Zero Trust

 View Only
  • 1.  Reference or demo implementations?

    CSA Instructor
    Posted Apr 27, 2022 07:11:00 AM
    Anyone familiar with reference or demo implementations of SDP that have been maintained recently?
    I have a student researching this, but most of the resources seem to be a bit out of date. 
    GitHub - cling60/Software-Defined-Perimeter: A collection of resources related to 'Software-Defined-Perimeter' and associated concepts such as Zero-trust environment, SPA and much more. has some links and points to more repositories.

    I'd love for him to update some of this, we can contribute, but we are looking for a bit of focus and feedback/collaboration.

    Peter HJ van Eijk
    CCSK & CCAK trainer

  • 2.  RE: Reference or demo implementations?

    Posted May 04, 2022 12:51:00 AM
    Hi Peter,

    I am from CSA Japan chapter, and I am preparing a lab SDP environment on AWS leveraging Waverley Lab's open source implementation.
    I would be happy to help or collaborate with your research if there is anything I could help you.

    thanks & regards,
    Takahiro Ono

    Takahiro Ono, CISSP, CCSP, CISA

  • 3.  RE: Reference or demo implementations?

    Posted May 04, 2022 09:55:00 AM
    Hi Takahiro

    I am the student Peter was talking about. As of Yesterday i got FWknop up and running in a few VM's. i tried to use the Waverley Labs SDPcontroller repo. However, i ran into several issues. I'm currently in the process of reproducing this (after some issues with the system i built the VM's on, which corrupted them)

    Jeroen Brons
    Hogeschool utrecht

  • 4.  RE: Reference or demo implementations?

    Posted May 10, 2022 03:42:00 PM
    Hi Jeroen,

    Apologies for my late response.
    I have working fwknop snd Waverley's SDP Controller, so I might help you solve your issues.
    Would you let me know the details of the issues?

    Takahiro Ono, CISSP, CCSP, CISA

  • 5.  RE: Reference or demo implementations?

    Posted May 04, 2022 07:21:00 AM
    Edited by Philip Griffiths May 04, 2022 07:22:37 AM
    You could also check out OpenZiti - Get Started - Build a Network! - which is another opensource implementation. It implements zero trust and SDP principles into anything - app via SDK, host via a tunnel, network via an edge router. Its approach to SDP is using strong embedded identity in all endpoints meaning outbound only connections into a mesh fabric (that only listens for authenticated connections). This means you never need any inbound ports or link listeners, in fact, if app embedded, you have no trust of internet/WAN, LAN or host OS. If you want to test it out rapidly, NetFoundry provides a SaaS implementation with free forever tiers... you can literally stand up in under 20 mins and build use cases (e.g., multi-cloud in under 30). It can support any use case (remote access, cloud, IoT, mobile, APIs, other) and host or initiate anywhere... the internet becomes your secure, private LAN. It can even handle 'complicated' use cases like VOIP. - for freemium

    Philip Griffiths
    Head of Business Development