Refine
Document type
Language
- English (4)
Has full text
- Yes (4)
Is part of the Bibliography
- No (4)
Keywords
- API (1)
- Computer science (1)
- Computer security (1)
- DOF (1)
- Degrees of freedom (1)
- IoT (1)
- Matter (1)
- Network architectures (1)
- Open source (1)
- Robot programming methods (1)
Course of studies
Cybersecurity threads are a huge problem for all sizes of businesses. The traditional way of protecting valuable resources in the IT-Industry is a perimeter based security strategy. To ensure proper access rights for resources, firewalls, and other network-based inspection tools were used. The current move to the cloud undermines classic security strategies by blurring borders. The Zero Trust approach does not rely on edges and borders to ensure network security. Instead, all connections have to be verified and authenticated individually. In this thesis, a zero trust security model in a heterogeneous open source environment was verified. The three main observations were:
A zero trust architecture is possible, but the implementation is difficult. Half of the issues discovered must be covered by organisational measures. The tools available to cover technical measures are not developed enough. This is expected to change in the near future, as varoius companies already identified this issue.
Software defined networks with their central controllers are built similar to a trusted gateway Zero Trust architecture. The application of zero trust principles in software-defined networking (SDN), particularly through the utilization of open source software, is a key focus of this thesis. By leveraging the concept of zero trust, the aim is to investigate whether it is feasible to block networking connections until the identity and intention of the requesting party have been verified. This approach challenges the traditional assumption of trust within network architectures, emphasizing the need for continuous verification and authorization.
This research aims to delve into the possibilities and challenges associated with applying zero trust principles in SDN. By addressing the questions of blocking connections until verification, identifying malicious connections using appropriate metrics, and leveraging SDN for connection cut-off. This thesis seeks to contribute to the advancement of secure and resilient network architectures.