The concept of Zero Trust Network first appeared in 2010 and introduces a new way of thinking the security of computer networks. It is opposed to the classical vision which consists in maintaining hackers outside the network, therefore making the inside of a network a poorly secured area. With this oldest vision, once a hacker enters the network, it becomes difficult to follow and prevent this hacker from accessing to all resources.
On the contrary, Zero Trust Networks (ZTN) assume that there is no network impossible to compromise but simply networks that have not been compromised yet. Consequently, accessing one of the elements of a network no guarantees access to the others. Zero Trust Networks do not particularly trust users within a network.
As a result, if a user of one resource wishes to use another one within the same network, it must authenticate once again. This allows for greater security and limitation of the impact of network intrusions.
ZTN best practices
Zero Trust Networks are based on a set of best practices. First of all, it is paramount to partition one’s network. This prevents hackers from making “lateral movements” that is to say, compromising another service as the one that enabled the hacker to enter the network. This partitioning can be carried out using VLANs that enable to isolate the different services present on the network.
ZTN are also based on strong identification of users and hardware connected. To do so, the two-factor authentication (2FA) as well as the 802.1X protocol will be used. ZTN operate with very specific user profiles which define who has access to what, where and when. This enables to make sure that damage will be minimal in the event of a breach.
In order to maintain a Zero Trust Network, it is paramount to constantly monitor everything that happens on the network to detect intrusions as quickly as possible and minimise their impact. The main advantage of monitoring the network is to be able to retrace the hacker’s route if the intrusion has been discovered afterwards.
ZTN: the need for time synchronisation
All these best practices require accurate and robust time synchronisation. Indeed, many mechanisms used to secure a ZTN rely on efficient time synchronisation. Using multi-factor authentication involves generating and verifying temporary tokens for access. Accurate synchronisation also enables to avoid replay attacks (of authentication messages for example). Besides, an accurate and synchronised time enables to have authentic logs, which is important for network audit or the analysis of actions carried out by hackers when intrusions have been discovered afterwards.
A Zero Trust Network must have a time synchronisation to operate correctly. Given the large number of security-related actions carried out on this type of network, it is important not to create discrepancies between users as a result of malfunctioning clocks on the network.
Since a Zero Trust Network does not trust its own users, it is impossible to use a public time server that would be an obvious attack vector. It is then paramount to create a time synchronisation network with one’s own time servers.
A standalone network with the reference clock at the top and end clients at the bottom enables to totally control the distribution chain and guarantees efficient and accurate time synchronisation on IT systems. In a network as strongly and logically segmented as a ZTN, it is important to synchronise the different services correctly across the VLANs to ensure that operations run smoothly.
Nowadays, accurate and robust time synchronisation is paramount for any network, in order to guarantee its optimum operation. For all Zero Trust networks which add many security layers to guarantee the integrity of services and data within the network, it is impossible to operate without internal time synchronisation.
Leader in time management and present in over 140 countries, Bodet Time is a major French leader in time synchronisation and time frequency.
The range of Netsilon time servers improves network security by distributing highly secure time synchronisation.