Thank you for choosing to read Zero Trust Networks! Building trusted systems in hostile networks has been a passion of ours for many years. In building and designing such systems, we have found frustration in the pace of progress toward solving some of the more fundamental security problems plaguing our industry. We’d very much like to see the industry move more aggressively toward building the types of systems which strive to solve these problems.
To that end, we are proposing that the world take a new stance toward building and maintaining secure computer networks. Rather than being something which is layered on top, considered only after some value has been built, security must be fundamentally infused with the operation of the system itself. It must be ever-present, enabling operation rather than restricting it. As such, this book sets forth a collection of design patterns and considerations which, when heeded, can produce systems that are resilient to the vast majority of modern-day attack vectors.
This collection, when taken as a whole, is known as the zero trust model. In this model, nothing is taken for granted, and every single access request—whether it be made by a client in a coffee shop or a server in the datacenter—is rigorously checked and proven to be authorized. Adopting this model practically eliminates lateral movement, VPN headaches, and centralized firewall management overhead. It is a very different model indeed; one that we believe represents the future of network and infrastructure security design.
Security is a complicated and ever-changing field of engineering. Working on it requires a deep understanding of many layers of a system and how bugs or weaknesses in those layers can allow an attacker to subvert access controls and protections. While this makes defending a system challenging, it’s also a lot of fun to learn about! We hope you’ll enjoy learning about it as much as we have!
Who Should Read This Book
Have you found the overhead of centralized firewalls to be restrictive? Perhaps you’ve even found their operation to be ineffective? Have you struggled with VPN headaches, TLS configuration across a myriad of applications and languages, or compliance and auditing hardships? These problems represent just a small subset of those addressed by the zero trust model. If you find yourself thinking that there just has to be a better way, then you’re in luck—this book is for you.
Network engineers, security engineers, CTOs, and everyone in between can benefit from zero trust learnings. Even without a specialized skillset, many of the principles included within can be clearly understood, helping leaders make decisions that get them closer to realizing the zero trust model, improving their overall security posture incrementally.
Additionally, readers with experience using configuration management systems will see the opportunity of using those same ideas to build a more secure and operable networked system—one in which resources are secure by default. They will be interested in how automation systems can enable a new network design that is able to apply fine-grained security controls more easily.
Finally, this book also explores mature zero trust design, enabling those who have already incorporated the basic philosophies to further the robustness of their security systems.
Why We Wrote This Book
We started speaking about our approach to system and network design at industry conferences in 2014. At the time, we were using configuration management systems to rigorously define the system state, applying changes programmatically as a reaction to topological changes. As a result of leveraging automation tools for this purpose, we naturally found ourselves programmatically calculating the network enforcement details instead of managing such configuration by hand. We found that using automation to capture the system design in this way was enabling us to deploy and manage security features, including access control and encryption, much more easily than in systems past. Even better, doing so allowed us to place much less trust in the network than other systems might normally do, which is a key security consideration when operating in and across public clouds.
Around that same time, Google’s first BeyondCorp paper was published, describing how they were rethinking system and network design to remove trust from the network. We saw a lot of philosophical similarities in how Google was approaching their network security, and how we approached similar problems in our own systems. It was clear that reducing trust in the network was not only our own design preference/opinion, but the general direction the industry was headed. With the realizations gained from comparing the BeyondCorp paper to our own efforts, we started sharing broader understandings of this architecture and philosophy at various conferences.
Attendees were engaged and interested in what we were doing, but the question we frequently heard was “Where can I learn more about how to do this in my own system?” Unfortunately, the answer was typically “Well, there’s not a whole lot…come see me afterward.” The lack of publicly available information and guidance became a glaring gap—one we wanted to correct. This book aims to fill that gap.
While writing this book, we spoke to individuals from dozens of companies to understand their perspective on network security designs. We found that many of those companies were themselves reducing the trust of their internal networks. While each organization took a slightly different approach in their own system, it was clear that they all were working under the same threat model and were as a result building solutions that shared many properties.
Our goal with this book isn’t to present one or two particular solutions to building these types of systems, but rather to define a system model that places no trust in its communication network. Therefore, this book won’t be focused on using specific software or implementations, but rather it will explore the concepts and philosophies that are used to build a zero trust network. We hope you will find it useful to have a clear mental model for how to construct this type of system when building your own system, or even better, reusable solutions for the problems described herein.
Zero Trust Networks Today
The zero trust model was originally conceived by Forrester’s John Kindervag in 2010. He worked for many years to set forth architectural models and guidance for building zero trust networks and has advised many large companies on how to evolve their security posture in order to attain zero trust guarantees. John was, and still is, an important figure in the field. His work in the area greatly informed our understanding of the state of the union, and we thank him for popularizing zero trust during its formative years.
Today’s zero trust networks are largely built using off-the-shelf software components with custom software and glue to integrate the components in novel ways. As such, when reading this text, please be aware that deploying this type of system isn’t as easy as installing and configuring some ready-made hardware or software...yet.
It could be said that the lack of easily deployable components that work well together is an opportunity. A suite of open source tools could help drive adoption of zero trust networks.
Navigating This Book
This book is organized as follows:
- Chapters 1 and 2 discuss the fundamental concepts at play in a zero trust network.
- Chapters 3 and 4 explore the new concepts typically seen in mature zero trust networks: network agents and trust engines.
- Chapters 5–8 detail how trust is established among the actors in a network. Most of this content is focused on existing technology that could be useful even in a traditional network security model.
- Chapter 9 brings all this content together to discuss how you could begin building your own zero trust network and includes two case studies.
- Chapter 10 looks at the zero trust model from an adversarial view. It explores potential weaknesses, discussing which are well mitigated, and which are not.
Conventions Used in This Book
The following typographical conventions are used in this book:
Indicates new terms, URLs, email addresses, filenames, and file extensions.
Used for program listings, as well as within paragraphs to refer to program elements such as variable or function names, databases, data types, environment variables, statements, and keywords.
Constant width bold
Shows commands or other text that should be typed literally by the user.
Constant width italic
Shows text that should be replaced with user-supplied values or by values determined by context.
This element signifies a tip or suggestion.
This element signifies a general note.
This element indicates a warning or caution.
Safari (formerly Safari Books Online) is a membership-based training and reference platform for enterprise, government, educators, and individuals.
Members have access to thousands of books, training videos, Learning Paths, interactive tutorials, and curated playlists from over 250 publishers, including O’Reilly Media, Harvard Business Review, Prentice Hall Professional, Addison-Wesley Professional, Microsoft Press, Sams, Que, Peachpit Press, Adobe, Focal Press, Cisco Press, John Wiley & Sons, Syngress, Morgan Kaufmann, IBM Redbooks, Packt, Adobe Press, FT Press, Apress, Manning, New Riders, McGraw-Hill, Jones & Bartlett, and Course Technology, among others.
For more information, please visit http://oreilly.com/safari.
How to Contact Us
Please address comments and questions concerning this book to the publisher:
- O’Reilly Media, Inc.
- 1005 Gravenstein Highway North
- Sebastopol, CA 95472
- 800-998-9938 (in the United States or Canada)
- 707-829-0515 (international or local)
- 707-829-0104 (fax)
We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at http://bit.ly/zeroTrustNetworks.
To comment or ask technical questions about this book, send email to firstname.lastname@example.org.
For more information about our books, courses, conferences, and news, see our website at http://www.oreilly.com.
Find us on Facebook: http://facebook.com/oreilly
Follow us on Twitter: http://twitter.com/oreillymedia
Watch us on YouTube: http://www.youtube.com/oreillymedia
We would like to thank our editor, Courtney Allen, for her help and guidance during the writing process. Thanks also to Virginia Wilson, Nan Barber, and Maureen Spencer for their help during the review.
We had the opportunity to meet with many people during the writing of this content, and we appreciate their willingness to speak with us and provide intros to other folks working in this space. Thanks to Rory Ward, Junaid Islam, Stephen Woodrow, John Kindervag, Arup Chakrabarti, Julia Evans, Ed Bellis, Andrew Dunham, Bryan Berg, Richo Healey, Cedric Staub, Jesse Endahl, Andrew Miklas, Peter Smith, Dimitri Stiliadis, Jason Chan, and David Cheney.
A special thanks to Betsy Beyer for writing the Google BeyondCorp case study included in the book. We really appreciate your willingness to work on getting that content included. Thanks!
Thanks to our technical reviewers, Ryan Huber, Kevin Babcock, and Pat Cable. We found your comments invaluable and appreciate the time you took to read through the initial drafts.
Doug would like to thank his wife, Erin, and daughters, Persephone and Daphne, for being so very understanding of the time it took to write this book.
Evan thanks his partner, Kristen, for all of her support through the writing of this book. He would also like to thank Kareem Ali and Kenrick Thomas—without them, none of this would have been possible.