2021-021-Security Sphynx, ZeroTrust, implementation prep- part2

<p>EO from President Biden asked for a plan to create Zerotrust implementation in the next 90 days (well, 70ish days now… as of 23 May)</p> <p> https://twitter.com/SecuritySphynx/status/1390475868032618496</p> <p>@securitySphynx</p> <p>“CIO: Zero Trust is the way…”</p> <p>What is the optimal configuration (read: easiest) zero trust config?</p> <p>Are there different ways to implement Zero Trust?`</p> <p> https://solutions.pyramidci.com/blog/posts/2021/february/the-swiss-cheese-approach/</p> <p> https://tulsaworld.com/opinion/columnists/zero-trust-security-assume-that-everyone-and-everything-on-the-internet-is-out-to-get/article_f6bdbfad-1aae-5063-8ac0-6a1faf5a244c.html</p> <p> https://www.reddit.com/r/devops/comments/bqo6kp/open_source_or_cheap_zero_trust_beyondcorp/</p> <p> https://opensource.com/article/17/6/4-easy-ways-work-toward-zero-trust-security-model</p> <p><br /> https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf</p> <p>What is ZTA?</p> <p><br /> Who are your users?<br /> What Devices in use?<br /> Device attestation/health checks<br /> Applications exist?<br /> Connections exist?<br /> Not just into/out of the traditional LAN network - do you understand dependencies of applications and databases and how the traffic flows?<br /> Where is the data/traffic? coming from? Going to?<br /> When is this activity occurring and what is expected?<br /> WHY: Need to balance the access to technical resources in a rapidly evolving and dynamic business landscape that ceases to exist within the confines of normal security perimeters.<br /> Mobile workforce - how much work can you get done without ever getting on the VPN?<br /> Blockers<br /> Technical Debt<br /> IT Hygiene<br /> Zero Trust REQUIRES the pre-work of establishing baselines. You cannot detect abnormality in the absence of normality.<br /> Policy should exist to drive what the specifications of a baseline system, server, application, etc will be.<br /> Network traffic, endpoint performance, SIEM tuning, endpoint agent/softwar