You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Zero Trust is a security model based on the principle of "never trust, always verify." It assumes that threats exist both outside and inside the network, and no user, device, or connection should be implicitly trusted based on network location alone.
Traditional network security operates on a castle-and-moat model:
Traditional Model:
Outside (Untrusted) ──── [Firewall/Moat] ──── Inside (Trusted)
Problem: Once inside the moat, everything is trusted.
An attacker who bypasses the perimeter has
unrestricted access to internal resources.
This model fails because:
| Assumption | Reality |
|---|---|
| The perimeter stops all threats | Phishing, insider threats, and supply chain attacks bypass the perimeter |
| Internal traffic is safe | Lateral movement is the primary technique for post-exploitation |
| VPN = trusted | Compromised VPN credentials grant broad network access |
| On-premises = secure | Cloud, remote work, and SaaS extend the network beyond any perimeter |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.