Zero Trust Networks: Building Secure Systems in Untrusted Networks
Niccolò Machiavelli – Der Fürst
Book – Zero Trust Architecture
ZTA – IOT / OT Technologie
How to Secure IOT and OT Networks with an Zero Trust aproach? Microsoft
The Hidden Risk in Zero Trust: Vendor Lock-In Through Proprietary Data Formats
Zero Trust Architecture (ZTA) has become a cornerstone of modern cybersecurity. By continuously verifying access based on dynamic data—such as user identity, device health, threat intelligence, and enterprise context—ZTA helps organizations stay resilient against evolving threats. But there's a catch. Many of the systems that store and process this critical data rely on proprietary formats and closed …
Continue reading "The Hidden Risk in Zero Trust: Vendor Lock-In Through Proprietary Data Formats"
Zero Trust Use Case: Remote Access & VPN Replacement
In today’s hybrid work environment, traditional VPNs are increasingly seen as outdated and risky. They create broad network access once a user is authenticated, which can expose sensitive systems to lateral movement and insider threats. Enter Zero Trust Architecture (ZTA)—a modern approach that redefines remote access by enforcing strict, identity-based controls. Why Replace VPNs with Zero …
Continue reading "Zero Trust Use Case: Remote Access & VPN Replacement"
Zero Trust Network Access
Fortigate Hidden drops
#!/bin/bash # Patrick Marc Preuss (c)2021 - 2025 # Check for required environment variable if [ -z "${SSHPASS}" ]; then echo "Error: Please set the SSHPASS environment variable." exit 127 fi # Check for firewall argument FW="$1" if [ -z "${FW}" ]; then echo "Usage: $0 <firewall-hostname-or-IP>" exit 127 fi # Timestamp for output file …
Fortigate – IPerf3
Note to my self. Looks like Fortigate changed the access to IPerf3. FG (global) # diagnose traffictest set_pair mgmt:mgmt Server:Client pair is mgmt:mgmt Server CPU affinity: None Client CPU affinity: None Stream number: 1 Traffic protocol: TCP Server IP address: 192.90.255.199 Server VDOM: vsys_hamgmt Client IP address: 192.90.255.199 Client VDOM: vsys_hamgmt FG (global) # diagnose …
AAA
FreeRadiustac_plusCiscoFortinetCheckPointLinks FreeRadius /usr/local/etc/raddb/clients.conf client cisco { ipaddr = 8.8.8.8 secret = testing123 } /usr/local/etc/raddb/users cisco Cleartext-Password := "cisco" Service-Type = NAS-Prompt-User, Reply-Message := "Hello, %{User-Name}", Cisco-AVpair = "shell:priv-lvl=15" /usr/local/etc/raddb/sites-available/default # Read the 'users' file. In v3, this is located in # raddb/mods-config/files/authorize files # MAC Auth rewrite_called_station_id # Now check against the authorized_macs file authorized_macs …
Patrick Marc's Networks 