Chapter 8. Trusting the Traffic
Authenticating and authorizing network flows is a critical aspect of a zero trust network. In this chapter, weâre going to discuss how encryption fits into the picture, how to bootstrap flow trust by way of secure introduction, and where in your network these security protocols best fit.
Zero trust is not a complete departure from everything we know. Traditional network filtering still plays a significant role in zero trust networks, though its application is nontraditional. Weâll explore the role filtering plays in these networks toward the end of this chapter.
Encryption Versus Authentication
Encryption and authenticity often go hand in hand, yet serve distinctly separate purposes. Encryption ensures confidentialityâthe promise that only the receiver can read the data you send. Authentication enables a receiver to validate that the message was sent by the thing it is claiming to be.
Authentication comes with another interesting property. In order to ensure that a message is in fact authentic, you must be able to validate the sender and that the message is unaltered. Referred to as integrity, this is an essential property of message authentication.
Encryption is possible without authentication, though this is considered a poor security practice. Without validation of the sender, an attacker is free to forge messages, possibly replaying previous âgoodâ messages. An attacker could change the ciphertext, and the receiver would have no way ...
Get Zero Trust Networks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.