In the past, we've done a great job of making networks accessible. But with this increased availability, we've...
opened the door for attackers to move more easily around networks.
However, as we introduce mobility and cloud solutions, our networks are evolving and perimeters are dissolving. With that being said, we are still building networks on a rigid, zone-based model, and the assumption is still being made that systems on the internal LAN are safer than external systems. This assumption has us applying different levels of trust based on the physical or logical location of systems; historically, this has been proven not to work in the long term.
Today, we continue to use choke points, filtering devices and network gear to funnel traffic between these zones, but this isn't always efficient, secure or scalable when additional zones are needed. Segmentation is a basic tenet of information security, and using a zero-trust model shifts the mindset of where to segment and how to apply policies to endpoints.
In a zero-trust network, all the devices are deemed compromised and untrusted. It is here that policies, authentication variables, authorization and baselining help determine the trust level of systems.
Authentication variables are not only an important part of zero-trust networks, but they are also an important part of gaining access to a system, application or data. It's in this phase that a system or user actually proves that they are who they say they are, and it is also what determines whether they have the proper authorization.
When using a zero-trust mindset, there are multiple ways to set up authentication to build security into your sessions -- this can be device-based, user-based or a combination of the two.
The perimeter has melted and zones are no longer properly trusted, so it's important to have all the sessions properly authenticated. This can be done using X.509 certificates and a user account that uses two-factor authentication. Using a combination of these methods can create stronger authentication variables and enable finer access to resources. After being properly authenticated into a zero-trust network, these authentication variables can also be used as decision points to gain access to resources.
When implementing a zero-trust network, there needs to be an understanding of how authorization should be handled. Authorization in a zero-trust architecture is indispensable when determining what resources and data will be allowed on devices.
Zero-trust networking depends on the principle of least privilege, as it understands that people and devices are authenticating from different locations and applications. A policy must be created to allow this to occur; single forms of authentication sufficient to perform authorization under the zero-trust mantra are no longer sufficient.
We need to take into account what can be used to identify and authorize an identity in a zero-trust network. This means creating a policy based on a combination of system and user accounts; doing so results in a unique authorization decision that uses the variables of this request. The policy might also include anything about the authorization request that a policy is expecting to fulfill granular access, such as the destination, IP address, hardware information, risk and trust scores, and authentication methods. In a zero-trust network, users should always be given the least level of privilege necessary until there is a valid need to escalate their access.
Some vendors have made it easier to create zero-trust networks, but they aren't the be-all and end-all. Even though enterprises are able to create zero-trust networks without them, these vendors do offer great opportunities to organizations that might not have the resources to develop a program on their own.
A common way of using this technology -- which is similar to software-defined networking -- is for all the systems to use encryption when communicating over the data planes, which enforces the policies. By pushing this down to a low level within the network, users and devices are able to make decisions quickly and securely. There's also the ability to use trust or risk scores to create access requests based off of the resource for which users request access.
When we grasp the idea that everything in the network should be put through the ringer before any type of trust can be applied to it, we reach the mindset of zero-trust. Using these methods and adopting the mantra of never trust and always verify will help reduce risk in your network and limit an adversary's ability to move freely within your environment.