1.8 Summarize evolving use cases for modern network environments
Zero Trust Architecture (ZTA)
📘CompTIA Network+ (N10-009)
What is Zero Trust Architecture (ZTA)?
Before we dive into policy-based authentication, it’s important to understand the concept of Zero Trust:
- Zero Trust means “never trust, always verify.”
- In traditional networks, once a user or device was inside the network, it was trusted by default. Zero Trust removes this assumption.
- Every access request—whether from a user, device, or application—must be verified every time.
Think of it as a system where no device or user gets automatic access just because they are “inside” the network. Verification is continuous.
What is Policy-Based Authentication?
Policy-based authentication is a key component of Zero Trust. It means that access to resources is granted or denied based on pre-defined rules or policies, rather than just trusting a user’s credentials once.
Key Points:
- Policies Define Access Rules
- Policies are rules that decide who can access what, under which conditions.
- These rules can be based on:
- User identity (employee, contractor, guest)
- Device type or security state (company laptop, personal phone, patched OS)
- Location (on-premises, remote, specific country)
- Time (working hours only)
- Application or resource sensitivity (HR database, financial systems)
- Authentication is Conditional
- Instead of simply logging in with a username and password, access requests are checked against these policies.
- If the user or device meets all the policy conditions, access is granted.
- If not, access is denied or limited.
- Continuous Verification
- Policy-based authentication can also be dynamic:
- Even after initial login, the system continuously checks if the device/user still meets the policy.
- Example: If a laptop becomes infected with malware, access can be revoked automatically.
- Policy-based authentication can also be dynamic:
How It Works in a Network
Let’s look at a simplified IT workflow:
- User Requests Access
- Example: A contractor wants to access the company’s HR application.
- System Checks Policies
- Is the contractor’s identity verified?
- Is the device compliant (updated antivirus, encrypted)?
- Is the access being requested from an allowed location?
- Decision Made
- Yes: Access is granted, sometimes with limited permissions.
- No: Access is denied or restricted.
- Ongoing Monitoring
- While the session is active, the system keeps monitoring for any policy violations.
- If a violation occurs (e.g., device becomes untrusted), access is revoked immediately.
Benefits of Policy-Based Authentication
- Stronger Security: Access is strictly controlled based on multiple factors, not just a password.
- Least Privilege Access: Users get access only to what they need, reducing risks.
- Dynamic and Flexible: Policies can adapt based on changing risk conditions.
- Reduces Insider Threats: Even if someone is already inside the network, they still must comply with policies.
Exam Tips for CompTIA Network+
When the exam asks about policy-based authentication in Zero Trust, focus on these points:
- Definition: Access control that uses pre-defined rules to grant or deny access.
- Key Principle: “Never trust, always verify.”
- Factors Policies Can Include: User identity, device security, location, time, application/resource sensitivity.
- Dynamic Verification: Continuous monitoring during the session.
- Purpose: Improves security, ensures least privilege, reduces insider threats.
✅ Memory Trick for Students:
Think of policy-based authentication as a smart gatekeeper:
- It doesn’t just check your ID once.
- It checks who you are, what device you use, where you are, and what you’re trying to access—every time.
