Time
1 hour 17 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:01
welcome back. So we're gonna cover the learning objectives for our next section, which is placed in trust in Zero Trust.
00:08
And our first topic, of course, is going to be How do we place trust in zero trust?
00:14
Then we're gonna move on and we will take a look at what trust means in a zero trust network. Then
00:23
we must understand how we manage that trust.
00:27
And so we move on toe, have a brief discussion on public key infrastructure and the role it plays in zero trust.
00:35
Stick around more to come
00:39
place in trust and zero trust.
00:42
So we now know that the Zero Trust Network is a network that should be seen as completely untrusted.
00:49
Now, this model does not want an administrator to secure local server any differently than he or she would if that server were accessible on the Internet
01:00
and all host must be seen as Internet facing.
01:03
So hopes that are entrusted zones cannot simply provide user and host identification in the form of a user name and password.
01:12
Strong encryption is required,
01:15
but strong authentication is required as well.
01:19
In the zero trust model, there is a control plane and a date, a plane. And in between that is the components authentication and authorization.
01:29
The control plane sets the policies that dictate if the connection will be allowed or denied
01:36
the dead. A plane simply sends the request. If the right attributes are present
01:41
and the control planes policies,
01:44
they allow that action for the user. The device in the application
01:49
as an administrator or engineer, were placed in trust in the control plane and preparing a trust score
01:56
that determines entry.
01:57
So keep in mind that this isn't just occurring at the perimeter, but throughout the network and the zones that have been created.
02:13
So what is trust?
02:15
Trust in a zero trust network is strong authentication and least privilege.
02:20
You know, we talked about, Ah, the putting together of more than one attribute to authenticate our users and devices, but least privilege also helps to build trust,
02:31
you know, least privilege is the notion that a user device or application should only be allowed. The privilege is required to perform the task it was given.
02:43
Scope. Creep
02:44
is the act of given permissions that are desired, more so than required and can lead to accidental misuse
02:52
or intentional attacks by user
02:55
device or an application.
02:58
An example would be the use of an application. Instead of using our own account to run that application service,
03:06
you would want to create a service account
03:08
and on Lee provided with the required privileges and these to perform the service it was purchased for or developed for.
03:15
We could even try and take it a step further if the environment uses Microsoft's active directory system.
03:23
You know, with that system, we can specify accounts should be interactive or non interactive in terms of its logging ability.
03:31
You know what? What that means is, if you configure a service account to have non interactive log in on your domain than if that account was compromised, the attacker wouldn't have the ability to actually sign in. Tow a host when prompted at Let's say, windows log in screen.
03:47
So it's these extra vantage points you have when you use the zeros trust concept.
03:54
And when you shift to that model, there's these functions that you can use. You can pull out of your active directory systems or really any system that you're using
04:05
to ah Tau achieve zero trust throughout your network and throughout your zones.
04:14
So trust management, you know, manager and trust will come down to strong authentication.
04:18
Now, generally, an appliance, physical or virtual will review the i p address of the remote system and then simply check the password after a credential Prompt is building.
04:30
But with zero trust, things like device posture and client base certificates should be used in conjunction with the using the password.
04:39
You know, when I was thinking about authentication, something really moved in my spirit and my mind and I want to share it with you. Now Be patient with me because
04:47
I am going somewhere with this. Just listen
05:00
the
05:04
they
05:11
such a great song That brings me back to my childhood.
05:15
So does anyone know who or what group is responsible for this song?
05:19
And it's okay if you don't, because
05:23
if you get it right or wrong, I would encourage you to listen to that song
05:27
after this course on after I tell you the answer, right?
05:31
So it's the British rock group Queen,
05:34
and this song was a big part of the soundtrack toe eighties movie.
05:39
Does anyone know that movie
05:44
now? Same rules apply here right or wrong. I will encourage you to check out. It's a cult classic,
05:50
Um, when you have some free time.
05:53
So that movie is Highlander,
05:56
and the reason the song and movie come to mind
06:00
is really the tag line for the movie. There can be only one,
06:03
and that's true with authentication, right? Only one person should be able to say I am Mario Bardwell and authenticate toe a computer or application. Only one device should be able to authenticate with his own credentials, whether that be via a client base certificate
06:20
to access another device or service.
06:24
So, just like Highlanders
06:26
authenticity that we can see and hear,
06:30
he says it in his famous line. I am Duncan Macleod of the Clan Macleod.
06:35
And that's what we want for our networks, right? Never really trusted, but always verifying.
06:42
And how does Duncan Macleod of the clan Macleod verify that he is who he says he is?
06:47
We'll watch the movie and find out
06:50
now it is rated R, so it would be best not to watch it around Children.
06:55
Okay, let's move on and discuss P k I N zero Trust

Up Next

Zero Trust Networks

In the Zero Trust Networks training course, students will be introduced to the basics of the zero trust model as it’s applied to users, devices, applications, and network traffic. The course covers zero trust concepts used to protect a company’s networks.

Instructed By

Instructor Profile Image
Mario Bardowell
Instructor