InfoSec Notes
Comprehensive guide to Zero Trust principles including never trust always verify, microsegmentation, continuous authentication, and implementation strategies.
What is Zero Trust?
Zero Trust is a security framework that eliminates implicit trust from network architecture. Instead of the traditional "castle and moat" approach (trust everything inside the perimeter), Zero Trust assumes breach and verifies every request regardless of origin.
Traditional vs Zero Trust
============================
Traditional (Perimeter-based)
Internet ──[Firewall]──→ Internal Network (TRUSTED)
"If you're inside, you're trusted"
Problem: Once an attacker gets in, they move freely
Zero Trust
Every request → [Verify Identity] → [Check Device] → [Evaluate Context]
→ [Apply Least Privilege] → [Monitor Continuously]
"Never trust, always verify — regardless of network location"
Zero Trust Principles
| Principle | Description | Implementation |
|---|---|---|
| Verify explicitly | Always authenticate and authorize | MFA, device health, context |
| Least privilege | Minimum access, just-in-time | Time-limited access, RBAC/ABAC |
| Assume breach | Minimize blast radius | Microsegmentation, encryption |
| Continuous monitoring | Never stop verifying | Real-time risk assessment |
| Encrypt everything | Protect data everywhere | E2E encryption, TLS everywhere |
Zero Trust Architecture Components
| | Identity | | | Policy Decision | | Applications | |
| | - Who are you? |------>| Point (PDP) | |--->| Data stores | |
| | Device Trust | | | Policy Enforce- | |
| | - Patched? | | ment Point (PEP) | | |
Implementation Strategy
Google BeyondCorp (Real-World Zero Trust)
Google pioneered Zero Trust with BeyondCorp after the Operation Aurora attack (2009):
- Eliminated VPN for employee access
- Every request authenticated regardless of network
- Device trust based on certificate and health
- Access decisions based on user + device + context
- All internal services treated as internet-facing
Interview Questions
- What is Zero Trust and how does it differ from perimeter security?
- Zero Trust eliminates implicit trust based on network location. Perimeter security trusts everything inside the firewall. Zero Trust verifies every request (identity, device, context) regardless of where it originates, assuming the network is already compromised.
- What are the key pillars of a Zero Trust architecture?
- Identity verification (strong authentication), device trust (health and compliance), network segmentation (microsegmentation), least privilege access, continuous monitoring, and encryption everywhere.
- How does microsegmentation support Zero Trust?
- Microsegmentation creates isolated network zones around individual workloads or resources. Even if an attacker compromises one segment, they cannot move laterally to others without re-authenticating. Each segment has its own access policies.
- What challenges do organizations face when implementing Zero Trust?
- Legacy system compatibility, performance overhead of continuous verification, user experience friction, complexity of policy management, cost of implementation, cultural resistance to removing implicit trust, and difficulty with IoT/OT devices.
- How does Zero Trust handle the case of a compromised device?
- Continuous device health monitoring detects compromise indicators (missing patches, disabled security tools, unusual behavior). The policy engine immediately reduces the device's trust score, requiring re-authentication or blocking access until remediation. Access can be revoked in real-time.
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for Zero Trust Security Architecture.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Information Security topic.
Search Terms
information-security, information security, information, security, access, control, zero, trust
Related Information Security Topics