Section 2.16 Zero Trust

Question 1

Zero Trust

Answer 1

Demands verification for every device, user and transaction regardless of its origin

Question 2

To create a zero trust architecture we must use 2 planes.

Control Plane

Answer 2

Refers to to the overarching framework and set of components responsible for defining, managaing and enforcing the policies related to user and system access

Question 3

4 key elements

Control plane elements

Answer 3

1. Adaptive identity: Relies on real time validation that takes in to account the users behavior, device, location and more.
2. Threat Scope reduction: Limits the users access to only what they require to work as this will reduce the potential network attack surface. (Minimise the blast radius of an attack)
3. Policy Driven Access Control: Developing, managing and enforcing user access policies based on their roles and responsibilties
4. Secured zones: Isolated environments within a network that are designed to house sensitive data

Question 4

Data Plane

Answer 4

Ensures that policies and procedures are correctly executed

Question 5

4 elements

Data Plane elements

Answer 5

1. Subject/System: Refers to the individual or entity trying to gain access
2. Policy engine: Cross references the access request with its pre defined policies
3. Policy administrator: Used to establish and manage the access policies
4. Policy enformcement point: Where the desicion to grant or deny access is actually excecuted (Gatekeeper)