Zero Trust Network Access
- 1. Zero Trust Access Network (ZTNA)
- 2. “Zero Trust Access Network” PRN: 77000028C Dhole Patil College of Engineering, Pune. 2 Under the Guidance of: Prof. Vandana Navale Presented By: Ajay D. Sirsat
- 3. Contents 1. Motivation & Issue with existing system 2. Introduction 3. Literature Survey 4. Objective and Scope 5. Methodology 6. Conclusion 7. Reference 3
- 4. 1. Motivation & Issue with existing system 4
- 5. 5
- 6. Reasons why we need ZTNA » In the Evolving Enterprise, Perimeter-Based Security Is Ineffective. » Shared Security Responsibility is Necessary for Cloud Data Centers » The Internet is an unprotected network » Everyone in the expanding workforce shouldn't have unlimited access to information » You won't be able to check the security status of every WFH environment » Cyber-attacks are on the rise » The Security Risks Have Increased 6
- 8. Castle and moat Concept 8
- 9. 1. Zero Trust Network Access (ZTNA) is a category of technologies that provides secure remote access to applications and services based on defined access control policies. 2. Unlike VPNs, which grant complete access to a LAN, ZTNA solutions default to deny, providing only the access to services the user has been explicitly granted. 3. ZTNA gives users seamless and secure connectivity to private applications without ever placing them on the network or exposing apps to the internet. 4. Zero trust is a security model based on the principle of maintaining strict access controls and not trusting anyone by default, even those already inside the network perimeter. What is Zero Trust Access Network? 9
- 10. 10
- 12. Literature Survey 12 ● Satya Tyagi, “10 Reasons Why Enterprises Need Zero Trust Security”, December 7, 2020 8:39 pm ● John Kindervag for Security & Risk Professionals, “Build Security Into Your Network’s DNA: The Zero Trust Network Architecture”, November 5, 2010 ● Evan Gilman and Doug Barth, “Zero Trust Networks-Building Secure Systems in Untrusted Networks”, Published by O’Reilly Media, Inc. on July 2017 ● Fortinet White Paper, “Securing Digital Innovation Demands Zero-trust Access”, September 24, 2020 ● Sunil Potti - Google Cloud Security, “BeyondCorp Enterprise: Introducing a safer era of computing”, January 26, 2021
- 14. Objective and Scope 14 ● Embedded data and threat protection, with real-time end-to-end protection. ● Strong phishing-resistant authentication to ensure that users are who they say they are. ● Continuous authorization for every interaction between a user and resource. ● To provide secured and restricted access to all the services and servers. ● As we enter a new era of security, enterprises want a seamless security model attuned to the realities of remote work, cloud applications, and mobile communications. ● Can be used for organizations that need a solution that will not only improve their security posture but also deliver a simple experience for users and administrators.
- 16. Main Principles behind Zero Trust Model 16 ● The philosophy behind a zero trust network assumes that there are attackers both within and outside of the network, so no users or machines should be automatically trusted. ● Another principle of zero trust security is least-privilege access. This means giving users only as much access as they need, like an army general giving soldiers information on a need-to-know basis. ● Zero trust networks also utilize microsegmentation. Microsegmentation is the practice of breaking up security perimeters into small zones to maintain separate access for separate parts of the network. ● Multi-factor authentication (MFA) is also a core value of zero trust security. MFA simply means requiring more than one piece of evidence to authenticate a user; just
- 17. 17
- 18. 18 How does ZTNA Works? ● Unlike network-centric solutions like VPNs or FWs, ZTNA takes a fundamentally different approach to securing access to internal applications based on these four core principles. The connection process uses the following steps: 1. Each server registers with the SDP controller. Servers can either have an internal gateway function or rely on an external gateway. 2. Clients connect to the SDP controller to authenticate, authorize and learn the desired service's connection details. 3. Clients connect to a server over an encrypted channel, either through an internal server gateway or through an external gateway.
- 19. 19 Conclusion ● Allow conditional access to certain resources while restricting access to high value resources on managed/complaint devices. ● Prevents network access and lateral movement using stolen credentials and compromised devices. ● Enables users to be more productive by working however they want, when they want and where they want. ● Consider an “If-this-then-that” automated approach to zero trust. ● Identity is everything, make it the control plane.
- 20. 20 References 1. Jeff Birnbaum, “Six Key Characteristics of a Modern ZTNA Solutions”, May 27, 2021 2. Fortinet Solution Brief, “Zero-Trust Access for Comprehensive Visibility and Control”, March 2020. 3. Evan Gilman, “Zero Trust Network”, May 12, 2016 4. Joe Hertvik, “What Is Zero Trust Network Access? ZTNA Explained”, September 16, 2020. 5. Zev Brodsky, “ZTNA: A Blueprint for Securely Granting Network Access”, Jan 2021. 6. Fortinet All Blogs, “What’s the Difference Between Zero Trust, ZTA, and ZTNA”, March 26, 2021 7. Sunil Potti, VP/GM, Google Cloud Security, “BeyondCorp Enterprise: Introducing a safer era of computing”, January 26, 2021 8. John Kindervag for Security & Risk Professionals, “Build Security Into Your Network’s DNA: The Zero Trust Network Architecture”, November 5, 2010.
- 21. 21