Op werkdagen voor 23:00 besteld, morgen in huis Gratis verzending vanaf €20
U heeft gezocht op 9781491962190. Het product dat u zocht is niet meer in die editie leverbaar en is vervangen door de onderstaande editie.
, , , e.a.

Zero Trust Networks

Paperback Engels 2024 2e druk 9781492096597
Verwachte levertijd ongeveer 16 werkdagen

Samenvatting

This practical book provides a detailed explanation of the zero trust security model. Zero trust is a security paradigm shift that eliminates the concept of traditional perimeter-based security and requires you to "always assume breach" and "never trust but always verify." The updated edition offers more scenarios, real-world examples, and in-depth explanations of key concepts to help you fully comprehend the zero trust security architecture.

- Examine fundamental concepts of zero trust security model, including trust engine, policy engine, and context aware agents
- Understand how this model embeds security within the system's operation, with guided scenarios at the end of each chapter
- Migrate from a perimeter-based network to a zero trust network in production
- Explore case studies that provide insights into organizations' zero trust journeys
- Learn about the various zero trust architectures, standards, and frameworks developed by NIST, CISA, DoD, and others

Specificaties

ISBN13:9781492096597
Taal:Engels
Bindwijze:paperback
Aantal pagina's:300
Uitgever:O'Reilly
Druk:2
Verschijningsdatum:8-3-2024
Hoofdrubriek:IT-management / ICT
ISSN:

Lezersrecensies

Wees de eerste die een lezersrecensie schrijft!

Inhoudsopgave

Preface
Who Should Read This Book
Why We Wrote This Book
Navigating This Book
Conventions Used in This Book
O’Reilly Online Learning
How to Contact Us
Acknowledgments from the First Edition
Acknowledgments from the Second Edition

1. Zero Trust Fundamentals
What Is a Zero Trust Network?
Introducing the Zero Trust Control Plane
Evolution of the Perimeter Model
Managing the Global IP Address Space
Birth of Private IP Address Space
Private Networks Connect to Public Networks
Birth of NAT
The Contemporary Perimeter Model
Evolution of the Threat Landscape
Perimeter Shortcomings
Where the Trust Lies
Automation as an Enabler
Perimeter Versus Zero Trust
Applied in the Cloud
Role of Zero Trust in National Cybersecurity
Summary

2. Managing Trust
Threat Models
Common Threat Models
Zero Trust’s Threat Model
Strong Authentication
Authenticating Trust
What Is a Certificate Authority?
Importance of PKI in Zero Trust
Private Versus Public PKI
Public PKI Is Better than None
Least Privilege
Dynamic Trust
Trust Score
Challenges with Trust Scores
Control Plane Versus Data Plane
Summary

3. Context-Aware Agents
What Is an Agent?
Agent Volatility
What’s in an Agent?
How Is an Agent Used?
Agents Are Not for Authentication
How to Expose an Agent?
Rigidity and Fluidity, at the Same Time
Standardization Desirable
In the Meantime?
Summary

4. Making Authorization Decisions
Authorization Architecture
Enforcement
Policy Engine
Policy Storage
What Makes Good Policy?
Who Defines Policy?
Policy Reviews
Trust Engine
What Entities Are Scored?
Exposing Scores Considered Risky
Data Stores
Scenario Walkthrough
Summary

5. Trusting Devices
Bootstrapping Trust
Generating and Securing Identity
Identity Security in Static and Dynamic Systems
Authenticating Devices with the Control Plane
X.509
TPMs
TPMs for Device Authentication
HSM and TPM Attack Vectors
Hardware-Based Zero Trust Supplicant?
Inventory Management
Knowing What to Expect
Secure Introduction
Renewing and Measuring Device Trust
Local Measurement
Remote Measurement
Unified Endpoint Management (UEM)
Software Configuration Management
CM-Based Inventory
Searchable Inventory
Secure Source of Truth
Using Device Data for User Authorization
Trust Signals
Time Since Image
Historical Access
Location
Network Communication Patterns
Machine Learning
Scenario Walkthrough
Use Case: Bob Wants to Send a Document for Printing
Request Analysis
Use Case: Bob Wants to Delete an Email
Request Analysis
Summary

6. Trusting Identities
Identity Authority
Bootstrapping Identity in a Private System
Government-Issued Identification
Nothing Beats Meatspace
Expectations and Stars
Storing Identity
User Directories
Directory Maintenance
When to Authenticate Identity
Authenticating for Trust
Trust as the Authentication Driver
The Use of Multiple Channels
Caching Identity and Trust
How to Authenticate Identity
Something You Know: Passwords
Something You Have: TOTP
Something You Have: Certificates
Something You Have: Security Tokens
Something You Are: Biometrics
Behavioral Patterns
Out-of-Band Authentication
Single Sign-On
Workload Identities
Moving Toward a Local Auth Solution
Authenticating and Authorizing a Group
Shamir’s Secret Sharing
Red October
See Something, Say Something
Trust Signals
Scenario Walkthrough
Use Case: Bob Wants to View a Sensitive Financial Report
Request Analysis
Summary

7. Trusting Applications
Understanding the Application Pipeline
Trusting Source Code
Securing the Repository
Authentic Code and the Audit Trail
Code Reviews
Trusting Builds
Software Bill of Materials (SBOM): The Risk
Trusted Input, Trusted Output
Reproducible Builds
Decoupling Release and Artifact Versions
Trusting Distribution
Promoting an Artifact
Distribution Security
Integrity and Authenticity
Trusting a Distribution Network
Humans in the Loop
Trusting an Instance
Upgrade-Only Policy
Authorized Instances
Runtime Security
Secure Coding Practices
Isolation
Active Monitoring
Secure Software Development Lifecycle (SDLC)
Requirements and Design
Coding and Implementation
Static and Dynamic Code Analysis
Peer Reviews and Code Audits
Quality Assurance and Testing
Deployment and Maintenance
Continuous Improvement
Protecting Application and Data Privacy
When You Host Applications in a Public Cloud, How Can You Trust It?
Confidential Computing
Understanding Hardware-Based Root-of-Trust (RoT)
Role of Attestation
Scenario Walkthrough
Use Case: Bob Sends Highly Sensitive Data to Financial Application for Computation
Request Analysis
Summary

8. Trusting the Traffic
Encryption Versus Authentication
Authenticity Without Encryption?
Bootstrapping Trust: The First Packet
FireWall KNock OPerator (fwknop)
Short-Lived Exceptions
SPA Payload
Payload Encryption
HMAC
Where Should Zero Trust Be in the Network Model?
Client and Server Split
Network Support Issues
Device Support Issues
Application Support Issues
A Pragmatic Approach
Microsoft Server Isolation
The Protocols
IKE and IPsec
Mutually Authenticated TLS (mTLS)
Trusting Cloud Traffic: Challenges and Considerations
Cloud Access Security Brokers (CASBs) and Identity Federation
Filtering
Host Filtering
Bookended Filtering
Intermediary Filtering
Scenario Walkthrough
Use Case: Bob Requests Access to an Email Service Over an Anonymous Proxy Network
Request Analysis
Summary

9. Realizing a Zero Trust Network
The First Steps Toward a Zero Trust Network: Understanding Your Current Network
Choosing Scope
Assessment and Planning
Requirements: What Is Actually Required?
All Network Flows MUST Undergo Authentication Before Processing
Building a System Diagram
Understanding Your Flows
Micro-Segmentation
Software-Defined Perimeter
Controller-Less Architecture
“Cheating” with Configuration Management
Implementation Phase: Application Authentication and Authorization
Authenticating Load Balancers and Proxies
Relationship-Oriented Policy
Policy Distribution
Defining and Implementing Security Policies
Zero Trust Proxies
Client-Side Versus Server-Side Migrations
Endpoint Security
Case Studies
Case Study: Google BeyondCorp
The Major Components of BeyondCorp
Leveraging and Extending the GFE
Challenges with Multiplatform Authentication
Migrating to BeyondCorp
Lessons Learned
Conclusion
Case Study: PagerDuty’s Cloud-Agnostic Network
Configuration Management as an Automation Platform
Dynamically Calculated Local Firewalls
Distributed Traffic Encryption
Decentralized User Management
Rollout
Value of a Provider-Agnostic System
Summary

10. The Adversarial View
Potential Pitfalls and Dangers
Attack Vectors
Identity and Access
Credential Theft
Privilege Escalation and Lateral Movement
Infrastructure and Networks
Control Plane Security
Endpoint Enumeration
Untrusted Computing Platform
Distributed Denial of Service (DDoS) Attacks
Man-in-the-Middle (MitM) Attacks
Invalidation
Phishing
Physical Coercion
Role of Cyber Insurance
Summary

11. Zero Trust Architecture Standards, Frameworks, and Guidelines
Governments
United States
United Kingdom
European Union
Private and Public Organizations
Cloud Security Alliance (CSA)
The Open Group
Gartner
Forrester
International Organization for Standardization (ISO)
Commercial Vendors
Summary

12. Challenges and the Road Ahead
Challenges
Mindset Shift
Shadow IT
Siloed Organizations
Lack of Cohesive Zero Trust Products
Scalability and Performance
Key Takeaways
Technological Advancements
Quantum Computing
Artificial Intelligence
Privacy-Enhancing Technologies
Summary
Appendix. A Brief Introduction to Network Models
Network Layers, Visually
OSI Network Model
Layer 1—Physical Layer
Layer 2—Data Link Layer
Layer 3—Network Layer
Layer 4—Transport Layer
Layer 5—Session Layer
Layer 6—Presentation Layer
Layer 7—Application Layer
TCP/IP Network Model

Index
About the Authors

Managementboek Top 100

Rubrieken

Populaire producten

    Personen

      Trefwoorden

        Zero Trust Networks