Explore the concept of Zero Trust Networks in this comprehensive conference talk from BSidesLV 2017. Delve into both theoretical and practical aspects of this security model as presented by Doug Barth and Evan Gilman. Learn about the problem statement, example policies, and VPN architecture before addressing scalability concerns. Examine network properties, Google's Beyond Corp initiative, and the core principles of Zero Trust, including expected flows and symbolic policies. Discover key systems such as inventory and configuration management, as well as authentication services. Investigate various Zero Trust Network implementations, including data plane considerations, provisioning services, and the removal of trust. Gain insights into client-side and server-side implementations, large corporate networks, and control plane elements like SSO and access control engines. Explore the user experience, reality of implementation, and available building blocks, including commercial options. Conclude with a discussion on endpoint management and BlueScienti, providing a thorough understanding of Zero Trust Networks in both theory and practice.
Overview
Syllabus
Introduction
Meet Doug and Evan
Problem Statement
Example Policy
VPN Architecture
Scalability Concerns
Raw IP
Network properties
Google Beyond Core
Zero Trust
Every Flow is Expected
Symbolic Policy
Network Agent
Automation
Visibility
Whitelisting
Key Systems
Inventory Systems
Configuration Management Systems
Authentication Services
Zero Trust Network Implementations
Data Plane
Server vs Client
Provisioning Service
Removing Trust
Agility
Client side
Large corporate network
Beyond Corp
Control Plan
SSO
Access Control Engine
Zero Trust Corporate Network
Trust Inference Engine
Behavioral Harristix
User Experience
Reality
Building Blocks
Clientside implementations
Serverside implementations
Commercial options
Conclusion
Endpoint Management
BlueScient
Taught by
BSidesLV
