Effective policies are critical for the security of any Zero Trust security effort, as careful planning and deployment can all be undone by creating a policy that carelessly exposes an asset to a cyber attack.

Zentera Air helps you create and maintain effective policies that minimize the application or asset attack surface.  Some of the ways Zentera Air promotes least-privilege policies include:

• An Application Chamber that creates a default deny behavior on a server's physical interface
• An object- and template-based policy model that encourages reuse of common policy elements and makes it easy to document an object's purpose or function
• Learning, which helps you to identify and create Chamber Policies for critical network services that are needed for proper server function (DNS, etc)
• Tools that assist the generation of Access Policies from Learn results

You can also use APIs to export and document the policies in your Zentera Air instance, enabling policies that are subject to change management and auditing processes.

Policy Object Model

There are three basic types of Objects that can be defined and used in Policies.

Address Objects

Address Objects represent lists of IP addresses or address ranges

Service Port Objects

Service Port Objects allow you to define a service by specifying ports and protocols (e.g. "TCP 22")

Application Process Objects

Application Process Objects allow you to specify an application based on certain process information and context

Types of Policies

There are two types of Policies which you can create using the above Objects.

Access Policies

Access Policies create authorized connections between Applications, Users, and Services, that are filtered for security.

Chamber Policies

Chamber Policies specifies authorized connections that may cross an Application Chamber boundary.