Shulou(Shulou.com)06/01 Report--

With the influx of mobile devices into enterprises, the expansion of the Internet of things (IoT), and the growth in the number and complexity of cybercriminals, many security experts believe that zero trust is a better way to counter changing network and data security threats.

Network security vulnerabilities are often found in the most unlikely places. In one case in BloombergBusinessWeek, for example, there is an Internet port on the electric remote control of the curtains in a hotel room that provides access to the hotel's internal computer system. The vulnerability was discovered by the network security contractor during a security audit. This case shows that in today's connected world, backdoor loopholes can be seen almost everywhere.

What is zero trust security?

The term "zero trust" was coined by Forrester Research analysts in a 2013 report to the National Institute of Standards and Technology (NIST), which is part of the U.S. government's cyber security program. Because Mobile and big data make 'building stronger walls' an expensive farce, unable to fully protect network security, Forrester put forward the concept of zero trust.

Zero trust refers to a network design concept that "requires security to be built into the DNA of IT architecture through situational awareness and strong vulnerability event management capabilities." In short, zero trust translates the "trust but need to verify" method into "verify but not trust".

Building a zero-trust security network in three steps

According to Forrester, organizations should ideally rebuild the network "from the inside out," starting with "the system resources and data repositories we need to protect." However, rebuilding the network can take a long time. In the following three steps, you can introduce the zero-trust security principle into your existing network.

1. Strengthen authentication

Although passwords are the first line of defense for most networks, 59% of users have the same password for multiple accounts, and it is likely that the user's password is only a few characters.

Identity and access management (IAM) solutions enable organizations to enhance security by applying multifactor authentication (MFA). Multi-factor authentication may require biometric factors, such as fingerprints, iris scans, or the use of physical objects, such as devices that support FIDO2.

two。 Network segmentation

Segmented or micro-segmented network can keep most of the network secure when the network is destroyed, thus minimizing the damage.

Implement network micro-segmentation, such as next-generation firewalls and data security controls, so that intruders cannot access more than a defined subset of data even if they can break through peripheral defenses.

3. Review visit behavior

In addition to protecting the network, an effective zero-trust policy includes monitoring access behavior and analyzing patterns and trends.

Analysis tools, tracking access behavior, and identifying patterns, trends, and potential threats can enhance data security, thereby enhancing customer trust in the network.

The leakage of network data puts customer information, enterprise intellectual property rights, employee records and so on at risk. In addition to economic losses, loss of reputation and loss of customer confidence, if other illegal acts are found, they may also bear legal liability. Hackers never rest their network attacks, and enterprise network security teams also need to constantly deal with network attacks. Zero-trust network construction can provide a powerful weapon for security teams.

Original address: https://www.linuxprobe.com/security-zero-trust-network.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.