1 hour 17 minutes
so trust in applications will start
by no. One if we can trust the people right in the application in the first place, right? The code the developers,
the device that the application is running on
or running from must also be trusted,
and the application will require continuous monitoring
application. White listing can be introduced to perform a default deny approach,
meaning that everything is denied
and the operator most white list the applications that run on the network.
A really good way to understand application. White Listing versus Application Black Listen is the think of a high end restaurants dress code policy.
Now, if the restaurant has a sign at their front interest, an entrance that states jeans, sandals and tank tops are not allowed, that is a blacklist approach.
So if a customer decides to come into the restaurant with sneakers and a T shirt with stains and holes in it,
they wouldn't have a policy to support the desire to admit that Miss dismissed the customer right.
But if the restaurant has a sign that states on Lee suits for men and pantsuits or dresses covering below the knee for women are allowed,
then everything else is denied
now. I really hope that makes sense, you know, application. White listen is a big job, but it gives us a lot of visibility into what are users air trying to download?
What are developers Air trying to test? And one malicious software may try to plan itself
on your network systems.
So let's look at the options for trusting traffic.
Trust in traffic in a zero trust network will require encryption but also authentication.
Now it's possible to encrypt traffic without authentication,
but it's not wise to do so.
You know, we need to verify the source of the encryption to trust that the content of the encrypted traffic has not changed.
And what I'm talking about is the integrity of the traffic, right. If the encrypted message has no integrity than encryption, by itself is open to misuse by our adversaries,
and what I'm talking about is the integrity of the traffic.
If the encrypted message has no integrity, in Christian, by itself
is open to misuse,
so remember that remember why they need to be paired
now? Trust in traffic from the data center is easier because we know what to expect from the data center.
But traffic that comes and goes on systems which rely on the Internet is much more difficult.
So having to trust the traffic requires what is called pre authentication or single packet authentication.
So pre authentication sets the expectation for that TCP connection that would be made by the unknown client. At that time,
pre op medication keys are in possession of an authorized client, so it's almost like we're talking about a C A or certificates again,
keep that in mind. Now the unknown client will send what it's called, ah, sink packet of synchronization packet in the TCP or TCP through a handshake and then receive the pre op medication or a single packet authentication packet,
which sets the expectations for what should be
in the unknown clients payload that will allow for that acknowledgement.
F. W NOP is an open source, single packed authentication, Um, that provides options, and I encourage you to check that out.
Things a great way to go deeper into our ability to trust traffic on our networks, and many more options are available in regards to trust in traffic
and after you not is open source. So it's something that you contest
today if you wanted.
So a quick recap here we touched on what it takes to trust devices, users, applications in traffic.
This is really just the tip of the iceberg and what we can do and learn
when we're talking about creating D or trust in our networks. Today,
not all of your trust models require us to buy all new applications and software.
We can start with threat modeling for environment and start to move our most important business applications and systems into the zero trust model to to manage expectations and to obtain small victories when migrated from traditional security networking to zero trust.
Now, in the next section, you will have a quick review in the form of just a few questions followed by some supplemental material that would allow you to go deeper with zero trust networks.
Thanks for being here. Stay tuned.
So thank you so much for being here with me and returning to AA zero Trust networks. The fundamentals. We've got another pop quiz here reference in the last section that we just covered. First, we're gonna start off with what is in golden image.
Next. What is Microsoft laps and third is a password considered something you know or something you have again all things that we touched on all things that are some of you may be familiar with but just a quick learned check here as we move forward.
So let's take a look at the answers. So what is a golden image? Right? Golden Images is really a known good image that a 90 department creates and then loads on two work stations before placing it on a production network
and has all the latest patches for the operating system and applications. And really, it's it's it's tailored and scoped to what the risk tolerance would be for that department and its leadership. Right? So it's that golden image that we know we can trust
that we put on our devices before they are blood bin and away. They go on our production network.
Uh, next we moved to what is Microsoft relapse? Microsoft lapses. Microsoft's a local account password solution, right, and it allows administrators to create local passwords for each work station on the network.
It also allows for the password to expire in change after a certain period of time has passed based on the administrators choosing, right. So this this is something that could help with the pivot in that you may see in a traditional network without lapse, you know, if one note or computer is
essentially owned or hacked,
Um, if you're using the same local password across all your systems, that might be an advantage that a hacker could use to jump from one machine to the next. But with separate
local accounts, it becomes much harder for pivot in tow occur on the network. So check that out. It's free from Microsoft and something that you could spend up in your own lab. Or, of course, in your deaf environment
in your ah, in your employees network.
Next, we moved to that password. Consider something you know or something you have.
And the password is considered something, you know,
You know, it's something. You know, it's not something that you should have on you, right? You don't want to write it on a sticky note and carried in your pocket. It should be something. You only know that something that you ever have to write down.
something you have should be considered Ah, token or keep up. So keep that in mind when we talk about passwords and how we,
you know, would capture those type of passwords or our ability to authenticate on a system.
Okay, so the next section we're gonna start with another pop quiz. It'll be the last pop quiz, followed by a summary of this course and then the supplemental material that you could dive into. Stay tuned.
Thanks so much.
Check Point Jump Start: Harmony Endpoint Security
This course, brought to you by industry leader Check Point, introduces you to Harmony Endpoint ...
1 CEU/CPE Hours Available
Certificate of Completion Offered
Enterprise Security Leadership: Designing Enterprise for Multi-Cloud
In the final session of Ed Amoroso's series on Enterprise Security Leadership, he discusses the ...
1 CEU/CPE Hours Available
Certificate of Completion Offered