Lecture Notes on Zero Trust Networks

Introduction to Network Security

• Traditional network security often stops at the firewall.
• Internal network is open with limited checks, allowing unauthorized access.

Transition to Zero Trust Security

• Zero Trust Concept: Requires authentication for every resource access.
  • Applies to every device, process, and user.
  • Emphasizes 'trust no one, verify everything'.
  • Involves multi-factor authentication, data encryption, and additional security policies.

Implementing Zero Trust

• Breaking Security into Functional Planes:
  • Data Plane: Performs security processes (e.g., packet forwarding, NAT, routing).
  • Control Plane: Manages security actions, policies, and device configurations.
  • Applies to physical, virtual, and cloud-based devices.

Adaptive Identity and Security Controls

• Adaptive Identity: Evaluates user's authentication using additional information.
  • Factors include IP address location, user relationship to the organization, physical location, connection type, etc.
  • Can trigger stronger authentication measures if necessary.

Policy-Driven Access Control

• Security Zones: Categorize connection sources and destinations.
  • Allows rules and policies between zones (e.g., trusted vs. untrusted).
  • Can set implicit trust where applicable (e.g., internal communications).

Policy Enforcement and Decision Points

• Policy Enforcement Point (PEP): Evaluates and enforces network policies.
  • Acts as a gatekeeper for all network traffic.
• Policy Decision Point (PDP): Makes decisions based on authentication and predefined security policies.
  • Results are communicated to PEP through a policy administrator.

Comprehensive Zero Trust Model

• Integration of subjects, systems, and zones through PEP and PDP.
• Ensures only authorized access to enterprise resources.