ZTNA

Zero Trust Network Access

By Keith Thuerk | SCIFI Future | 8 Oct 2022


Zero Trust Network Access (AKA ZTNA)

Welcome to October which is AKA CyberSecurity Awareness Month!

In the 1990's Information Technology (AKA IT) network security was built around a few principals:

  • The requisite firewalls (running in high-availability of course)
  • DMZ
  • Deny all rule set

The end result was better than nothing, the issue was the perimeter was hard, but the inside was soft and chewy (think about a piece of candy) once you get through that outer hard shell you find the soft and juicy parts. Put another way, once inside you were trusted, you could go here and there etc.

Since then IT Security has evolved (listed in no particular order, nor fully inclusive) 

  • Passwords - the old guard
  • Anti-virus / Anti-Malware
  • VLANs
  • IDS/IPS (Intrusion Detection Systems / Intrusion Prevention Systems) 
  • NAC (Network Access Control) 
  • Network segmentation (stop lateral movements) aka micro-segmentation
    • Built upon VxLANs 
  • MFA (Multi-factor authentication) / SSO (Single Sign-on)
  • WAF (Web Application Firewall)
  • VPN - Virtual Private Network
  • IAM - Identity Access Management 
  • PAM - Privilege Access Management
  • SDP - Software Defined Perimeter 
  • EDR/XDR - Endpoint Detection & Response

Enter ZTNA - securing the perimeter is still the objective, the manner and methods in which this takes place has changed. 

Some of the build blocks for ZTNA

Software defined "never trust, always verify. ZTNA offerings are vendor specific ZTNA is session based, validates both user & device(s) (provides more security than IPSec & SSL VPNs) Applies in-app controls and Authorization Continuous monitoring End-point or service-initiated Data Privacy Data Integrity AAA - Authentication, Authorization, Accounting framework(s)  

Constructs for Zerto Trust come from NIST & CISA 

  • Next Generation Firewalls (NGFW) 
    • Internal and External segmenting firewalls
  • MFA
  • Access Policies
  • Trust must be proved and reproved throughout sessions
  • Yes, it is quite a bit more than NAC w/ MFA enablement and yes it is way more than just app level security
  • Agents
  • Least Privilege everywhere
  • Sure its still defense in-depth but everything has to pass challenges for access!

Top Firms (listed in no particular order)

  • Palo Alto Networks
  • Fortinet
  • Cisco Systems
  • Zscaler 

 

Summary - ZTNA is a huge evolution from Stateful firewall rules and a hard network edge with a juicy interior. ZTNA can be deployed on-prem, from the cloud of a hybrid mix of all the above. The keys are upfront planning, full execution and keeping up with the ZTNA evolution. Are you aware that ZTNA V2.0 is already being reviewed?  Keep up with CyberSecurity to keep you data secure!

Credits - ZTNA logo snippet from Cover6solutions. They retain all ownership, nor has an inference of transference taken place.

Disclaimer - I am not an employee nor an agent of any of the firms listed in this blog.

How do you rate this article?

15


Keith Thuerk
Keith Thuerk

Currently learning about Crypto and DeFi to combat the Inflationary Tidal wave coming our way!


SCIFI Future
SCIFI Future

Quantum Computing In Bite Size Pieces & SCIFI items

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.