book

Zero Trust Networks, 2nd Edition

by Razi Rais, Christina Morillo, Evan Gilman, Doug Barth

February 2024

Intermediate to advanced

334 pages

10h

English

O'Reilly Media, Inc.

Audiobook available

Read now

Unlock full access

Includes

Quizzes

Preface
Who Should Read This BookWhy We Wrote This BookNavigating This BookConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments from the First EditionAcknowledgments from the Second Edition
1. Zero Trust Fundamentals
What Is a Zero Trust Network?Introducing the Zero Trust Control PlaneEvolution of the Perimeter ModelManaging the Global IP Address SpaceBirth of Private IP Address SpacePrivate Networks Connect to Public NetworksBirth of NATThe Contemporary Perimeter ModelEvolution of the Threat LandscapePerimeter ShortcomingsWhere the Trust LiesAutomation as an EnablerPerimeter Versus Zero TrustApplied in the CloudRole of Zero Trust in National CybersecuritySummary
2. Managing Trust
Threat ModelsCommon Threat ModelsZero Trust’s Threat ModelStrong AuthenticationAuthenticating TrustWhat Is a Certificate Authority?Importance of PKI in Zero TrustPrivate Versus Public PKIPublic PKI Is Better than NoneLeast PrivilegeDynamic TrustTrust ScoreChallenges with Trust ScoresControl Plane Versus Data PlaneSummary
3. Context-Aware Agents
What Is an Agent?Agent VolatilityWhat’s in an Agent?How Is an Agent Used?Agents Are Not for AuthenticationHow to Expose an Agent?Rigidity and Fluidity, at the Same TimeStandardization DesirableIn the Meantime?Summary
4. Making Authorization Decisions
Authorization ArchitectureEnforcementPolicy EnginePolicy StorageWhat Makes Good Policy?Who Defines Policy?Policy ReviewsTrust EngineWhat Entities Are Scored?Exposing Scores Considered RiskyData StoresScenario WalkthroughSummary
5. Trusting Devices
Bootstrapping TrustGenerating and Securing IdentityIdentity Security in Static and Dynamic SystemsAuthenticating Devices with the Control PlaneX.509TPMsTPMs for Device AuthenticationHSM and TPM Attack VectorsHardware-Based Zero Trust Supplicant?Inventory ManagementKnowing What to ExpectSecure IntroductionRenewing and Measuring Device TrustLocal MeasurementRemote MeasurementUnified Endpoint Management (UEM)Software Configuration ManagementCM-Based InventorySearchable InventorySecure Source of TruthUsing Device Data for User AuthorizationTrust SignalsTime Since ImageHistorical AccessLocationNetwork Communication PatternsMachine LearningScenario WalkthroughUse Case: Bob Wants to Send a Document for PrintingRequest AnalysisUse Case: Bob Wants to Delete an EmailRequest AnalysisSummary
6. Trusting Identities
Identity AuthorityBootstrapping Identity in a Private SystemGovernment-Issued IdentificationNothing Beats MeatspaceExpectations and StarsStoring IdentityUser DirectoriesDirectory MaintenanceWhen to Authenticate IdentityAuthenticating for TrustTrust as the Authentication DriverThe Use of Multiple ChannelsCaching Identity and TrustHow to Authenticate IdentitySomething You Know: PasswordsSomething You Have: TOTPSomething You Have: CertificatesSomething You Have: Security TokensSomething You Are: BiometricsBehavioral PatternsOut-of-Band AuthenticationSingle Sign-OnWorkload IdentitiesMoving Toward a Local Auth SolutionAuthenticating and Authorizing a GroupShamir’s Secret SharingRed OctoberSee Something, Say SomethingTrust SignalsScenario WalkthroughUse Case: Bob Wants to View a Sensitive Financial ReportRequest AnalysisSummary
7. Trusting Applications
Understanding the Application PipelineTrusting Source CodeSecuring the RepositoryAuthentic Code and the Audit TrailCode ReviewsTrusting BuildsSoftware Bill of Materials (SBOM): The RiskTrusted Input, Trusted OutputReproducible BuildsDecoupling Release and Artifact VersionsTrusting DistributionPromoting an ArtifactDistribution SecurityIntegrity and AuthenticityTrusting a Distribution NetworkHumans in the LoopTrusting an InstanceUpgrade-Only PolicyAuthorized InstancesRuntime SecuritySecure Coding PracticesIsolationActive MonitoringSecure Software Development Lifecycle (SDLC)Requirements and DesignCoding and ImplementationStatic and Dynamic Code AnalysisPeer Reviews and Code AuditsQuality Assurance and TestingDeployment and MaintenanceContinuous ImprovementProtecting Application and Data PrivacyWhen You Host Applications in a Public Cloud, How Can You Trust It?Confidential ComputingUnderstanding Hardware-Based Root-of-Trust (RoT)Role of AttestationScenario WalkthroughUse Case: Bob Sends Highly Sensitive Data to Financial Application for ComputationRequest AnalysisSummary
8. Trusting the Traffic
Encryption Versus AuthenticationAuthenticity Without Encryption?Bootstrapping Trust: The First PacketFireWall KNock OPerator (fwknop)Short-Lived ExceptionsSPA PayloadPayload EncryptionHMACWhere Should Zero Trust Be in the Network Model?Client and Server SplitNetwork Support IssuesDevice Support IssuesApplication Support IssuesA Pragmatic ApproachMicrosoft Server IsolationThe ProtocolsIKE and IPsecMutually Authenticated TLS (mTLS)Trusting Cloud Traffic: Challenges and ConsiderationsCloud Access Security Brokers (CASBs) and Identity FederationFilteringHost FilteringBookended FilteringIntermediary FilteringScenario WalkthroughUse Case: Bob Requests Access to an Email Service Over an Anonymous Proxy NetworkRequest AnalysisSummary
9. Realizing a Zero Trust Network
The First Steps Toward a Zero Trust Network: Understanding Your Current NetworkChoosing ScopeAssessment and PlanningRequirements: What Is Actually Required?All Network Flows MUST Undergo Authentication Before ProcessingBuilding a System DiagramUnderstanding Your FlowsMicro-SegmentationSoftware-Defined PerimeterController-Less Architecture“Cheating” with Configuration ManagementImplementation Phase: Application Authentication and AuthorizationAuthenticating Load Balancers and ProxiesRelationship-Oriented PolicyPolicy DistributionDefining and Implementing Security PoliciesZero Trust ProxiesClient-Side Versus Server-Side MigrationsEndpoint SecurityCase StudiesCase Study: Google BeyondCorpThe Major Components of BeyondCorpLeveraging and Extending the GFEChallenges with Multiplatform AuthenticationMigrating to BeyondCorpLessons LearnedConclusionCase Study: PagerDuty’s Cloud-Agnostic NetworkConfiguration Management as an Automation PlatformDynamically Calculated Local FirewallsDistributed Traffic EncryptionDecentralized User ManagementRolloutValue of a Provider-Agnostic SystemSummary

10. The Adversarial View
Potential Pitfalls and DangersAttack VectorsIdentity and AccessCredential TheftPrivilege Escalation and Lateral MovementInfrastructure and NetworksControl Plane SecurityEndpoint EnumerationUntrusted Computing PlatformDistributed Denial of Service (DDoS) AttacksMan-in-the-Middle (MitM) AttacksInvalidationPhishingPhysical CoercionRole of Cyber InsuranceSummary
11. Zero Trust Architecture Standards, Frameworks, and Guidelines
GovernmentsUnited StatesUnited KingdomEuropean UnionPrivate and Public OrganizationsCloud Security Alliance (CSA)The Open GroupGartnerForresterInternational Organization for Standardization (ISO)Commercial VendorsSummary
12. Challenges and the Road Ahead
ChallengesMindset ShiftShadow ITSiloed OrganizationsLack of Cohesive Zero Trust ProductsScalability and PerformanceKey TakeawaysTechnological AdvancementsQuantum ComputingArtificial IntelligencePrivacy-Enhancing TechnologiesSummary
Appendix. A Brief Introduction to Network Models
Network Layers, VisuallyOSI Network ModelLayer 1—Physical LayerLayer 2—Data Link LayerLayer 3—Network LayerLayer 4—Transport LayerLayer 5—Session LayerLayer 6—Presentation LayerLayer 7—Application LayerTCP/IP Network Model
Index
About the Authors

Content preview from Zero Trust Networks, 2nd Edition

Chapter 7. Trusting Applications

Marc Andreessen, a notable Silicon Valley investor, famously declared that “software is eating the world.” In many ways, this statement has never been truer. It is the software running in your datacenter that makes all of the magic happen, and as such, it is no secret that we wish to trust its execution.

Code, running on a trusted device, will be faithfully executed. A trusted device is a prerequisite for trusting code, which we covered in Chapter 5. However, even with our execution environment secured, we still have more work to do to trust that the code that’s running on a device is trustworthy.

As such, trusting the device is just half of the story. One must also trust the code and the programmers who wrote it. With the goal being to ensure the integrity of a running application, we must find ways to extend this human trust from the code itself all the way to execution.

Trusting code refers to ensuring that the code used in software applications is free from vulnerabilities, is produced by trusted sources, and has not been tampered with.

To establish trust in code, there are a few minimum requirements that need to be met:

The people producing the code are themselves trusted and follow secure coding practices.
The code was scanned for vulnerabilities, signed, and accurately processed to produce a trustworthy application.
Trusted applications are properly deployed to the infrastructure to be run.
Trusted applications are continually monitored ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492096580Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Zero Trust Networks, 2nd Edition

by Razi Rais, Christina Morillo, Evan Gilman, Doug Barth

Chapter 7. Trusting Applications

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.