You might be hearing a lot about zero trust (ZT) these days. But with every new buzz word, it’s at risk of being over-appropriated and over-used. Zero trust is an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on:
- Subjects: end users, applications and other nonhuman entities that request information from resources.
- Resources: applications, databases, documents – basically anything a subject can request access to – rather than just network perimeters.
Zero Trust Architecture (ZTA) is timely because of the accelerating trends of BYOD and the fact that with remote users and the cloud – both your users and assets are scattered all over the Internet most of the time. So, it’s not surprising that vendors everywhere are talking about Zero Trust, but the NIST and National Center for Cyber Security Excellence have put together a valuable document called NIST SP 800-207 ZERO TRUST ARCHITECTURE, which we’ll be using as the basis for our discussion in this real training for free webinar.
I will introduce you to the NIST ZTA and its structure. ZTA assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned). Authentication and authorization – of both the end user and device – are discrete functions performed before a session for an enterprise resource to be established.
NIST SP 800-207 provides an abstract definition of ZTA and then presents general deployment models and specific use cases where zero trust could improve an enterprise’s overall information technology security posture. Some of the points we’ll be covering include:
- Tenets of a Zero Trust
- A ZT view of a network
- Implementing ZTA with
- Identity governance
- Software-defined networks
In this webinar, we’ve chosen Linux privileged access as our specific use case for applying ZTA. This is particularly difficult in the case of Linux, where administration is almost always performed remotely, giving a user on the other end of the secure connection privileged access to a Linux server. And, with the new-normal remote workforce climate, the perimeter has shifted to personal devices and home WiFi networks, making the organizations ability to control exactly which endpoint device is being used and who is controlling the keyboard when accessing Linux systems an even greater challenge. Given the direct ability to gain root access to a Linux server and the high value of these systems as targets by the bad guys, this creates a huge risk.
Patrick Schneider, Sr. Solutions Engineer at our sponsor BeyondTrust, will handle the Linux use case portion of this real training for free event. Some of the points he’ll cover include:
- Why native Linux sessions don’t adhere to the NIST Zero Trust Architecture
- What’s missing between the Linux server and the endpoint device to put proper controls in place to protect remote privileged access
- How to implement the NIST principles to protect access to privileged Linux sessions
Please join us for this real training for free event.
Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes in Windows and Active Directory security. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, national, and international organizations.
Randy Franklin Smith began his career in information technology in the 1980s developing software for a variety of companies. During the early 1990s, he led a business process re-engineering effort for a multi-national organization and designed several mission critical, object-oriented, client/server systems. As the Internet and Windows NT took off, Randy focused on security and led his employer's information security planning team. In 1997, he formed Monterey Technology Group, Inc. where he serves as President.
- Certified Information Systems Auditor (CISA)
- Microsoft Security Most Valuable Professional (MVP)
- Systems Security Certified Professional (SSCP)
- Information Systems Security Association (ISSA)
- Information Systems Audit and Control Association (ISACA)
- Center for Internet Security (CIS)
Patrick Schneider is a Senior IGA professional, with 30 years of experience in the Information Technology industry. Prior to joining BeyondTrust as a Senior Solutions Architect, Patrick was a Senior Solutions Engineer for the Security portfolio of a major IAM solutions provider. Patrick holds many industry certifications such as Comptia+, MCP, Certified Directory Engineer, Certified Linux Engineer and more.