SlideShare une entreprise Scribd logo

Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber.pdf

null - The Open Security Community
null - The Open Security Community

Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber , at null/OWASP Kolkata Meetup on 09 December 2023

Ingénierie
1  sur  21
Télécharger pour lire hors ligne
Beyond Boundaries: The Power of Zero Trust Networking By Mohammed Danish Amber
About Me • Mohammed Danish Amber • Project Manager (Cognizant) • Security Researcher | IOT Hacker | OSS Contributor • EX NULL HYDERBAD CORE Member/Moderator • www.mohammeddanishamber.com • me@mohammeddanishamber.com
AGENDA • Introduction • Traditional VPN • Zero Trust Networking • Underlying Assumptions • Access Control • Verification and Authentication • Network Segmentation • Trust Model • Device Security • Scalability • User Experience • Implementation Complexity • Security Posture • Conclusion • Choose the Right Fit • Q&A
Introduction • Significance of the Decision • Adapting to Change • Security Beyond Perimeters • User-Centric Security • Meeting Modern Security Needs • Understanding Traditional VPNs • Exploring Zero Trust Networking
Traditional VPN • Secure Network Access • Perimeter-Based Security • Established Technology • Global Connectivity • Challenges in Evolving Threat Landscape
Traditional VPN
Traditional VPN
Zero Trust Model & Networking • The zero trust security model, also known as zero trust architecture (ZTA), and sometimes known as perimeterless security, describes an approach to the strategy, design and implementation of IT systems. • The main concept behind the zero trust security model is "never trust, always verify," which means that users and devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified. • ZTA is implemented by establishing strong identity verification, validating device compliance prior to granting access, and ensuring least privilege access to only explicitly authorized resources. • The zero trust approach advocates mutual authentication, including checking the identity and integrity of users and devices without respect to location, and providing access to applications and services based on the confidence of user and device identity and device health in combination with user authentication. • The principles of zero trust can be applied to data access, and to the management of data. This brings about zero trust data security where every request to access the data needs to be authenticated dynamically and ensure least privileged access to resources. • In order to determine if access can be granted, policies can be applied based on the attributes of the data, who the user is, and the type of environment using Attribute-Based Access Control (ABAC). • This zero-trust data security approach can protect access to the data.
Underlying Assumptions • Traditional VPN: Assumes trust once inside the network. • Zero Trust Networking: Assumes zero trust, even for internal users.
Access Controls • Traditional VPN: Broad network access once connected. • Zero Trust Networking: Granular access control based on user identity and least privilege. – Using enhanced identity governance and policy- based access controls.
Verification & Authentications • Traditional VPN: Relies on username and password, May multi- factor authentication. • Zero Trust Networking: Implements continuous verification, multi- factor authentication, and strong password policies. – Single strong source of user identity – User authentication – Machine authentication – Additional context, such as policy compliance and device health – Authorization policies to access an application – Access control policies within an application
Network Segmentation • Traditional VPN: Limited segmentation; flat network structure. • Zero Trust Networking: Micro-segmentation for isolating and restricting lateral movement. – Using micro-segmentation – Using overlay networks and software-defined perimeters
Trust Model • Traditional VPN: Trusts users and devices once inside the network perimeter. • Zero Trust Networking: Never trusts; always verifies users and devices, regardless of location. – Applies to both Internal & External Devices and Users.
Device Security • Traditional VPN: Assumes device security once connected. • Zero Trust Networking: Continuous monitoring of device security and compliance.
Scalability • Traditional VPN: May face scalability challenges as the organization grows. • Zero Trust Networking: Built for scalability and adaptability to evolving organizational needs.
User Experience • Traditional VPN: May impact user experience with potential latency. • Zero Trust Networking: Strives for a seamless user experience with minimal impact.
Implementation Complexity • Traditional VPN: Generally simpler to set up and manage. • Zero Trust Networking: May require a more complex implementation process.
Security Posture • Traditional VPN: Focuses on securing the network perimeter. • Zero Trust Networking: Focuses on securing users, devices, and data wherever they are.
Conclusion • Paradigm Shift in Security – In conclusion, the comparison between traditional VPNs and Zero Trust Networking underscores a paradigm shift in security thinking—from perimeter-based trust to continuous verification and dynamic access control. • User-Centric vs. Perimeter-Centric – The fundamental difference lies in the shift from a perimeter-centric approach of traditional VPNs to the user-centric philosophy of Zero Trust Networking, where trust is never assumed but constantly verified. • Granular Access Control – Zero Trust Networking introduces granular access control, ensuring that users and devices have the minimum necessary access, limiting potential risks associated with broader access provided by traditional VPNs. • Adaptability to Modern Threats – As the threat landscape evolves, the adaptability of Zero Trust Networking shines, providing a more robust defense against emerging cyber threats compared to the traditional and somewhat static nature of VPNs. • Choosing the Right Fit – Organizations must carefully consider their security requirements, scalability needs, and the user experience when choosing between traditional VPNs and Zero Trust Networking - a decision that can significantly impact their overall cybersecurity posture.
Products/Services • Closed Source/Paid services – Rubrik – Cohesity – GoodAccess – Zscaler Internet Access – Forescout Continuum – Delinea Secret Server – Palo Alto Networks Prisma Access – Cloudflare Zero Trust Services – Perimeter81 – Zscaler Private Access – Forcepoint ONE – Twingate • & Many More • OpenSource – Free & Paid Services – Wireguard – Tailscale – ZeroTier – Ngrok – Netbird – HeadScale – Netmaker – Twingate – Firezone – Pritunl – Remote.it – Mmesh – FerrumGate • & Many More
Thank You • DEMO • Q & A

Recommandé

Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 
Unit 5
Unit 5Unit 5
Unit 5DhanalakshmiVelusamy1
 
Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517Zscaler
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataGreat Wide Open
 
The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!Caroline Johnson
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
CC UNIT-2.pptx
CC UNIT-2.pptxCC UNIT-2.pptx
CC UNIT-2.pptxkarthik930637
 

Recommandé

Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 
Unit 5
Unit 5Unit 5
Unit 5DhanalakshmiVelusamy1
 
Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517Zscaler
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataGreat Wide Open
 
The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!Caroline Johnson
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
CC UNIT-2.pptx
CC UNIT-2.pptxCC UNIT-2.pptx
CC UNIT-2.pptxkarthik930637
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNithin Raj
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01EduclentMegasoftel
 
Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpnShradha Maheshwari
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Ontario Cloud SIG
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxkkhhusshi
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019Zscaler
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1PROIDEA
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Secure Cloud Issues
Secure Cloud IssuesSecure Cloud Issues
Secure Cloud IssuesDevyani Vaidya
 
Zero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesZero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesNGINX, Inc.
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to RealityPriyanka Aash
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud SecurityAmazon Web Services LATAM
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Cloud computing
Cloud computingCloud computing
Cloud computingHamza Sajjad
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustFrans Sauermann
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community
 

Contenu connexe

Similaire à Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber.pdf

Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNithin Raj
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Ontario Cloud SIG
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxkkhhusshi
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019Zscaler
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1PROIDEA
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Zero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesZero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesNGINX, Inc.
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to RealityPriyanka Aash
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustFrans Sauermann
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 

Similaire à Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber.pdf (20)

Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpn
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptx
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Secure Cloud Issues
Secure Cloud IssuesSecure Cloud Issues
Secure Cloud Issues
 
Zero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesZero Trust Best Practices for Kubernetes
Zero Trust Best Practices for Kubernetes
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation Firewalls
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
 

Plus de null - The Open Security Community

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdfImmutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdfnull - The Open Security Community
 
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdfDigital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdfnull - The Open Security Community
 
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxReverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxnull - The Open Security Community
 
Get Started with Cyber Security and Its Landscape Null Community Presentation...
Get Started with Cyber Security and Its Landscape Null Community Presentation...Get Started with Cyber Security and Its Landscape Null Community Presentation...
Get Started with Cyber Security and Its Landscape Null Community Presentation...null - The Open Security Community
 
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxDemystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxnull - The Open Security Community
 

Plus de null - The Open Security Community (18)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Hardware-Hacking-101 By Asutosh Kumar.pdf
Hardware-Hacking-101 By Asutosh Kumar.pdfHardware-Hacking-101 By Asutosh Kumar.pdf
Hardware-Hacking-101 By Asutosh Kumar.pdf
 
Demystifying-DNS-Attack-by-Rakesh Seal.pdf
Demystifying-DNS-Attack-by-Rakesh Seal.pdfDemystifying-DNS-Attack-by-Rakesh Seal.pdf
Demystifying-DNS-Attack-by-Rakesh Seal.pdf
 
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdfImmutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
 
Recon for Bug Bounty by Agnibha Dutta.pdf
Recon for Bug Bounty by Agnibha Dutta.pdfRecon for Bug Bounty by Agnibha Dutta.pdf
Recon for Bug Bounty by Agnibha Dutta.pdf
 
A talk on OWASP Top 10 by Mukunda Tamly
A talk on OWASP Top 10 by Mukunda TamlyA talk on OWASP Top 10 by Mukunda Tamly
A talk on OWASP Top 10 by Mukunda Tamly
 
The Mysterious Paradigm of Fuzzing by Rakesh Seal
The Mysterious Paradigm of Fuzzing by Rakesh SealThe Mysterious Paradigm of Fuzzing by Rakesh Seal
The Mysterious Paradigm of Fuzzing by Rakesh Seal
 
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdfDigital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
 
Cyber_Forensics_in_the_New_Age_of_Cyber_Security.pdf
Cyber_Forensics_in_the_New_Age_of_Cyber_Security.pdfCyber_Forensics_in_the_New_Age_of_Cyber_Security.pdf
Cyber_Forensics_in_the_New_Age_of_Cyber_Security.pdf
 
GSM-CallFlowAndSecurity Features (2G-3G-4G).pptx
GSM-CallFlowAndSecurity Features (2G-3G-4G).pptxGSM-CallFlowAndSecurity Features (2G-3G-4G).pptx
GSM-CallFlowAndSecurity Features (2G-3G-4G).pptx
 
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxReverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
 
Get Started with Cyber Security and Its Landscape Null Community Presentation...
Get Started with Cyber Security and Its Landscape Null Community Presentation...Get Started with Cyber Security and Its Landscape Null Community Presentation...
Get Started with Cyber Security and Its Landscape Null Community Presentation...
 
Evolution of Hacking- Ronit Chakraborty .pptx
Evolution of Hacking- Ronit Chakraborty .pptxEvolution of Hacking- Ronit Chakraborty .pptx
Evolution of Hacking- Ronit Chakraborty .pptx
 
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxDemystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
 
C&C Framework- Ayan Saha.pptx
C&C Framework- Ayan Saha.pptxC&C Framework- Ayan Saha.pptx
C&C Framework- Ayan Saha.pptx
 

Dernier

8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...josephjonse
 
Scouring of cotton and wool fabric with effective scouring method
Scouring of cotton and wool fabric with effective scouring methodScouring of cotton and wool fabric with effective scouring method
Scouring of cotton and wool fabric with effective scouring methodvimal412355
 
Fundamentals of Internet of Things (IoT) Part-2
Fundamentals of Internet of Things (IoT) Part-2Fundamentals of Internet of Things (IoT) Part-2
Fundamentals of Internet of Things (IoT) Part-2ChandrakantDivate1
 
Autodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptxAutodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptxMustafa Ahmed
 
Augmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptxAugmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptxMustafa Ahmed
 
Dynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxDynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxMustafa Ahmed
 
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...Christo Ananth
 
analog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxanalog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxKarpagam Institute of Teechnology
 
Introduction to Geographic Information Systems
Introduction to Geographic Information SystemsIntroduction to Geographic Information Systems
Introduction to Geographic Information SystemsAnge Felix NSANZIYERA
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxNANDHAKUMARA10
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesChandrakantDivate1
 
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...ssuserdfc773
 
DFT - Discrete Fourier Transform and its Properties
DFT - Discrete Fourier Transform and its PropertiesDFT - Discrete Fourier Transform and its Properties
DFT - Discrete Fourier Transform and its PropertiesShiny Christobel
 
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...ronahami
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayEpec Engineered Technologies
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiessarkmank1
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdfAlexander Litvinenko
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxSCMS School of Architecture
 
21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docx21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docxrahulmanepalli02
 
Path loss model, OKUMURA Model, Hata Model
Path loss model, OKUMURA Model, Hata ModelPath loss model, OKUMURA Model, Hata Model
Path loss model, OKUMURA Model, Hata ModelDrAjayKumarYadav4
 

Dernier (20)

8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
 
Scouring of cotton and wool fabric with effective scouring method
Scouring of cotton and wool fabric with effective scouring methodScouring of cotton and wool fabric with effective scouring method
Scouring of cotton and wool fabric with effective scouring method
 
Fundamentals of Internet of Things (IoT) Part-2
Fundamentals of Internet of Things (IoT) Part-2Fundamentals of Internet of Things (IoT) Part-2
Fundamentals of Internet of Things (IoT) Part-2
 
Autodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptxAutodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptx
 
Augmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptxAugmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptx
 
Dynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxDynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptx
 
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
 
analog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxanalog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptx
 
Introduction to Geographic Information Systems
Introduction to Geographic Information SystemsIntroduction to Geographic Information Systems
Introduction to Geographic Information Systems
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptx
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
 
DFT - Discrete Fourier Transform and its Properties
DFT - Discrete Fourier Transform and its PropertiesDFT - Discrete Fourier Transform and its Properties
DFT - Discrete Fourier Transform and its Properties
 
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docx21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docx
 
Path loss model, OKUMURA Model, Hata Model
Path loss model, OKUMURA Model, Hata ModelPath loss model, OKUMURA Model, Hata Model
Path loss model, OKUMURA Model, Hata Model
 

Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber.pdf

  • 1. Beyond Boundaries: The Power of Zero Trust Networking By Mohammed Danish Amber
  • 2. About Me • Mohammed Danish Amber • Project Manager (Cognizant) • Security Researcher | IOT Hacker | OSS Contributor • EX NULL HYDERBAD CORE Member/Moderator • www.mohammeddanishamber.com • me@mohammeddanishamber.com
  • 3. AGENDA • Introduction • Traditional VPN • Zero Trust Networking • Underlying Assumptions • Access Control • Verification and Authentication • Network Segmentation • Trust Model • Device Security • Scalability • User Experience • Implementation Complexity • Security Posture • Conclusion • Choose the Right Fit • Q&A
  • 4. Introduction • Significance of the Decision • Adapting to Change • Security Beyond Perimeters • User-Centric Security • Meeting Modern Security Needs • Understanding Traditional VPNs • Exploring Zero Trust Networking
  • 5. Traditional VPN • Secure Network Access • Perimeter-Based Security • Established Technology • Global Connectivity • Challenges in Evolving Threat Landscape
  • 8. Zero Trust Model & Networking • The zero trust security model, also known as zero trust architecture (ZTA), and sometimes known as perimeterless security, describes an approach to the strategy, design and implementation of IT systems. • The main concept behind the zero trust security model is "never trust, always verify," which means that users and devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified. • ZTA is implemented by establishing strong identity verification, validating device compliance prior to granting access, and ensuring least privilege access to only explicitly authorized resources. • The zero trust approach advocates mutual authentication, including checking the identity and integrity of users and devices without respect to location, and providing access to applications and services based on the confidence of user and device identity and device health in combination with user authentication. • The principles of zero trust can be applied to data access, and to the management of data. This brings about zero trust data security where every request to access the data needs to be authenticated dynamically and ensure least privileged access to resources. • In order to determine if access can be granted, policies can be applied based on the attributes of the data, who the user is, and the type of environment using Attribute-Based Access Control (ABAC). • This zero-trust data security approach can protect access to the data.
  • 9. Underlying Assumptions • Traditional VPN: Assumes trust once inside the network. • Zero Trust Networking: Assumes zero trust, even for internal users.
  • 10. Access Controls • Traditional VPN: Broad network access once connected. • Zero Trust Networking: Granular access control based on user identity and least privilege. – Using enhanced identity governance and policy- based access controls.
  • 11. Verification & Authentications • Traditional VPN: Relies on username and password, May multi- factor authentication. • Zero Trust Networking: Implements continuous verification, multi- factor authentication, and strong password policies. – Single strong source of user identity – User authentication – Machine authentication – Additional context, such as policy compliance and device health – Authorization policies to access an application – Access control policies within an application
  • 12. Network Segmentation • Traditional VPN: Limited segmentation; flat network structure. • Zero Trust Networking: Micro-segmentation for isolating and restricting lateral movement. – Using micro-segmentation – Using overlay networks and software-defined perimeters
  • 13. Trust Model • Traditional VPN: Trusts users and devices once inside the network perimeter. • Zero Trust Networking: Never trusts; always verifies users and devices, regardless of location. – Applies to both Internal & External Devices and Users.
  • 14. Device Security • Traditional VPN: Assumes device security once connected. • Zero Trust Networking: Continuous monitoring of device security and compliance.
  • 15. Scalability • Traditional VPN: May face scalability challenges as the organization grows. • Zero Trust Networking: Built for scalability and adaptability to evolving organizational needs.
  • 16. User Experience • Traditional VPN: May impact user experience with potential latency. • Zero Trust Networking: Strives for a seamless user experience with minimal impact.
  • 17. Implementation Complexity • Traditional VPN: Generally simpler to set up and manage. • Zero Trust Networking: May require a more complex implementation process.
  • 18. Security Posture • Traditional VPN: Focuses on securing the network perimeter. • Zero Trust Networking: Focuses on securing users, devices, and data wherever they are.
  • 19. Conclusion • Paradigm Shift in Security – In conclusion, the comparison between traditional VPNs and Zero Trust Networking underscores a paradigm shift in security thinking—from perimeter-based trust to continuous verification and dynamic access control. • User-Centric vs. Perimeter-Centric – The fundamental difference lies in the shift from a perimeter-centric approach of traditional VPNs to the user-centric philosophy of Zero Trust Networking, where trust is never assumed but constantly verified. • Granular Access Control – Zero Trust Networking introduces granular access control, ensuring that users and devices have the minimum necessary access, limiting potential risks associated with broader access provided by traditional VPNs. • Adaptability to Modern Threats – As the threat landscape evolves, the adaptability of Zero Trust Networking shines, providing a more robust defense against emerging cyber threats compared to the traditional and somewhat static nature of VPNs. • Choosing the Right Fit – Organizations must carefully consider their security requirements, scalability needs, and the user experience when choosing between traditional VPNs and Zero Trust Networking - a decision that can significantly impact their overall cybersecurity posture.
  • 20. Products/Services • Closed Source/Paid services – Rubrik – Cohesity – GoodAccess – Zscaler Internet Access – Forescout Continuum – Delinea Secret Server – Palo Alto Networks Prisma Access – Cloudflare Zero Trust Services – Perimeter81 – Zscaler Private Access – Forcepoint ONE – Twingate • & Many More • OpenSource – Free & Paid Services – Wireguard – Tailscale – ZeroTier – Ngrok – Netbird – HeadScale – Netmaker – Twingate – Firezone – Pritunl – Remote.it – Mmesh – FerrumGate • & Many More