1. CSN
  2. All Volumes and Issues
  3. Volume 7, Number 1, 2025
  4. Features of Network Access Management of Corporate Systems in Zero Trust Architecture

Features of Network Access Management of Corporate Systems in Zero Trust Architecture

CSN.
2025;
Volume 7, Number 1
: pp. 261 - 271
https://doi.org/10.23939/csn2025.01.261
Authors:
  1. R. M. Syrotynskyi
  2. I. Y. Tyshyk
1
Lviv Polytechnic National University, Department of Information Protection
2
Lviv Polytechnic National University, Department of Information Protection

The fundamental principles of zero trust are examined, and the challenges of adhering to them are analyzed when deploying a network infrastructure using classical security model approaches. Relying on traditional methods for writing firewall rules does not allow for flexible regulation of access to corporate systems within the network or for maintaining the principle of least privilege. Moreover, the need for continuous verification and authentication of nodes before granting network access raises the issue of integrating application processes into the network interaction between the host and the firewall.
Modern practices for writing firewall rules and methods for adhering to zero trust architecture principles are investigated, with a focus on leveraging the advanced technical capabilities of next- generation firewalls. Strategies for minimizing ‘backdoor’ access when writing firewall access control rules are analyzed. Various options for enriching security policies with additional contextual conditions are explored, and methods for authenticating network nodes using next-generation firewalls are identified.
A methodology for writing network firewall rules in accordance with the principle of least privilege is proposed, and the potential of user-to-IP mapping technology for implementing continuous node authentication and authorization in the network is examined, all in service of the ‘never trust, always verify’ principle. By following these practical recommendations, organizations can strengthen the protection of their network infrastructure, enhance network visibility, and ensure stable operations in an environment where trust is no longer implicit but is established at every stage of access.

network access management
corporate systems
zero trust architecture
authorization
control
  1. Creutz L., Dartmann G. Decentralized Policy Enforcement in Zero Trust Architectures. 2023 IEEE Future Networks World Forum (FNWF). 2023. 1-6. Doi: https://doi.org/10.1109/FNWF58287.2023.10520563.
  2. Santis A., Castiglione A., Fiore U., Palmieri F. An intelligent security architecture for distributed firewalling  environments.  Journal  of  Ambient  Intelligence  and  Humanized  Computing.  2011.  4.  223-234.  Doi:    https://doi.org/10.1007/s12652-011-0069-8.
  3. Gokhale A., Kulkarni S. Enhanced Zero Trust Implementation - A Novel Approach for Effective Network Policy Management and Compliance Tracking. International Journal for Research in Applied Science and Engineering Technology. 2024. Doi: https://doi.org/10.22214/ijraset.2024.58201.
  4. Rose S., Borchert O., Mitchell S., Connelly S. Zero Trust Architecture. 2019. Doi: https://doi.org/10.6028/nist.sp.800-207-draft.
  5. Zhang C., He J., Fan B., Gong Y., Li S., Yin B., Lin Y. Tag-Based Trust Evaluation In Zero Trust Architecture. 2022 4th International Academic Exchange Conference on Science and Technology Innovation (IAECST), 2022. 772-776. Doi: https://doi.org/10.1109/IAECST57965.2022.10062213.
  6. Keeriyattil S. Microsegmentation and Zero Trust: Introduction. Zero Trust Networks with VMware NSX. 2019. Doi: https://doi.org/10.1007/978-1-4842-5431-8_2.
  7. Bradatsch L., Miroshkin O., Kargl F. ZTSFC: A Service Function Chaining-Enabled Zero Trust Architecture. IEEE Access. 2023. 11. 125307-125327. Doi: https://doi.org/10.1109/ACCESS.2023.3330706.
  8. Shipman M., Millwater N., Owens K., Smith S. A Zero Trust Architecture for Automotive Networks. SAE Technical Paper Series. 2024. Doi: https://doi.org/10.4271/2024-01-2793.
  9. Implicit Trust vs. Explicit Trust in Access Management. URL: https://www.strongdm.com/blog/implicit- trust-vs-explicit-trust, (Accessed: 12.01.2025).
  10. Habash R., Khalel M. Zero trust security model for enterprise networks. Iraqi Journal of Information and Communication Technology. 2023. Doi: https://doi.org/10.31987/ijict.6.2.223.
  11. Vanickis R., Jacob P., Dehghanzadeh S., Lee B. Access Control Policy Enforcement for Zero-Trust- Networking.   2018   29th   Irish   Signals   and   Systems   Conference   (ISSC).   2018.   1-6.   Doi:   https://doi.org/    10.1109/ISSC.2018.8585365.
  12. Jin Q., Wang L. Zero-Trust Based Distributed Collaborative Dynamic Access Control Scheme with Deep Multi-Agent Reinforcement Learning. EAI Endorsed Trans. Security Safety. 2021. 8, e2. Doi: https://doi.org/ 10.4108/eai.25-6-2021.170246.
  13. Kim J., Bu S., Cho S. Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders. Inf. Sci. 2018.  460-461, 83-102. Doi: https://doi.org/10.1016/j.ins.2018.04.092.
  14. Da Rocha B., De Melo L., De Sousa R. Preventing APT attacks on LAN networks with connected IoT devices using a zero trust based security model. 2021 Workshop on Communication Networks and Power Systems (WCNPS), 2021. 1-6. Doi: https://doi.org/10.1109/WCNPS53648.2021.9626270.
  15. Ahmed I., Nahar T., Urmi S., Taher K. Protection of Sensitive Data in Zero Trust Model. Proceedings of the International Conference on Computing Advancements. 2020. Doi: https://doi.org/10.1145/3377049.3377114.
  16. Vinayakumar R., Alazab M., Member I., Poornachandran P., Venkatraman A. Robust Intelligent Malware  Detection  Using  Deep  Learning.  IEEE  Access.  2019.  7.  46717-46738.  Doi:  https://doi.org/10.1109/    ACCESS.2019.2906934.
  17. Liu Y., Liu G., Du H., Niyato D., Kang J., Xiong Z., Kim D., Shen X. Hierarchical Micro-Segmentations for Zero-Trust Services via Large Language Model (LLM)-enhanced Graph Diffusion. ArXiv. 2024. abs/2406.13964. Doi:    https://doi.org/10.48550/arXiv.2406.13964.
  18. Prydybaylo O. Zero trust architecture logical components and implementation approaches. Connectivity. 2024. Doi: https://doi.org/10.31673/2412-9070.2024.030711.
  19. Xu M., Guo J., Yuan H., Yang X. Zero-Trust Security Authentication Based on SPA and Endogenous Security Architecture. Electronics. 2023. Doi: https://doi.org/10.3390/electronics12040782.
  20. Katsis C., Cicala F., Thomsen D., Ringo N., Bertino E. NEUTRON: A Graph-based Pipeline for Zero- trust Network Architectures. Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy. 2022. Doi: https://doi.org/10.1145/3508398.3511499.