The Muggles Guide to Zero Trust Access

The muggles guide to zero trust access, a short compendium.

Photo by Andy Holmes / Unsplash

From NIST SP 800-207:

Zero trust is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location or based on asset ownership. Authentication and authorization (both subject and device) are discrete functions performed before a session to an enterprise resource is established.

In this set of blog posts, I cover zero trust basics, including the canonical definition from NIST, along with different ways to set up zero trust architectures and to access corporate resources remotely. Zero trust is an evolving domain of security, and I'll update this post with more examples as I write about them.

NIST SP 800-207: Zero Trust Architecture
A gist of the NIST SP 800-207 publication on Zero Trust Architecture.
How to Set up a Secure Private Network with Tailscale
A step-by-step guide to setting up a secure, private network with Tailscale.
Remote Server Access with Teleport
A step-by-step guide on remote server access with Teleport.
Identity-based Access to Web Applications with Teleport
A step-by-step guide on identity-based access to web applications with Teleport.
3 Tips to Secure Your GCP VM Instance
3 quick and easy tips to secure remote administrative access to your GCP VM instance.

Subscribe to alphasec

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.