Notes from _Zero Trust Networks_, part 1
• Mark Eschbach
All engineers on one of the projects I am attached to are required to read Zero Trust Networks by Evan Gilman and Doug Barth. This is the first installment.
Take my readings with a grain of salt on the intent of the authors. I could be wrong.
The Vision (Ch 1)
The authors go into a lot of their understanding of the evolution of computer networks. At least some parts seem to be later than I remember however I am not a historian, so I will let that ben. Covered in this chapter is what the author’s call traditional network achitecture.
The supposition is put forth traditional networks are built in layers of defense. Their definition of traditional networks are similar to onions. Where a majority of resources are dedicated to perimeter defense. As one moves farther towards the core of the onion you are more likely to see fewer and fewer defenses, or defenses based on the locations of devices within the network.
As a counter to this, partially in recognition of the changes in networks due to cloud computing, the authors raise a new model of trust. At the core of the model is a decision engine which takes multiple factors into account to verify the requesting operation is allowed to perform a specific operation.