Save 37% off PRO during our Black Friday Sale! »

Zero Trust Networks: Building Trusted Systems in Untrusted Networks

Zero Trust Networks: Building Trusted Systems in Untrusted Networks

Let's face it - the perimeter-based architecture has failed us. Today's attack vectors can easily defeat expensive stateful firewalls and evade IDS systems. Perhaps even worse, perimeters trick people into believing that the network behind it is somehow "safe", despite the fact that chances are overwhelmingly high that at least one device on that network is already compromised.

It is time to consider an alternative approach. Zero Trust is a new security model, one which considers all parts of the network to be equally untrusted. Taking this stance dramatically changes the way we implement security systems. For instance, how useful is a perimeter firewall if the networks on either side are equally untrusted? What is your VPN protecting if the network you're dialing into is untrusted? The Zero Trust architecture is very different indeed.

In this talk, we'll go over the Zero Trust model itself, why it is so important, what a Zero Trust network looks like, and what components are required in order to actually meet the challenge.

C8a8889a30543fdb8cf2841a19d43834?s=128

Evan Gilman

March 14, 2017
Tweet

Transcript

  1. Evan Gilman, Doug Barth @evan2645 @dougbarth Zero Trust Networks

  2. 3/14/17 @evan2645 @dougbarth About Us Zero Trust: Building Systems in

    Untrusted Networks
  3. @evan2645 @dougbarth

  4. @evan2645 @dougbarth

  5. 3/14/17 @evan2645 @dougbarth DC-A DC-B DC-C C* C* C* Zero

    Trust: Building Systems in Untrusted Networks
  6. 3/14/17 @evan2645 @dougbarth DC-A DC-B DC-C C* C* C* Zero

    Trust: Building Systems in Untrusted Networks
  7. 3/14/17 @evan2645 @dougbarth DC-A DC-B DC-C C* C* C* Zero

    Trust: Building Systems in Untrusted Networks
  8. @evan2645 @dougbarth iptables

  9. @evan2645 @dougbarth

  10. @evan2645 @dougbarth

  11. @evan2645 @dougbarth IPsec VPN

  12. 3/14/17 @evan2645 @dougbarth DC-A DC-B DC-C Zero Trust: Building Systems

    in Untrusted Networks VPN VPN VPN
  13. 3/14/17 @evan2645 @dougbarth DC-A DC-B DC-C Zero Trust: Building Systems

    in Untrusted Networks VPN VPN VPN
  14. @evan2645 @dougbarth IPsec VPN

  15. 3/14/17 @evan2645 @dougbarth DC-A DC-B DC-C Zero Trust: Building Systems

    in Untrusted Networks VPN VPN VPN
  16. 3/14/17 @evan2645 @dougbarth DC-A DC-B DC-C Zero Trust: Building Systems

    in Untrusted Networks
  17. 3/14/17 @evan2645 @dougbarth DC-A DC-B DC-C Zero Trust: Building Systems

    in Untrusted Networks
  18. 3/14/17 @evan2645 @dougbarth Emergent Properties All Flows Authenticated and Encrypted

    All Flows Asserted as Authorized No Inherent Value in IP Address Zero Trust: Building Systems in Untrusted Networks
  19. 3/14/17 @evan2645 @dougbarth Emergent Properties No Centralized Firewalls No Network

    Gateways No Private Network Zero Trust: Building Systems in Untrusted Networks
  20. @evan2645 @dougbarth BeyondCorp

  21. @evan2645 @dougbarth BeyondCorp

  22. @evan2645 @dougbarth BeyondCorp

  23. @evan2645 @dougbarth BeyondCorp

  24. @evan2645 @dougbarth Zero Trust Philosophy:

  25. @evan2645 @dougbarth Zero Trust Philosophy: No Trust In Network

  26. @evan2645 @dougbarth Zero Trust Philosophy: No Trust In Network

  27. @evan2645 @dougbarth Zero Trust Philosophy: Every Flow Is Expected

  28. @evan2645 @dougbarth Zero Trust Philosophy: Symbolic Policy

  29. @evan2645 @dougbarth Zero Trust Philosophy: Symbolic Policy

  30. @evan2645 @dougbarth Zero Trust Philosophy: Network Agent

  31. @evan2645 @dougbarth Zero Trust Philosophy: Network Agent

  32. @evan2645 @dougbarth Zero Trust Philosophy: Automate!

  33. @evan2645 @dougbarth Zero Trust Philosophy: Automate!

  34. @evan2645 @dougbarth Visibility

  35. @evan2645 @dougbarth Start Early

  36. @evan2645 @dougbarth Start Early

  37. @evan2645 @dougbarth Current State

  38. @evan2645 @dougbarth Current State

  39. @evan2645 @dougbarth Current State

  40. @evan2645 @dougbarth

  41. @evan2645 @dougbarth

  42. @evan2645 @dougbarth

  43. @evan2645 @dougbarth

  44. 3/14/17 @evan2645 @dougbarth Just The Facts Industry Moving Towards Deep

    Authn/Authz Industry Converging on Zero Trust Model More Secure, More Operable Keep an Eye Out! Zero Trust: Building Systems in Untrusted Networks
  45. 3/14/17 @evan2645 @dougbarth Just The Facts Industry Moving Towards Deep

    Authn/Authz Industry Converging on Zero Trust Model More Secure, More Operable Keep an Eye Out! Zero Trust: Building Systems in Untrusted Networks
  46. 3/14/17 @evan2645 @dougbarth Just The Facts Industry Moving Towards Deep

    Authn/Authz Industry Converging on Zero Trust Model More Secure, More Operable Keep an Eye Out! Zero Trust: Building Systems in Untrusted Networks
  47. Evan Gilman, Doug Barth @evan2645 @dougbarth Zero Trust Networks