There exist many perspectives of Zero Trust. Which of the following is correct? (Wentz QOTD)
A. Zero Trust adoption uses the big bang strategy.
B. Zero Trust networks may coexist with legacy networks isolated by firewalls.
C. Zero Trust prevents lateral movement through the castle-and-moat architecture.
D. Zero Trust, aka perimeterless security, doesn’t define any forms of the perimeter.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Zero Trust networks may coexist with legacy networks isolated by firewalls.
I define Zero Trust as a new cybersecurity paradigm for access control that features data-centric, fine-grained, dynamic, and visibility.
The beauty of Zero Trust lies in the incremental implementation. Organizations can remain their legacy networks and gradually migrate to Zero Trust. The beauty of Zero Trust lies in the incremental implementation. Organizations can remain their legacy networks and gradually invest in Zero Trust. Even we can do this, but big bang adoption is too radical.
Castle and Moat
Even though various perspectives of Zero Trust exist, no reliance on the physical network location or perimeter is the greatest common factor; firewall-isolated zones such as internal network and DMZ are typical examples of the physical network perimeter. It is also known as castle-and-moat architecture.
Software-defined Perimeter
In a Zero Trust architecture, resources of interest or concern are grouped or segmented using a software-defined or virtual perimeter, which may entail next-generation firewalls.
Reference
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
零信任存在很多觀點。 以下哪項是正確的?(Wentz QOTD)
A. 零信任採用大爆炸(big bang)策略。
B. 零信任網絡可能與防火牆隔離的傳統網絡共存。
C. 零信任透過城堡和護城河(castle-and-moat)架構來防止橫向移動。
D. 零信任(又稱無邊界安全性)沒有定義任何形式的邊界。
Why is D wrong?
Perimeterless refers to removal of physical perimeter of networks. Zero Trust doesn’t rely on physical network perimeter but software defined or virtual perimeter.