LDAPWiki: Zero Trust

Overview#

Zero Trust is a data-centric architecture and Access Control Models that puts micro-perimeters around specific data or resources so that more-granular Access Control Policy rules can be enforced and implemented. Zero Trust model, or ZT was first in 2010 by John Kindervag of Forrester Research in the document No More Chewy Centers: Introducing The Zero Trust Model Of Information SecurityZero Trust core principle is to not allow any access to network resources, internal IP Address, or servers until the entity properly authenticated and their Access Request to the specified resource is authorized.

Digitally Trust is a Binary True or False decision. Zero Trust implies there is no Trust.

Never Trust, Always Verify [1] [2]#

Never trust the client
Never Trust the server
Never Trust the network

NIST.SP.800-207 Zero Trust Model clearly states that the goal of Zero Trust is to focus security on a small group of resources (zones) in lieu of wide network perimeters or environments with large quantities of resources interacting "freely". This is a strategy where there is no implicit trust granted to systems based on their physical or network location (Local Area Networks, Wide Area Networks, and the Cloud), but rather access is granted by a trusted source for either a UserId or application (i.e. Digital Identity).

BeyondCorp #

BeyondCorp is an implementation by Google for a Zero Trust Architecture.

The Zero Trust Architecture is simple: cybersecurity professionals must stop trusting packets as if they were people. Instead, they must eliminate the idea of a trusted network (usually the internal network) and an untrusted network (external networks). In Zero Trust, all network traffic is untrusted.! Forrester’s Zero Trust Model has three key concepts: [3]

Ensure all resources are accessed securely regardless of location. Assume that all traffic is threat traffic until your team verifies that the traffic is authorized, inspected, and secured. In real-world situations, this will often necessitate using encrypted tunnels for accessing data on both internal and external networks. Cybercriminals can easily detect unencrypted data; thus, Zero Trust demands that security professionals protect internal data from insider abuse in the same manner as they protect external data on the public Internet.
Adopt a Principle of least privilege strategy and strictly enforce Access Control. When we properly implement and enforce Access Control, by default we help eliminate the human temptation for people to access Protected Resources. Today, Role Based Access Control (RBAC) is a standard technology supported by network Access Control and infrastructure software, Identity and Access Management systems, and many applications. Zero Trust does not explicitly define RBAC as the preferred access control methodology. Other technologies and methodologies will evolve over time. What is important is the Principle of least privilege and strict Access Control.
Inspect and perform logging all traffic. In Zero Trust, someone will assert their Digital Identity and then we will allow them access to a particular resource based upon that assertion. We will restrict clients only to the resources they need to perform their job, and instead of trusting clients to do the right thing, we verify that they are doing the right thing.

In short, Zero Trust flips the mantra "trust but verify" into "verify and never trust." Zero Trust advocates two methods of gaining network traffic visibility: monitoring and logging. Many security professionals do log internal network traffic, but that approach is passive and does not provide the real-time protection capabilities necessary in this new threat environment.

Zero Trust promotes the idea that you must be monitoring traffic as well as logging it. In order to do so, Network Analysis and visibility (NAV) tools are required to provide scalable and non-disruptive situational awareness. NAV is not a single tool, but a collection of tools that have similar functionality. These NAV tools include network discovery tools for finding and tracking assets, flow data analysis tools to analyze traffic patterns and user behavior, packet capture and analysis tools that function like a network DVR, network metadata analysis tools to provide streamlined packet analysis, and network forensics tools to assist with incident response and criminal investigations.

Forrester says there are only two Data Classifications that exist in your organization:

Data that Someone Wants to Steal (Item of Interest)
Everything Else

The first type is sensitive or toxic data, which can be easily identified with the equation 3P + IP = TD. The three P's stand for

Personally Identifiable Information (PII)
Protected Health Information (PHI)
Payment Card Industry (PCI)
IP is Intellectual Property
TD is toxic data.

Forrester breaks the problem of securing and controlling data down into three areas:

Defining the data - This involves Data Discovery and Data Classification. Security and risk professionals, together with their counterparts in legal and privacy, should define Data Classification levels based on data sensitivity. This allows security to protect properly data based on its Data Classification once it knows where that data is located in the enterprise.
Dissecting and analyzing the data - This involves data intelligence (extracting information about the data from the data, and using that information to protect the data) and data analytics (analyzing data in near real time to protect proactively toxic data). Look for security information management (SIM) and network analysis and visibility (NAV) solutions to intersect with big data to enhance security decision-making.
Defending and protecting the data - Data Protection is the fundamental purpose of cybersecurity, and is the area where organizations focus most today. To defend your data, there are only four levers you can pull:
- Access Control
- Data Security Analytics
- Data Disposal
- encryption to devalue it in the event that it is stolen.

Zero Trust is:

applicable across all industries and organizations – It is an easy to implement way to improve safety that any organizations can implement.
not dependent on a specific technology or vendor – Zero Trust is a vendor neutral design philosophy that allows maximum flexibility to create architectures that meet specific demands.
scalable – Vital information is protected while public facing data travels freely.
focuses on keeping internal data safe and would not result in any foreseeable encroachment on Civil Liberties.

Zero Trust promotes Access Control around each resource

More Information#

There might be more information for this subject on one of the following:

[#1] - The three rules of network security - based on information obtained 2017-12-02-
[#2] - Hack yourself first - based on information obtained 2017-12-02-
[#3] - The Eight Business And Security Benefits Of Zero Trust - based on information obtained 2017-12-02-
[#4] - What ZTX means for vendors and users - based on information obtained 2018-04-21-
[#5] - Zero Trust X: Evolution of the Zero Trust Model (Dr. Cunningham, Forrester), 2018 ICIT Winter Summit - based on information obtained 2018-04-21
[#6] - Rethink Security with Zero Trust - based on information obtained 2018-04-21-
[#7] - Getting Started With a Zero Trust Approach to Network Security - based on information obtained 2017-12-21
[#8] - No More Chewy Centers: Introducing The Zero Trust Model Of Information Security - based on information obtained 2010-09-14
[#9] - Five Steps to Perimeter-Less Security: Adopting a Zero-Trust Model for Secure Application Access - based on information obtained 2019-09-09
[#10] - Zero trust architecture design principles - based on information obtained 2019-12-10

Overview#

Never Trust, Always Verify [1] [2]#

BeyondCorp#

More Information#

BeyondCorp #