Zero Trust Architecture

Introduction

Imagine a high-security building where passing the security guard at the front door doesn't give you free reign to wander into every office. Instead, you need to swipe your badge at every single door, elevator, and file cabinet you encounter. This is the essence of Zero Trust Architecture. In the digital world, it means that no user or application is trusted by default, even if they are already inside the network. If you are looking to understand the basics of ZTA without getting lost in jargon, you’ve come to the right place. Let’s explore how this security model works and why it’s the future of cyber-security. 

Zero Trust checks for identity every time.

Main pillars of Zero Trust :-

  • Identity and Access Management (IAM)
  • Device trust 
  • Network segmentation
  • Application-level access
  • Continuous Monitoring
  • Least Privilege  
Traditional security model assumes that anything inside corporate model was trusted.This model fails when attacker gets inside the network and finally gets access to all critical systems.

Main rule to follow for implementing ZTA :-
  • Never Trust, Always verify
  • Least Privilege, Minimum access
  • Monitor continously 

Implementation :

Implementing Zero Trust is a continuous journey and it cannot be done overnight.
  1. Identify critical assets to protect.
  2. Understand how data flows within the network.
  3. Implement micro network across critical data.
  4. Create Zero Trust Policy and define who can access what.
  5. Continuous monitoring of logs traffic 


Comments

Post a Comment

Popular posts from this blog

Log4Shell Explained: Deep Dive into CVE-2021-44228

Image
 Log4Shell Vulnerability Log4Shell Vulnerability , also known as  CVE-2021-44228.This vulnerability exposed how we develop secure software systems.No special skill or code was required.Simple text can invoke this vulnerability. To understand Log4Shell, lets understand Logs or Logging. Computer keeps logs of every tasks is performed on them.Engineers rely on logs to debug if any incident occurs.Normally they check Timestamp and message beside Timestamp. Like, from this log file screenshot we see INFO (Information) and ERROR (Error) and Timestamp But, what is Log4j  Its logging library for Java applications      Here, all login attempts are being recorded in log files. Without, Log4j developers will use System.out.println(). Now apart from writing log files Log4j can also execute commands given to them. Attacker found out that they can load and execute malicious code using Log4j. Log4j often hides in Apps JARs Inside Containers Tools to find it triv...
Read more