Zero Trust Networks, 2nd Edition

Zero Trust Networks, 2nd Edition

by Razi Rais, Christina Morillo, Evan Gilman, Doug Barth
Released February 2024
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781492096597

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

This practical book provides a detailed explanation of the zero trust security model. Zero trust is a security paradigm shift that eliminates the concept of traditional perimeter-based security and requires you to "always assume breach" and "never trust but always verify." The updated edition offers more scenarios, real-world examples, and in-depth explanations of key concepts to help you fully comprehend the zero trust security architecture.

  • Examine fundamental concepts of zero trust security model, including trust engine, policy engine, and context aware agents
  • Understand how this model embeds security within the system's operation, with guided scenarios at the end of each chapter
  • Migrate from a perimeter-based network to a zero trust network in production
  • Explore case studies that provide insights into organizations' zero trust journeys
  • Learn about the various zero trust architectures, standards, and frameworks developed by NIST, CISA, DoD, and others

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. Who Should Read This Book
    2. Why We Wrote This Book
    3. Navigating This Book
    4. Conventions Used in This Book
    5. O’Reilly Online Learning
    6. How to Contact Us
    7. Acknowledgments from the First Edition
    8. Acknowledgments from the Second Edition
  2. 1. Zero Trust Fundamentals
    1. What Is a Zero Trust Network?
      1. Introducing the Zero Trust Control Plane
    2. Evolution of the Perimeter Model
      1. Managing the Global IP Address Space
      2. Birth of Private IP Address Space
      3. Private Networks Connect to Public Networks
      4. Birth of NAT
      5. The Contemporary Perimeter Model
    3. Evolution of the Threat Landscape
    4. Perimeter Shortcomings
    5. Where the Trust Lies
    6. Automation as an Enabler
    7. Perimeter Versus Zero Trust
    8. Applied in the Cloud
    9. Role of Zero Trust in National Cybersecurity
    10. Summary
  3. 2. Managing Trust
    1. Threat Models
      1. Common Threat Models
      2. Zero Trust’s Threat Model
    2. Strong Authentication
    3. Authenticating Trust
      1. What Is a Certificate Authority?
      2. Importance of PKI in Zero Trust
      3. Private Versus Public PKI
      4. Public PKI Is Better than None
    4. Least Privilege
      1. Dynamic Trust
      2. Trust Score
      3. Challenges with Trust Scores
      4. Control Plane Versus Data Plane
    5. Summary
  4. 3. Context-Aware Agents
    1. What Is an Agent?
      1. Agent Volatility
      2. What’s in an Agent?
      3. How Is an Agent Used?
      4. Agents Are Not for Authentication
    2. How to Expose an Agent?
      1. Rigidity and Fluidity, at the Same Time
      2. Standardization Desirable
      3. In the Meantime?
    3. Summary
  5. 4. Making Authorization Decisions
    1. Authorization Architecture
    2. Enforcement
    3. Policy Engine
      1. Policy Storage
      2. What Makes Good Policy?
      3. Who Defines Policy?
      4. Policy Reviews
    4. Trust Engine
      1. What Entities Are Scored?
      2. Exposing Scores Considered Risky
    5. Data Stores
    6. Scenario Walkthrough
    7. Summary
  6. 5. Trusting Devices
    1. Bootstrapping Trust
      1. Generating and Securing Identity
      2. Identity Security in Static and Dynamic Systems
    2. Authenticating Devices with the Control Plane
      1. X.509
      2. TPMs
      3. TPMs for Device Authentication
      4. HSM and TPM Attack Vectors
      5. Hardware-Based Zero Trust Supplicant?
    3. Inventory Management
      1. Knowing What to Expect
      2. Secure Introduction
    4. Renewing and Measuring Device Trust
      1. Local Measurement
      2. Remote Measurement
      3. Unified Endpoint Management (UEM)
    5. Software Configuration Management
      1. CM-Based Inventory
      2. Searchable Inventory
      3. Secure Source of Truth
    6. Using Device Data for User Authorization
    7. Trust Signals
      1. Time Since Image
      2. Historical Access
      3. Location
      4. Network Communication Patterns
      5. Machine Learning
    8. Scenario Walkthrough
      1. Use Case: Bob Wants to Send a Document for Printing
      2. Request Analysis
      3. Use Case: Bob Wants to Delete an Email
      4. Request Analysis
    9. Summary
  7. 6. Trusting Identities
    1. Identity Authority
    2. Bootstrapping Identity in a Private System
      1. Government-Issued Identification
      2. Nothing Beats Meatspace
      3. Expectations and Stars
    3. Storing Identity
      1. User Directories
      2. Directory Maintenance
    4. When to Authenticate Identity
      1. Authenticating for Trust
      2. Trust as the Authentication Driver
      3. The Use of Multiple Channels
      4. Caching Identity and Trust
    5. How to Authenticate Identity
      1. Something You Know: Passwords
      2. Something You Have: TOTP
      3. Something You Have: Certificates
      4. Something You Have: Security Tokens
      5. Something You Are: Biometrics
      6. Behavioral Patterns
    6. Out-of-Band Authentication
      1. Single Sign-On
      2. Workload Identities
      3. Moving Toward a Local Auth Solution
    7. Authenticating and Authorizing a Group
      1. Shamir’s Secret Sharing
      2. Red October
    8. See Something, Say Something
    9. Trust Signals
    10. Scenario Walkthrough
      1. Use Case: Bob Wants to View a Sensitive Financial Report
      2. Request Analysis
    11. Summary
  8. 7. Trusting Applications
    1. Understanding the Application Pipeline
    2. Trusting Source Code
      1. Securing the Repository
      2. Authentic Code and the Audit Trail
      3. Code Reviews
    3. Trusting Builds
      1. Software Bill of Materials (SBOM): The Risk
      2. Trusted Input, Trusted Output
      3. Reproducible Builds
      4. Decoupling Release and Artifact Versions
    4. Trusting Distribution
      1. Promoting an Artifact
      2. Distribution Security
      3. Integrity and Authenticity
      4. Trusting a Distribution Network
    5. Humans in the Loop
    6. Trusting an Instance
      1. Upgrade-Only Policy
      2. Authorized Instances
    7. Runtime Security
      1. Secure Coding Practices
      2. Isolation
      3. Active Monitoring
    8. Secure Software Development Lifecycle (SDLC)
      1. Requirements and Design
      2. Coding and Implementation
      3. Static and Dynamic Code Analysis
      4. Peer Reviews and Code Audits
      5. Quality Assurance and Testing
      6. Deployment and Maintenance
      7. Continuous Improvement
    9. Protecting Application and Data Privacy
      1. When You Host Applications in a Public Cloud, How Can You Trust It?
      2. Confidential Computing
      3. Understanding Hardware-Based Root-of-Trust (RoT)
      4. Role of Attestation
    10. Scenario Walkthrough
      1. Use Case: Bob Sends Highly Sensitive Data to Financial Application for Computation
      2. Request Analysis
    11. Summary
  9. 8. Trusting the Traffic
    1. Encryption Versus Authentication
    2. Authenticity Without Encryption?
    3. Bootstrapping Trust: The First Packet
      1. FireWall KNock OPerator (fwknop)
      2. Short-Lived Exceptions
      3. SPA Payload
      4. Payload Encryption
      5. HMAC
    4. Where Should Zero Trust Be in the Network Model?
      1. Client and Server Split
      2. Network Support Issues
      3. Device Support Issues
      4. Application Support Issues
      5. A Pragmatic Approach
      6. Microsoft Server Isolation
    5. The Protocols
      1. IKE and IPsec
      2. Mutually Authenticated TLS (mTLS)
    6. Trusting Cloud Traffic: Challenges and Considerations
    7. Cloud Access Security Brokers (CASBs) and Identity Federation
    8. Filtering
      1. Host Filtering
      2. Bookended Filtering
      3. Intermediary Filtering
    9. Scenario Walkthrough
      1. Use Case: Bob Requests Access to an Email Service Over an Anonymous Proxy Network
      2. Request Analysis
    10. Summary
  10. 9. Realizing a Zero Trust Network
    1. The First Steps Toward a Zero Trust Network: Understanding Your Current Network
      1. Choosing Scope
      2. Assessment and Planning
      3. Requirements: What Is Actually Required?
      4. All Network Flows MUST Undergo Authentication Before Processing
      5. Building a System Diagram
      6. Understanding Your Flows
      7. Micro-Segmentation
      8. Software-Defined Perimeter
      9. Controller-Less Architecture
      10. “Cheating” with Configuration Management
    2. Implementation Phase: Application Authentication and Authorization
      1. Authenticating Load Balancers and Proxies
      2. Relationship-Oriented Policy
      3. Policy Distribution
      4. Defining and Implementing Security Policies
      5. Zero Trust Proxies
      6. Client-Side Versus Server-Side Migrations
      7. Endpoint Security
    3. Case Studies
    4. Case Study: Google BeyondCorp
      1. The Major Components of BeyondCorp
      2. Leveraging and Extending the GFE
      3. Challenges with Multiplatform Authentication
      4. Migrating to BeyondCorp
      5. Lessons Learned
      6. Conclusion
    5. Case Study: PagerDuty’s Cloud-Agnostic Network
      1. Configuration Management as an Automation Platform
      2. Dynamically Calculated Local Firewalls
      3. Distributed Traffic Encryption
      4. Decentralized User Management
      5. Rollout
      6. Value of a Provider-Agnostic System
    6. Summary
  11. 10. The Adversarial View
    1. Potential Pitfalls and Dangers
    2. Attack Vectors
    3. Identity and Access
      1. Credential Theft
      2. Privilege Escalation and Lateral Movement
    4. Infrastructure and Networks
      1. Control Plane Security
      2. Endpoint Enumeration
      3. Untrusted Computing Platform
      4. Distributed Denial of Service (DDoS) Attacks
      5. Man-in-the-Middle (MitM) Attacks
      6. Invalidation
      7. Phishing
      8. Physical Coercion
    5. Role of Cyber Insurance
    6. Summary
  12. 11. Zero Trust Architecture Standards, Frameworks, and Guidelines
    1. Governments
      1. United States
      2. United Kingdom
      3. European Union
    2. Private and Public Organizations
      1. Cloud Security Alliance (CSA)
      2. The Open Group
      3. Gartner
      4. Forrester
      5. International Organization for Standardization (ISO)
    3. Commercial Vendors
    4. Summary
  13. 12. Challenges and the Road Ahead
    1. Challenges
      1. Mindset Shift
      2. Shadow IT
      3. Siloed Organizations
      4. Lack of Cohesive Zero Trust Products
      5. Scalability and Performance
      6. Key Takeaways
    2. Technological Advancements
      1. Quantum Computing
      2. Artificial Intelligence
      3. Privacy-Enhancing Technologies
    3. Summary
  14. Appendix. A Brief Introduction to Network Models
    1. Network Layers, Visually
    2. OSI Network Model
      1. Layer 1—Physical Layer
      2. Layer 2—Data Link Layer
      3. Layer 3—Network Layer
      4. Layer 4—Transport Layer
      5. Layer 5—Session Layer
      6. Layer 6—Presentation Layer
      7. Layer 7—Application Layer
      8. TCP/IP Network Model
  15. Index
  16. About the Authors

Product information

  • Title: Zero Trust Networks, 2nd Edition
  • Author(s): Razi Rais, Christina Morillo, Evan Gilman, Doug Barth
  • Release date: February 2024
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781492096597