The lecture discusses traditional network security methods, the shift to zero trust architecture, adaptive authentication, assigning proper access rights, and the role of Secure Access Service Edge (SASE) in modern security practice.

Traditional Network Security

  • Networks were protected mainly at the edges to control who entered or exited.
  • Once inside, most of the network was broadly accessible, creating security risks.

Zero Trust Security Approach

  • Zero trust treats every user, device, and application as untrusted by default.
  • All network traffic is checked and verified, regardless of origin or destination.
  • Technologies like authentication, encryption, firewalls, and monitoring are implemented within the network.

Adaptive Authentication

  • Authentication usually requires a username and password, sometimes with additional factors.
  • Adaptive identity considers who is authenticating, their employment history, geographic location, IP address, and connection type.
  • Risk-based authentication may require more checks for logins from unusual locations or devices.
  • Access may be denied even with correct credentials if other factors seem suspicious.

Authorization and Access Rights

  • Once authenticated, users are assigned permissions based on their roles and needs.
  • Access depends on user job function, location, and device security (e.g., verified company laptop).
  • Rights and permissions should be limited strictly to job requirements to minimize risk.
  • Avoid granting administrative access unless necessary, as it increases the risk from malware.

Security for Remote and Distributed Users

  • Users and applications may be globally distributed (office, home, field, cloud, or private data center).
  • Secure communication is required regardless of user or application location.

Secure Access Service Edge (SASE)

  • SASE is a cloud-based security framework, like a next-generation VPN.
  • Security technologies move to the cloud, near the application data.
  • A SASE client on user devices enables secure connection from any location.
  • Features include network as a service, quality of service, routing, firewalls, and DNS security.
  • SASE connections are automatic, requiring no action from users.

Key Terms & Definitions

  • Zero Trust — A security model where nothing inside or outside the network is trusted without verification.
  • Adaptive Authentication — Authentication that adapts requirements based on user, device, location, and risk factors.
  • SASE (Secure Access Service Edge) — A cloud-based platform delivering secure network access and security services.
  • Authorization — The process of granting users specific access rights based on their identity and role.

Action Items / Next Steps

  • Review internal security policies for implementation of zero trust principles.
  • Evaluate current authentication and access controls for adaptability and minimum privilege.
  • Study SASE architecture for possible integration into existing network infrastructure.

Full transcript