Project Charter

09 Oct 2019

Blog #1 October 9th 2019

Hello! We are a group of four Western Washington University (WWU) Cybersecurity students interested in the evolving concept of Zero Trust Architecture. Our background in network security came from our two years spent Whatcom Community College (before transferring to WWU) which led us to naturally gravitate toward this concept. We decided to work on a project based on the tenets of Zero Trust, it was just a matter of how we would go about it.

The term ‘Zero Trust’ is relatively new but it’s becoming more prevalent. Companies like Google have documented their move to Zero Trust with the Beyond Corp project blog. This goes the same for other large companies. What we found was that the Zero Trust sphere has been relatively dominated by companies who could afford to make the transition. Additionally, there is very little documentation online about how to implement a Zero Trust with specific tools and configurations. What was found was largely conceptual information. Therefore, we chose to build a Zero Trust network for ourselves that could mimic a small business or personal network, and hopefully share our results with others.

These principles of Zero Trust are defined in the book Zero Trust Networks1 and this is what we chose to base our project on:

Network is always hostile 
External and internal threats always exist on network 
Network locality is not enough to assign trust  
Every device, user, and network flow is authenticated and authorized 
Policies must be dynamic and calculated from as many sources of data as possible

Here is the project charter that laid the foundation for our project:

Situation/Problem/Opportunity:

Business networks are faced with many challenges, employees bring their own devices, services are hosted by third parties or in the cloud, and many permissions are implicit.

Vision:

Design a network that operates under the principles of Zero Trust Networking (ZTN) and demonstrate the security benefits of a ZTN versus a standard perimeter network.

Goals:

Network design and specifics
Network backbone hardware and configuration
Authentication model design
Acquire remaining hardware
Implementation of Authentication model
Scaling network including device management
Penetration testing
Report

People:

Sam Dinkelman - Project Manager
Josh Stuifbergen - Network Engineer
John Traner - Network Engineer
Scarlette Anderson - Systems Engineer

In Project Scope:

Collect Inventory of devices
Build network topology
Build a network
Apply Zero Trust Principles
Implement proxy device and control layer
Practical guide for building and maintaining a Zero Trust Network

Out of Project Scope:

Implement physical security
Start a company
External testing

We plan on providing updates throughout our process. Stay tuned!

References:

[1]Gilman, E., & Barth, D. (2017). Zero trust networks: building secure systems in untrusted networks. Sebastopol, CA: OReilly Media.