book

Zero Trust Networks

by Evan Gilman, Doug Barth

June 2017

Intermediate to advanced

240 pages

7h 5m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

Who Should Read This BookWhy We Wrote This BookZero Trust Networks TodayNavigating This BookConventions Used in This BookO’Reilly SafariHow to Contact UsAcknowledgments
What Is a Zero Trust Network?Introducing the Zero Trust Control PlaneEvolution of the Perimeter ModelManaging the Global IP Address SpaceBirth of Private IP Address SpacePrivate Networks Connect to Public NetworksBirth of NATThe Contemporary Perimeter ModelEvolution of the Threat LandscapePerimeter ShortcomingsWhere the Trust LiesAutomation as an EnablerPerimeter Versus Zero TrustApplied in the CloudSummary
Threat ModelsCommon Threat ModelsZero Trust’s Threat ModelStrong AuthenticationAuthenticating TrustWhat Is a Certificate Authority?Importance of PKI in Zero TrustPrivate Versus Public PKIPublic PKI Strictly Better Than NoneLeast PrivilegeVariable TrustControl Plane Versus Data PlaneSummary
What Is an Agent?Agent VolatilityWhat’s in an Agent?How Is an Agent Used?Not for AuthenticationHow to Expose an Agent?No Standard ExistsRigidity and Fluidity, at the Same TimeStandardization DesirableIn the Meantime?Summary
Authorization ArchitectureEnforcementPolicy EnginePolicy StorageWhat Makes Good Policy?Who Defines Policy?Trust EngineWhat Entities Are Scored?Exposing Scores Considered RiskyData StoresSummary
Bootstrapping TrustGenerating and Securing IdentityIdentity Security in Static and Dynamic SystemsAuthenticating Devices with the Control PlaneX.509TPMsHardware-Based Zero Trust Supplicant?Inventory ManagementKnowing What to ExpectSecure IntroductionRenewing Device TrustLocal MeasurementRemote MeasurementSoftware Configuration ManagementCM-Based InventorySecure Source of TruthUsing Device Data for User AuthorizationTrust SignalsTime Since ImageHistorical AccessLocationNetwork Communication PatternsSummary
Identity AuthorityBootstrapping Identity in a Private SystemGovernment-Issued IdentificationNothing Beats MeatspaceExpectations and StarsStoring IdentityUser DirectoriesDirectory MaintenanceWhen to Authenticate IdentityAuthenticating for TrustTrust as the Authentication DriverThe Use of Multiple ChannelsCaching Identity and TrustHow to Authenticate IdentitySomething You Know: PasswordsSomething You Have: TOTPSomething You Have: CertificatesSomething You Have: Security TokensSomething You Are: BiometricsOut-of-Band AuthenticationSingle Sign OnMoving Toward a Local Auth SolutionAuthenticating and Authorizing a GroupShamir’s Secret SharingRed OctoberSee Something, Say SomethingTrust SignalsSummary
Understanding the Application PipelineTrusting SourceSecuring the RepositoryAuthentic Code and the Audit TrailCode ReviewsTrusting BuildsThe RiskTrusted Input, Trusted OutputReproducible BuildsDecoupling Release and Artifact VersionsTrusting DistributionPromoting an ArtifactDistribution SecurityIntegrity and AuthenticityTrusting a Distribution NetworkHumans in the LoopTrusting an InstanceUpgrade-Only PolicyAuthorized InstancesRuntime SecuritySecure Coding PracticesIsolationActive MonitoringSummary
Encryption Versus AuthenticationAuthenticity Without Encryption?Bootstrapping Trust: The First PacketfwknopA Brief Introduction to Network ModelsNetwork Layers, VisuallyOSI Network ModelTCP/IP Network ModelWhere Should Zero Trust Be in the Network Model?Client and Server SplitThe ProtocolsIKE/IPsecMutually Authenticated TLSFilteringHost FilteringBookended FilteringIntermediary FilteringSummary
Choosing ScopeWhat’s Actually Required?Building a System DiagramUnderstanding Your FlowsController-Less Architecture“Cheating” with Configuration ManagementApplication Authentication and AuthorizationAuthenticating Load Balancers and ProxiesRelationship-Oriented PolicyPolicy DistributionDefining and Installing PolicyZero Trust ProxiesClient-Side Versus Server-Side MigrationsCase StudiesCase Study: Google BeyondCorpThe Major Components of BeyondCorpLeveraging and Extending the GFEChallenges with Multiplatform AuthenticationMigrating to BeyondCorpLessons LearnedConclusionCase Study: PagerDuty’s Cloud Agnostic NetworkConfiguration Management as an Automation PlatformDynamically Calculated Local FirewallsDistributed Traffic EncryptionDecentralized User ManagementRolloutValue of a Provider-Agnostic SystemSummary

Identity TheftDistributed Denial of ServiceEndpoint EnumerationUntrusted Computing PlatformSocial EngineeringPhysical CoercionInvalidationControl Plane SecuritySummary

Content preview from Zero Trust Networks

Chapter 2. Managing Trust

Trust management is perhaps the most important component of a zero trust network. We are all familiar with trust to some degree—you probably trust members of your family, but not a stranger on the street, and certainly not a stranger who looks threatening or menacing. Why is that?

For starters, you actually know your family members. You know what they look like, where they live; perhaps you’ve even known them your whole life. There is no question of who they are, and you are more likely to trust them with important matters than others.

A stranger, on the other hand, is someone completely unknown. You might see their face, and be able to tell some basic things about them, but you don’t know where they live, and you don’t know their history. They might appear perfectly cromulent, but you likely wouldn’t rely on one for important matters. Watch your stuff for you while you run to the bathroom? Sure. Make a quick run to the ATM for you? Definitely not.

At the end, you are simply taking in all the information you can tell about the situation, a person, and all you may know about them, and deciding how trustworthy they are. The ATM errand requires a very high level of trust, where watching your stuff needs much less, but not zero.

You may not even trust yourself completely, but you can definitely trust that actions taken by you were taken by you. In this way, trust in a zero trust network always originates with the operator. Trust in a zero trust network seems ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781491962183Errata Page

Zero Trust Networks

by Evan Gilman, Doug Barth

Chapter 2. Managing Trust

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like