Zscaler Cloud Security Essentials

Zscaler Cloud Security Essentials

by Ravi Devarasetty
Released June 2021
Publisher(s): Packt Publishing
ISBN: 9781800567986

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Harness the capabilities of Zscaler to deliver a secure, cloud-based, scalable web proxy and provide a zero-trust network access solution for private enterprise application access to end users

Key Features

  • Get up to speed with Zscaler without the need for expensive training
  • Implement Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) security solutions with real-world deployments
  • Find out how to choose the right options and features to architect a customized solution with Zscaler

Book Description

Many organizations are moving away from on-premises solutions to simplify administration and reduce expensive hardware upgrades. This book uses real-world examples of deployments to help you explore Zscaler, an information security platform that offers cloud-based security for both web traffic and private enterprise applications.

You'll start by understanding how Zscaler was born in the cloud, how it evolved into a mature product, and how it continues to do so with the addition of sophisticated features that are necessary to stay ahead in today's corporate environment. The book then covers Zscaler Internet Access and Zscaler Private Access architectures in detail, before moving on to show you how to map future security requirements to ZIA features and transition your business applications to ZPA. As you make progress, you'll get to grips with all the essential features needed to architect a customized security solution and support it. Finally, you'll find out how to troubleshoot the newly implemented ZIA and ZPA solutions and make them work efficiently for your enterprise.

By the end of this Zscaler book, you'll have developed the skills to design, deploy, implement, and support a customized Zscaler security solution.

What you will learn

  • Understand the need for Zscaler in the modern enterprise
  • Study the fundamental architecture of the Zscaler cloud
  • Get to grips with the essential features of ZIA and ZPA
  • Find out how to architect a Zscaler solution
  • Discover best practices for deploying and implementing Zscaler solutions
  • Familiarize yourself with the tasks involved in the operational maintenance of the Zscaler solution

Who this book is for

This book is for security engineers, security architects, security managers, and security operations specialists who may be involved in transitioning to or from Zscaler or want to learn about deployment, implementation, and support of a Zscaler solution. Anyone looking to step into the ever-expanding world of zero-trust network access using the Zscaler solution will also find this book useful.

Table of contents

  1. Zscaler Cloud Security Essentials
  2. Contributors
  3. About the author
  4. About the reviewer
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the color images
    5. Conventions used
    6. Get in touch
    7. Reviews
  6. Section 1: Zscaler for Modern Enterprise Internet Security
  7. Chapter 1: Security for the Modern Enterprise with Zscaler
    1. Fundamental definitions in security
      1. Active Directory
      2. Authentication
      3. Bad actors
      4. Bandwidth
      5. Certificate
      6. DLP
      7. DNS
      8. Firewall
      9. FTP
      10. Identity Provider
      11. Intrusion Prevention System
      12. Kerberos
      13. Logging
      14. Malware
      15. PAC file
      16. SAML
      17. Sandbox
      18. Secure Web Gateway
      19. Secure Sockets Layer/Transport Layer Security
      20. Surrogate IP
      21. Tunnel
      22. VPN
      23. XFF
    2. Understanding the evolution of the modern enterprise and its workforce
      1. Evolution of the workforce
      2. Enterprise infrastructure evolution
    3. Exploring the need for scalable, cloud-based security
      1. Workforce evolution requirements
      2. Enterprise preferences
      3. Scalable, highly available, cloud-based solutions
      4. Internet security for everyone
    4. Using Zscaler Internet Access for a safe and secure internet experience
      1. Why safe internet?
      2. How ZIA works
    5. Using Zscaler Private Access for secure application access
      1. What is Private Access?
      2. How ZPA works
      3. ZCC
    6. Summary
    7. Questions
  8. Chapter 2: Understanding the Modular Zscaler Architecture
    1. Introducing the Zscaler cloud architecture
      1. SSMA
      2. High availability and redundancy
    2. Understanding the CA – where the core resides
      1. Admin Portal
    3. Using Zscaler PSEs – where the policies are applied and enforced
      1. SSL inspection
      2. Virtual Service Edge (formerly called Virtual ZEN or VZEN)
    4. Monitoring user and application activity using Nanolog clusters
      1. Nanolog Streaming Service (NSS)
    5. Protecting enterprise users and infrastructure with Sandbox
      1. Understanding the need for a sandbox
      2. Cloud Sandbox configuration options
    6. Summary
    7. Questions
    8. Further reading
  9. Chapter 3: Delving into ZIA Policy Features
    1. Technical requirements
    2. Understanding the ZIA Web policy
      1. Security
      2. Access Control
      3. DLP
    3. Exploring the ZIA Mobile policy
      1. Zscaler Client Connector Configuration
      2. Zscaler Mobile Security
      3. Zscaler Mobile Access Control
    4. Learning about the ZIA Firewall policy
      1. Firewall Control
      2. NAT Control Policy
      3. DNS Control
      4. FTP Control
      5. IPS Control
    5. Order of policy enforcement
    6. Summary
    7. Questions
    8. Further reading
  10. Chapter 4: Understanding Traffic Forwarding and User Authentication Options
    1. Technical requirements
    2. Understanding traffic forwarding
      1. GRE tunnel forwarding
      2. IPsec tunnel forwarding
      3. Creating GRE or IPsec locations
      4. PAC file forwarding
    3. Exploring ZCC internet traffic forwarding
      1. ZCC internet access forwarding scenarios
      2. ZCC internet access forwarding options
      3. ZCC silent authentication
      4. ZCC ZIA process flow
    4. Evaluating user authentication options
      1. Benefits of user authentication
      2. Surrogate IP
      3. User provisioning
      4. User authentication process flow
      5. User authentication options
    5. Summary
    6. Questions
    7. Further reading
  11. Chapter 5: Architecting and Implementing Your ZIA Solution
    1. Analyzing the security posture of the enterprise
      1. Zscaler question set
    2. Creating a customized ZIA solution for the enterprise
      1. Traffic forwarding
      2. User authentication
      3. Policy
    3. Implementing the ZIA solution across the enterprise
      1. Planning
      2. Configuration
      3. Pilot rollout
      4. Production rollout
    4. Summary
    5. Questions
    6. Further reading
  12. Chapter 6: Troubleshooting and Optimizing Your ZIA Solution
    1. Technical requirements
    2. Setting up proactive ticketing and alerts
      1. ZIA alerts
      2. ZIA ticketing
    3. Producing reports for management review
      1. System-defined reports
      2. Insights
    4. Generating custom widgets for the ZIA Dashboard
      1. Editing current widgets
      2. Adding new widgets
    5. Creating a unified ZIA troubleshooting guide
      1. Basic troubleshooting
      2. Advanced troubleshooting
      3. End users are unable to access websites
      4. End users get a Website Blocked error
      5. The ZCC App displays a Captive Portal Fail Open Error message
      6. The ZCC App shows a Network Error message
      7. The ZCC App displays an Internal Error message
      8. The ZCC App exhibits a Connection Error message
      9. The ZCC App has a Local FW/AV Error message
      10. The ZCC App shows a Driver Error message
      11. User authentication errors
      12. Users are unable to upload or download files
      13. Slow website response
      14. URL formatting
      15. Application SSL inspection
      16. Application authentication
    6. Summary
    7. Questions
    8. Further reading
  13. Section 2: Zero-Trust Network Access (ZTNA) for the Modern Enterprise
  14. Chapter 7: Introducing ZTNA with Zscaler Private Access (ZPA)
    1. What is ZTNA and how does ZPA fit in to this?
      1. ZTNA core principles
      2. Why is ZTNA needed?
      3. ZPA security principles
    2. Delving into the ZPA architecture
      1. ZPA CA
      2. ZPA PSEs
      3. ZCC application
      4. App Connectors
      5. Z tunnels
      6. Microtunnels
      7. Logging and analytics cluster
      8. LSS
    3. Exploring clientless ZPA solutions
      1. Understanding the Zscaler Cloud Connector ZPA solution
      2. Delving into the BA ZPA solution
    4. Questions
    5. Further reading
  15. Chapter 8: Exploring the ZPA Admin Portal and Basic Configuration
    1. Navigating around the ZPA Admin Portal
      1. ZPA dashboards
      2. ZPA administration
    2. Configuring the ZPA log servers for activity insights
    3. Integrating with Azure AD and Okta for SSO
      1. Adding an IdP
    4. Configuring the ZCC app for ZPA
      1. ZCC app installation
      2. ZCC app enrollment and authentication
      3. ZPA application access
      4. Device posture control
      5. ZPA process flow
    5. Summary
    6. Questions
    7. Further reading
  16. Chapter 9: Using ZPA to Provide Secure Application Access
    1. Deploying App Connectors
      1. Connector requirements
      2. Installing the connector
      3. Connector updates
      4. Connector provisioning
    2. Configuring ZPA applications
      1. DNS search domains
      2. Adding an application segment
      3. Configure SAML attributes
      4. Configuring end user access policies
      5. Application health monitoring
    3. Exploring the best practices for enterprise deployments
      1. App Connectors
      2. Certificates
      3. Authentication
      4. ZCC app
      5. Application
      6. Monitoring
      7. Log streaming service
    4. Summary
    5. Questions
    6. Further reading
  17. Chapter 10: Architecting and Troubleshooting Your ZPA Solution
    1. Architecting your ZPA solution
      1. Stepping through the ZPA Question Set
      2. Inventory of existing applications
      3. Discovering end user access
      4. Pilot rollout
      5. Expanded rollout
      6. Final rollout
    2. Troubleshooting your ZPA solution
      1. Unable to access a service due to a captive portal error
      2. Unable to access a service due to a network error
      3. Unable to access a service due to an internal error
      4. Unable to access a service due to a connection error
      5. Unable to access a service due to a local FW/AV error
      6. Unable to access a service due to a driver error
      7. Unable to access a private application/service due to an unauthenticated error
      8. Unable to access a private application/service
      9. Unable to access any application/service
      10. Unable to authenticate due to a SAML transit error
      11. Unable to authenticate due to a SAML account error
      12. Unable to authenticate due to a SAML format error
    3. Summary
    4. Questions
    5. Further reading
  18. Assessments
    1. Chapter 1 – Security for the Modern Enterprise with Zscaler
    2. Chapter 2 – Understanding the Modular Zscaler Architecture
    3. Chapter 3 – Delving into ZIA Policy Features
    4. Chapter 4 – Understanding Traffic Forwarding and User Authentication Options
    5. Chapter 5 – Architecting and Implementing Your ZIA Solution
    6. Chapter 6 – Troubleshooting and Optimizing Your ZIA Solution
    7. Chapter 7 – Introducing ZTNA with Zscaler Private Access (ZPA)
    8. Chapter 8 – Exploring the ZPA Admin Portal and Basic Configuration
    9. Chapter 9 – Using ZPA to Provide Secure Application Access
    10. Chapter 10 – Architecting and Troubleshooting Your ZPA Solution
    11. Why subscribe?
  19. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Leave a review - let other readers know what you think

Product information

  • Title: Zscaler Cloud Security Essentials
  • Author(s): Ravi Devarasetty
  • Release date: June 2021
  • Publisher(s): Packt Publishing
  • ISBN: 9781800567986