Section 2.16 Zero Trust Flashcards
1
Q
Zero Trust
A
Demands verification for every device, user and transaction regardless of its origin
2
Q
To create a zero trust architecture we must use 2 planes.
Control Plane
A
Refers to to the overarching framework and set of components responsible for defining, managaing and enforcing the policies related to user and system access
3
Q
4 key elements
Control plane elements
A
- Adaptive identity: Relies on real time validation that takes in to account the users behavior, device, location and more.
- Threat Scope reduction: Limits the users access to only what they require to work as this will reduce the potential network attack surface. (Minimise the blast radius of an attack)
- Policy Driven Access Control: Developing, managing and enforcing user access policies based on their roles and responsibilties
- Secured zones: Isolated environments within a network that are designed to house sensitive data
4
Q
Data Plane
A
Ensures that policies and procedures are correctly executed
5
Q
4 elements
Data Plane elements
A
- Subject/System: Refers to the individual or entity trying to gain access
- Policy engine: Cross references the access request with its pre defined policies
- Policy administrator: Used to establish and manage the access policies
- Policy enformcement point: Where the desicion to grant or deny access is actually excecuted (Gatekeeper)