Zero Trust Networks: Building Secure Systems in Untrusted Network

Copyright
Table of Contents
Preface
	Who Should Read This Book
	Why We Wrote This Book
	Navigating This Book
	Conventions Used in This Book
	O’Reilly Online Learning
	How to Contact Us
	Acknowledgments from the First Edition
	Acknowledgments from the Second Edition
Chapter 1. Zero Trust Fundamentals
	What Is a Zero Trust Network?
		Introducing the Zero Trust Control Plane
	Evolution of the Perimeter Model
		Managing the Global IP Address Space
		Birth of Private IP Address Space
		Private Networks Connect to Public Networks
		Birth of NAT
		The Contemporary Perimeter Model
	Evolution of the Threat Landscape
	Perimeter Shortcomings
	Where the Trust Lies
	Automation as an Enabler
	Perimeter Versus Zero Trust
	Applied in the Cloud
	Role of Zero Trust in National Cybersecurity
	Summary
Chapter 2. Managing Trust
	Threat Models
		Common Threat Models
		Zero Trust’s Threat Model
	Strong Authentication
	Authenticating Trust
		What Is a Certificate Authority?
		Importance of PKI in Zero Trust
		Private Versus Public PKI
		Public PKI Is Better than None
	Least Privilege
		Dynamic Trust
		Trust Score
		Challenges with Trust Scores
		Control Plane Versus Data Plane
	Summary
Chapter 3. Context-Aware Agents
	What Is an Agent?
		Agent Volatility
		What’s in an Agent?
		How Is an Agent Used?
		Agents Are Not for Authentication
	How to Expose an Agent?
		Rigidity and Fluidity, at the Same Time
		Standardization Desirable
		In the Meantime?
	Summary
Chapter 4. Making Authorization Decisions
	Authorization Architecture
	Enforcement
	Policy Engine
		Policy Storage
		What Makes Good Policy?
		Who Defines Policy?
		Policy Reviews
	Trust Engine
		What Entities Are Scored?
		Exposing Scores Considered Risky
	Data Stores
	Scenario Walkthrough
	Summary
Chapter 5. Trusting Devices
	Bootstrapping Trust
		Generating and Securing Identity
		Identity Security in Static and Dynamic Systems
	Authenticating Devices with the Control Plane
		X.509
		TPMs
		TPMs for Device Authentication
		HSM and TPM Attack Vectors
		Hardware-Based Zero Trust Supplicant?
	Inventory Management
		Knowing What to Expect
		Secure Introduction
	Renewing and Measuring Device Trust
		Local Measurement
		Remote Measurement
		Unified Endpoint Management (UEM)
	Software Configuration Management
		CM-Based Inventory
		Searchable Inventory
		Secure Source of Truth
	Using Device Data for User Authorization
	Trust Signals
		Time Since Image
		Historical Access
		Location
		Network Communication Patterns
		Machine Learning
	Scenario Walkthrough
		Use Case: Bob Wants to Send a Document for Printing
		Request Analysis
		Use Case: Bob Wants to Delete an Email
		Request Analysis
	Summary
Chapter 6. Trusting Identities
	Identity Authority
	Bootstrapping Identity in a Private System
		Government-Issued Identification
		Nothing Beats Meatspace
		Expectations and Stars
	Storing Identity
		User Directories
		Directory Maintenance
	When to Authenticate Identity
		Authenticating for Trust
		Trust as the Authentication Driver
		The Use of Multiple Channels
		Caching Identity and Trust
	How to Authenticate Identity
		Something You Know: Passwords
		Something You Have: TOTP
		Something You Have: Certificates
		Something You Have: Security Tokens
		Something You Are: Biometrics
		Behavioral Patterns
	Out-of-Band Authentication
		Single Sign-On
		Workload Identities
		Moving Toward a Local Auth Solution
	Authenticating and Authorizing a Group
		Shamir’s Secret Sharing
		Red October
	See Something, Say Something
	Trust Signals
	Scenario Walkthrough
		Use Case: Bob Wants to View a Sensitive Financial Report
		Request Analysis
	Summary
Chapter 7. Trusting Applications
	Understanding the Application Pipeline
	Trusting Source Code
		Securing the Repository
		Authentic Code and the Audit Trail
		Code Reviews
	Trusting Builds
		Software Bill of Materials (SBOM): The Risk
		Trusted Input, Trusted Output
		Reproducible Builds
		Decoupling Release and Artifact Versions
	Trusting Distribution
		Promoting an Artifact
		Distribution Security
		Integrity and Authenticity
		Trusting a Distribution Network
	Humans in the Loop
	Trusting an Instance
		Upgrade-Only Policy
		Authorized Instances
	Runtime Security
		Secure Coding Practices
		Isolation
		Active Monitoring
	Secure Software Development Lifecycle (SDLC)
		Requirements and Design
		Coding and Implementation
		Static and Dynamic Code Analysis
		Peer Reviews and Code Audits
		Quality Assurance and Testing
		Deployment and Maintenance
		Continuous Improvement
	Protecting Application and Data Privacy
		When You Host Applications in a Public Cloud, How Can You Trust It?
		Confidential Computing
		Understanding Hardware-Based Root-of-Trust (RoT)
		Role of Attestation
	Scenario Walkthrough
		Use Case: Bob Sends Highly Sensitive Data to Financial Application for Computation
		Request Analysis
	Summary
Chapter 8. Trusting the Traffic
	Encryption Versus Authentication
	Authenticity Without Encryption?
	Bootstrapping Trust: The First Packet
		FireWall KNock OPerator (fwknop)
		Short-Lived Exceptions
		SPA Payload
		Payload Encryption
		HMAC
	Where Should Zero Trust Be in the Network Model?
		Client and Server Split
		Network Support Issues
		Device Support Issues
		Application Support Issues
		A Pragmatic Approach
		Microsoft Server Isolation
	The Protocols
		IKE and IPsec
		Mutually Authenticated TLS (mTLS)
	Trusting Cloud Traffic: Challenges and Considerations
	Cloud Access Security Brokers (CASBs) and Identity Federation
	Filtering
		Host Filtering
		Bookended Filtering
		Intermediary Filtering
	Scenario Walkthrough
		Use Case: Bob Requests Access to an Email Service Over an Anonymous Proxy Network
		Request Analysis
	Summary
Chapter 9. Realizing a Zero Trust Network
	The First Steps Toward a Zero Trust Network: Understanding Your Current Network
		Choosing Scope
		Assessment and Planning
		Requirements: What Is Actually Required?
		All Network Flows MUST Undergo Authentication Before Processing
		Building a System Diagram
		Understanding Your Flows
		Micro-Segmentation
		Software-Defined Perimeter
		Controller-Less Architecture
		“Cheating” with Configuration Management
	Implementation Phase: Application Authentication and Authorization
		Authenticating Load Balancers and Proxies
		Relationship-Oriented Policy
		Policy Distribution
		Defining and Implementing Security Policies
		Zero Trust Proxies
		Client-Side Versus Server-Side Migrations
		Endpoint Security
	Case Studies
	Case Study: Google BeyondCorp
		The Major Components of BeyondCorp
		Leveraging and Extending the GFE
		Challenges with Multiplatform Authentication
		Migrating to BeyondCorp
		Lessons Learned
		Conclusion
	Case Study: PagerDuty’s Cloud-Agnostic Network
		Configuration Management as an Automation Platform
		Dynamically Calculated Local Firewalls
		Distributed Traffic Encryption
		Decentralized User Management
		Rollout
		Value of a Provider-Agnostic System
	Summary
Chapter 10. The Adversarial View
	Potential Pitfalls and Dangers
	Attack Vectors
	Identity and Access
		Credential Theft
		Privilege Escalation and Lateral Movement
	Infrastructure and Networks
		Control Plane Security
		Endpoint Enumeration
		Untrusted Computing Platform
		Distributed Denial of Service (DDoS) Attacks
		Man-in-the-Middle (MitM) Attacks
		Invalidation
		Phishing
		Physical Coercion
	Role of Cyber Insurance
	Summary
Chapter 11. Zero Trust Architecture Standards, Frameworks, and Guidelines
	Governments
		United States
		United Kingdom
		European Union
	Private and Public Organizations
		Cloud Security Alliance (CSA)
		The Open Group
		Gartner
		Forrester
		International Organization for Standardization (ISO)
	Commercial Vendors
	Summary
Chapter 12. Challenges and the Road Ahead
	Challenges
		Mindset Shift
		Shadow IT
		Siloed Organizations
		Lack of Cohesive Zero Trust Products
		Scalability and Performance
		Key Takeaways
	Technological Advancements
		Quantum Computing
		Artificial Intelligence
		Privacy-Enhancing Technologies
	Summary
Appendix A. A Brief Introduction to Network Models
	Network Layers, Visually
	OSI Network Model
		Layer 1—Physical Layer
		Layer 2—Data Link Layer
		Layer 3—Network Layer
		Layer 4—Transport Layer
		Layer 5—Session Layer
		Layer 6—Presentation Layer
		Layer 7—Application Layer
		TCP/IP Network Model
Index
About the Authors
Colophon