Zero-trust Network Security Model
What is Zero-Trust?
Zero trust is a network security philosophy that states no one inside or outside the network should be trusted unless their identification has been thoroughly checked. Zero trust operates on the assumption that threats are an omnipresent factor—from both outside and inside the network. Zero trust also assumes that every attempt to access the network is a threat. These assumptions inform the thinking of network administrators, compelling them to design stringent, trustless security measures.
How Traditional Protections Created the Need for Zero-trust Models
Traditional security architecture is also referred to as the “castle-and-moat” model. Even though it targeted threats from the outside, it failed to address threats that already existed within the network. In effect, traditional security only distrusts factors outside the existing network. Therefore, once a threat is able to get inside the network, it has crossed the “moat” and has free reign to wreak havoc in the “castle” of your system. A zero-trust network security model eliminates threats regardless of their position relative to your network.
How the Zero-trust Model Evolved
The term “zero trust” was first coined by John Kindervag at Forrester Research. In a paper published in 2010, Kindervag explained how traditional network security models fail to provide adequate protection because they all require an element of trust. Administrators have to trust people and devices at various points in the network, and if this trust is violated, the entire network could be put at risk.
To solve the problem, he recommended the use of segmentation gateways (SG), which could be installed in the heart of a network. The SG model involves incorporating several different protection measures and using a packet-forwarding engine to dispatch protections where they are needed in the network.
Within a few years, Google adopted zero-trust security measures. Other companies, eager to follow in Google’s footsteps, also began adopting the zero-trust concept.
How Does Zero-trust Architecture Work?
Zero-trust implementation involves requiring strict identity verification for every individual or device attempting to access the network. This applies whether or not they are already inside the network perimeter. This means users have to undergo identity verification that can be triggered by events such as changes in the devices they use, their location, the frequency of their logging in, and the number of failed login attempts.
Protection begins by identifying your protect surface, which is based on one of four facets, commonly referenced by the acronym DAAS:
- Data: Which data do you have to protect?
- Applications: Which applications have sensitive information?
- Assets: What are your most sensitive assets?
- Services: Which services can a bad actor exploit in an attempt to interrupt normal IT operation?
Establishing this surface helps you hone in on exactly what needs to be protected. This is preferable to trying to guard the attack surface, which constantly increases in size and complexity.
A zero-trust policy involves regulating traffic around critical data and components by forming microperimeters. At the edge of a microperimeter, a zero-trust network employs a segmentation gateway, which monitors the entry of people and data, applying security measures designed to thoroughly vet them prior to granting access. This is accomplished using a Layer 7 firewall and the Kipling method.
A Layer 7 rule involves inspecting the payload of packets to see if they match known types of traffic. If a packet contains data that doesn’t meet the parameters of the Layer 7 rule, access is blocked. The Kipling method challenges the validity of the entry attempt by asking six questions about the entry and who is trying to get in: Who? What? When? Where? Why? How? If the answer to any of the queries raises a flag, access isn’t granted.
Multi-factor authentication (MFA) verifies the identity of a user by requiring them to provide multiple credentials. With traditional password entry methods, a bad actor only has to figure out the password and username, which are often easy for hackers to acquire. On the other hand, MFA requires multiple methods of identification. For example, a user may need both a USB stick and a password. Without either factor, a user would not be able to gain access.
Multi-factor authentication aids a zero-trust network by increasing the number of user-specific credentials required for access. This raises the challenge for hackers by a factor of two, three, four, or more.
Endpoints need to be verified to make sure each one is being controlled by the right person. Endpoint verification strengthens a zero-trust approach because it requires both the user and the endpoint itself to present credentials to the network. Each endpoint has its own layer of authentication that would necessitate users to prove their credentials before gaining access.
Then, in order for a component or program on the network to allow the endpoint access, it sends a verification out to the endpoint. The user then responds on the device. The data sent from the endpoint is used to check its validity, and a successful receipt and transmission process earns the device the status of “trustworthy.”
Unified endpoint management (UEM) allows administrators to centralize how they manage IT infrastructures by giving them a single set of tools they can use to verify multiple endpoints. Endpoint detection and response (EDR) verifies the safety and security of the endpoint. EDR works like a multifaceted antivirus, scanning the endpoint, identifying threats, and then taking steps to protect the endpoint—and by extension, the rest of the network.
Microsegmentation involves creating zones within the network to isolate and secure elements of the network that could contain sensitive information or provide access to malicious actors. A zero-trust security approach benefits from microsegmentation because once the secured area has been microsegmented, it’s protected from danger. The firewall or filter that forms a barrier around the zone can also block threats from exiting the zone, protecting the rest of the network.
Least-privilege access refers to only allowing users and devices to access what is essential to performing their duties. A zero-trust setup benefits from least-privilege access because it limits the number of points of entry to sensitive data or infrastructure. Least-privilege access may also save time and resources because fewer MFA measures have to be employed, limiting the volume of identification credentials that have to be granted and managed.
Benefits of a Zero-trust Model
While a zero-trust policy may require slightly more work for users who need access, its benefits far outweigh these minor inconveniences. Here are some of the reasons many enterprises have adopted the zero-trust philosophy while designing their security architecture:
- Protection of customer data: The wasted time and frustration that comes from the loss of customer data is eliminated, as is the cost of losing customers who no longer trust the business.
- Reduced redundancy and complexity of the security stack: When a zero-trust system handles all of the security functions, you can eliminate stacks of redundant firewalls, web gateways, and other virtual and hardware security devices.
- Reduced need to hire and train security professionals: A central zero-trust system means you don't have to hire as many people to manage, monitor, secure, refine, and update security controls.
Without zero-trust architecture in place, companies unnecessarily expose themselves to costly data breaches. For example, in May 2014, hackers gained access to the addresses, names, dates of birth, and passwords of 145 million eBay users. To get in, they simply used the login credentials of three eBay employees.
If eBay had used a zero-trust model equipped with at least two levels of MFA, the hackers would have needed more information than just a username and password to gain access. Requiring a USB device to be plugged into a specific computer, for example, could have saved eBay the embarrassment and loss of public trust.
How to Implement Zero-trust Security
With the right tools, implementing a zero-trust approach to security only takes a few basic steps.
Define a Protect Surface
Outline the types of data or network components you absolutely need to protect. For many companies, this may include:
- Customer data
- Financial records
- Employee information
- Proprietary collateral like blueprints and patents
- Network equipment like servers, switches, and routers
Limit Access to Data
Figure out what each user needs to access to perform their duties, and make sure they can only get into those specific areas. This reduces human error because it limits the attack surface for phishing or malware invasions. Also, if a user has one weak password they use for several points of access, a malicious actor could figure out that password. This could inflate the effects of a breach, as the hacker could infiltrate not just areas essential to the user’s job but also the nonessential sections of the network as well.
Give Your Team Visibility
When your IT team has visibility, they can both help users get the most out of the network and keep a watchful eye on the system. Adequate visibility paves the way to leverage:
- Reporting: Reports of user activity can be analyzed to identify attempts to break into the system.
- Analytics: Analyzing user activity over a period of time may reveal patterns of behavior. A break in the pattern could indicate an attempt to bypass security protocols.
- Monitoring: Monitoring the system in real time can reveal hackers’ attempts at infiltration as they happen.
- Logging: When system activity is logged, you can analyze the data to look for anomalies that could be due to attempted breaches. You can also ascertain the methodology of a hacker by studying the logs after a hack.
Build Your Zero-trust Network
Fortinet can provide the foundation of your zero-trust network. With FortiNAC, you get an intelligent network access control system with built-in zero-trust controls. Additionally, you can shield your network from malicious users attempting to use Internet-of-Things (IoT) devices to compromise your system.
With the combination of FortiAuthenticator and FortiToken, you get the power of trustless identification for the Fortinet Security Fabric. FortiAuthenticator provides centralized authentication services, while FortiToken adds a secondary factor by implementing physical and mobile application-based tokens.