Cloudflare is one of the world’s leading cloud DDOS protection services today. Known for their lighting fast public DNS service, 1.1.1.1, Cloudflare offers a multitude of web security tools that are completely FREE for small and medium size workloads. Today we will give a brief overview of Cloudflare ZeroTrust tools and how they can help your security posture.
What is Zero Trust?
Zero Trust is a new security framework that emphasizes authenticating and authorizing users on a regular basis whether the user is on or off the network. This framework was developed with the blossoming of hybrid and remote work and the increase use of cloud and cross-cloud collaboration. Prior to Zero Trust, users would access systems via a company VPN or locally on the network which served as the “authentication” process. Hybrid and remote work has complicated this process paving the way for Zero Trust.
Setup Cloudflare Zero Trust
Cloudflare’s Zero Trust portal is the entry point to Cloudflare’s offering of tools to help authenticate and authorize users against local and cloud based applications. These Zero Trust tools come completely free for a user base of 50 or less. Premium tiers offer expanded tools and limits for larger scale operations. To activate these free tools, sign-in to your Cloudflare account and access to the “Zero Trust” portal on the left navigation bar. If this is your first time accessing the Zero Trust portal, you will be asked to name your organization. This organization will cover every domain in your Cloudflare account.
Once logging into Zero Trust, navigate to Settings -> Account -> Update Plan. Select the free option and checkout. The plan is 100% free and the checkout process does not require a credit card. Once complete, all of the free Cloudflare Zero Trust tools will be available.
Cloudflare Zero Trust Offerings
Here are the free offerings that we use and love:
Gateway DNS
Like Cloudflare’s public 1.1.1.1 DNS service, gateway DNS adds an additional layer of security to your network by tracking, monitoring, and filtering DNS requests made from your local network. As DNS records are queried, Cloudflare’s algorithm along with custom rule sets you create will block malicious or unwanted DNS queries from being answered. By blocking DNS queries, known malicious websites will not be resolvable from your internal network.
Access
The key competent to Zero Trust is the process of authenticating and authorizing all users regardless of their location or status. Cloudflare Access bring this process to life by fronting your cloud or local applications with an authentication process to validate users. When a user visits an application fronted by Cloudflare Access, the request will be redirected to Cloudflare’s authentication system where a user much authenticate and receive authorization before using the application. Every user that successfully authenticates will need to have proper authorization and re-authenticate after a specified time period. Cloudflare offers a variety of authentication methods:
Tunnel
With Cloudflare’s services residing in the cloud, fronting local resources can pose a challenge. Cloudflare eliminates this issue with the use of Cloudflare tunnel. Operating just like it’s name, Cloudflare tunnel utilizes a lightweight software daemon to create a tunnel between Cloudflare’s global infrastructure and your local network to make resources available from the cloud with zero ports open inbound on your firewall. We love this offering from Cloudflare because of the way we can host applications for clients without having to open their firewalls to the world. The software daemon comes in various forms including Linux, Windows, Docker, Mac and others.
Cloudflare Zero Trust is a great collection of security tools that can help to elevate your application and network security posture.
