# Visual Simulation: Single Packet Authentication, All Drop Firewall, SDP, PDP, PEP

# Zero Trust Architecture React Visualization Guide

## Introduction

This interactive React application provides a visual demonstration of Zero Trust Architecture (ZTA) principles. By engaging with this simulation, you'll gain a graphical understanding of how different components in a Zero Trust environment interact during authentication, data access processes, and various security scenarios.

![image.png](zt-lab7b-image-cover.png)

**Try the simulation here [SPA Simulation](https://pfjzerotrust.s3.amazonaws.com/spademov2/index.html)**


## Visualization Overview

The application presents a simplified Zero Trust environment with the following components:

1. Client: The end-user attempting to access resources.
2. Front-end: The user interface of the application.
3. Firewall: Acts as the initial barrier, following the "default deny" principle.
4. Policy Decision Point (PDP): Evaluates access policies.
5. Identity Provider (IdP): Handles user authentication.
6. Policy Enforcement Point (PEP): Enforces access decisions.
7. Back-end: Hosts the sensitive data.

## How to Use the Visualization

1. Run the React application in your browser.
2. You'll see a visual representation of the Zero Trust components and a login interface.
3. Interact with the login process and observe how the system responds in different scenarios.
4. Watch the animation of data flow between components based on your actions.

## Core Use Cases

### Use Case 1: Wrong Credentials

1. Enter incorrect username and password (e.g., username: "user", password: "wrongpass").
2. Click the "Login" button.
3. Observe the authentication failure process.

**Learning Points:**
- How the system handles incorrect credentials.
- The "default deny" principle in action.
- The role of the IdP in credential verification.

### Use Case 2: Proper Credentials

1. Enter the correct username "admin" and password "password".
2. Click the "Login" button.
3. Observe the successful initial authentication process.

**Learning Points:**
- The flow of successful credential verification.
- How the system transitions to requiring additional verification (MFA).

### Use Case 3: Access Backend Data (Post-Login)

1. After successful login from Use Case 2, attempt to access backend data.
2. Observe how the system handles this request without MFA.

**Learning Points:**
- The principle of least privilege access.
- How the system differentiates between general and sensitive data access.

### Use Case 4: Logout

1. After being logged in, click the "Logout" button.
2. Observe how the system handles the logout process.

**Learning Points:**
- Session termination in a Zero Trust environment.
- How the system resets to its default secure state.

### Use Case 5: Login, Access Sensitive Data, Wrong MFA

1. Log in with correct credentials (username: "admin", password: "password").
2. Attempt to access sensitive data, triggering an MFA request.
3. Enter an incorrect MFA code.
4. Observe the system's response to failed MFA.

**Learning Points:**
- The role of Multi-Factor Authentication in Zero Trust.
- How the system handles partial authentication success (correct password but failed MFA).
- The importance of layered security measures.

### Use Case 6: Login, Access Sensitive Data, Correct MFA, Access Backend Data

1. Log in with correct credentials (username: "admin", password: "password").
2. Attempt to access sensitive data, triggering an MFA request.
3. Enter the correct MFA code "123456".
4. Observe the full authentication process.
5. Access the backend data and observe the data flow.

**Learning Points:**
- The complete Zero Trust authentication and authorization process.
- How successful MFA leads to access grant.
- The flow of data from the backend to the client in a fully authenticated session.

## Reflection Questions

1. How does the visualization demonstrate the "never trust, always verify" principle of Zero Trust Architecture?
2. What are the key differences you observed in the system's behavior between failed and successful authentication attempts?
3. How does the addition of MFA enhance the security of the system? Are there any potential drawbacks?
4. Based on the visualization, how would you explain the roles of the Policy Decision Point (PDP) and Policy Enforcement Point (PEP)?
5. How does this model demonstrate the concept of least privilege access?
6. Can you think of real-world scenarios where this type of authentication flow would be particularly beneficial or challenging to implement?

## Extended Learning

1. Research and suggest additional authentication factors that could be incorporated into this Zero Trust model.
2. Discuss how this visualization might change if it were to represent a microservices architecture instead of a monolithic back-end.
3. Consider how the principles demonstrated in this visualization could be applied to other areas of cybersecurity, such as network segmentation or data encryption.

By exploring these core use cases, reflecting on the questions, and engaging in extended learning activities, you'll develop a comprehensive understanding of Zero Trust Architecture principles and their practical application in modern cybersecurity environments.