使用零信任覆盖网络保护API.pdf

《使用零信任覆盖网络保护API.pdf》由会员分享，可在线阅读，更多相关《使用零信任覆盖网络保护API.pdf（56页珍藏版）》请在三个皮匠报告上搜索。

1、CLINT DOVHOLUKSecure Software by Design 2024PROTECTING APIS WITH ZERO TRUST OVERLAY MESH NETWORKSABOUT METHIS IS DEFINITELY NOT ME“Developers dont care about security“VERY COMMON THEME“SHIPPING IS A FEATURE”https:/ TRUSTIN MY APP?ZERO TRUSTIN MY APPLETS SECURE SOME APIS Long-time developer-20+years

2、Grew up with Java-C#-Golang-C Mostly API work Telecom-IoT-Zero Trust Networking(THIS IS ME)What is a secure by design API?vs“Mad Max”“The Beast”StrongIdentityContinuousAuthorizationLeastPrivilegeZero TrustX.509JWTWhat is a“Strong Identity”Continual AuthorizationLeast PrivilegeWHAT IS AN“OVERLAY NETW

3、ORK”?The InternetOverlay NetworkControllerWHAT IS AN“OVERLAY NETWORK”?RouterRouterEdge RouterEdge RouterOverlay NetworkControllerWHAT IS AN“OVERLAY NETWORK”?RouterRouterEdge RouterEdge RouterServiceOverlay Network Aware ClientOverlay Network Aware ClientNO listening portsNO hole in the firewall Self

4、-healing Optimal Routing Active Load BalancingZero Trust ZoneZTNA:ZeroTrustNetwork AccessZero Trust ZoneZTAA:ZeroTrustApplication AccessZero Trust ZoneZTHA:ZeroTrustHost AccessZTNA:ZeroTrust Network Access“trusted”zone“trusted”zoneHost NetworkHost Networknetwork/internetLocal networkLocal networkZer

5、o Trust ZoneZTNA:ZeroTrust Network Access“trusted”zone“trusted”zoneHost NetworkHost Networknetwork/internetLocal networkLocal networkZero Trust ZonefirewallfirewallZTHA:ZeroTrust Host AccessZero Trust Zone“trusted”zone“trusted”zoneHost NetworkHost Networknetwork/internetLocal networkLocal networkZTH

6、A:ZeroTrust Host AccessZero Trust Zone“trusted”zone“trusted”zoneHost NetworkHost Networknetwork/internetLocal networkLocal networkfirewallfirewallfirewallfirewallZTAA:ZeroTrust Application AccessZero Trust ZoneHost NetworkHost Networknetwork/internetLocal networkLocal network“trusted”zone“trusted”zo