![Zero Trust Networks: Building Secure Systems in Untrusted Networks](http://img.images-bn.com/static/redesign/srcs/images/grey-box.png?v11.9.4)
Zero Trust Networks: Building Secure Systems in Untrusted Networks
238![Zero Trust Networks: Building Secure Systems in Untrusted Networks](http://img.images-bn.com/static/redesign/srcs/images/grey-box.png?v11.9.4)
Zero Trust Networks: Building Secure Systems in Untrusted Networks
238Paperback
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
Overview
Authors Evan Gilman and Doug Barth show you how zero trust lets you focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility. You’ll learn the architecture of a zero trust network, including how to build one using currently available technology.
- Understand how the zero trust model embeds security within the system’s operation, rather than layering it on top
- Examine the fundamental concepts at play in a zero trust network, including network agents and trust engines
- Use existing technology to establish trust among the actors in a network
- Learn how to migrate from a perimeter-based network to a zero trust network in production
- Explore case studies of zero trust on the client side (Google) and on the server (PagerDuty)
Product Details
ISBN-13: | 9781491962190 |
---|---|
Publisher: | O'Reilly Media, Incorporated |
Publication date: | 06/30/2017 |
Pages: | 238 |
Product dimensions: | 6.90(w) x 8.60(h) x 0.50(d) |
About the Author
Doug Barth is a software engineer who loves to learn and shares his knowledge with others. He has worked on systems of various sizes at companies like Orbitz and PagerDuty. He has built and spoken about monitoring systems, mesh networks, and failure injection practices.
Table of Contents
Preface ix
1 Zero Trust Fundamentals 1
What Is a Zero Trust Network? 1
Introducing the Zero Trust Control Plane 3
Evolution of the Perimeter Model 4
Managing the Global TP Address Space 4
Birth of Private TP Address Space 6
Private Networks Connect to Public Networks 6
Birth of NAT 7
The Contemporary Perimeter Model 8
Evolution of the Threat Landscape 9
Perimeter Shortcomings 12
Where the Trust Lies 15
Automation as an Enabler 15
Perimeter Versus Zero Trust 16
Applied in the Cloud 18
Summary 19
2 Managing Trust 21
Threat Models 23
Common Threat Models 23
Zero Trusts Threat Model 24
Strong Authentication 25
Authenticating Trust 28
What Is a Certificate Authority? 28
Importance of PKI in Zero Trust 29
Private Versus Public PKI 29
Public PKI Strictly Better Than None 30
Least Privilege 30
Variable Trust 33
Control Plane Versus Data Plane 36
Summary 38
3 Network Agents 41
What Is an Agent? 42
Agent Volatility 42
What's in an Agent? 43
How Is an Agent Used? 43
Not for Authentication 44
How to Expose an Agent? 45
No Standard Exists 46
Rigidity and Fluidity, at the Same Time 46
Standardization Desirable 47
In the Meantime? 48
Summary 48
4 Making Authorization Decisions 51
Authorization Architecture 51
Enforcement 53
Policy Engine 54
Policy Storage 55
What Makes Good Policy? 56
Who Defines Policy? 58
Trust Engine 58
What Entities Are Scored? 59
Exposing Scores Considered Risky 60
Data Stores 60
Summary 62
5 Trusting Devices 65
Bootstrapping Trust 65
Generating and Securing Identity 66
Identity Security in Static and Dynamic Systems 67
Authenticating Devices with the Control Plane 70
X.509 70
TPMs 73
Hardware-Based Zero Trust Supplicant? 77
Inventory Management 78
Knowing What to Expect 79
Secure Introduction 80
Renewing Device Trust 81
Local Measurement 83
Remote Measurement 83
Software Configuration Management 85
CM-Based Inventory 85
Secure Source of Truth 87
Using Device Data for User Authorization 88
Trust Signals 89
Time Since Image 89
Historical Access 89
Location 89
Network Communication Patterns 90
Summary 90
6 Trusting Users 93
Identity Authority 93
Bootstrapping Identity in a Private System 95
Government-Issued Identification 95
Nothing Beats Meatspace 96
Expectations and Stars 97
Storing Identity 97
User Directories 97
Directory Maintenance 98
When to Authenticate Identity 99
Authenticating for Trust 99
Trust as the Authentication Driver 99
The Use of Multiple Channels 100
Caching Identity and Trust 101
How to Authenticate Identity 101
Something You Know: Passwords 102
Something You Have: TOTP 103
Something You Have: Certificates 104
Something You Have: Security Tokens 104
Something You Are: Biometrics 105
Out-of-Band Authentication 106
Single Sign On 106
Moving Toward a Local Auth Solution 107
Authenticating and Authorizing a Group 108
Shamir's Secret Sharing 108
Red October 109
See Something, Say Something 110
Trust Signals 110
Summary 111
7 Trusting Applications 113
Understanding the Application Pipeline 114
Trusting Source 115
Securing the Repository 116
Authentic Code and the Audit Trail 116
Code Reviews 118
Trusting Builds 118
The Risk 118
Trusted Input, Trusted Output 120
Reproducible Builds 120
Decoupling Release and Artifact Versions 121
Trusting Distribution 122
Promoting an Artifact 122
Distribution Security 123
Integrity and Authenticity 123
Trusting a Distribution Network 125
Humans in the Loop 126
Trusting an Instance 127
Upgrade-Only Policy 127
Authorized Instances 128
Runtime Security 130
Secure Coding Practices 130
Isolation 131
Active Monitoring 132
Summary 134
8 Trusting the Traffic 137
Encryption Versus Authentication 137
Authenticity Without Encryption? 138
Bootstrapping Trust: The First Packet 139
Fwknop 140
A Brief Introduction to Network Models 142
Network Layers, Visually 142
OSI Network Model 143
TCP/IP Network Model 145
Where Should Zero Trust Be in the Network Model? 145
Client and Server Split 147
The Protocols 150
IKE/IPsec 150
Mutually Authenticated TLS 155
Filtering 163
Host Filtering 164
Bookended Filtering 167
Intermediary Filtering 169
Summary 171
9 Realizing a Zero Trust Network 173
Choosing Scope 173
What's Actually Required? 174
Building a System Diagram 178
Understanding Your Flows 180
Controller-Less Architecture 182
"Cheating" with Configuration Management 182
Application Authentication and Authorization 183
Authenticating Load Balancers and Proxies 184
Relationship-Oriented Policy 185
Policy Distribution 185
Defining and Installing Policy 186
Zero Trust Proxies 187
Client-Side Versus Server-Side Migrations 189
Case Studies 190
Case Study: Google BeyondCorp 190
The Major Components of BeyondCorp 192
Leveraging and Extending the GFE 194
Challenges with Multiplatform Authentication 196
Migrating to BeyondCorp 197
Lessons Learned 199
Conclusion 201
Case Study: PagerDuty's Cloud Agnostic Network 202
Configuration Management as an Automation Platform 202
Dynamically Calculated Local Firewalls 203
Distributed Traffic Encryption 204
Decentralized User Management 205
Rollout 206
Value of a Provider-Agnostic System 207
Summary 207
10 The Adversarial View 209
Identity Theft 210
Distributed Denial of Service 210
Endpoint Enumeration 211
Untrusted Computing Platform 212
Social Engineering 212
Physical Coercion 213
Invalidation 214
Control Plane Security 215
Summary 216
Index 217