Securing business data

Blog Item

Who do you trust? Networks...



Exactly what is a trusted network? For many it is the supposedly secure haven in which network operations can happen without fear of compromise. Typically, it is segmented and access is limited through devices such as firewalls and role-based access control. In the PCI DSS world, the Cardholder Data Environment (CDE) is the classic example of such a design. The wider internal network is protected by the normal username / password combination that we’re all familiar with. As a concept, it has worked well and provided a reasonable level of protection for corporate environments. At its heart is the view that all devices connected to the network ensure some form of trust.

But does this design suit the needs of today’s modern hybrid networks? Those of you who have worked in the industry for long enough will probably remember the phrase ‘de-perimeterisation’ - a network design whereby the ‘crown jewels’ of the network were protected by multi-layered systems and proxies and every device outside was treated as untrusted. Unless you met the criteria, you weren’t getting in.

This was not a bad idea from a risk management standpoint, but the reality of many designs lead to bottlenecks and latency issues when managing large number of legitimate users trying to access the protected systems. In many respects, a self-inflicted form of a denial-of-service attack.

So now step forward the ‘zero trust network’ (‘ZTN’). ZTNs assume that no one device has the right to connect to another. Although this could be considered pessimistic in its assumption, from a compliance and risk perspective, it is the default view and one that all network managers should adopt. Modern networks and practices have created very fluid environments. The widespread adoption of mobile devices, BYOD and cloud environments combined with ever evolving attack vectors make the traditional design of a perimeterised network if not obsolete, then certainly nearing the end of its life.

The guiding principle is: ‘never trust, always verify’

Although there are slight differences in design, generally ZTNs have the following core components:

  • A device to manage user identity
  • A directory of devices and their assigned access rights to corporate systems
  • A policy engine that determines access decisions
  • A proxy or gateway device that utilises the information from the 3 other sources to enable access to corporate systems

So rather than blanket trust, decisions are made on the basis on a combination of factors. Without the correct information, no access will be granted. This combination of ‘trust’ is often referred to as ‘dynamic trust’ and it is this ability to set granular access (setting a higher threshold for access to core assets for instance) that allows for an increased level of access control. The assumption that two devices can communicate which other because they happen to be in the same network segment is removed.

ZTNs also require the network administrator to have an intimate knowledge of the applications and services that run on their network – down to specific ports and protocols. The days of assuming that because an application uses port 443 for HTTPS it is therefore secure, are gone. Plenty of ‘bad stuff’ travels over secure connections.

One of the aims of ZTNs is to disrupt the main goal of a hacker which is to gain access and elevate privileges to an extent that allows them to move across and penetrate corporate systems. By gaining the required administrator rights, a skilled attacker can also cover their tracks, making detection difficult.

The dynamic trust element limits the impact of an attacker using stolen network credentials to compromise a single device which in many cases allows an attacker to compromise an entire network, moving freely between devices.

ZTNs are the logical result of the assumption that your network has already been (or will be) compromised. Of course, they are not the answer to all the problems of network design and controlling access (it is a fair argument to assume that a higher degree of network management would be required to effectively police and tune such a design) but it does offer a very real and effective way of providing the kind of flexible network that users demand without compromising on security and risk management.

Author: Chris Leppard 

Job Title: Managing Consultant (& expert in Compliance & Governance matters).

Chris is a highly experienced and dedicated senior IT professional with more than 20 years of working in the industry. His background is in cyber security, pre-sales, risk management and consultancy services. Chris is  commercially aware with a broad range of industry experience having worked for organisations both in the public and private sector.

In recent years, Chris’ career has taken him out of pure technical roles and into senior management, looking after diverse consultancy teams, helping them to grow and expand. He is a strong believer that the team should be better than any individual and as such actively encourages all team members to excel in their technical ability and contribute by becoming subject matter experts in cyber security.


call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere