Inspiration## About the Project
Inspiration
Traditional enterprise networks rely on perimeter-based security, where users are trusted once inside the system. This creates major security risks, especially with increasing remote access and insider threats. This inspired us to build a Zero Trust-based system where no user is trusted by default and every request is verified.
What it does
Our project is a Zero Trust-based secure enterprise system that verifies every user request using authentication, role-based access control (RBAC), and a threat detection engine. It prevents unauthorized access, detects suspicious activities, and ensures secure access to resources.
How we built it
We developed a web-based application using:
- Java Spring Boot for backend logic
- HTML, CSS, JavaScript for frontend
- JWT (JSON Web Tokens) for authentication
- SHA-256 hashing for password security
- TOTP (Google Authenticator) for multi-factor authentication
The system follows a layered architecture:
- User login and authentication
- Token generation and verification
- Role-based access control
- Threat detection and monitoring
Key Features
- Zero Trust security model (never trust, always verify)
- Role-Based Access Control (Admin, Analyst, User, Guest)
- Multi-Factor Authentication (MFA)
- Threat detection for:
- Brute force attacks
- Unauthorized access
- Privilege escalation
- Off-hours access
- Anomalous behavior
- Brute force attacks
- Real-time monitoring and logging
Challenges we ran into
- Implementing secure JWT-based authentication
- Designing role-based access logic correctly
- Simulating real-world attack scenarios
- Managing data efficiently without a database
- Ensuring smooth integration between modules
What we learned
- Practical implementation of Zero Trust Architecture
- Secure authentication mechanisms (JWT, MFA)
- Role-Based Access Control (RBAC) design
- Basics of threat detection and security monitoring
- Importance of secure system design in enterprise environments
Future Scope
- Integration with MySQL database
- AI/ML-based advanced threat detection
- Email alerts for critical threats
- Deployment on cloud for real-world usage
Conclusion
This project demonstrates how Zero Trust principles can significantly improve enterprise security by continuously verifying users, controlling access, and detecting threats in real-time.
What it does
How we built it
Challenges we ran into
Accomplishments that we're proud of
What we learned
What's next for Zero Trust Secure Enterprise Access System
Built With
- css
- html
- java
- javascript
- jwt
- sha-256
- spring-boot
- totp
Log in or sign up for Devpost to join the conversation.