Effective policies are critical for the security of any Zero Trust security effort, as careful planning and deployment can all be undone by creating a policy that carelessly exposes an asset to a cyber attack.
Zentera Air helps you create and maintain effective policies that minimize the application or asset attack surface. Some of the ways Zentera Air promotes least-privilege policies include:
- An Application Chamber that creates a default deny behavior on a server's physical interface
- An object- and template-based policy model that encourages reuse of common policy elements and makes it easy to document an object's purpose or function
- Learning, which helps you to identify and create Chamber Policies for critical network services that are needed for proper server function (DNS, etc)
- Tools that assist the generation of Access Policies from Learn results
You can also use APIs to export and document the policies in your Zentera Air instance, enabling policies that are subject to change management and auditing processes.
Policy Object Model
There are three basic types of Objects that can be defined and used in Policies.
Address Objects represent lists of IP addresses or address ranges
Service Port Objects
Service Port Objects allow you to define a service by specifying ports and protocols (e.g. "TCP 22")
Application Process Objects
Application Process Objects allow you to specify an application based on certain process information and context
Types of Policies
There are two types of Policies which you can create using the above Objects.
Access Policies create authorized connections between Applications, Users, and Services, that are filtered for security.
Chamber Policies specifies authorized connections that may cross an Application Chamber boundary.