We Secure Servers Better Than Browsers (And That’s the Problem)
Identity-aware security is strong around servers and infrastructure, but weak at the browser where most enterprise actions actually occur.
ETR-3: Zero Trust Architecture Lab Overview This hands-on lab will help you implement a small-scale Zero Trust Architecture (ZTA) using open-source tools. You’ll simulate secure access control, segmentation, and monitoring between multiple internal services.
Lab Instructions 1. Lab Setup: Tools and Environment You will need:
pfSense (in a VM or installed on Proxmox/VirtualBox) Docker and Docker Compose OpenVPN or WireGuard for identity-based remote access Optional: Suricata or Snort for traffic monitoring Network Design: Segment A: Trusted Users (e.g., Admin Workstation) Segment B: Internal Web App (Docker container) Segment C: Sensitive Service (Database container) All traffic flows controlled via pfSense firewall rules 2. Build the Network Segments in Docker Create an isolated Docker network and simulate services:
...ETR-3: Zero Trust Architecture Lab