Zero Trust Explained | Real World Example
Vložit
- čas přidán 5. 06. 2024
- Get your free Twingate account: www.twingate.com/?...
-------------------------------------------------------------------------------
MY FULL CCNA COURSE
📹 CCNA - certbros.teachable.com/p/cisc...
FREE CCNA FLASHCARDS
🃏 CCNA Flashcards - certbros.com/ccna/flashcards
HOW TO PASS THE CCNA
📚 Get a great book - amzn.to/3f16QA5
📹 Take a video course - certbros.teachable.com/p/cisc...
✔ Use practice exams - www.certbros.com/ccna/Exsim
SOCIAL
🐦 Twitter - / certbros
📸 Instagram - / certbros
👔 LinkedIn - / certbros
💬 Discord - www.certbros.com/discord
Disclaimer: These are affiliate links. If you purchase using these links, I'll receive a small commission at no extra charge to you.
---------------------------------------------------------------------------------------------------------------
Zero Trust is critical in protecting us from hackers and cybercrime in the modern world.
Zero Trust is a security concept or a framework.
The goal is to trust no one! Instead, we must continually authenticate, authorise, and assess every user and every device.
Zero Trust is achieved using a mixture of security policies and the right security tools.
To fully understand the problem Zero Trust solves, we need to look back a few years.
A traditional network uses the perimeter-based security model. Because all the devices are owned by the business, we can control them using group policy for configurations, and our firewalls control what traffic is allowed in and out.
We call this our trusted network because we control these devices.
Everything on the outside, which we don't control, is called the untrusted network.
This type of setup worked well for a long time, however, this idea of perimeter security has faced challenges in recent years.
Cloud computing and Web Apps
Most businesses are now using a combination of web applications and cloud computing services.
These applications and services can be accessed from anywhere, on any device.
Remote working
Users are not always in the physical office network.
Sometimes, they work from home, in a coffee shop, or any other public wifi.
How do we provide access to the resources the user needs while ensuring they are using a safe connection and they are, in fact, who they claim to be?
User-owned devices
Users are not always using company-owned devices.
Users may want to use their own phones, tablets or laptops to connect to corporate data and services. How do we ensure that these devices are free from malware and secure enough to access company resources?
Lateral attacks / breached perimeters
One of the biggest problems with perimeter-based security is something called lateral movement.
If an attacker can find just one weakness in the perimeter and get access, then the explicit trust gives the attacker access to the other resources within the network.
All of these problems have been gradually increasing in recent years.
However, the pandemic skyrocketed these, and it was clear that the traditional perimeter security approach could no longer protect this new way of working.
So, a new solution needed to be found, and this brings us to Zero Trust!
At its core, Zero Trust does exactly what it says on the tin. It removes all trust in users, devices, and networks. A phrase often used to describe this is "Never Trust, Always Verify".
It doesn't matter if you are sitting in a coffee shop, at home, or in the office behind company firewalls; you are treated exactly the same.
Now, the way to prove your innocence is to be verified. This is done based on several factors, including things like credentials, the device being used, and the location of the request.
The next principle is that of least privilege. Least privilege means only providing the minimum level of privilege needed to do a task.
As humans, we also want to be as helpful as possible, often giving much more access to users than needed or giving access temporarily and never actually removing it. This is a weakness, and attackers do take advantage of this.
The last principle of zero Trust we will discuss is Assume Breach. This means that we are not just trying to stop cyber attacks, but we assume the systems will be breached at some point, If they haven't already.
By taking this mindset, we can start to plan our defences for if the worst should happen.
OK, so there we have it. Zero Trust is not a single tool or technology. Instead, it is a concept achieved by implementing security policies and tools that align with the core principle of 'never trust, always verify.
00:00 Into to Zero Trust
01:22 Perimeter-based security
04:23 Zero Trust Explained
09:34 Real World Example
20:43 Outro
This was easy to watch, insightful, and a genius way to incorporate your sponsor in a way that actually means something. Great job!
Thank you so much for the kind words. Really appreciate it! 😁
It's important when configuring conditional access, to have a "break the glass account" that's excluded from any policies.
Best explanation and example I've seen thus far. Excellent video 👍
Thank you Orley! Always one of the first to comment! :D
Brilliant video as always Sam - Thanks!
Thank you!!
Wonderful, insightful video. Thank you.
Amazing video. Sober and easy to understand. Entertained. Thanks for it! :)
Great explanation and demonstration 👏
Best explanation of Zero Trust on the internet.
Excellent insight on network security.
love this channel! Has helped boost a my knowledge in the areas I lacked. sidenote....has anyone ever told you that you look and sound like a young Peter Sage? lol
Really happy to hear! Thank you for all the support! No, they haven't, but now I'm Googling 'Peter Sage' 😅
Powerful!
this is the most simple explanation video of zero trust
Thank you very much! Glad you liked it.
Excellent. Thanks
❤❤❤I LOVE IT❤❤❤
what specific ubuntu vm did you run it on?
I'm a little confused: you gave a specific right to ip:5000. But you could easily mount a share, which is not on port 5000...
Port 5000 was to allow access to the web admin portal of the NAS drive. I also added port 445 for SMB to mount the share.
Good vidoe
Thank you Adony!
Do on a video of John the ripper
I'm so sad you reach went down 😢
CZcams is up and down sometimes. Its all good :D