Zero trust networks: building secure systems in untrusted networks 9781491962190, 1491962194, 9781491962145, 1491962143, 9781491962169, 149196216X

Table of contents :
Copyright
Table of Contents
Preface
Who Should Read This Book
Why We Wrote This Book
Zero Trust Networks Today
Navigating This Book
Conventions Used in This Book
O'Reilly Safari
How to Contact Us
Acknowledgments
Chapter 1. Zero Trust Fundamentals
What Is a Zero Trust Network?
Introducing the Zero Trust Control Plane
Evolution of the Perimeter Model
Managing the Global IP Address Space
Birth of Private IP Address Space
Private Networks Connect to Public Networks
Birth of NAT
The Contemporary Perimeter Model
Evolution of the Threat Landscape
Perimeter Shortcomings. Where the Trust LiesAutomation as an Enabler
Perimeter Versus Zero Trust
Applied in the Cloud
Summary
Chapter 2. Managing Trust
Threat Models
Common Threat Models
Zero Trust's Threat Model
Strong Authentication
Authenticating Trust
What Is a Certificate Authority?
Importance of PKI in Zero Trust
Private Versus Public PKI
Public PKI Strictly Better Than None
Least Privilege
Variable Trust
Control Plane Versus Data Plane
Summary
Chapter 3. Network Agents
What Is an Agent?
Agent Volatility
What's in an Agent?
How Is an Agent Used?
Not for Authentication. How to Expose an Agent?No Standard Exists
Rigidity and Fluidity, at the Same Time
Standardization Desirable
In the Meantime?
Summary
Chapter 4. Making Authorization Decisions
Authorization Architecture
Enforcement
Policy Engine
Policy Storage
What Makes Good Policy?
Who Defines Policy?
Trust Engine
What Entities Are Scored?
Exposing Scores Considered Risky
Data Stores
Summary
Chapter 5. Trusting Devices
Bootstrapping Trust
Generating and Securing Identity
Identity Security in Static and Dynamic Systems
Authenticating Devices with the Control Plane
X.509
TPMs. Hardware-Based Zero Trust Supplicant?Inventory Management
Knowing What to Expect
Secure Introduction
Renewing Device Trust
Local Measurement
Remote Measurement
Software Configuration Management
CM-Based Inventory
Secure Source of Truth
Using Device Data for User Authorization
Trust Signals
Time Since Image
Historical Access
Location
Network Communication Patterns
Summary
Chapter 6. Trusting Users
Identity Authority
Bootstrapping Identity in a Private System
Government-Issued Identification
Nothing Beats Meatspace
Expectations and Stars
Storing Identity
User Directories. Directory MaintenanceWhen to Authenticate Identity
Authenticating for Trust
Trust as the Authentication Driver
The Use of Multiple Channels
Caching Identity and Trust
How to Authenticate Identity
Something You Know: Passwords
Something You Have: TOTP
Something You Have: Certificates
Something You Have: Security Tokens
Something You Are: Biometrics
Out-of-Band Authentication
Single Sign On
Moving Toward a Local Auth Solution
Authenticating and Authorizing a Group
Shamir's Secret Sharing
Red October
See Something, Say Something
Trust Signals
Summary.