Skip to main content

ZTNA

Zero Trust Network Architecture

We are trying to build trust, of course. Why would you put your pride and joy infrastructure into a system where it can be abused? Unfortunately, there are people out there who would like to see you fail, make fun of you and your work, and destroy rather than build.

The Nekotopia Torus is intended to be a place where you can host your kit, explore its functionality, and cosplay as the sysadmin you were. So, how to guard against the bad guys? We're always going to need some level of implied trust, unfortunately, since our systems are old, unpatched for decades and open to abuse.

What we can do is at least lock the doors and windows to make granting access a little more difficult. This is where ZTNA comes in.

We have deployed a couple of bumps in the wire to protect you, if you choose to use them.

  1. Vigilance. The default account is a 'rong-only' access model. Only people with active community accounts can access the Torus and therefore access your stuff on it. You can terminate that access at any time so while you are asleep, no one gets in.
  2. Levels. There are a couple of models on the Trus allowing private, egress-only, and full bidirectional access. Choose what is right for you, choose what is safest.
  3. Isolation. There are no limitations placed upon you for the number of accounts you have. So host your 486 DOS PC on one account, your SGI on another. Close one, open the other. Reduce your blast radius.

There is also the opportunity for you to use intermediary devices to reduce the threat. These are often called 'bastion hosts' or 'jump hosts'. We are taking that one step further with ZTNA by installing a hard 'bump-in-the-road and tunnelling your traffic flow through an intermediary that can proxy the traffic flow(s) for you. These systems offer user validation via SSO and can also allow us to check the traffic for malicious intent and deny it.

The Nekotopia Torus chose Teleport, an open-source, mature ZTNA product. This is an opt-in platform, but it is recommended for our clients

Back to top