Introduction to ZTA - Objectives of ZT Flashcards
What is the primary objective of Zero Trust Architecture (ZTA)?
To address security risks inherent in the assumption of trust and lack of proper access controls.
What are typical approaches to addressing security risks in ZTA?
Reducing the attack surface and/or improving the effectiveness of security controls.
What is the motivation behind Zero Trust Architecture?
To provide a holistic and consistent security approach for protecting an enterprise against malicious actors.
What is a key differentiator in ZTA?
The ephemeral nature of any trust between data/computing resources and the principals requesting access.
How does ZTA enhance an environment’s security posture?
Through dynamic policy enforcement and decisioning.
What types of attacks does ZTA protect against?
Both internal and external attacks that exploit and compromise exposed access mechanisms.
What are the technical objectives of a ZT approach?
Establishes a framework for protecting resources, simplifies user experience, reduces attack surface size and complexity, enforces least privilege, improves control and resilience, localizes impact radius of a security failure.
What are the business objectives of Zero Trust?
Reduce risk, improve governance and regulatory compliance, align organization’s culture with risk appetite of its leadership.
Fill in the blank: A ZT approach aims to _______ the organization’s attack surface size and complexity.
reduce
True or False: ZTA only addresses external threats.
False
What does ZT stand for?
Zero Trust
ZT is an approach to cybersecurity that does not inherently trust any entity.
What is the core premise of Zero Trust?
An organization should not inherently trust any entity that comes from within or beyond its boundaries.
What is the goal of the protective framework established by ZT?
To enable a shift of focus to more business-oriented goals and protect data based on its value and specific needs.
Why are aged cybersecurity techniques becoming ineffective?
They yield limited results and inadequate protection due to the increasing frequency and scale of attacks.
What types of approaches are no longer practical according to ZT?
Approaches based on physical objects and systems, and signature-based threat detection.
What factors necessitate a reconsideration of cybersecurity strategies?
Increasing frequency and scale of attacks, hyper-connected world, virtualized environments, and software-based organizations.
Fill in the blank: The protective framework established by ZT represents a _______ approach to cybersecurity.
novel
True or False: Zero Trust allows organizations to trust internal entities by default.
False
What should organizations reconsider according to the ZT framework?
Everything from network configurations to detection and prevention approaches.
What do organizations need to focus on regarding their data?
The value of the data and their specific protection needs.
What does ZTA stand for?
Zero Trust Architecture
How does ZTA reduce management overhead?
By applying a consistent access model for all assets and handling access requests uniformly
What is the consistent interrogation model used in ZTA for access requests?
Who are you? Do you need this access now? Okay, you get this access to this resource for this period
List the elements that ZTA models are absent of.
- Complicated diagrams of nested groups using legacy access control lists (ACL)
- Layers of groups managed by potentially irrelevant decision-makers
- Stale and orphaned groups
- Authorization mechanisms based on antiquated models/labels
- Delays in provisioning, deprovisioning, or access revocation
True or False: ZTA uses legacy access control lists (ACL) with allow and deny parameters.
False
What is a key feature of access handling in ZTA?
Every request is handled consistently, just-in-time by the PDPs
Fill in the blank: ZTA reduces management overhead by applying a consistent _______ model.
[access]
What are PDPs in the context of ZTA?
Policy Decision Points that handle access requests
What types of groups does ZTA eliminate to reduce complexity?
- Complicated nested groups
- Stale and orphaned groups
What does ZTA aim to eliminate in the authorization process?
Authorization mechanisms based on antiquated models/labels
What is the main difference between traditional security architecture and the Zero Trust (ZT) model regarding access decisions?
In traditional security architecture, access decisions are made at the network perimeter, while in the ZT model, each internal resource decides whether to grant access.
What happens to denied traffic in traditional security architecture?
Denied traffic is dropped outside of the perimeter.
Why is internal traffic often not encrypted in traditional security architectures?
It is rare for organizations to encrypt internal traffic.
What actions can an attacker perform once they penetrate the internal network in traditional security architecture?
- Run port scans
- Find vulnerabilities
- Launch denial-of-service attacks
- Steal additional credentials
- Eavesdrop on privileged network traffic
- Move laterally unobstructed
How does the Zero Trust model affect an attacker’s ability to exploit internal resources?
An attacker is no better off after penetrating external defenses, as each internal resource makes access decisions.
Fill in the blank: In a traditional security architecture, the attack surface is every resource, while in the Zero Trust model, it contracts to only _______.
improperly secured resources.
True or False: In the Zero Trust model, once an attacker gains access to the internal network, they can move laterally without restrictions.
False
What does an organization’s ever-expanding digital footprint lead to?
An increasingly complex IT environment
This complexity arises from access decisions made in advance and unmanaged permissions.
What are orphaned objects in the context of IT access?
Objects with unmanaged permissions left behind by parties that granted access
These objects can pose security challenges as they may lead to unauthorized access.
What is one of the biggest security challenges for organizations due to complexity?
Reduced visibility and increased vulnerabilities
This complexity makes it easier for malicious actors to infiltrate networks.
How do newer IT paradigms like hybrid cloud and edge computing affect access control policy management?
They further complicate access control policy management
This results from the diverse environments and configurations involved.
What does ZT (Zero Trust) assume about parties requesting application access?
All parties are malicious and should be untrusted
This assumption leads to a more secure approach to access management.
What is the main strategy of ZT in managing security?
Creating islands of applications and data to protect
This strategy focuses on protecting specific areas rather than policing the entire network.
What do ZT strategies require more of compared to standard security mechanisms?
Far more attributes
This requirement enhances security by providing more granular control.
How does ZT help organizations striving for agility?
By reducing security architecture complexity
It achieves this by creating perimeters around applications and identities.
What is the effect of ZT on the number of access points in an IT environment?
It reduces the number of access points
This results in tighter control over access levels and privileges.
Fill in the blank: ZT provides a robust security mechanism to reduce _______ by creating perimeters around applications and identity.
security architecture complexity
This helps in managing access more effectively.
True or False: ZT simplifies access management by assuming all parties are trustworthy.
False
ZT assumes all parties are untrusted to enhance security.
What principle does ZT enforce regarding user privileges?
The principle of least privilege
This principle dictates that users and programs should only have the necessary privileges to complete their tasks.
How does ZT manage user access?
Users get access to exactly what they need to conduct their business, when they need it
This approach aligns with the principle of least privilege.
What is micro-segmentation in the context of ZT?
The creation of zones in an IT environment to isolate workloads for better security
This practice helps users connect to the right application and use only the services they require.
What advantage does micro-segmentation provide in security operations?
It simplifies access provisioning
This simplification makes it easier to manage security operations and governance teams.
What are purpose-based dedicated identities also known as?
Identity personas
These personas are created for a group of resources that address a common functionality.
What is the purpose of creating identity personas in ZT?
To help limit the attack surface created by the compromise of an identity
This approach enhances security by managing how identities are utilized.
What is the primary objective of Zero Trust (ZT)?
To enhance and bolster the resilience and the security posture of an enterprise’s IT infrastructure
How does ZT reduce visibility for malicious actors?
By ensuring they have reduced visibility into the enterprise’s IT infrastructure and individual assets
What does ZTA do to minimize the risk of cross-site attacks?
Restricts lateral movement within the organization
What is the impact of containing external users within a small area of the network?
Any resulting security issues can be quickly contained and addressed
How does ZT limit the impact radius of security incidents?
By enabling the swift return of systems to their earlier state
What ensures that unauthorized scanning and mapping activities are unsuccessful?
The reduced attack surface within the ZT implementation
What are the components of the two-layer architecture in ZT?
A separated control plane and data plane
What must occur before access is granted to the organization’s network?
Users and their devices must be properly authenticated and authorized
True or False: ZTA allows for unrestricted lateral movement within the organization.
False
Fill in the blank: The two-layer architecture helps ensure that access is granted only after _______.
[users and their devices have been properly authenticated and authorized]
What is a primary goal of Zero Trust Architecture (ZTA)?
To make the incident management process more effective and efficient.
This includes principles like ‘never trust, always verify’ and presuming an ongoing breach.
What does the principle of ‘never trust, always verify’ entail?
It requires continuous behavioral monitoring of all system entities.
This principle is foundational in Zero Trust Architecture.
How does micro-segmentation benefit incident containment?
It reduces the impact radius of potential breaches by restricting a cyber attacker’s lateral movement.
This segmentation confines damage to a limited area.
What happens when a breach occurs in a Zero Trust environment?
Damage is limited to a confined area, allowing for effective containment, eradication, and remediation efforts.
This is crucial for managing the incident’s scope.
How does continuous monitoring in ZTA improve incident management?
It allows for more effective identification of anomalies and incidents.
Continuous monitoring is a key feature of Zero Trust Architecture.
What is the role of incident-related data in ZTA?
It is used to update the Policy Decision Point (PDP), allowing for dynamic policy definition and enforcement.
This process is critical for limiting impact across the organization’s network.
True or False: Zero Trust Architecture assumes that breaches are impossible.
False.
ZTA operates under the presumption of an ongoing breach.
Fill in the blank: The principle of continuous network access authorization in ZTA helps to _______.
reduce the impact radius of potential breaches.
What is a primary business goal of Zero Trust Architecture (ZTA)?
Reduction of cyber risk
This goal is especially critical for organizations facing complexity from distributed computing infrastructures and migration to the public cloud.
What are some technical goals related to risk reduction in ZTA?
Reducing the attack surface and achieving an improved security posture
These goals help organizations maintain resilience against cyber threats.
List the types of risks ZTA aims to reduce.
- Improper privilege escalation via lateral movement
- Access beyond need to know requirements
- Access beyond required time frame
- Access by unsecure devices
- Access via unsecured methods
- Compromises via brute force, DDoS, or MITM attacks
- Unauthorized lateral movement
These risks are critical for maintaining security in a connected enterprise.
What does ZTA support to protect logins against common attacks?
Multi-Factor Authentication (MFA)
MFA helps defend against brute-force attacks, dictionary attacks, and stolen credentials.
What principle is implemented in all ZTA variants to mitigate internal attacks?
Principle of least privilege
This principle ensures that users have the minimum level of access necessary to perform their tasks.
How does ZTA prevent unauthorized access to resources?
By applying controls and policies to every protected resource for every access request
This level of granularity enhances security by limiting access.
What is a critical requirement of ZTA for cyber risk reduction?
Continuous monitoring
Continuous monitoring helps maintain a strong security posture by investigating potential signs of compromise.
How does ZTA mitigate the risk of unauthorized access by compromised accounts?
By using policy-based controls conditioned on user and device security posture
This approach enhances the security framework of the organization.
What does the ZT model use to reduce the total risk of running a connected enterprise?
A unified framework provided by a limited number of vendors
This allows enterprises to address major threats with fewer solutions, reducing security flaws.
True or False: ZTA does not require mutual authentication between the server and client.
False
Mutual authentication is essential for establishing secure connections.
What is the primary objective of Zero Trust (ZT)?
To help organizations achieve and maintain an optimal compliance posture
This reduces both the financial and technical impact of compliance.
What are the two key features of ZT that help in compliance management?
- Discovery
- Mapping out of all networked assets and related access controls
Why is automatic discovery and validation of assets important in ZT?
Assets and data can only be protected if their presence is known.
How does ZT help in segregating resources?
Based on relevant legal, regulatory, and contractual compliance requirements.
What does proper implementation of ZT verify?
Authentication and authorization each time traffic moves laterally or inside/outside the network.
What is a benefit of verifying authentication and authorization in ZT?
Prevents unauthorized access before data can be accessed, compromised, encrypted for ransom, or exfiltrated.
What does ZT create to satisfy regulatory requirements?
An audit trail for record keeping and auditing.
What are privacy-related regulations that define stringent requirements for processing PII?
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
What must organizations build to maintain control and visibility over PII?
An accountability framework that includes components like collection, processing, storage, and purpose.
How does ZT enable organizations regarding regulatory compliance?
It helps better align with standard security practices integrated into existing regulatory requirements’ internal controls.
Fill in the blank: ZT helps organizations achieve and maintain an optimal _______.
compliance posture
What is the ZT model’s approach to security?
Never trust, always verify
This approach emphasizes continuous verification of resources and entities within the IT environment.
What mindset change does the ZT model promote in organizations?
A coordinated, structured approach to cybersecurity
This change requires organizations to adopt new processes and procedures.
What culture must organizations shift to according to the ZT model?
A culture based on processes and procedures that support continuous verification
This shift is necessary to trust entities within the IT environment.
Fill in the blank: The ZT model requires enterprises to adopt a _______ approach to cybersecurity.
coordinated, structured
True or False: The ZT model allows for trusting entities in the IT environment without verification.
False
The model emphasizes verification before trust.
What is the key requirement for trusting entities in a company’s IT environment according to the ZT model?
Continuous verification
