Fortifying Linux Server and Implementing a Zero Trust Network Access (ZTNA) for Enhanced Security

Ansar, Syed Hasnat; Sadiq, Arslan; Ihsan, Uswa; Ashraf, Humaira; Somantri,

doi:10.3390/engproc2025107099

Open AccessProceeding Paper

Fortifying Linux Server and Implementing a Zero Trust Network Access (ZTNA) for Enhanced Security^†

by

Syed Hasnat Ansar

^1,*,

Arslan Sadiq

¹,

Uswa Ihsan

²,

Humaira Ashraf

² and

Somantri

³

¹

Kohat Islamabad Campus, Preston University, Islamabad 44000, Pakistan

²

School of Computer Science, Taylor’s University, Subang Jaya 47500, Malaysia

³

Department of Informatics Engineering, Nusa Putra University, Sukabumi 43152, West Java, Indonesia

^*

Author to whom correspondence should be addressed.

^†

Presented at the 7th International Global Conference Series on ICT Integration in Technical Education & Smart Society, Aizuwakamatsu City, Japan, 20–26 January 2025.

Eng. Proc. 2025, 107(1), 99; https://doi.org/10.3390/engproc2025107099

Published: 19 September 2025

(This article belongs to the Proceedings of The 7th International Global Conference Series on ICT Integration in Technical Education & Smart Society)

Download

Browse Figures

Versions Notes

Abstract

For organizations, protecting computer networks has always been a very tough and demanding task. In the current technological era digital resources can now be protected without the need for outdated traditional perimeter-based security techniques. Organizations can use the Zero Trust Network Access (ZTNA) approach to safeguard and filter their vital digital assets for the company’s benefit. This platform uses sophisticated logical authentication to test the system’s ability to authenticate users, and network monitoring is used to look for possible security flaws and system vulnerabilities. By evaluating users’ interactions with the system and their handling of assigned digital resources, multi-factor authentication filters out unwanted access attempts. Three fundamental access control styles are provided by network segmentation, giving administrators the option to manage access in a democratic, strict, or flexible manner (least privilege approach).

Keywords:

zero trust network access; least privilege digital network security; wireguard; Fortifying Linux Server

1. Introduction

The current digital era has made the field of computer network security more complicated and difficult. To defend vital digital assets against advanced cyberthreats, traditional security models are no longer adequate. By doing away with implicit trust and requiring constant verification of each user and device trying to access resources, Zero Trust Network Access (ZTNA) is a novel approach that radically reimagines network security. Fortifying Linux Server and Implementing Zero Trust Network Access (ZTNA) examines this approach.

1.1. Background

Conventional network security models based on the idea of a secure perimeter have proven insufficient in the quickly changing cybersecurity landscape. After perimeter defenses are breached, the traditional castle-and-moat strategy presumes that everything inside the network is reliable, leaving organizations open to insider threats and lateral attacker movement. The growing popularity of remote work, the decentralization of networks, and the expansion of cloud services have all made this vulnerability worse. By radically rethinking network security, ZTNA arises as a solution to these issues. The Zero Trust model, which was first presented by [1], is based on the straightforward principle ‘never trust, always verify’. Contrary to conventional models, Zero Trust makes the assumption that threats can come from both inside and outside the network, necessitating constant verification of all users and devices trying to access resources regardless of where they are in relation to the network perimeter.

1.2. Problem Statement

IT environments are constantly changing, and managing the security of Linux servers becomes more complicated. Because cloud services, remote work, and mobile devices have become more common, the old perimeter-based defenses are no longer effective. Environmental changes have made traditional security methods vulnerable, particularly when it comes to internal threats, illegal network access, and lax authentication protocols. The absence of comprehensive monitoring tools in many Linux systems makes it difficult to identify and address security threats. Organizations frequently encounter uneven policy enforcement and unresolved vulnerabilities as a result of the persistent challenges with server security. Linux servers are necessary for modern digital services, so businesses need a flexible Zero Trust-based security strategy to improve their defenses.

1.3. Objective

In order to combat modern security threats, the study Fortifying Linux Server and Implementing Zero Trust Network Access aims to deploy a comprehensive ZTNA framework on Linux servers running Ubuntu. The goal of the project is to create an architecture that rigorously adheres to the least privilege principle. Setting up safe and encrypted network channels with WireGuard Virtual private networks (VPN), implementing multi-factor authentication, and enhancing Secure shell (SSH) configurations to improve identity assurance are a few of the elements. Additionally, the procedure involves using nftables to set up particular firewall rules for improved access control.

1.4. Significance of the Study

The book Fortifying Linux Server: Implementing Zero Trust Network Access (ZTNA) makes several important contributions to the field of cybersecurity, closing the gap between theoretical security models and real-world application by offering a thorough step-by-step implementation of ZTNA principles on Ubuntu Linux servers. An important need in infrastructure security is met by the all-encompassing approach to server hardening, especially since Linux servers still serve as the foundation for internet services.

Security of Remote Work: by offering safe access to resources regardless of user location, the ZTNA framework that has been put into place directly addresses the security issues raised by remote work arrangements.

Insider Threat Mitigation: this project shows how to effectively mitigate insider threats by implementing least privilege access and continuous authentication.

1.5. Scope and Limitation

The main goals are to create efficient monitoring systems, improve network access control, and fortify authentication procedures. Despite the approach’s depth in these areas, some limitations are recognized. Because the implementation is specifically designed for Ubuntu, it might not work directly with other Linux distributions or operating systems without being modified. Furthermore, the project’s scope focuses mostly on network and session layer security, with little attention paid to application-level threats. The main environment is that of standalone Linux servers, even though some cloud-related factors are taken into account.

2. Literature Review

2.1. Evolution of Network Security Models

2.1.1. Traditional Perimeter Based Security

Historically, the traditional method of network security has depended on the idea of a secure perimeter, which is commonly known as the castle-and-moat model [1]. According to this model, security efforts should be concentrated on strengthening the distinction between trusted internal networks and untrusted external networks, as threats are assumed to be prevalent outside the network. Virtual private networks (VPNs), intrusion detection systems (IDS), and firewalls are the main tools used to manage access at this perimeter. Many of the tenets that would govern perimeter security for decades were established by earlier firewall research [2]. Their strategy placed a strong emphasis on the role that circuit-level gateways, application gateways, and packet filtering play in creating a secure perimeter. Similar to this, ref. [3] offered useful applications of these ideas, which led to their standardization in network security. However, perimeter-based security is not enough on its own, as ref. [4] points out via their principle of least privilege. Every program and privileged user of the system should function with the bare minimum of privileges required to finish the task, they contended. Later on, this idea would serve as the foundation for Zero Trust models.

2.1.2. Traditional Perimeter-Based Security

Recognizing the limitations of perimeter-focused security, the industry shifted toward layered defenses. This “defense-in-depth” approach [5] incorporated multiple security controls across different layers of the network and system architecture. The strategy aimed to provide redundancy in security measures, ensuring that, if one layer fails, others remain to protect assets. Ref. [6] expanded on this concept by emphasizing the importance of integrating security throughout the software development lifecycle rather than treating it as an add-on concern. This work highlighted that security must be considered at every level of system design and implementation, not merely at network boundaries.

2.1.3. Emergence of Zero Trust

Traditional security models, according to Kindervag, made the mistake of assuming that internal network traffic could be trusted. No user or device should be trusted by default regardless of whether they are inside or outside the organization’s perimeter, according to the alternative model he suggested [1]. One of the earliest extensive applications of Zero Trust principles was offered by. By using user identity and device status instead of network location to determine access, this method moved access controls from the network perimeter to specific devices and users. These ideas were codified by the National Institute of Standards and Technology (NIST) in [7], which described Zero Trust Architecture (ZTA) as a cybersecurity plan for an enterprise that incorporates zero trust concepts and includes component relationships, workflow planning, and access policies.

2.1.4. Core Principles of Zero Trust Network Access

ZTNA requires ongoing verification based on a variety of contextual factors. User identity, location, device health, workload type, data sensitivity, and anomalies are all included, as stated in [8]. ZTNA requires verification at every stage of the session, in contrast to conventional models that only authenticate once at the peripheral. Ref. [7] also emphasizes the necessity of considering access time, device posture, location, and behavioral patterns in addition to basic credentials when making decisions. ZTNA, which is based on Saltzer’s principle, restricts access to only that which is required for particular tasks. As demonstrated in [9], attribute-based access control (ABAC) provides more flexibility by taking into account a larger range of contextual attributes [10], whereas role-based access control (RBAC) grants permissions based on job functions. A breach is presumed.

2.2. Critical Components of ZTNA Implementation

2.2.1. Identity and Access Management

Multi-factor authentication (MFA) combines several verification components, including biometrics, tokens, and passwords, to improve identity security. By making it more difficult for attackers to bypass every element, this tiered strategy dramatically lowers the risk of unwanted access.

2.2.2. Micro-Segmentation and Network Segmentation

By creating zones within networks with varying permissions, segmentation restricts access. This is improved by micro-segmentation, which safeguards distinct workloads. Google’s approach goes beyond relying solely on network location when making context-aware access decisions, incorporating application-layer controls as well

2.2.3. Analytics and Constant Monitoring:

ZTNA needs constant monitoring in order to identify and address threats. It places a strong emphasis on collecting and evaluating data from various sources in order to facilitate proactive network breach defense and real-time anomaly detection.

2.3. Linux Server Security in Zero Trust Contexts

2.3.1. Ubuntu Server Security Features

Ubuntu has a number of integrated tools that support Zero Trust models. AppArmor, UFW, and Landscape are highlighted in [11] for centralized supervision, firewall management, and application control. Ref. [12] argues that Ubuntu’s robust security features and balance of usability make it a good choice for enterprise security.

2.3.2. SSH Hardening Techniques

In Zero Trust settings, secure SSH configurations are essential. Ref. [13] advises turning on fail2ban, utilizing key-based authentication, and turning off root login. SSH security depends on efficient key management, including access control and automated rotation.

2.3.3. VPN Technologies for Secure Access

VPNs make encrypted remote access possible, which is crucial for ZTNA. WireGuard is notable for its robust cryptography and ease of use. As demonstrated by [14,15], it provides lower latency and better performance than more antiquated protocols, like IPsec and OpenVPN, facilitating use in secure settings.

2.3.4. Advanced Firewall Configurations

There are four advanced firewall configurations. Instead of serving as perimeter protectors, firewalls in Zero Trust enforce policies. In handling complex rulesets, ref. [16] demonstrates that nftables perform better than iptables. Ref. [17] illustrate how dynamic, context-based rules in line with Zero Trust principles are supported by SDN-integrated firewalls [9].

2.4. Challenges and Limitations in ZTNA Implementation

2.4.1. Performance Considerations

Security measures inevitably impact system performance. The process analyzes the trade-offs between security and efficiency, noting that encryption and additional authentication steps introduce latency that must be managed to maintain usability.

More recently, ref. [8] examines performance optimization strategies for Zero Trust implementations, finding that techniques such as session resumption, parallel processing of verification steps, and strategic caching can significantly reduce the performance impact of continuous verification [18].

2.4.2. Integration with Legacy Systems

Organizations rarely implement Zero Trust on a blank slate; integration with existing systems presents significant challenges [19]. Several studies highlight strategies for transitioning from traditional security models to Zero Trust. A common recommendation is to adopt a phased approach that first secures the most critical assets, while applying compensating controls in areas where legacy systems cannot be immediately modernized [20].

2.4.3. User Experience Implications

Security measures that significantly degrade user experience risk being circumvented. The process examines the “compliance budget” concept, suggesting that users have a limited tolerance for security friction before they begin seeking work arounds. The work emphasizes the importance of designing security measures that minimize disruption to legitimate work processes. The authors of [3] provide practical guidelines for balancing security and usability in Zero Trust environments, recommending specific techniques.

2.5. Research Gaps and Opportunities

Despite significant advances in Zero Trust research and implementation, several important gaps remain. First, most ZTNA implementations focus on enterprise networks with centralized management, with less attention paid to smaller environments or individual server security. Second, practical guidance on implementing Zero Trust principles on Linux servers, particularly Ubuntu, remains scattered and often lacks the comprehensive approach needed for effective implementation. Table 1 below sums up the Literature Review.

3. Methodology

3.1. Research Approach

This study dives into the creation and evaluation of a Zero Trust Network Access (ZTNA) framework specifically designed for Linux servers. It highlights the vulnerabilities of traditional perimeter-based security, the risks of lateral movements, and the potential for insider threats. The objectives include ensuring strong identity validation, implementing tiered access, enabling remote access with minimal exposure, and maintaining continuous surveillance. In practice, ZTNA was applied to Ubuntu servers, incorporating vpn, multi-factor authentication, firewalls, and intrusion detection systems, all layered for enhanced protection. The solution was put to the test across security, performance, and usability aspects, with detailed documentation and analysis of the findings. This approach effectively merges practical experience with theoretical knowledge, offering a rich blend of academic insights and real-world application, thus contributing both conceptually and practically. The Implementation Methodology is depicted in Figure 1 below.

3.2. System Architecture Design

3.2.1. High-Level Architecture Overview

Ubuntu servers are used in the architecture’s layered Zero Trust model. With WireGuard, remote access is protected through encrypted tunnels. MFA and SSH hardening enforce stringent identity verification. Monitoring and access are controlled by OSSEC, auditd, rsyslog, and nftables. Configuration integrity, backup, and recovery are handled by Etchkeeper and Restic. The ZTNA Architecture is given below in Figure 2.

3.2.2. Component Selection Criteria

Components were chosen primarily for their ability to uphold Zero Trust security principles. Lightweight tools with minimal performance impact were prioritized. Maintainability was ensured through active support and strong documentation. Seamless integration with Ubuntu and the broader ZTNA architecture was essential. Scalability to support both single and multi-server setups was a key consideration.

3.2.3. Key Technologies and Tools

Ubuntu Server 24.04.1 LTS was selected due to its robust security support and stability. WireGuard VPN provided encrypted connectivity that was quick, safe, and portable. Firewall rule management was made flexible and effective by nftables. Google Authenticator and SSH with ed25519 keys provided robust authentication. Secure encrypted backups and intrusion detection were handled by OSSEC and Restic. The WireGuard VPN Implementation is given below in Figure 3, and Client Config Setup Flow in Figure 4.

3.3. Implementation Methodology

By protecting the server, network, and authentication layers, ZTNA was methodically put into practice. SSH hardening, MFA, firewall configuration, and VPN setup were important precautions. Resilience was guaranteed by monitoring, backup, and recovery systems, and security and performance were confirmed by testing and optimization. The approach is given below in Figure 5.

4. Security Testing Methodology

4.1. Security Testing Methodology

To evaluate the ZTNA setup, a thorough security testing methodology was employed. Misconfigurations were found through vulnerability scans using Nmap and Lynis. Potential exploit paths were revealed by penetration testing. Methods of authentication and firewall rules were thoroughly examined. Every configuration was examined in light of industry best practices.

4.2. Performance Measurement

4.2.1. Performance Impact Analysis

The ZTNA implementation inevitably introduced some performance overheads. The system’s functionality was evaluated both before and after security was implemented through performance testing. We tested each security component separately to find any performance issues. With every security measure in place, the overall performance of the system was assessed. Load testing assessed system behavior under various stress conditions. CPU usage, network throughput, response time, SSH time, and VPN overhead were among the important metrics.

4.2.2. System Resource Utilization

System resource utilization was measured in two scenarios:

Base system without security measures
With security measures but low load

4.2.3. CPU Utilization

The results showed a moderate increase in CPU usage, primarily attributed to the encryption overhead from WireGuard and the continuous monitoring by OSSEC and auditd, as shown in Table 2.

4.3. Memory Utilization

The memory usage increase was primarily due to the monitoring and logging components, particularly Prometheus and Grafana, which maintain in-memory data for real-time monitoring, as shown in Table 3.

4.4. Disk I/O

The significant increase in write operations under high load was primarily attributable to extensive logging by auditd and OSSEC, which generate detailed records of system activities, as shown in Table 4.

Network Performance

Network performance was measured in terms of throughput and latency.

4.5. Throughput

The WireGuard VPN introduced approximately a 15% reduction in throughput, which is excellent compared to traditional VPN solutions that typically impose a 30–50% penalty, as shown in Table 5.

4.6. Latency

The additional latency introduced by WireGuard was minimal (approximately 4.5 ms), well below the threshold that would negatively impact interactive applications, as shown in Table 6.

4.6.1. SSH Connection Establishment Time

The time required to establish SSH connections was measured.

The multi-factor authentication significantly increased the connection establishment time, primarily due to the manual step of entering the TOTP code. However, once authenticated, session performance was identical to other methods, as shown in Table 7.

4.6.2. Performance Optimization Results

The effectiveness of the performance optimizations was assessed by comparing system metrics before and after optimization:

These results demonstrate that the performance optimizations were effective in reducing the overhead of the security measures, making the ZTNA implementation more practical for production use, as shown in Table 8.

4.7. Comparison with Traditional Security Models

To quantify the benefits of the ZTNA implementation, it was compared with traditional perimeter-based security models across several dimensions.

4.7.1. Security Effectiveness Comparison

Security effectiveness was evaluated based on protection against common attack vectors.

The ZTNA implementation showed significant improvements in protection against credential theft, lateral movement, and insider threats, which are major weaknesses of traditional security models, as shown in Table 9.

4.7.2. Administrative Complexity Comparison

The administrative overhead of the different security models was assessed.

The Administrative Complexity Comparison is represented, as shown in Table 10.

5. Conclusions

The implementation of Zero Trust Network Access on Ubuntu Linux servers proves highly effective at addressing modern security challenges. By enforcing explicit verification, least privilege access, and assuming breach, ZTNA significantly enhances protection against threats that bypass traditional perimeter defenses. While introducing moderate complexity and performance overhead, these impacts were successfully mitigated through optimization techniques. The implementation demonstrated that robust ZTNA solutions can be built entirely with open source components, making advanced security accessible even with limited resources. Security assessments confirmed the effectiveness of this layered approach, particularly in protecting against credential theft, lateral movement, and insider threats. The WireGuard VPN provided excellent performance characteristics, with minimal impact on throughput and latency. For organizations with significant security requirements or compliance obligations, ZTNA offers substantial benefits that outweigh implementation costs, providing comprehensive protection while maintaining acceptable performance and usability.

6. Future Work

Identity management integration and ZTNA scaling for enterprise settings should be the main topics of future research. ZTNA at the application level for web applications and Application Programming Interface (APIs) needs further study. It is crucial to implement ZTNA in a variety of Operating systems (OS) platforms and heterogeneous environments. Long-term adoption would be facilitated by longitudinal research on sustainability and operational impact. The three main areas that require improvement are cloud/container integration, automated threat response, and user adaptation techniques. These research directions would build upon the foundation established by Fortifying Linux Server and Implementing ZTNA and address important gaps in the current understanding of ZTNA implementation and operation.

Author Contributions

Conceptualization, S.H.A. and A.S.; methodology, S.H.A. and A.S.; software, S.H.A. and A.S.; validation, H.A. and U.I.; formal analysis, U.I.; investigation, S.H.A. and A.S.; resources, H.A.; data curation, U.I.; writing—original draft preparation, S.H.A.; writing—review and editing, H.A. and U.I.; visualization, A.S.; supervision, H.A.; project administration, U.I., S.H.A. and A.S.; funding acquisition, S. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Data supporting the findings of this study are available from the corresponding author upon reasonable request.

Conflicts of Interest

The authors declare no conflict of interest.

References

Forrester Research. Build Security into Your Network’s DNA: The Zero Trust Network Architecture. 2010. Available online: https://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf (accessed on 18 August 2025).
Donenfeld, J.A. WireGuard: Next Generation Kernel Network Tunnel. In Proceedings of the 2017 Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, 26 February–1 March 2017; pp. 1–12. [Google Scholar]
Cunningham, J.A.; Manico, J.; Williams, J. The OWASP Application Security Verification Standard 4.0. OWASP Foundation, 2018. Available online: https://owasp.org/www-project-application-security-verification-standard/ (accessed on 18 August 2025).
Wilkens, F.; Haas, S.; Amann, J.; Fischer, M. Passive, transparent, and selective TLS decryption for network security monitoring. In Proceedings of the IFIP International Conference on ICT Systems Security and Privacy Protection, Copenhagen, Denmark, 13–15 June 2022; Springer International Publishing: Cham, Switzerland, 2022; pp. 87–105. [Google Scholar]
Purdy, G.N. Linux iptables Pocket Reference: Firewalls, NAT Accounting; O’Reilly Media: Sebastopol, CA, USA, 2020. [Google Scholar]
Nayak, A.K.; Reimers, A.; Feamster, N.; Clark, R. Resonance: Dynamic access control for enterprise networks. In Proceedings of the 1st ACM Workshop on Research on Enterprise Networking (WREN’09), Barcelona, Spain, 21 August 2009; pp. 11–18. [Google Scholar] [CrossRef]
Kolias, C.; Hatzivasilis, G.; Fysarakis, K. Zero Trust Access Control for Microservices: Challenges and Solutions. IEEE Access 2021, 9, 69783–69794. [Google Scholar]
Kurose, J.F.; Ross, K.W. Computer Networking: A Top-Down Approach, 7th ed.; Pearson: Boston, MA, USA, 2017. [Google Scholar]
Kreutz, D.; Ramos, F.M.; Verissimo, P.; Rothenberg, C.E.; Azodolmolky, S.; Uhlig, S. Software-defined networking: A comprehensive survey. Proc. IEEE 2015, 103, 14–76. [Google Scholar] [CrossRef]
Chapman, D.B.; Zwicky, E.D. Building Internet Firewalls, 1st ed.; O’Reilly Media: Sebastopol, CA, USA, 1995. [Google Scholar]
Ward, R.; Beyer, B. BeyondCorp: A New Approach to Enterprise Security. Login USENIX Mag. 2014, 39, 6–11. [Google Scholar]
Pudelko, M.; Emmerich, P.; Gallenmüller, S.; Carle, G. Performance analysis of VPN gateways. In Proceedings of the 2020 IFIP Networking Conference (Networking), Paris, France, 22–26 June 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 325–333. [Google Scholar]
Samarati, P.; de Capitani di Vimercati, S. Access Control: Policies, Models, and Mechanisms. In Foundations of Security Analysis and Design; Springer: Berlin/Heidelberg, Germany, 2001; pp. 137–196. [Google Scholar]
Dauch, K.; Hovak, A.; Nestler, R. Information Assurance Using a Defense In-Depth Strategy. In Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security, Washington, DC, USA, 3–4 March 2009; IEEE: Piscataway, NJ, USA, 2009; pp. 267–272. [Google Scholar]
Hu, V.C.; Ferraiolo, D.; Kuhn, R.; Schnitzer, A.; Sandlin, K.; Miller, R.; Scarfone, K. Guide to Attribute Based Access Control (ABAC) Definition and Considerations; NIST Special Publication 800-162; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2014. [Google Scholar]
Roeckle, H.; Schimpf, G.; Weidinger, R. Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In Proceedings of the Fifth ACM Workshop on Role-Based Access Control, Berlin, Germany, 26–27 July 2000; pp. 103–110. [Google Scholar]
Saltzer, J.H.; Reed, D.P.; Clark, D.D. End-to-End Arguments in System Design. ACM Trans. Comput. Syst. 1984, 2, 277–288. [Google Scholar] [CrossRef]
Li, L.; Gao, H.; Jin, H. Centralized Trust-Based In-Band Control for SDN Control Channel. IEEE Trans. Dependable Secure Comput. 2021, 18, 1731–1744. [Google Scholar] [CrossRef]
Sezer, S.; Scott-Hayward, S.; Chouhan, K.P.; Fraser, B.; Lake, D.; Finnegan, J.; Viljoen, N.; Miller, M.; Rao, N. Are we ready for SDN? Implementation challenges for software-defined networks. IEEE Commun. Mag. 2013, 51, 36–43. [Google Scholar] [CrossRef]
Upadhyay, D.; Sampalli, S.; Plourde, B. Vulnerabilities’ Assessment and Mitigation Strategies for the Small Linux Server, Onion Omega2. Electronics. 2020, 9, 967. [Google Scholar] [CrossRef]

Figure 1. Implementation methodology.

Figure 2. ZTNA Architecture.

Figure 3. WireGuard VPN Implementation.

Figure 4. Client Configuration Setup Flow.

Figure 5. Implementation Methodology.

Table 1. Comparison of Related Works with Contributions.

Ref	Category	Main Topic	Summary	Year	Limitations	Our Contribution
[1]	Network Security, Zero Trust Architecture	Zero Trust Security	Introduces ZTNA advocating for a model where no entity is trusted by default.	2010	Lacks practical implementation details for modern technologies like SDN or Cloud environments.	Extends the Zero Trust Model by integrating ZTNA and SDN.
[19]	Software-Defined Networking, Networking Architecture	SDN Readiness	Explores challenges in SDN implementation, scalability, and security concerns.	2013	Does not cover practical deployment scenarios or integration of SDN, ZTNA, and IoT.	Integrates ZTNA with SDN and Linux-based servers using machine learning for threat detection.
[9]	Software-Defined Networking, Network Technologies	SDN Architecture Sur-vey	Extensive survey of SDN architecture, challenges, and opportunities.	2015	Focuses on foundational SDN aspects without integrating security models like ZTNA.	Expands foundational SDN by incorporating ZTNA and real-time threat detection.
[18]	Software-Defined Networking, Security	Trust-Based SDN Control Mechanism	Discusses securing SDN control channels for communication reliability.	2020	Does not integrate advanced Zero Trust models.	Integrates ZTNA with SDN for enhanced security and dynamic threat response using M/L.

Table 2. CPU Utilization.

Scenario	Average CPU Usage	Peak CPU Usage
Base System	3.2%	5.7%
ZTNA (Low Load)	5.8%	8.4%
ZTNA (High Load)	12.6%	22.3%

Table 3. Memory Utilization.

Scenario	Average Memory Usage	Peak Memory Usage
Base System	512 MB	628 MB
ZTNA (Low Load)	768 MB	892 MB
ZTNA (High Load)	1.2 GB	1.4 GB

Table 4. Disk 1/0.

Scenario	Read Operations	Write Operations
Base System	12.4	8.7
ZTNA (Low Load)	18.2	32.5
ZTNA (High Load)	26.8	125.3

Table 5. Throughput.

Scenario	Download (Mbps)	Upload (Mbps)
Direct Connection	923.4	876.2
Through WireGuard	782.7	751.8

Table 6. Latency.

Scenario	Average Latency (ms)	Jitter (ms)
Direct Connection	12.3	1.2
Through WireGuard	16.8	1.8

Table 7. SSH Connection establishment time.

Authentication Method	Connections Time
Password Public Key Only	1.2 1.4
Public Key + MFA	8.3

Table 8. Performance Optimization Results.

Metric	Before Optimization	After Optimization	Improvement
CPU Usage (High Load)	17.3%	12.6%	27.2%
Memory Usage (High Load)	1.5 GB	1.2 GB	20.0%
SSH Connection Time	9.7 s	8.3 s	14.4%
WireGuard Throughput	695.3 Mbps	782.7 Mbps	12.6%

Table 9. Security Effectiveness Comparison.

Attack Vector	Traditional Model	ZTNA Implementation
External Network Attacks	Good (firewall protection)	Excellent (minimal exposed services)
Credential Theft	Poor (single factor)	Excellent (multi-factor auth)
Lateral Movement	Poor (flat network)	Excellent (granular access control)
Insider Threats	Poor (implicit trust)	Good (continuous verification)
VPN Compromise	Severe Impact	Limited Impact (granular access)

Table 10. Administrative Complexity Comparison.

Administrative Task’s	Traditional Model	ZTNA Implementation
User Onboarding	Simple	Moderate (key generation MFA)
Access Revocation	Complex	Simple (centralized control)
Security Monitoring	Fragmented	Comprehensive
Audit Compliance	Difficult (Limited logs)	Straightforward (detailed logs)
Incident Response	Reactive	Proactive (early detection)

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

Share and Cite

MDPI and ACS Style

Ansar, S.H.; Sadiq, A.; Ihsan, U.; Ashraf, H.; Somantri. Fortifying Linux Server and Implementing a Zero Trust Network Access (ZTNA) for Enhanced Security. Eng. Proc. 2025, 107, 99. https://doi.org/10.3390/engproc2025107099

AMA Style

Ansar SH, Sadiq A, Ihsan U, Ashraf H, Somantri. Fortifying Linux Server and Implementing a Zero Trust Network Access (ZTNA) for Enhanced Security. Engineering Proceedings. 2025; 107(1):99. https://doi.org/10.3390/engproc2025107099

Chicago/Turabian Style

Ansar, Syed Hasnat, Arslan Sadiq, Uswa Ihsan, Humaira Ashraf, and Somantri. 2025. "Fortifying Linux Server and Implementing a Zero Trust Network Access (ZTNA) for Enhanced Security" Engineering Proceedings 107, no. 1: 99. https://doi.org/10.3390/engproc2025107099

APA Style

Ansar, S. H., Sadiq, A., Ihsan, U., Ashraf, H., & Somantri. (2025). Fortifying Linux Server and Implementing a Zero Trust Network Access (ZTNA) for Enhanced Security. Engineering Proceedings, 107(1), 99. https://doi.org/10.3390/engproc2025107099

Article Menu

Fortifying Linux Server and Implementing a Zero Trust Network Access (ZTNA) for Enhanced Security †