Perimeter defenses guarding your network aren't as secure as you might think. Hosts behind the firewall have no defenses of their own, so when a host in the "trusted" zone is breached, access to your data center is not far behind. This practical book introduces you to the zero trust model, a method that treats all hosts as if they're internet-facing, and considers the entire network to be compromised and hostile.
In this updated edition, the authors show you how zero trust lets you focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility. You'll learn the architecture of a zero trust network, including how to build one using currently available technology.
• Explore fundamental concepts of a zero trust network, including trust engine, policy engine, and context aware agents
• Understand how this model embeds security within the system's operation, rather than layering it on top
• Use existing technology to establish trust among the actors in a network
• Migrate from a perimeter-based network to a zero trust network in production
• Examine case studies that provide insights into various organizations' zero trust journeys
• Learn about the various zero trust architectures, standards, and frameworks
Author(s): Razi Rais, Christina Morillo, Evan Gilman, Doug Barth
Edition: 1
Publisher: O'Reilly Media
Year: 2024
Language: English
Commentary: Publisher's PDF
Pages: 332
City: Sebastopol, CA
Tags: Networking; Threat Models; Zero Trust Networks; Context-Aware Agents; Security; Network Security
Copyright
Table of Contents
Preface
Who Should Read This Book
Why We Wrote This Book
Navigating This Book
Conventions Used in This Book
O’Reilly Online Learning
How to Contact Us
Acknowledgments from the First Edition
Acknowledgments from the Second Edition
Chapter 1. Zero Trust Fundamentals
What Is a Zero Trust Network?
Introducing the Zero Trust Control Plane
Evolution of the Perimeter Model
Managing the Global IP Address Space
Birth of Private IP Address Space
Private Networks Connect to Public Networks
Birth of NAT
The Contemporary Perimeter Model
Evolution of the Threat Landscape
Perimeter Shortcomings
Where the Trust Lies
Automation as an Enabler
Perimeter Versus Zero Trust
Applied in the Cloud
Role of Zero Trust in National Cybersecurity
Summary
Chapter 2. Managing Trust
Threat Models
Common Threat Models
Zero Trust’s Threat Model
Strong Authentication
Authenticating Trust
What Is a Certificate Authority?
Importance of PKI in Zero Trust
Private Versus Public PKI
Public PKI Is Better than None
Least Privilege
Dynamic Trust
Trust Score
Challenges with Trust Scores
Control Plane Versus Data Plane
Summary
Chapter 3. Context-Aware Agents
What Is an Agent?
Agent Volatility
What’s in an Agent?
How Is an Agent Used?
Agents Are Not for Authentication
How to Expose an Agent?
Rigidity and Fluidity, at the Same Time
Standardization Desirable
In the Meantime?
Summary
Chapter 4. Making Authorization Decisions
Authorization Architecture
Enforcement
Policy Engine
Policy Storage
What Makes Good Policy?
Who Defines Policy?
Policy Reviews
Trust Engine
What Entities Are Scored?
Exposing Scores Considered Risky
Data Stores
Scenario Walkthrough
Summary
Chapter 5. Trusting Devices
Bootstrapping Trust
Generating and Securing Identity
Identity Security in Static and Dynamic Systems
Authenticating Devices with the Control Plane
X.509
TPMs
TPMs for Device Authentication
HSM and TPM Attack Vectors
Hardware-Based Zero Trust Supplicant?
Inventory Management
Knowing What to Expect
Secure Introduction
Renewing and Measuring Device Trust
Local Measurement
Remote Measurement
Unified Endpoint Management (UEM)
Software Configuration Management
CM-Based Inventory
Searchable Inventory
Secure Source of Truth
Using Device Data for User Authorization
Trust Signals
Time Since Image
Historical Access
Location
Network Communication Patterns
Machine Learning
Scenario Walkthrough
Use Case: Bob Wants to Send a Document for Printing
Request Analysis
Use Case: Bob Wants to Delete an Email
Request Analysis
Summary
Chapter 6. Trusting Identities
Identity Authority
Bootstrapping Identity in a Private System
Government-Issued Identification
Nothing Beats Meatspace
Expectations and Stars
Storing Identity
User Directories
Directory Maintenance
When to Authenticate Identity
Authenticating for Trust
Trust as the Authentication Driver
The Use of Multiple Channels
Caching Identity and Trust
How to Authenticate Identity
Something You Know: Passwords
Something You Have: TOTP
Something You Have: Certificates
Something You Have: Security Tokens
Something You Are: Biometrics
Behavioral Patterns
Out-of-Band Authentication
Single Sign-On
Workload Identities
Moving Toward a Local Auth Solution
Authenticating and Authorizing a Group
Shamir’s Secret Sharing
Red October
See Something, Say Something
Trust Signals
Scenario Walkthrough
Use Case: Bob Wants to View a Sensitive Financial Report
Request Analysis
Summary
Chapter 7. Trusting Applications
Understanding the Application Pipeline
Trusting Source Code
Securing the Repository
Authentic Code and the Audit Trail
Code Reviews
Trusting Builds
Software Bill of Materials (SBOM): The Risk
Trusted Input, Trusted Output
Reproducible Builds
Decoupling Release and Artifact Versions
Trusting Distribution
Promoting an Artifact
Distribution Security
Integrity and Authenticity
Trusting a Distribution Network
Humans in the Loop
Trusting an Instance
Upgrade-Only Policy
Authorized Instances
Runtime Security
Secure Coding Practices
Isolation
Active Monitoring
Secure Software Development Lifecycle (SDLC)
Requirements and Design
Coding and Implementation
Static and Dynamic Code Analysis
Peer Reviews and Code Audits
Quality Assurance and Testing
Deployment and Maintenance
Continuous Improvement
Protecting Application and Data Privacy
When You Host Applications in a Public Cloud, How Can You Trust It?
Confidential Computing
Understanding Hardware-Based Root-of-Trust (RoT)
Role of Attestation
Scenario Walkthrough
Use Case: Bob Sends Highly Sensitive Data to Financial Application for Computation
Request Analysis
Summary
Chapter 8. Trusting the Traffic
Encryption Versus Authentication
Authenticity Without Encryption?
Bootstrapping Trust: The First Packet
FireWall KNock OPerator (fwknop)
Short-Lived Exceptions
SPA Payload
Payload Encryption
HMAC
Where Should Zero Trust Be in the Network Model?
Client and Server Split
Network Support Issues
Device Support Issues
Application Support Issues
A Pragmatic Approach
Microsoft Server Isolation
The Protocols
IKE and IPsec
Mutually Authenticated TLS (mTLS)
Trusting Cloud Traffic: Challenges and Considerations
Cloud Access Security Brokers (CASBs) and Identity Federation
Filtering
Host Filtering
Bookended Filtering
Intermediary Filtering
Scenario Walkthrough
Use Case: Bob Requests Access to an Email Service Over an Anonymous Proxy Network
Request Analysis
Summary
Chapter 9. Realizing a Zero Trust Network
The First Steps Toward a Zero Trust Network: Understanding Your Current Network
Choosing Scope
Assessment and Planning
Requirements: What Is Actually Required?
All Network Flows MUST Undergo Authentication Before Processing
Building a System Diagram
Understanding Your Flows
Micro-Segmentation
Software-Defined Perimeter
Controller-Less Architecture
“Cheating” with Configuration Management
Implementation Phase: Application Authentication and Authorization
Authenticating Load Balancers and Proxies
Relationship-Oriented Policy
Policy Distribution
Defining and Implementing Security Policies
Zero Trust Proxies
Client-Side Versus Server-Side Migrations
Endpoint Security
Case Studies
Case Study: Google BeyondCorp
The Major Components of BeyondCorp
Leveraging and Extending the GFE
Challenges with Multiplatform Authentication
Migrating to BeyondCorp
Lessons Learned
Conclusion
Case Study: PagerDuty’s Cloud-Agnostic Network
Configuration Management as an Automation Platform
Dynamically Calculated Local Firewalls
Distributed Traffic Encryption
Decentralized User Management
Rollout
Value of a Provider-Agnostic System
Summary
Chapter 10. The Adversarial View
Potential Pitfalls and Dangers
Attack Vectors
Identity and Access
Credential Theft
Privilege Escalation and Lateral Movement
Infrastructure and Networks
Control Plane Security
Endpoint Enumeration
Untrusted Computing Platform
Distributed Denial of Service (DDoS) Attacks
Man-in-the-Middle (MitM) Attacks
Invalidation
Phishing
Physical Coercion
Role of Cyber Insurance
Summary
Chapter 11. Zero Trust Architecture Standards, Frameworks, and Guidelines
Governments
United States
United Kingdom
European Union
Private and Public Organizations
Cloud Security Alliance (CSA)
The Open Group
Gartner
Forrester
International Organization for Standardization (ISO)
Commercial Vendors
Summary
Chapter 12. Challenges and the Road Ahead
Challenges
Mindset Shift
Shadow IT
Siloed Organizations
Lack of Cohesive Zero Trust Products
Scalability and Performance
Key Takeaways
Technological Advancements
Quantum Computing
Artificial Intelligence
Privacy-Enhancing Technologies
Summary
Appendix A. A Brief Introduction to Network Models
Network Layers, Visually
OSI Network Model
Layer 1—Physical Layer
Layer 2—Data Link Layer
Layer 3—Network Layer
Layer 4—Transport Layer
Layer 5—Session Layer
Layer 6—Presentation Layer
Layer 7—Application Layer
TCP/IP Network Model
Index
About the Authors
Colophon
