Zero Trust Network

Jan 1, 0001

Definition

Zero Trust Network is a security framework that assumes no implicit trust within a network, regardless of whether the network is internal or external. It requires strict identity verification for every person and device attempting to access resources on a private network. The approach is based on the principle of “never trust, always verify,” ensuring that access is granted based on continuous authentication and authorization.

Secure Settings Example

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: zero-trust-policy
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - podSelector: {}
    ports:
    - protocol: TCP
      port: 443
  egress:
  - to:
    - podSelector: {}
    ports:
    - protocol: TCP
      port: 443

Insecure Settings Example

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-policy
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - {}
  egress:
  - {}

Zero Trust Network

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter