# Building Zero-Trust Networks for Edge Devices with Netmaker
Edge devices are becoming critical components of modern infrastructure. From IoT sensors gathering data in remote locations to edge servers processing information closer to the source, these devices are transforming industries. However, this expansion of the network perimeter introduces significant security challenges. Traditional perimeter-based security models, which assume everything inside the network is trustworthy, are no longer sufficient. This is where the Zero-Trust security model becomes essential, especially for securing the vulnerable and often exposed edge.
## How Netmaker Helps You Create a Zero Trust Network
{% stepper %}
{% step %}
### Create a dedicated network
Imagine you’re deploying a fleet of sensors across 50 wind farms. You can use the Netmaker CLI ([NMCTL](https://learn.netmaker.io/features/nmctl)) to automate the network setup or use the Netmaker Dashboard. First, create a dedicated network for your sensors:
Or use the command:
{% code title="Create network" %}
```javascript
nmctl network create --name sensor-network --ipv4_addr 10.20.30.0/24 --default_access_control deny
```
{% endcode %}
This creates a network named "sensor-network" with a private address range and a default deny policy, embodying the Zero-Trust principle of least privilege.
{% endstep %}
{% step %}
### Create an enrollment key for onboarding
Create an enrollment key specifically for your sensors, limiting its uses and scope:
Or use the command:
{% code title="Create enrollment key" %}
```javascript
nmctl enrollment_key create sensor-network 5 --uses 5 --tag sensor-device
```
{% endcode %}
This creates a key that can be used only 5 times and automatically tags devices joining with this key as "sensor-device," simplifying future management.
{% endstep %}
{% step %}
### Define ACLs (Access Control Lists)
Define ACLs to restrict communication. For instance, allow your data aggregation server (node ID server-node-id) to communicate with the "sensor-device" tagged devices:
Or use the command:
{% code title="Allow ACL" %}
```javascript
nmctl acl allow sensor-network server-node-id tag:sensor-device
```
{% endcode %}
This ensures that only your designated server can communicate with the sensor devices, preventing unauthorized access.
{% endstep %}
{% step %}
### Monitor network performance
Monitor the network performance and connectivity using the Netmaker [Metrics Dashboard](https://learn.netmaker.io/getting-started/operations-field-guide/monitoring-your-network), ensuring your Zero-Trust policies are effectively maintained over time:
{% endstep %}
{% endstepper %}
## Zero Trust
Zero-Trust is not a product, but a strategic approach to security that centers on the principle of "Never Trust, Always Verify." No user or device should be automatically trusted, regardless of location or network affiliation. Every access request must be authenticated, authorized, and continuously validated. This approach is crucial for edge devices, which are often deployed in less controlled environments and can be prime targets for malicious actors.
Netmaker, a platform for creating and managing virtual overlay networks using WireGuard, provides the foundation for implementing Zero-Trust principles in your edge device infrastructure. By leveraging Netmaker's flexible and secure networking capabilities, organizations can move beyond perimeter security and embrace a more robust security posture for distributed edge environments.
## Network Segmentation
Network segmentation is a foundational pillar of Zero-Trust, and Netmaker supports it by letting you create separate, isolated [networks](https://learn.netmaker.io/getting-started/walkthrough/how-to-create-networks). Segment edge devices by function, location, or security level to prevent lateral movement in case of a breach. You can create networks via the Netmaker [dashboard](https://learn.netmaker.io/references/user-interface#dashboard), defining non-overlapping [address ranges](https://learn.netmaker.io/getting-started/operations-field-guide/network-setup#network-settings) for isolation.
## Granular Access Control
Netmaker's [Access Control Lists (ACLs)](https://learn.netmaker.io/getting-started/walkthrough/how-to-manage-access-controls-acls) provide precise control over communication between nodes. While Netmaker defaults to a [full mesh network](https://learn.netmaker.io/features/mesh-overlay#mesh-overlay-performance-and-speed), in Zero-Trust you should prefer a "default deny" posture and explicitly allow required paths. Configure rules through the [ACL interface](https://learn.netmaker.io/getting-started/walkthrough/how-to-manage-access-controls-acls) in the UI. Netmaker Professional adds [New ACLs (Pro)](https://learn.netmaker.io/getting-started/walkthrough/how-to-manage-access-controls-acls) for policies based on users and resources for finer-grained access management.
## User Management
Netmaker Professional offers robust [User Management](https://learn.netmaker.io/features/user-management). Create service users for programmatic access and platform users for administrative tasks, each with tailored permissions. Use [User Groups](https://learn.netmaker.io/features/user-management?q=user+groups+#user-groups) to manage team permissions efficiently (for example, a "field technicians" group with limited diagnostic access). Netmaker supports [OAuth integration](https://learn.netmaker.io/how-to-guides/identity-provider-integration-guide) so you can leverage existing identity providers for authentication.
Ensure only authorized devices join your Zero-Trust edge network using Netmaker's [Enrollment Keys](https://learn.netmaker.io/features/keys#managing-keys). Keys can have limited uses or expirations. For automated onboarding, use [Tag Management](https://learn.netmaker.io/features/tag-management) to group devices based on enrollment keys.
## Continuous Monitoring
Continuous monitoring and visibility are essential to maintain Zero-Trust. Netmaker Professional's [Analytics](https://learn.netmaker.io/getting-started/walkthrough/how-to-view-metrics-and-audit-logs) offers insights into connectivity, latency, and data transfer. The [Metrics](https://learn.netmaker.io/features/telemetry-and-logging/metrics) interface provides an overview of performance, and integration with Prometheus and Grafana enables advanced monitoring and alerting.
## Netmaker for the Win
By combining network segmentation, granular access control, robust user management, and continuous monitoring, Netmaker enables you to build Zero-Trust networks for edge devices. This approach enhances security, simplifies management, and improves operational efficiency for distributed edge environments. Netmaker provides the speed, flexibility, and features required to implement this security paradigm, helping organizations secure edge deployments and reduce attack surfaces.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://learn.netmaker.io/how-to-guides/building-zero-trust-networks-for-edge-devices-with-netmaker.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.