A comprehensive, production-ready implementation of zero trust network architecture principles for educational, research, and demonstration purposes. This lab provides hands-on experience with modern zero trust concepts including Software-Defined Perimeter (SDP), micro-segmentation, PKI infrastructure, and continuous verification.
This project implements the three core pillars of zero trust networking:
- Software-Defined Perimeter (SDP) - Dynamic, encrypted tunnels with "dark network" approach
- Micro-Segmentation - Network isolation with granular access controls
- Continuous Verification - Ongoing authentication and compliance monitoring
zero-trust-lab/
βββ sdp/ # Software-Defined Perimeter
β βββ controller/ # SDP Controller (orchestration)
β βββ gateway/ # SDP Gateways (secure connection points)
β βββ client/ # SDP Client software
βββ microsegmentation/ # Network segmentation
β βββ zones/ # Security zone definitions
β βββ policies/ # Access control policies
β βββ firewall/ # Firewall rule management
βββ pki/ # Public Key Infrastructure
β βββ ca/ # Certificate Authority
β βββ certificates/ # Certificate management
β βββ enrollment/ # Auto-enrollment services
βββ nac/ # Network Access Control
β βββ compliance/ # Device compliance checking
β βββ enforcement/ # Access enforcement points
β βββ remediation/ # Non-compliant device handling
βββ integration/ # Component integration layer
β βββ api/ # REST API for inter-component communication
β βββ events/ # Event handling and notifications
β βββ policies/ # Unified policy management
βββ monitoring/ # Continuous verification
β βββ dashboard/ # Web-based monitoring interface
β βββ analytics/ # Behavioral analytics
β βββ logging/ # Audit and compliance logging
βββ config/ # Configuration files
βββ docker/ # Docker configurations
βββ network/ # Network topology definitions
βββ security/ # Security policies and templates
- Docker & Docker Compose - Container orchestration
- Python 3.8+ - Backend services
- Node.js 16+ - Frontend dashboard
- 8GB RAM minimum - Recommended for smooth operation
# Clone the repository
git clone https://github.com/bunnyhp/zero-trust-network-lab.git
cd zero-trust-network-lab
# Run automated setup (installs dependencies, builds containers, initializes PKI)
python scripts/init-project.py# Install dependencies
pip install -r requirements.txt
npm install
# Start all services
docker-compose up -d
# Initialize PKI infrastructure
python scripts/init-project.py- π Dashboard: http://localhost:8080
- π€ Username:
admin - π Password:
zero-trust-admin
# Check all services are running
docker-compose ps
# Test API endpoints
curl http://localhost:8001/health # SDP Controller
curl http://localhost:8006/health # Integration API- Controller: Policy orchestration and authentication
- Gateway: Secure tunnel endpoints
- Client: User/device connection software
- Zone Management: Dynamic security zone creation
- Policy Engine: Granular access control rules
- Traffic Analysis: Inter-zone communication monitoring
- Certificate Authority: Hierarchical CA structure
- Auto-Enrollment: Automated certificate provisioning
- Lifecycle Management: Certificate renewal and revocation
- Compliance Engine: Device security posture assessment
- Enforcement Points: Dynamic access control
- Remediation Services: Non-compliant device handling
- Real-time network traffic visualization
- User behavior analytics
- Compliance status dashboard
- Security event correlation
- Audit trail management
By working with this implementation, you will understand:
- Zero trust architecture principles
- Software-defined networking concepts
- Certificate-based authentication
- Network micro-segmentation strategies
- Continuous security monitoring
- Policy-based access control
- End-to-end encryption for all communications
- Certificate-based mutual authentication
- Dynamic policy enforcement
- Behavioral anomaly detection
- Comprehensive audit logging
- Automated threat response
- Basic Zero Trust Setup - Configure core components
- Policy Creation - Define and test access policies
- Threat Simulation - Simulate and respond to security events
- Compliance Monitoring - Monitor and enforce device compliance
- Integration Testing - Test component interactions
We welcome contributions from the cybersecurity community! This project thrives on collaboration and shared knowledge.
- π Report Bugs - Use our bug report template
- π‘ Request Features - Use our feature request template
- π§ Submit Code - Follow our contributing guidelines
- π Improve Docs - Help others learn with better documentation
- π Share Knowledge - Contribute educational content and tutorials
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Run tests (
python -m pytest && npm test) - Commit your changes (
git commit -m 'Add amazing feature') - Push to your branch (
git push origin feature/amazing-feature) - Open a Pull Request
- π¬ Discussions - Join our GitHub Discussions
- π Issues - Report bugs and request features
- π Wiki - Community-contributed guides and examples
- π Stars - Show your support by starring the repository
This project aims to:
- π Educate thousands of security professionals on zero trust principles
- π¬ Advance zero trust research and development
- π€ Build a community of cybersecurity practitioners
- π Accelerate zero trust adoption in organizations
- π Provide real-world implementation examples
- π‘οΈ Improve overall network security practices
MIT License - See LICENSE file for details
For security vulnerabilities, please email: security@zerotrust-lab.org
β Star this repository if you find it helpful!
Report Bug Β· Request Feature Β· Join Discussion
Made with β€οΈ by the Zero Trust Community