AppGate Zero Trust Lab

67 Launches
Solution Overview

AppGate (formerly part of Cyxtera Cybersecurity) is an innovative cybersecurity tool that utilizes a Software-Defined Perimeter (SDP) to apply Zero Trust principles for the protection of applications, devices and data. AppGate is unique in its capabilities to provide:

  • Full identity-based authentication for traffic (rather than just IP address-based) incorporating user-definable criteria
  • Entitlements that adjust dynamically as risk scores change
  • True least privilege access with smaller potential attack surface than most gateway tools

AppGate applies these protections across on-premises, private cloud and/or public cloud resources using the same interface.

Goals & Objectives

This on-demand lab provides a safe environment to implement, manage and test a Software Defined Perimeter (SDP) in a traditional network environment. This is the best starting point for understanding the solution fundamentals and how it can provide value to your organization.

In this lab, you will be both the AppGate administrator and a remote client requiring access. The environment is intended to be fairly small and simple to ensure a smoother on-demand experience and focus on key features. The lab features two "application" environments in separate respective networks. Each application comprises 1 Linux server and 1 Windows server. Access to Application 1 has been pre-configured to demonstrate basic connectivity. As the admin, you will create simple Policies and Entitlements for user01 to gain access to Application 2. The protocols are also kept extremely basic for the sake of efficiency: ICMP, HTTP, and SSH.

The Lab will emphasize the following concepts:

  • Lowering risk by minimizing exploitable footprint
  • Adopting the principles of Zero Trust Architecture:
    • Granting access to enterprise resources based on contextual data, including user profile, environment, and enterprise
    • Enforcing policies based on user-definable risk scores rather than static rules
    • Dynamic one-to-one connection, everyone attempting to access a resource must authenticate first
  • Utilizing the concept of SDP to augment or replace traditional remote access scenarios
  • Identity-centric, with highly granular access controls and real time access changes

Hardware & Software

This lab is 100% virtual and includes the following components:

  1. Single AppGate Appliance functioning as:
    • Controller
    • Gateway
  2. One Windows RDP Jump ox
  3. One virtual router (doing basic filtering)
  4. Two virtualized application environments including:
    • One simulated Linux application accessible through SSH
    • One simulated Windows IIS application over HTTP