Design of implementation of a zero trust approach to network micro-segmentation

Muhammad Mujib, Riri Fitri Sari

Research output: Contribution to journalArticlepeer-review

Abstract

The security of the data center network is carried out on the perimeter side. It is assumed that attacks always come from external parties via the traffic that enters and exits data center, as known as north-south traffic. This assumption proved to be incorrect because the data center is a resource center that is interconnected with one another, in which intra-data of server-to-server traffic, or so-called east-west traffic, makes a dominant of approximately 85 % of the total traffic. The perimeter security model is built adopting the trust and untrust concept. A trusted network is in the form of intranet networks, whereas the untrusted network is in the form of internet networks. Based on the Computer Security Institute, security incidents originating from intranet networks transpire of approximately 60 to 80 percent of the incident. One way to surmount this is by implementing the concept of security in the form of zero-trust networking (ZTN). Micro-segmentation is one of the ways of implementing ZTN. Micro-segmentation is a way to divide a network into smaller logical segments with the aim that only end-points that have been authorized can access resources on that segment. In this paper, microsegmentation will be evaluated by implementing a Cisco Application Centric Infrastructure based software-defined network testbed. The simulation to determine the performance of micro-segmentation in restricting port scanning attacks and the spread of malware on east-west data center traffic as a use case. Performance evaluation results show that micro-segmentation is resilient to port scanning and the spread of malware to reduce the attack surface.

Original languageEnglish
Pages (from-to)3501-3510
Number of pages10
JournalInternational Journal of Advanced Science and Technology
Volume29
Issue number7 Special Issue
Publication statusPublished - 14 Apr 2020

Keywords

  • Data Center
  • East-West Traffic
  • Micro-Segmentation
  • Zero Trust Network

Fingerprint Dive into the research topics of 'Design of implementation of a zero trust approach to network micro-segmentation'. Together they form a unique fingerprint.

Cite this