Achieving Zero Trust: IP Trust/Deny

Written by Zach DeMeyer on December 22, 2020

Share This Article

As remote work continues to set the standard for many organizations, IT administrators are shifting their focus from enabling remote workers to securing them.

Many IT organizations are considering changing their traditional security approach to a more agile model: Zero Trust security. Let’s break down the Zero Trust security approach, specifically how admins can use network access policies to keep users safe.

What is Zero Trust Security?

Zero Trust is built upon the mindset that nothing is trusted by default, including users and user activity. Even if you’re at a corporate headquarters, you and your device aren’t authorized until you pass a series of checks to verify that you need access to corporate resources. This model of networking is a change in how IT networks used to be managed. 

Before Zero Trust, the main form of protection was a firewall at the network’s perimeter and keeping unauthorized users out of the physical building where the network existed. If you were on a corporate network, you received the corporate resources. Most IT departments decommissioned ethernet jacks that weren’t being used, relying on WPA2 to secure the network from the inside. There is a better way today, though.

A Zero Trust infrastructure relies on a series of checks and balances to grant or deny access to a corporate network or corporate resources. Instead of just depending on the device’s physical location and end user login, Zero Trust networking assumes the person and device are unauthorized until they can prove otherwise. The model essentially assumes you’re trying to hack into the network until you pass a series of checks implemented by the IT department. 

Implementing Zero Trust

One of the first ways to secure a device is through a certificate installed on the machine. A crucial part of this certificate is keeping an excellent end-user experience intact, though. Organizations can employ an identity and access management solution like JumpCloud to handle this. 

The JumpCloud Directory Platform uses a lightweight agent to maintain communication with JumpCloud’s directory services to verify user identity. With a highly secure connection, JumpCloud’s agent requires no VPN to maintain a secure integration for receiving instructions, commands, and user account changes. By avoiding the VPN connection, end users get their local internet connection’s full speed without worrying about overhead.

Next, organizations must secure the identity by determining who is trying to access the network and verify if they have a reason to do so. Identity can be confirmed in several ways, but it should include multi-factor authentication. JumpCloud’s cross-platform, cloud-based MFA solutions allow an IT organization to secure the network even if credentials are compromised.

Setting IP Trust/Deny Lists

The next step in this verification journey is to verify location through logging and monitoring of IP addresses. By monitoring the IP addresses of users connecting to the network, an information security team can learn a pattern. If they see that Jane Smith in marketing routinely connects to the network from New York but is suddenly in Europe, red flags should be raised, and additional verification should be required to join.

Even though she might have passed the device and identity authentication, the IP address becomes another clue for IT teams to monitor for unauthorized access. As your security systems learn patterns of where your teams are located, it can ease access and let routinely common IP addresses connect to the network while flagging new and unknown ones.

JumpCloud Conditional Access policies allow IT admins to manage and configure which devices and networks are trusted, restricting user access to IT resources if they’re using a non-trusted source. This feature ensures that only authorized users can access an organization’s crucial information stored in their apps and infrastructure, but also promotes a streamlined end user experience as well. When a user is on a trusted device and/or network, IT admins can use JumpCloud to relax their usual MFA requirements, allowing the trusted user to swiftly access their resources without entering their MFA token.

Try a Zero Trust Solution Free

Do you want to begin your journey of implementing a Zero Trust security model? Read this whitepaper by Forrester Research to see what else a Zero Trust model entails.

If you need a turnkey Zero Trust solution, give JumpCloud a try. JumpCloud uses group-based and policy-driven access controls to ensure end users work on trusted devices and networks and to limit access based on a user’s role, location, and other factors. With JumpCloud, you can also require multi-factor authentication (MFA) at high-value access points. Get started today with 10 users and devices for free. You also get 10 days of 24×7 premium in-app chat support as well.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter