SlideShare a Scribd company logo

HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記

Hacks in Taiwan (HITCON)
Hacks in Taiwan (HITCON)

【HITCON FreeTalk 2022 - The Art of Blue Team】 ➠ Zero Trust Architecture 讀書筆記 ➠ Speaker: CK

Presentations & Public Speaking
1 of 44
Download to read offline
CyCraft Proprietary and Confidential Information Zero Trust C.K. Chen
CyCraft Proprietary and Confidential Information Outline • • • NIST SP 1800-35 Acknowledge - Birdman
CyCraft Proprietary and Confidential Information Cyber Defense Matrix & ZT Zero trust here
CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information 攻擊落地容易成功,攻擊者不可避免會進到內網機器 從實際案例觀察到的,內網安全是⼤部分企業最脆弱的⼀點,攻擊者進 內網後,有極⾼機率可以拿下整個Domain WFH Partnership
CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information 2009 Google BeyondCorp 2010 年由 Forrester 研究員 John Kindervag提出,以資料為中 ⼼(data-centric)、由內⽽外設計網路架構 2020 年 8 ⽉ NIST 發布 NIST SP 800-207 2022 年 6 ⽉ NIST 發布 NIST SP 1800-35
CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information NIST SP 800-207 由政府單位發布的⽩⽪書,與廠商提出的⽩⽪書比起來,各⽅⾯都比較客觀。 2020年8⽉提出後,已有相當多討論。主要 Zero Trust 廠商也做了與 NIST SP 800-207 的 Mapping 確定問題範圍與架構 Logical Components of Zero Trust Architecture Deployment Scenarios/Use Cases 業界參考指引,提出具體的作法,如何漸進⾄ZTA的⽅式 Migrating to a Zero Trust Architecture Hybrid ZTA and Perimeter-Based Architecture Steps to Introducing ZTA to a Perimeter-Based Architected Network
CyCraft Proprietary and Confidential Information NIST SP 1800-35 由 NIST’s National Cybersecurity Center of Excellence (NCCoE) 發布 與產業界的合作夥伴共同撰寫這份文件 利⽤商業產品實作 ZTA,並確保其可互相操作性(interoperable)、 整合性 在⼀個公開 Spec 的 Lab 環境中,建置 ZTA。並附上安裝整合步 驟。 Still in draft version, and gradually update with time
CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information Trust will Change ! HITCON - Trust in the Untrusted World
CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information Trust will Change ! Assume breach Network perimeters cannot be trusted No persistence trust Concept Assumption
CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information Assume breach Network perimeters cannot be trusted No persistence trust Assumption High Level Method No implicit trust, always verify Centralize & dynamic policy enforcement Dynamically reflect Risk Assessment to Policy
CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information ZTA is … Zero Trust Arch authentication/authorization verify session-based Dynamic Policy Situation Aware Policy E.g. Important but frequently overlook - visibility Audit, Investigation, info to improve future authentication E.g. protect ransomware
CyCraft Proprietary and Confidential Information Logical Components in NIST SP 800-207 NIST SP 800-207 政策引擎 (PE) – PE 負責根據政策和 CDM 系統與威脅情報 服務的輸入來判斷是否該授予存取權限。 政策管理員 (PA) – PA 負責根據 PE 的決策來 建立或關閉通訊。 政策落實點 (PEP) – PEP 負責准許、監控和終止連線。 https://www.trendmicro.com/zh_tw/w hat-is/what-is-zero-trust/zero-trust- architecture.html
CyCraft Proprietary and Confidential Information Logical Components in NIST SP 1800- 35 PIP Situation Awareness PDP
CyCraft Proprietary and Confidential Information 風險評分機制 Dynamic policy User/Device Security Posture Situation awareness Time Location Threat Log Cyber Threat Intelligence, Device Monitoring, Threat Hunting Could be including in Situation awareness
CyCraft Proprietary and Confidential Information Zero trust here Feedback to ZT Not only Identify & Protect
Zero Trust
CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information Zero Trust is Not …. Zero Trust is Not Trust No One Zero Trust still trusts on the authentication process, the security of the policy infra becomes more critical No implicit trust à Zero (Implicit) Trust Zero Trust could be “every resource has it's own boundary” People may confuse that “zero trust arch has no boundary” r2 r1 r3 Check 1 Check 1 Check 1 Check 2 Check 2 Check 3 user
CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information Zero Trust is Not …. MFA(Multi-Factor Authentication) MFA is an important component of ZT, but using MFA only is not ZT Use MFA enter the intranet, and access many resource à Not zero trust Use MFA with other factor to make decision every request to resource MFA contextual Policy The core concept of ZT is dynamic, live authentication
CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information What Zero Trust does not cover PKI – ZTA Server PKI E.g. CI/CD ZTA ZTA Endpoint E.g. USB PEP PEP ZTA
CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information Zero Trust cannot solve everything Zero trust cannot prevent social engineering and phishing email Zero trust cannot protect devices from malware Zero trust cannot defense zero-day ….
CyCraft Proprietary and Confidential Information 零信任與供應鏈仍是兩個⾯向的問題, 採⽤零信任無法直接解決供應鏈攻擊 但可以緩解橫向移動的部分
Implementing a Zero Trust Architecture
CyCraft Proprietary and Confidential Information About NIST SP 1800-35 NIST SP 1800-35 分成四個部分 NIST SP 1800-35 A - Executive Summary NIST SP 1800-35 B – Approach, Architecture, and Security Characteristics NIST SP 1800-35 C – How-To Guides NIST SP 1800-35 D - Functional Demonstrations 如何利⽤現有產品建置 ZTA 根據不同職務,可以看不同份⼦文件
CyCraft Proprietary and Confidential Information Challange 導入 ZTA 的困難點 清點資產到資源的層級,並設計符合IT 現有架構的 ZTA 沒有單⼀產品可以完成 ZTA,須整合不同的資安系統 如何選擇、或利⽤已有的資安系統建置 ZTA 如何整合這些資安系統 是否會影響使⽤者體驗以及組織業務流程
CyCraft Proprietary and Confidential Information ZTA NIST SP 1800-35 提出以下三種實現 ZTA 的⽅法 Enhanced Identity Governance (EIG) Micro-Segmentation Network Infrastructure and Software Defined Perimeters NIST SP 1800-35 還在草稿階段,⽬前完成針對 EIG 的部分,其 他兩項尚未完成
CyCraft Proprietary and Confidential Information Enhanced Identity Governance (EIG) EIG actor (identity) policy device health access policy EIG micro- segmentation Software Defined Perimeters Zero Trust / ZTA
CyCraft Proprietary and Confidential Information ICAM EIG ICAM ICAM Identity management Access and credential management Federated Identity Identity governance Okta Identity Cloud Azure AD ICAM
CyCraft Proprietary and Confidential Information Enhanced Identity Governance (EIG)
CyCraft Proprietary and Confidential Information The FIRST Step towards ZTA jjj Enhanced Identity Governance (EIG) ICAM PDP, PEP
CyCraft Proprietary and Confidential Information Physical Architecture of ZTA Lab NIST SP 1800-35 Lab EIG EIG Enterprise 1 Build 1 (E1B1) EIG Enterprise 3 Build 1 (E3B1)
CyCraft Proprietary and Confidential Information DigiCert CertCentral TLS Manager AWS - GitLab, WordPress Ivanti Access ZSO, Ivanti Neurons for UEM, Lookout MES, Okta Identity Cloud, and Tenable.io Ivanti Tunnel Ivanti Neurons for Unified Endpoint Management (UEM) Platform E1B1 Products and Technologies
CyCraft Proprietary and Confidential Information Successful Access Request in E1B1 Dynamic Access Policy Okta, Ivanti
CyCraft Proprietary and Confidential Information ICAM Information Architecture – New User Onboarding (E1B1) Policy SailPoint, Okta, Radiant Logic demo Policy Policy
CyCraft Proprietary and Confidential Information DigiCert CertCentral TLS Manager Microsoft Azure AD, Microsoft Defender for Endpoint, Microsoft Endpoint Manager, Microsoft Office 365, Microsoft Sentinel, Tenable.io Guacamole GitLab E3B1 Products and Technologies
CyCraft Proprietary and Confidential Information Successful Access Request in E3B1 Dynamic Access Policy Lookout, AzureAD, MS AD
CyCraft Proprietary and Confidential Information NIST SP 1800-35 C
CyCraft Proprietary and Confidential Information Functionality Demo NIST SP 1800-35 C
CyCraft Proprietary and Confidential Information Future Direction enhanced identity governance MICRO- Segmentation software-defined perimeter Zero Trust
CyCraft Proprietary and Confidential Information Summary of NIST SP 1800-35 NIST SP 1800-35 NIST NCCoE ZTA ZTA EIG ZTA ZTA / ZTA
CyCraft Proprietary and Confidential Information DIE ZTA ZTA AP Infra à RSA “Death to CIA! Long live DIE! How the DIE Triad Helps Us Achieve Resiliency” Container AP/Resource D(Distribution) I(Immutable) E(Ephemeral) ZTA AP/Resource DIE
CyCraft Proprietary and Confidential Information 盤點場域內裝置、使⽤者、資源 分析資源存取路徑,使⽤者如何存取到最後的資源 Dynamic Access Control Policy /
CyCraft Proprietary and Confidential Information Take Action NIST SP 1800-35 ZTA PEP EIG ZTA ZTA API Policy
HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記

Recommended

Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...MITRE ATT&CK
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
ATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSMITRE ATT&CK
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developersMITRE ATT&CK
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 

Recommended

Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...MITRE ATT&CK
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
ATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSMITRE ATT&CK
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developersMITRE ATT&CK
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...MITRE ATT&CK
 
MITRE ATT&CK based Threat Analysis for Electronic Flight Bag
MITRE ATT&CK based Threat Analysis for Electronic Flight BagMITRE ATT&CK based Threat Analysis for Electronic Flight Bag
MITRE ATT&CK based Threat Analysis for Electronic Flight BagMITRE ATT&CK
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
PowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingPowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingNikhil Mittal
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Coding Security: Code Mania 101
Coding Security: Code Mania 101Coding Security: Code Mania 101
Coding Security: Code Mania 101Narudom Roongsiriwong, CISSP
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Adli Bilişim ve Adli Bilişim Araçları
Adli Bilişim ve Adli Bilişim AraçlarıAdli Bilişim ve Adli Bilişim Araçları
Adli Bilişim ve Adli Bilişim AraçlarıAhmet Gürel
 
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKMITRE ATT&CK
 
It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...MITRE ATT&CK
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!MITRE ATT&CK
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
Ise 1 2-bdm-v4
Ise 1 2-bdm-v4Ise 1 2-bdm-v4
Ise 1 2-bdm-v4Danny Liu
 
Meletis Belsis -CSIRTs
Meletis Belsis -CSIRTsMeletis Belsis -CSIRTs
Meletis Belsis -CSIRTsMeletis Belsis MPhil/MRes/BSc
 
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...MITRE - ATT&CKcon
 

More Related Content

What's hot

Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...MITRE ATT&CK
 
MITRE ATT&CK based Threat Analysis for Electronic Flight Bag
MITRE ATT&CK based Threat Analysis for Electronic Flight BagMITRE ATT&CK based Threat Analysis for Electronic Flight Bag
MITRE ATT&CK based Threat Analysis for Electronic Flight BagMITRE ATT&CK
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
PowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingPowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingNikhil Mittal
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Adli Bilişim ve Adli Bilişim Araçları
Adli Bilişim ve Adli Bilişim AraçlarıAdli Bilişim ve Adli Bilişim Araçları
Adli Bilişim ve Adli Bilişim AraçlarıAhmet Gürel
 
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKMITRE ATT&CK
 
It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...MITRE ATT&CK
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!MITRE ATT&CK
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
Ise 1 2-bdm-v4
Ise 1 2-bdm-v4Ise 1 2-bdm-v4
Ise 1 2-bdm-v4Danny Liu
 

What's hot (20)

Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
 
MITRE ATT&CK based Threat Analysis for Electronic Flight Bag
MITRE ATT&CK based Threat Analysis for Electronic Flight BagMITRE ATT&CK based Threat Analysis for Electronic Flight Bag
MITRE ATT&CK based Threat Analysis for Electronic Flight Bag
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
 
PowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingPowerShell for Practical Purple Teaming
PowerShell for Practical Purple Teaming
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
 
Coding Security: Code Mania 101
Coding Security: Code Mania 101Coding Security: Code Mania 101
Coding Security: Code Mania 101
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
 
Adli Bilişim ve Adli Bilişim Araçları
Adli Bilişim ve Adli Bilişim AraçlarıAdli Bilişim ve Adli Bilişim Araçları
Adli Bilişim ve Adli Bilişim Araçları
 
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
 
It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 
Ise 1 2-bdm-v4
Ise 1 2-bdm-v4Ise 1 2-bdm-v4
Ise 1 2-bdm-v4
 

Similar to HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記

MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...MITRE - ATT&CKcon
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudUlf Mattsson
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to RealityPriyanka Aash
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsCloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsOmar Khawaja
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Crypto Mechanism to Provide Secure to the IOT Data
Crypto Mechanism to Provide Secure to the IOT DataCrypto Mechanism to Provide Secure to the IOT Data
Crypto Mechanism to Provide Secure to the IOT DataIRJET Journal
 
Zero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesZero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesNGINX, Inc.
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Filip Maertens
 
ISE 510 Final Project Scenario Background Limetree In.docx
ISE 510 Final Project Scenario Background Limetree In.docxISE 510 Final Project Scenario Background Limetree In.docx
ISE 510 Final Project Scenario Background Limetree In.docxchristiandean12115
 
Edge intelligence slide share
Edge intelligence slide shareEdge intelligence slide share
Edge intelligence slide shareBit Stew Systems
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Joel W. King
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left SecurityBATbern
 

Similar to HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記 (20)

Meletis Belsis -CSIRTs
Meletis Belsis -CSIRTsMeletis Belsis -CSIRTs
Meletis Belsis -CSIRTs
 
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsCloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 Steps
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
Crypto Mechanism to Provide Secure to the IOT Data
Crypto Mechanism to Provide Secure to the IOT DataCrypto Mechanism to Provide Secure to the IOT Data
Crypto Mechanism to Provide Secure to the IOT Data
 
Zero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesZero Trust Best Practices for Kubernetes
Zero Trust Best Practices for Kubernetes
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7
 
ISE 510 Final Project Scenario Background Limetree In.docx
ISE 510 Final Project Scenario Background Limetree In.docxISE 510 Final Project Scenario Background Limetree In.docx
ISE 510 Final Project Scenario Background Limetree In.docx
 
Edge intelligence slide share
Edge intelligence slide shareEdge intelligence slide share
Edge intelligence slide share
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
 
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 

More from Hacks in Taiwan (HITCON)

HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】Hacks in Taiwan (HITCON)
 
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】Hacks in Taiwan (HITCON)
 
HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享
HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享
HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享Hacks in Taiwan (HITCON)
 
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You ThinkHITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You ThinkHacks in Taiwan (HITCON)
 
【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】
【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】
【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】Hacks in Taiwan (HITCON)
 
【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...
【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...
【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...Hacks in Taiwan (HITCON)
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】Hacks in Taiwan (HITCON)
 
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】Hacks in Taiwan (HITCON)
 
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】Hacks in Taiwan (HITCON)
 
【HITCON FreeTalk】HITCON 2017 下半年活動介紹
【HITCON FreeTalk】HITCON 2017 下半年活動介紹【HITCON FreeTalk】HITCON 2017 下半年活動介紹
【HITCON FreeTalk】HITCON 2017 下半年活動介紹Hacks in Taiwan (HITCON)
 
【HITCON Hackathon 2017】 TrendMicro Datasets
【HITCON Hackathon 2017】 TrendMicro Datasets【HITCON Hackathon 2017】 TrendMicro Datasets
【HITCON Hackathon 2017】 TrendMicro DatasetsHacks in Taiwan (HITCON)
 
HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊 HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊 Hacks in Taiwan (HITCON)
 
HITCON TALK 台灣駭客協會年度活動簡介
HITCON TALK 台灣駭客協會年度活動簡介HITCON TALK 台灣駭客協會年度活動簡介
HITCON TALK 台灣駭客協會年度活動簡介Hacks in Taiwan (HITCON)
 
Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果
Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果
Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果Hacks in Taiwan (HITCON)
 

More from Hacks in Taiwan (HITCON) (20)

HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】
 
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】
 
HITCON CISO Summit 2023 - Closing
HITCON CISO Summit 2023 - ClosingHITCON CISO Summit 2023 - Closing
HITCON CISO Summit 2023 - Closing
 
HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享
HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享
HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享
 
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You ThinkHITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
 
【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】
【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】
【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】
 
【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...
【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...
【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
 
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
 
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
 
【HITCON FreeTalk】Supply Chain Attack
【HITCON FreeTalk】Supply Chain Attack【HITCON FreeTalk】Supply Chain Attack
【HITCON FreeTalk】Supply Chain Attack
 
【HITCON FreeTalk】HITCON 2017 下半年活動介紹
【HITCON FreeTalk】HITCON 2017 下半年活動介紹【HITCON FreeTalk】HITCON 2017 下半年活動介紹
【HITCON FreeTalk】HITCON 2017 下半年活動介紹
 
【HITCON Hackathon 2017】 TrendMicro Datasets
【HITCON Hackathon 2017】 TrendMicro Datasets【HITCON Hackathon 2017】 TrendMicro Datasets
【HITCON Hackathon 2017】 TrendMicro Datasets
 
HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊 HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊
 
HITCON TALK ATM 金融攻擊事件解析
HITCON TALK ATM 金融攻擊事件解析HITCON TALK ATM 金融攻擊事件解析
HITCON TALK ATM 金融攻擊事件解析
 
HITCON TALK 產業視野下的 InfoSec
HITCON TALK 產業視野下的 InfoSecHITCON TALK 產業視野下的 InfoSec
HITCON TALK 產業視野下的 InfoSec
 
HITCON TALK 台灣駭客協會年度活動簡介
HITCON TALK 台灣駭客協會年度活動簡介HITCON TALK 台灣駭客協會年度活動簡介
HITCON TALK 台灣駭客協會年度活動簡介
 
HITCON CTF 導覽
HITCON CTF 導覽HITCON CTF 導覽
HITCON CTF 導覽
 
Ctf hello,world!
Ctf hello,world! Ctf hello,world!
Ctf hello,world!
 
Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果
Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果
Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果
 

Recently uploaded

Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...marjmae69
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxJohnree4
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
James Joyce, Dubliners and Ulysses.ppt !
James Joyce, Dubliners and Ulysses.ppt !James Joyce, Dubliners and Ulysses.ppt !
James Joyce, Dubliners and Ulysses.ppt !risocarla2016
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxaryanv1753
 
Anne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptxAnne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptxnoorehahmad
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYpruthirajnayak525
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)Basil Achie
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationNathan Young
 

Recently uploaded (20)

Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptx
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
James Joyce, Dubliners and Ulysses.ppt !
James Joyce, Dubliners and Ulysses.ppt !James Joyce, Dubliners and Ulysses.ppt !
James Joyce, Dubliners and Ulysses.ppt !
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptx
 
Anne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptxAnne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptx
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism Presentation
 

HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記

  • 1. CyCraft Proprietary and Confidential Information Zero Trust C.K. Chen
  • 2. CyCraft Proprietary and Confidential Information Outline • • • NIST SP 1800-35 Acknowledge - Birdman
  • 3. CyCraft Proprietary and Confidential Information Cyber Defense Matrix & ZT Zero trust here
  • 4.
  • 5. CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information 攻擊落地容易成功,攻擊者不可避免會進到內網機器 從實際案例觀察到的,內網安全是⼤部分企業最脆弱的⼀點,攻擊者進 內網後,有極⾼機率可以拿下整個Domain WFH Partnership
  • 6. CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information 2009 Google BeyondCorp 2010 年由 Forrester 研究員 John Kindervag提出,以資料為中 ⼼(data-centric)、由內⽽外設計網路架構 2020 年 8 ⽉ NIST 發布 NIST SP 800-207 2022 年 6 ⽉ NIST 發布 NIST SP 1800-35
  • 7. CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information NIST SP 800-207 由政府單位發布的⽩⽪書,與廠商提出的⽩⽪書比起來,各⽅⾯都比較客觀。 2020年8⽉提出後,已有相當多討論。主要 Zero Trust 廠商也做了與 NIST SP 800-207 的 Mapping 確定問題範圍與架構 Logical Components of Zero Trust Architecture Deployment Scenarios/Use Cases 業界參考指引,提出具體的作法,如何漸進⾄ZTA的⽅式 Migrating to a Zero Trust Architecture Hybrid ZTA and Perimeter-Based Architecture Steps to Introducing ZTA to a Perimeter-Based Architected Network
  • 8. CyCraft Proprietary and Confidential Information NIST SP 1800-35 由 NIST’s National Cybersecurity Center of Excellence (NCCoE) 發布 與產業界的合作夥伴共同撰寫這份文件 利⽤商業產品實作 ZTA,並確保其可互相操作性(interoperable)、 整合性 在⼀個公開 Spec 的 Lab 環境中,建置 ZTA。並附上安裝整合步 驟。 Still in draft version, and gradually update with time
  • 9. CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information Trust will Change ! HITCON - Trust in the Untrusted World
  • 10. CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information Trust will Change ! Assume breach Network perimeters cannot be trusted No persistence trust Concept Assumption
  • 11. CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information Assume breach Network perimeters cannot be trusted No persistence trust Assumption High Level Method No implicit trust, always verify Centralize & dynamic policy enforcement Dynamically reflect Risk Assessment to Policy
  • 12. CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information ZTA is … Zero Trust Arch authentication/authorization verify session-based Dynamic Policy Situation Aware Policy E.g. Important but frequently overlook - visibility Audit, Investigation, info to improve future authentication E.g. protect ransomware
  • 13. CyCraft Proprietary and Confidential Information Logical Components in NIST SP 800-207 NIST SP 800-207 政策引擎 (PE) – PE 負責根據政策和 CDM 系統與威脅情報 服務的輸入來判斷是否該授予存取權限。 政策管理員 (PA) – PA 負責根據 PE 的決策來 建立或關閉通訊。 政策落實點 (PEP) – PEP 負責准許、監控和終止連線。 https://www.trendmicro.com/zh_tw/w hat-is/what-is-zero-trust/zero-trust- architecture.html
  • 14. CyCraft Proprietary and Confidential Information Logical Components in NIST SP 1800- 35 PIP Situation Awareness PDP
  • 15. CyCraft Proprietary and Confidential Information 風險評分機制 Dynamic policy User/Device Security Posture Situation awareness Time Location Threat Log Cyber Threat Intelligence, Device Monitoring, Threat Hunting Could be including in Situation awareness
  • 16. CyCraft Proprietary and Confidential Information Zero trust here Feedback to ZT Not only Identify & Protect
  • 18. CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information Zero Trust is Not …. Zero Trust is Not Trust No One Zero Trust still trusts on the authentication process, the security of the policy infra becomes more critical No implicit trust à Zero (Implicit) Trust Zero Trust could be “every resource has it's own boundary” People may confuse that “zero trust arch has no boundary” r2 r1 r3 Check 1 Check 1 Check 1 Check 2 Check 2 Check 3 user
  • 19. CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information Zero Trust is Not …. MFA(Multi-Factor Authentication) MFA is an important component of ZT, but using MFA only is not ZT Use MFA enter the intranet, and access many resource à Not zero trust Use MFA with other factor to make decision every request to resource MFA contextual Policy The core concept of ZT is dynamic, live authentication
  • 20. CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information What Zero Trust does not cover PKI – ZTA Server PKI E.g. CI/CD ZTA ZTA Endpoint E.g. USB PEP PEP ZTA
  • 21. CyCraft Proprietary and Confidential Information CyCraft Proprietary and Confidential Information Zero Trust cannot solve everything Zero trust cannot prevent social engineering and phishing email Zero trust cannot protect devices from malware Zero trust cannot defense zero-day ….
  • 22. CyCraft Proprietary and Confidential Information 零信任與供應鏈仍是兩個⾯向的問題, 採⽤零信任無法直接解決供應鏈攻擊 但可以緩解橫向移動的部分
  • 24. CyCraft Proprietary and Confidential Information About NIST SP 1800-35 NIST SP 1800-35 分成四個部分 NIST SP 1800-35 A - Executive Summary NIST SP 1800-35 B – Approach, Architecture, and Security Characteristics NIST SP 1800-35 C – How-To Guides NIST SP 1800-35 D - Functional Demonstrations 如何利⽤現有產品建置 ZTA 根據不同職務,可以看不同份⼦文件
  • 25. CyCraft Proprietary and Confidential Information Challange 導入 ZTA 的困難點 清點資產到資源的層級,並設計符合IT 現有架構的 ZTA 沒有單⼀產品可以完成 ZTA,須整合不同的資安系統 如何選擇、或利⽤已有的資安系統建置 ZTA 如何整合這些資安系統 是否會影響使⽤者體驗以及組織業務流程
  • 26. CyCraft Proprietary and Confidential Information ZTA NIST SP 1800-35 提出以下三種實現 ZTA 的⽅法 Enhanced Identity Governance (EIG) Micro-Segmentation Network Infrastructure and Software Defined Perimeters NIST SP 1800-35 還在草稿階段,⽬前完成針對 EIG 的部分,其 他兩項尚未完成
  • 27. CyCraft Proprietary and Confidential Information Enhanced Identity Governance (EIG) EIG actor (identity) policy device health access policy EIG micro- segmentation Software Defined Perimeters Zero Trust / ZTA
  • 28. CyCraft Proprietary and Confidential Information ICAM EIG ICAM ICAM Identity management Access and credential management Federated Identity Identity governance Okta Identity Cloud Azure AD ICAM
  • 29. CyCraft Proprietary and Confidential Information Enhanced Identity Governance (EIG)
  • 30. CyCraft Proprietary and Confidential Information The FIRST Step towards ZTA jjj Enhanced Identity Governance (EIG) ICAM PDP, PEP
  • 31. CyCraft Proprietary and Confidential Information Physical Architecture of ZTA Lab NIST SP 1800-35 Lab EIG EIG Enterprise 1 Build 1 (E1B1) EIG Enterprise 3 Build 1 (E3B1)
  • 32. CyCraft Proprietary and Confidential Information DigiCert CertCentral TLS Manager AWS - GitLab, WordPress Ivanti Access ZSO, Ivanti Neurons for UEM, Lookout MES, Okta Identity Cloud, and Tenable.io Ivanti Tunnel Ivanti Neurons for Unified Endpoint Management (UEM) Platform E1B1 Products and Technologies
  • 33. CyCraft Proprietary and Confidential Information Successful Access Request in E1B1 Dynamic Access Policy Okta, Ivanti
  • 34. CyCraft Proprietary and Confidential Information ICAM Information Architecture – New User Onboarding (E1B1) Policy SailPoint, Okta, Radiant Logic demo Policy Policy
  • 35. CyCraft Proprietary and Confidential Information DigiCert CertCentral TLS Manager Microsoft Azure AD, Microsoft Defender for Endpoint, Microsoft Endpoint Manager, Microsoft Office 365, Microsoft Sentinel, Tenable.io Guacamole GitLab E3B1 Products and Technologies
  • 36. CyCraft Proprietary and Confidential Information Successful Access Request in E3B1 Dynamic Access Policy Lookout, AzureAD, MS AD
  • 37. CyCraft Proprietary and Confidential Information NIST SP 1800-35 C
  • 38. CyCraft Proprietary and Confidential Information Functionality Demo NIST SP 1800-35 C
  • 39. CyCraft Proprietary and Confidential Information Future Direction enhanced identity governance MICRO- Segmentation software-defined perimeter Zero Trust
  • 40. CyCraft Proprietary and Confidential Information Summary of NIST SP 1800-35 NIST SP 1800-35 NIST NCCoE ZTA ZTA EIG ZTA ZTA / ZTA
  • 41. CyCraft Proprietary and Confidential Information DIE ZTA ZTA AP Infra à RSA “Death to CIA! Long live DIE! How the DIE Triad Helps Us Achieve Resiliency” Container AP/Resource D(Distribution) I(Immutable) E(Ephemeral) ZTA AP/Resource DIE
  • 42. CyCraft Proprietary and Confidential Information 盤點場域內裝置、使⽤者、資源 分析資源存取路徑,使⽤者如何存取到最後的資源 Dynamic Access Control Policy /
  • 43. CyCraft Proprietary and Confidential Information Take Action NIST SP 1800-35 ZTA PEP EIG ZTA ZTA API Policy