Zero trust networks : building secure systems in untrusted networks

Copyright
 Table of Contents
 Preface
 Who Should Read This Book
 Why We Wrote This Book
 Zero Trust Networks Today
 Navigating This Book
 Conventions Used in This Book
 O'Reilly Safari
 How to Contact Us
 Acknowledgments
 Chapter 1. Zero Trust Fundamentals
 What Is a Zero Trust Network?
 Introducing the Zero Trust Control Plane
 Evolution of the Perimeter Model
 Managing the Global IP Address Space
 Birth of Private IP Address Space
 Private Networks Connect to Public Networks
 Birth of NAT
 The Contemporary Perimeter Model
 Evolution of the Threat Landscape
 Perimeter Shortcomings. Where the Trust LiesAutomation as an Enabler
 Perimeter Versus Zero Trust
 Applied in the Cloud
 Summary
 Chapter 2. Managing Trust
 Threat Models
 Common Threat Models
 Zero Trust's Threat Model
 Strong Authentication
 Authenticating Trust
 What Is a Certificate Authority?
 Importance of PKI in Zero Trust
 Private Versus Public PKI
 Public PKI Strictly Better Than None
 Least Privilege
 Variable Trust
 Control Plane Versus Data Plane
 Summary
 Chapter 3. Network Agents
 What Is an Agent?
 Agent Volatility
 What's in an Agent?
 How Is an Agent Used?
 Not for Authentication. How to Expose an Agent?No Standard Exists
 Rigidity and Fluidity, at the Same Time
 Standardization Desirable
 In the Meantime?
 Summary
 Chapter 4. Making Authorization Decisions
 Authorization Architecture
 Enforcement
 Policy Engine
 Policy Storage
 What Makes Good Policy?
 Who Defines Policy?
 Trust Engine
 What Entities Are Scored?
 Exposing Scores Considered Risky
 Data Stores
 Summary
 Chapter 5. Trusting Devices
 Bootstrapping Trust
 Generating and Securing Identity
 Identity Security in Static and Dynamic Systems
 Authenticating Devices with the Control Plane
 X.509
 TPMs. Hardware-Based Zero Trust Supplicant?Inventory Management
 Knowing What to Expect
 Secure Introduction
 Renewing Device Trust
 Local Measurement
 Remote Measurement
 Software Configuration Management
 CM-Based Inventory
 Secure Source of Truth
 Using Device Data for User Authorization
 Trust Signals
 Time Since Image
 Historical Access
 Location
 Network Communication Patterns
 Summary
 Chapter 6. Trusting Users
 Identity Authority
 Bootstrapping Identity in a Private System
 Government-Issued Identification
 Nothing Beats Meatspace
 Expectations and Stars
 Storing Identity
 User Directories. Directory MaintenanceWhen to Authenticate Identity
 Authenticating for Trust
 Trust as the Authentication Driver
 The Use of Multiple Channels
 Caching Identity and Trust
 How to Authenticate Identity
 Something You Know: Passwords
 Something You Have: TOTP
 Something You Have: Certificates
 Something You Have: Security Tokens
 Something You Are: Biometrics
 Out-of-Band Authentication
 Single Sign On
 Moving Toward a Local Auth Solution
 Authenticating and Authorizing a Group
 Shamir's Secret Sharing
 Red October
 See Something, Say Something
 Trust Signals
 Summary.