Zero Trust Networking is that all network communication should be considered untrusted unless otherwise designated as safe (i.e. with authentication, a known source, or other criteria).
- The principle of least privilege says that every subject in security should only have the permissions necessary to perform a valid business function and no more. That may include “no permission at all." Historically, this has never been actively applied on the network layer, but should be.
- Firewalls have generally been installed and forgotten, focusing only on inbound traffic and then only certain protocols. These devices have huge untapped potential to protect organizations. They could block entire countries from communicating with a network or simply block shodan from scanning a network. It can also be used for egress filtering, controlling what network traffic is allowed out of a network. The key is to ensure firewalls are enabled with intelligence so that known threats are blocked and suspect traffic is flagged so it can be reviewed for those ambiguous cases to prevent unintended outages).
- Zero trust network also should be applied to DNS. Everything that happens on the Internet begins with a DNS query. Likewise, everything bad on the internet begins with a DNS query, even from embedded devices and IoT, which are otherwise difficult or impossible to secure. Automated implementation of Zero Trust Networking in DNS is key to protect against large percentages of the threat with minimal impact to time or cost.
- ThreatSTOP's own data shows that blocking the top 80 worst top-level domains in DNS blocks two thirds of all threats on the Internet, with an almost non-existent threat of false positives.