2. “Zero Trust Access Network”
PRN: 77000028C
Dhole Patil College of Engineering, Pune.
2
Under the Guidance of:
Prof. Vandana Navale
Presented By:
Ajay D. Sirsat
3. Contents
1. Motivation & Issue with existing system
2. Introduction
3. Literature Survey
4. Objective and Scope
5. Methodology
6. Conclusion
7. Reference
3
6. Reasons why we need ZTNA
» In the Evolving Enterprise, Perimeter-Based Security Is Ineffective.
» Shared Security Responsibility is Necessary for Cloud Data Centers
» The Internet is an unprotected network
» Everyone in the expanding workforce shouldn't have unlimited access to
information
» You won't be able to check the security status of every WFH environment
» Cyber-attacks are on the rise
» The Security Risks Have Increased
6
9. 1. Zero Trust Network Access (ZTNA) is a category of technologies that provides secure
remote access to applications and services based on defined access control policies.
2. Unlike VPNs, which grant complete access to a LAN, ZTNA solutions default to deny,
providing only the access to services the user has been explicitly granted.
3. ZTNA gives users seamless and secure connectivity to private applications without
ever placing them on the network or exposing apps to the internet.
4. Zero trust is a security model based on the principle of maintaining strict access
controls and not trusting anyone by default, even those already inside the network
perimeter.
What is Zero Trust Access Network?
9
12. Literature Survey
12
● Satya Tyagi, “10 Reasons Why Enterprises Need Zero Trust Security”, December 7,
2020 8:39 pm
● John Kindervag for Security & Risk Professionals, “Build Security Into Your
Network’s DNA: The Zero Trust Network Architecture”, November 5, 2010
● Evan Gilman and Doug Barth, “Zero Trust Networks-Building Secure Systems in
Untrusted Networks”, Published by O’Reilly Media, Inc. on July 2017
● Fortinet White Paper, “Securing Digital Innovation Demands Zero-trust Access”,
September 24, 2020
● Sunil Potti - Google Cloud Security, “BeyondCorp Enterprise: Introducing a safer era
of computing”, January 26, 2021
14. Objective and Scope
14
● Embedded data and threat protection, with real-time end-to-end protection.
● Strong phishing-resistant authentication to ensure that users are who they say they are.
● Continuous authorization for every interaction between a user and resource.
● To provide secured and restricted access to all the services and servers.
● As we enter a new era of security, enterprises want a seamless security model attuned to
the realities of remote work, cloud applications, and mobile communications.
● Can be used for organizations that need a solution that will not only improve their
security posture but also deliver a simple experience for users and administrators.
16. Main Principles behind Zero Trust Model
16
● The philosophy behind a zero trust network assumes that there are attackers both within
and outside of the network, so no users or machines should be automatically trusted.
● Another principle of zero trust security is least-privilege access. This means giving users
only as much access as they need, like an army general giving soldiers information on a
need-to-know basis.
● Zero trust networks also utilize microsegmentation. Microsegmentation is the practice of
breaking up security perimeters into small zones to maintain separate access for separate
parts of the network.
● Multi-factor authentication (MFA) is also a core value of zero trust security. MFA
simply means requiring more than one piece of evidence to authenticate a user; just
18. 18
How does ZTNA Works?
● Unlike network-centric solutions like VPNs or FWs, ZTNA takes a fundamentally different
approach to securing access to internal applications based on these four core principles. The
connection process uses the following steps:
1. Each server registers with the SDP controller. Servers can either have an internal gateway
function or rely on an external gateway.
2. Clients connect to the SDP controller to authenticate, authorize and learn the desired service's
connection details.
3. Clients connect to a server over an encrypted channel, either through an internal server gateway
or through an external gateway.
19. 19
Conclusion
● Allow conditional access to certain resources while restricting access to high value resources
on managed/complaint devices.
● Prevents network access and lateral movement using stolen credentials and compromised
devices.
● Enables users to be more productive by working however they want, when they want and
where they want.
● Consider an “If-this-then-that” automated approach to zero trust.
● Identity is everything, make it the control plane.
20. 20
References
1. Jeff Birnbaum, “Six Key Characteristics of a Modern ZTNA Solutions”, May 27, 2021
2. Fortinet Solution Brief, “Zero-Trust Access for Comprehensive Visibility and Control”, March 2020.
3. Evan Gilman, “Zero Trust Network”, May 12, 2016
4. Joe Hertvik, “What Is Zero Trust Network Access? ZTNA Explained”, September 16, 2020.
5. Zev Brodsky, “ZTNA: A Blueprint for Securely Granting Network Access”, Jan 2021.
6. Fortinet All Blogs, “What’s the Difference Between Zero Trust, ZTA, and ZTNA”, March 26, 2021
7. Sunil Potti, VP/GM, Google Cloud Security, “BeyondCorp Enterprise: Introducing a safer era of
computing”, January 26, 2021
8. John Kindervag for Security & Risk Professionals, “Build Security Into Your Network’s DNA: The Zero
Trust Network Architecture”, November 5, 2010.