“Never trust, always verify” is shifting from the adage of crazy girlfriends everywhere to the motto of cyber security experts across the globe.The Zero Trust Model of cyber security is one that focuses on the belief that both internal and external networks cannot be trusted.
A term originally coined by Forrester Research, "Zero Trust," is a data-centric network design. It puts micro-perimeters around specific data or assets so that more-granular rules can be enforced. “With Zero Trust there is no default trust for any entity — including users, devices, applications, and packets — regardless of what it is and its location on or relative to the corporate network.”What’s more, Zero Trust networks solve the "flat network" problem that allows attackers to move undetected inside corporate networks, stealing sensitive data.By establishing Zero Trust boundaries that compartmentalize various segments of the network, you can protect intellectual property from unauthorized applications or users, reduce the exposure of vulnerable systems, and prevent the movement of malware throughout your network.While a relatively older model, first debuted in 2009, it is still being talked about due to the lack of adoption by organizations but presumed benefits.If you’re wondering, “why the hesitation?”“Full implementation of the Zero Trust model in the enterprise world requires multiple switch stacks connected to a high-speed core to handle the segmentation, often made up of multiple appliances or software packages. This approach is complex and expensive, and thus beyond the current reach of much of the business world,” states ComputerWorld.com.Before we delve into what this model can accomplish, and how to go about it in a more manageable way, let’s look at the basics.Subnetting
is the strategy used to partition a single physical network into more than one smaller logical sub-networks (subnets). An IP address includes a network segment
and a host segment.Micro-segmentation
refers to the process of segmenting a collision domain into various segments. Micro-segmentation is mainly used to enhance the efficiency or security of the network.Distributed firewall
is a host-resident security software application that protect the enterprise network's servers and end-user machines against unwanted intrusion. They offer the advantage of filtering traffic from both the Internet and the internal network. This enables them to prevent hacking attacks that originate from both the Internet and the internal network.Service Composer
is a built-in tool that defines a new model for consuming network and security services; it allows you to provision and assign firewall policies and security services to applications in real time in a virtual infrastructure.
So, how exactly does the Zero Trust Model work from a technical standpoint?Netwrokinferno.net recommends the use of micro-segmentation whereby the distributed firewall allows administrators “to wrap security controls around the virtual machine itself, removing the dependence on in-guest firewalling which is often easily compromised by application based exploits. In addition, having a firewalling capability… at the point of entry to the network allows for a vastly different approach to the traditional multi-tier app equals multiple-subnets in the network…”“Segmentation is based on how data is being used, which enables the aggregation of similar virtual machines and the ability to secure virtual machines by default,” said John Kindervag, principal analyst at Forrester Research.With distributed firewall, a single layer network segment can now be split into “micro-segments” where all that’s needed is a security policy to define the different application tiers.Next, you implement a service composer to provision and assign firewall policy and security services to applications in a virtual infrastructure. You map these services in the form of a policy.Of course, I’m only scratching the surface of technical detail, but hopefully the general concept is clear.My main point is to discuss how beneficial this model seems to be and educate you on some of the concepts that make it possible.Now, I want to share a simple list for how organizations can implement Zero Trust, assuming they have the means to do so.
- Identify toxic data
- Map how that data flows
- Build your Zero Trust network
- Create your automated rule base
- Monitor your network
Benefits for applying this model at the enterprise level include: scalability, its’ application to all industries, lack of dependence on specific vendors, secure access regardless of location and access control occurs on a ‘need-to-know’ basis.Perhaps most importantly, the network is designed from the inside out.
Any IT professional with a deep understanding of networks can add a lot of value to their organization, so understanding core concepts like Subnetting
is critical to managing the Security Architecture.Creating subnets allow an organization to divide the physical network into several logical networks. Network segmentation through subnetting allows for easier management and improved security. To be able to subnet, one first must understand binary to decimal conversion.The Cybrary Subnetting Skill Certification Course
teaches how subnetting works, how IP addresses are broken down, and the purpose of subnetting in security and network administration, as well as what network components are represented. This course will also prepare you to explain network classes, dot-decimal notation, CIDR notation, subnet masks, and routing.For a limited time, use code: GOTMYSUBNETCERT to take the Subnetting Skill Certification FREE!Olivia Lynch (Cybrary_Olivia)
is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the field of cyber security. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.