Introduction to Zero Trust - Definitions, Concepts and Components Flashcards
What does the ZT concept as a cybersecurity approach require according to the CSA?
ZT is a cybersecurity approach that requires the following:
1. Making no assumptions about the trustworthiness of an entity as it requests access to a resource
2. Starting with no pre-established entitlements, then relying on a construct which is used to add entitlements
3. Assuming breach and verifying all workforce, device, workload, network and data access, regardless of where, who, or to what resource with the assumption that breaches are impending or have already occurred
What is a Tenet?
A principle generally held to be true
How many tenets has ZT according to the USA Department of Defense Zero Trust Reference Architecture?
ZT has 5 major tenets:
1. Assume a hostile environment
2. Assume breach
3. Never trust, always verify
4. Scrutinize explicitly
5. Apply unified analytics
DAAS stands for
Data, Applications, Assets and Services
What are several design principles of ZTA?
- Denying access until the requester has been thoroughly authenticated and authorized
- Allowing access to the network only when requesters (users, machines, processes) authenticate who they are
- Allowing access to resources only after the requesting entity has been authorized
- Enforcing least privilege, specifically, granting the least amount of access required
- Requiring continuous monitoring of existing security controls’ implementation and effectiveness
What are the seven pillars of a Zero Trust Architecture?
There are seven pillars of DoD ZTA:
1. Users/identities
2. Devices/endpoints
3. Network/Environment
4. Applications & Workload
5. Data
6. Visibility & Analytics
7. Automation & Orchestration
What is in the Users pillar?
- Securing/limiting/enforcing DAAS access for person, non-person, and federated entities through identity, credential and access management capabilities
- MFA and continuous multi-factor authentication
- Continuously authenticate, authorize, and monitor activity patterns
- RBAC and ABAC for authorizing users to access applications/data
What is in the Devices / endpoints pillar?
- Identify, authenticate, authorize, inventory, isolate, secure, remediate and control all devices
- Real-time device attestation and patching
E.g., using Mobile device managers or comply-to-connect (C2C)
What is in the Network/environment pillar?
Logically and physically segment, isolate and control the on-premise and off-premises network/environment with granular access and policy restrictions:
- Control privileged access
- Manage internal and external data flows
- Prevent lateral movement
What is in the Application and Workload pillar?
Tasks on systems or services on-premises as well as applications or services in a cloud environment
What is in the Data pillar?
Data categorized in terms of mission criticality under a comprehensive data management strategy.
- Categorization of data
- Encryption at rest and in transit
- Technologies like DRM, DLP, software-defined storage and granular data-tagging
What is in the Visibility and Analytics pillar?
Visibility on vital, contextual details to provide a greater understanding of performance, behavior and activity baselines across various ZT pillars. Other monitoring data for situational awareness.
What is in the Automation and Orchestration pillar?
Automated security processes to take policy-based actions across the enterprise with speed and at scale. For example Security Orchestration, Automation and Response, integrated with Security Information and Event Management.
What does ZT stand for?
Zero Trust
ZT is a set of principles and practices designed for reducing cyber risk in dynamic IT environments.
What are the three core components for a Zero Trust Architecture?
- Communication: a request for an entity to access a resource and the resulting access or session.
- Identity: The identity of the entity (e.g., user or device) requesting access to the resources
- Resources: any assets within the target environment.
What are two fundamental elements of Zero Trust?
- Policy: the governance rules that identify the who, what, when, how, why of access to the target resource
- Data sources: the contextual information providers can use to keep policies dynamically updated
What is the primary requirement of the Zero Trust model?
Strict authentication and verification for each person, device, or service trying to access an IT resource
In Zero Trust, how is the security posture of a resource assessed?
Based on authentication and authorization controls in place, not by its location
What must occur prior to granting network access in a Zero Trust network?
Authentication and explicit authorization
True or False: Encrypting communications alone is sufficient for Zero Trust security.
False
What is a key aspect of Zero Trust regarding access verification?
Each individual flow must be confirmed as an authorized connection
What percentage of attacks start with a breach via a phishing email?
90%
What are the steps typically involved in a phishing attack leading to data exfiltration?
- Breach via phishing email
- Creation or compromise of an administrative account
- Lateral movement of malware
- Exfiltration of enterprise data
What does CSA define the Zero Trust concept as?
A cybersecurity approach that requires verification of all access requests
What assumption does Zero Trust make about an entity’s trustworthiness?
No assumptions; trust is not pre-established
Fill in the blank: Zero Trust starts with no pre-established _______.
entitlements
What is a recent trend in enterprise security related to Zero Trust?
Increasing number of remote users and assets based in the cloud
How are hardware manufacturers and software vendors responding to the shift towards Zero Trust?
Rapidly adopting the ZT model and validating their products for ZT implementation
What does it mean to ‘assume breach’ in Zero Trust?
Most large enterprises experience daily cybersecurity attacks and may already be compromised
This tenet suggests managing resources with vigilance, as if an adversary has a foothold in the environment.
What is the principle of ‘never trust, always verify’?
Deny access by default and authenticate every access request
This involves using least privilege, multiple attributes, and dynamic cybersecurity policies for access control.
What does it mean to ‘scrutinize explicitly’?
Access resources in a secure manner using multiple attributes to determine confidence levels
Access is conditional and can change based on actions and confidence levels.
What is the fifth major tenet of Zero Trust?
Apply unified analytics
This involves using analytics and behavioristics to monitor data, applications, assets, and services, and logging each transaction.
Fill in the blank: A tenet is defined as a principle generally held to be _______.
[true]
True or False: The Zero Trust model assumes that all users and devices are trusted by default.
False
The model assumes a hostile environment and treats all users and devices as untrusted.
List the five major tenets of Zero Trust.
- Assume a hostile environment
- Assume breach
- Never trust, always verify
- Scrutinize explicitly
- Apply unified analytics
What is the first design principle of ZTA9?
Denying access until the requestor has been thoroughly authenticated and authorized
This includes inspecting, authenticating, and authorizing users, devices, or individual packets.
What does ZTA require regarding access to resources?
Access to resources is temporary and reverification is required
The timespan of access is defined by policies.
How does access change with Zero Trust (ZT)?
Requesters aren’t allowed access to anything until they authenticate who they are.
What must happen before access to resources is granted?
The requesting entity must be authorized.
What principle is enforced regarding access rights?
Enforcing least privilege
This means granting the least amount of access required.
What is required for continuous security in ZTA?
Continuous monitoring of existing security controls’ implementation and effectiveness.
What is the Zero Trust Architecture (ZTA)?
A work-in-progress concept with evolving boundaries and definitions
How many fundamental pillars of a Zero Trust Architecture are emphasized by the CSA?
Seven
What does the Users/identities pillar focus on?
Securing, limiting, and enforcing access for users and entities
This includes identity, credential, and access management capabilities like multi-factor authentication (MFA) and continuous multifactor authentication (CMFA).
Name two access control methods mentioned in the Users/identities pillar.
- Role-based access control (RBAC)
- Attribute-based access control (ABAC)
What is essential in the Device/endpoints pillar?
Identifying, authenticating, authorizing, inventorying, isolating, securing, remediating, and controlling all devices
What are critical functions in the Device/endpoints pillar?
- Real-time attestation
- Patching of devices
What should organizations do to their network/environment in a ZT approach?
Segment, isolate, and control both on-premise and off-premises networks
What is the importance of macro-segmentation in a ZT approach?
Enables micro-segmentation for greater protections and controls
What tasks should the Applications and workload pillar include?
Tasks on systems or services on-premises and cloud environments
What should be central to ZT adoption concerning applications?
Securing and managing the application layer, compute containers, and virtual machines
What is the purpose of categorizing DAAS in the Data pillar?
To develop a comprehensive data management strategy
List three solutions for protecting critical data in the Data pillar.
- Digital Rights Management (DRM)
- Data Loss Prevention (DLP)
- Granular data-tagging
What does the Visibility and analytics pillar improve?
Detection of anomalous behavior and dynamic changes to security policies
What is the role of Security Orchestration, Automation, and Response (SOAR) in ZT?
Improves security and decreases incident response times by automating responses to threats
What is the purpose of governance in ZT?
To ensure successful implementation and control over goals and actions
True or False: Automation and orchestration in ZT only focus on manual processes without policy-based actions.
False
Fill in the blank: The _______ pillar involves the automation of manual security processes.
Automation and orchestration
What are the three core components of Zero Trust Architecture (ZTA)?
- Communication
- Identity
- Resources
These components are essential for making access decisions.
What are the two additional fundamental elements of ZTA?
- Policy
- Data sources
These elements help define access governance and keep policies updated.
What does the Policy Decision Point (PDP) consist of?
- Policy administrator
- Policy engine (PE)
The PDP determines the rules and communicates them to the PEP.
What is the role of the Policy Enforcement Point (PEP)?
Acts as a gateway to ensure access to approved resources has been granted to the correct entity
The PEP enforces the rules defined by the PDP.
How does NIST define the PDP?
As the control plane responsible for collecting, analyzing, and transforming data into rules for resource access
The PDP governs access to resources based on intelligence and rules.
What is the function of the PEP in ZTA?
The data plane that enforces rules and provides access to resources based on input from the control plane
The PEP executes the access rules set by the PDP.
What is the purpose of data sources in the context of ZTA?
To feed data into the PDP to maintain rules and keep the decision-making process updated
Various intelligence sources help refine access rules.
List some possible information sources for the policy engine.
- Intrusion detection system (IDS)/Intrusion detection and prevention system (IDPS)
- Network devices (e.g., firewalls, proxies)
- Threat intelligence feeds
- Information sharing systems
- Denylists and blocklists
- Identity providers and access management systems
- Legal and regulatory compliance requirements
- Asset/device management systems
- Public key infrastructure
These sources provide critical data for policy enforcement.
True or False: Manual management of the access model is recommended in a Zero Trust environment.
False
Automation is encouraged to manage the increased number of PEPs effectively.
Fill in the blank: The PDP and PEP regulate access to resources by being placed in the __________ of traffic.
access workflow
This integration helps enforce access control policies.
What advantage does automation provide in a Zero Trust environment?
Supports both granular and global control
Automation helps manage complex access models efficiently.
