Zero Trust Security

Understand the fundamentals, key principles, standards, and best current practices.

agilicus-cybersecurity-platform

What is Zero Trust?

The foundation of Zero Trust Security is switching from a perimeter-based (firewall and VPN) model of access to a user-to-resource model.

It means implementing strong, simple identity for both people and also a system. Decouple the identity from the corporation to make it affinitive to the userโ€”a single identity.

Through it, you can enforce entitlements and authorization in the network.

This micro-segmentation is simpler to use, more accessible, and, more secure. It reduces the lateral traversal, empowers your users, increases your audit capabilities, is more economical, and is more scalable. This is the power of Zero Trust.

https://www.youtube.com/watch?v=D7-WVWbqjZk

Zero Trust Security Standards

Identity

The core of any Zero Trust Architecture is identity. Identity of a person, identity of a resource. Users are commonly identified via OpenID Connect and SAML. Resources are commonly identified by Client Certificates.

The Global Identity Foundation. A single global identity for all humanity.

OpenID Connect. A simple identity layer on top of OAuth 2.0

OAUTH2. The industry standard protocol for authorization. RFC 6749.

Security Assertion Markup Language (SAML). An XML-based framework for communicating user authentication, entitlement, and attribute information.

W3C Web Authentication (WebAuthN). Strong, attested, scoped public key-based credentials for web applications for authenticating users.

Zero Trust Architecture

Zero Trust Architecture has evolved over the years. The constant theme is changing from a perimeter-based (firewall+VPN) security stance to a user+resource stance.

NIST SP 800-207 Zero Trust Architecture. Evolving cybersecurity defense from static network-based perimeters to focus on users, assets, and resources.

Zero Trust Security Architecture: The Open Group.

Jericho Forum. An early users group facilitated by the Open Group who pioneered De-Perimeterization.

Foundational

Zero Trust Security has a set of foundational standards that are shared with other technologies. These relate to cryptography, security, and identity.

The Transport Layer Security (TLS) Protocol Version 1.3

Secure Production Identity Framework for Everyone (SPIFFE)

X.509 Client Certificate

Best Practices

OAuth 2.0 Security Best Current Practice

OpenID Security Best Practices

Zero Trust Resources

Complex technologies can be difficult to configure. Learn from the accumulated best practices of others.

aa5656a7 1645004 waterblogseriesfeaturedimage 01 052223
2023-11-09

Using Zero Trust to Enable Secure Remote Access to SCADA for Water Systems

zero trust vs. vpn
2023-10-27

Zero Trust vs. VPN: A Comprehensive Comparison for Secure Remote Access

SSH Access
2023-10-20

SSH for Remote Access: Every User, Every Device, Every Application

Industrial Network Cybersecurity
2023-09-22

Simplifying Secure Access: Enabling Rockwell Automation Remote PLC Access Without a VPN

VPN Safety
2023-08-09

Split Horizon VPN: Unsafe At Any Speed

fac0f6b4 nist sp 800 63a
2023-07-23

NIST sp 800-63A: Introduce Yourself

Water and Wastewater
2023-06-12

The Security Risks of Using VPNs in Water and Wastewater Facilities

Water and Wastewater
2023-06-05

The Security Risks of Using Shared Credentials in Water and Wastewater Facilities

zero trust network architecture
2023-05-19

Zero Trust Troika: The Who, The What, The How

Industrial Network Cybersecurity
2023-05-18

Strengthen Your Industrial Network Cybersecurity with Vendor Access Management

CISA Maturity Model
2023-04-30

Understanding the CISA Zero Trust Maturity Model: A Framework to Improve Your Security Posture

NIST 800-207
2023-04-03

The Zero Trust Roadmap: Understanding NIST 800-207 and How to Align With It

Vendor Privileged Access Management
2023-02-23

Best Practices In Vendor Privileged Access Management

Single Sign On
2023-02-20

Identity Provider Versus Single-Sign-On

Identity Versus Authentication
2023-02-20

Who Are You? Prove It! Identity Versus Authentication

protect-against-proxy-not-shell-zero-trust
2022-09-30

Another Day, Another Exploit – Protecting Against the ProxyNotShell Exchange Server Zero-Day Vulnerability

phishing-attempt
2022-08-30

Well Timed or Coincidental, Cue the Phishing Attacks as 2.5M Students Affected by Data Breach

68410f2b web app security
2022-08-18

Protecting Against the OWASP Top 10 Web Application Vulnerabilities

f5f0f9ef industrial air gap 01
2022-05-19

Industrial Air Gap – A Tale Of 2 Users

279b7e84 cyber resolutions 2022 01
2022-01-06

Top 5 Cybersecurity Resolutions to Cross off Your List in 2022