Recap

In our first article, we briefly discussed the following 7 modern cyber attacks:

1. Ransomware
2. WannaCry
3. NotPetya
4. SimpleLocker
5. TeslaCrypt
6. CryptoLocker
7. PC Cyborg

In our second article, we moved on explaining what a Distributed Denial-of-Service is and in what ways a Distributed Denial of Service attack are more detrimental than traditional Denial of Service.
In our third article, we continued our cybersecurity journey by discussing what are advanced persistence threats and how they work.
In this article, we learn about what Zero-Trust Approach is and how it is used in cybersecurity.

Note

If you are new to the field of cybersecurity, taking our Inro to Cybersecurity (free self-paced) course is highly recommended. Also, if you are already familiar with cybersecurity, taking our Intro to Blockchain Cybersecurity course is highly recommended.

The zero-trust approach

A widely accepted approach that was initially coined by Forrester is the data-centric approach, which is used by implementing always verify for all data and assets. This was designed to overcome the flat network problem, which helps threat actors move undetected through lateral movements and withdraw sensitive and confidential information. This approach also empowers the security pros so that they can regain control of their network and application. Here is how we get started with the zero-trust approach:

1. Identify and classify sensitive data: In order to protect your data, it's critical to see it. If you are not aware of your sensitive data, the situation may get worse in the post-infection period. Once sensitive data is identified, it's necessary to classify it.

1. Map the data flow: It is important to get a high level of understanding of the application flow across the network. In addition, it is good to have collaboration with all stakeholders, including the network team, application team, and security architects, to prepare a final data flow with the help of existing models.

1. Architect the network: The zero-trust design presents the communication flow between multiple networks and also illustrates how users can access external data. At this stage, an organization identifies the micro-perimeter with physical and virtual switch configurations.
   
2. Create the policy base: One key aspect of this approach is that security professionals should restrict access on a need-to-know basis and build effective access control. In addition to knowing IP header fields, security teams also need to know user identity as well as application behaviors.

1. Continuous monitoring: The entire network and application logs should be collected and inspected in real time, including not just the traffic from the external network, but the traffic going out from the private network. The internal traffic flow should be treated the same way the external traffic flow is treated.

This article is written in collaboration with Rajneesh Gupta.

The assume breach approach

In our next article, we learn about how an Assume Breach Approach works in cybersecurity.

Blockchain security articles

If you are interested in exploring more complex yet novel topics on blockchain security, you can read our below articles. If you are new to blockchain technology, taking our Intro to Blockchain Technology (self-paced) course is highly recommended.  

• The Impact of the CIA Security Triad on Blockchain Technology
• Two-Factor Authentication with Blockchain
• Deploying PKI-Based Identity with Blockchain
• Blockchain-Based DNS Security Platform
• Deploying Blockchain-Based DDoS Protection

Resources- Free Webinars on Blockchain

Here is the list of our free webinars that are highly recommended:

• Hyperledger Fabric for system admin versus developers
• How to harness blockchain for environmental and corporate sustainability
• Review of Initial Coin Offering, Security Token Offering and asset tokenization use cases and best practices
• Blockchain for entrepreneurship- 27 blockchain business use cases
• Hyperledger Fabric for entrepreneurship- 21 blockchain business use cases

Resources- Free Courses

Here is the list of our 10 free self-paced courses that are highly recommended:

• IT Career Roadmap Explained
• Web Design with Bootstrap
• User Experience Best Practices
• Intro to Search Engine Optimization
• Web Design with WordPress
• Introduction to Drupal CMS
• Intro to Joomla CMS
• Intro to Cybersecurity
• Introduction to Cloud Technology
• Recorded Live Webinars and Classes

Resources- Self-Paced Blockchain Courses

If you like to learn more about Hyperledger Fabric, Hyperledger Sawtooth, Ethereum or Corda, taking the following self-paced classes is highly recommended:

1. Intro to Blockchain Technology
2. Blockchain Management in Hyperledger for System Admins
3. Hyperledger Fabric for Developers
4. Intro to Blockchain Cybersecurity
5. Learn Solidity Programming by Examples
6. Introduction to Ethereum Blockchain Development
7. Learn Blockchain Dev with Corda R3
8. Intro to Hyperledger Sawtooth for System Admins

Resources- Live Blockchain Courses

If you want to master Hyperledger Fabric, Ethereum or Corda, taking the following live classes is highly recommended:

• Live and self-paced blockchain development with Ethereum
• Live and self-paced blockchain development with Hyperledger Fabric
• Live and self-paced blockchain development with Corda
• Immersive Blockchain Bootcamp with live and self-paced courses
• Live crash course for learning Ethereum with Solidity
• Live crash course for building DApps with Hyperledger Fabric 
• Live crash course for building DApps with Corda
• Live full-stack blockchain development in Hyperledger and Ethereum

Resources- Articles and Tutorials on Blockchain Technology

If you like to learn more about blockchain, reading the following articles and tutorials is highly recommended:

•  History and Evolution of Blockchain Technology from Bitcoin
•  Overview of Blockchain evolution and phases from Ethereum to Hyperledger  
• Comprehensive overview and analysis of blockchain use cases in many industries
• Comprehensive Blockchain Ethereum Developer Guide from Beginner to Advance Level
•  How to Write Ethereum Smart Contracts with Solidity in 1 hour
•  Intro to Hyperledger Family and Hyperledger Blockchain Ecosystem
• Essential Hyperledger Sawtooth Features for Enterprise Blockchain Developers
• Blockchain Developer Guide- How to Install Hyperledger Fabric on AWS
• Blockchain Developer Guide- How to Install and work with Hyperledger Sawtooth
• Blockchain Developer Guide- How to Install Hyperledger Burrow on AWS
• Blockchain Developer Guide- How to Install Hyperledger Iroha on AWS
• Blockchain Developer Guide- How to Install Hyperledger Indy and Indy CLI on AWS
• Blockchain Developer Guide- How to Install Hyperledger Seth and Docker on AWS
• Blockchain Developer Guide- How to Configure Hyperledger Sawtooth Validator and REST API on AWS
• Blockchain Developer Guide- How to Build Transaction Processor as a Service and Python Egg for Hyperledger Sawtooth
• Blockchain Developer Guide- How to Deploy Ethereum Smart Contracts with Hyperledger Burrow
• Blockchain Developer Guide- How to Create Cryptocurrency Using Hyperledger Iroha CLI
• Blockchain Developer Guide- How to Explore Hyperledger Indy Command Line Interface
• Blockchain Developer Guide- Comprehensive Blockchain Hyperledger Developer Guide from Beginner to Advance Level