Group 5

Zero Trust Network Architecture

The goal of this project is to develop a secure Cisco enterprise network using Zero Trust principles.

Group 5 ZTNA

Problem

In today's environment of cybercrime, we must continually implement new ways of protecting our networks.

Sponsor

Our primary sponsor is our course instructor, Omar Firas, but may also include our other instructors and TA's.

Stakeholders

The stakeholders for this project are the companies that will use the topology and network design.

MDDDE

Our project management platform is centered around using shared file drives, team chat on Discord, email, and our central project management platform, Clickup. On Clickup, we have all of our shared documents stored. We meet face to face primarily through zoom.

We set a budget to cover key needs and unexpected costs. This includes money for hardware like routers, switches, domain for our website, items for presentation day, and other materials. We also set aside extra funds in case we face any unexpected challenges or if we need additional tools.

We are working to address the issue of networks being more susceptible to both internal threats and external attacks. Due to their inherent reliance in internal people and devices, traditional perimeter based security methods are unable to adequately safeguard critical data and systems. As networks get more intricate and users access resources from a distance, this creates a window for illegal access and data breaches.

In the design phase, we conceptualized a network architecture that relies on zero trust principles. We designed a model where all traffic, whether originating from inside or outside the network, is treated as untrusted by default. This model includes strategically placed Cisco ASA firewalls, ensuring that only authenticated users can gain access to specific resources. To illustrate this, we created an app that visually demonstrates the zero trust framework and how users authenticate and interact with the network. This design phase was critical in mapping out the flow of data and specifying the tools and configurations needed to implement the architecture.

We created our solution using Cisco Packet Tracer. The solution rests around using multiple Cisco ASA firewalls to protect against any access from any network other than clients that have specifically authenticated with their credentials. The internal company network is treated as the public internet. It will have the same amount of basic access as any other external untrusted network.

We tested our solutions in Cisco Packet Tracer by simulating different scenarios, such as attempted unauthorized access. We monitored how the Cisco ASA firewalls blocked unverified traffic and ensured that only authenticated users could access resources. We also checked the system’s logs and made adjustments to improve security where needed. This testing helped us confirm that our solution follows zero trust principles and works effectively to protect the network. 

In addition, we received advice from industry professionals on what they would expect a network to do in a zero trust environment.

Our Solution

We created our solution using Cisco Packet Tracer. The solution rests around using multiple Cisco ASA firewalls to protect against any access from any network other than clients that have specifically authenticated with their credentials. The internal company network is treated as the public internet. It will have the same amount of basic access as any other external untrusted network.
Website poster made with ❤️ by Group 5. Thank you for visiting.