零信任范式的采用.pdf

1、1|2024 SNIA.All Rights Reserved.Adopting the Zero Trust ParadigmEric Hibbard,CISSP,FIP,CISASamsung Semiconductor,Inc.2|2024 SNIA.All Rights Reserved.Perimeter Security Model Many organizations use a traditional perimeter security model Assumes that all users inside the network can be trusted while a

2、ll users outside the network are untrustworthy Assumes an effective barrier can be established and maintained Resources accessed from the Internet are often located within a DMZ Firewalls,intrusion detection systems(IDS),and virtual private networks(VPN)are common elements of perimeter security3|202

3、4 SNIA.All Rights Reserved.Zero Trust(ZT)Security Model Primarily focused on data and service protection;can also include all enterprise assets(devices,infrastructure components,applications,virtual and cloud components)subjects(end users,applications and other non-human entities that request inform

4、ation from resources)Assumes that an attacker is present in the environment Assumes an enterprise-owned environment is no different(i.e.,no more trustworthy)than any non-enterprise-owned environment In this paradigm,there is no implicit trust4|2024 SNIA.All Rights Reserved.Tenets of Zero Trust All d

5、ata sources and computing services are considered resources All communication is secured regardless of network location Access to individual enterprise resources is granted on a per-session basis Access to resources is determined by dynamic policy The enterprise monitors and measures the integrity a

6、nd security posture of all owned and associated assets All resource authentication and authorization are dynamic and strictly enforced before access is allowed The enterprise collects as much information as possible about the current state of assets,network infrastructure and communications and uses