Zero Trust Networks: Building Secure Systems in Untrusted Networks 1st Edition1

Thoughts

There is no better time to read this book than now. We’re at a point in history where were have examples of massive data breaches in the past to study from, and also an unprecedented number of businesses going online at a rapid pace, accelerated by shelter-in-place rules enforced to stem the spread of covid-19 virus.

Folks in IT operations, especially in big companies, know that it is not easy to get ahead of the constant attacks. In spite of all the hard work behind maintaining a centralized firewall, configuring TLS across various applications, doing penetration testing and auditing, once the perimeter is breached, there is no defense. The hosts in the internal network are in the trusted zone and rely so much on the wall that if an attacker gains access to internal network, say through phishing, then it is free-access to all the internal resources.

Zero-trust model is one which treats all hosts as if they’re internet-facing, and considers the entire network to be compromised and hostile.

The book is very well written and teaches concepts one after the other never jumping into a complex topic without background.

TOC

1. Zero Trust Fundamentals

What Is a Zero Trust Network?

  • Introducing the Zero Trust Control Plane

Evolution of the Perimeter Model

  • Managing the Global IP Address Space
  • Birth of Private IP Address Space
  • Private Networks Connect to Public Networks
  • Birth of NAT
  • The Contemporary Perimeter Model

Evolution of the Threat Landscape

Perimeter Shortcomings

Where the Trust Lies

Automation as an Enabler

Perimeter Versus Zero Trust

Applied in the Cloud

Summary

2. Managing Trust

Threat Models

  • Common Threat Models
  • Zero Trust’s Threat Model

Strong Authentication

Authenticating Trust

  • What Is a Certificate Authority?
  • Importance of PKI in Zero Trust
  • Private Versus Public PKI
  • Public PKI Strictly Better Than None

Least Privilege

Variable Trust

Control Plane Versus Data Plane

Summary

3. Network Agents

What Is an Agent?

  • Agent Volatility
  • What’s in an Agent?

How Is an Agent Used?

  • Not for Authentication

How to Expose an Agent?

No Standard Exists

  • Rigidity and Fluidity, at the Same Time
  • Standardization Desirable
  • In the Meantime?

Summary

4. Making Authorization Decisions

Authorization Architecture

Enforcement

Policy Engine

  • Policy Storage
  • What Makes Good Policy?
  • Who Defines Policy?

Trust Engine

  • What Entities Are Scored?
  • Exposing Scores Considered Risky

Data Stores

Summary

5. Trusting Devices

Bootstrapping Trust

  • Generating and Securing Identity
  • Identity Security in Static and Dynamic Systems

Authenticating Devices with the Control Plane

  • X.509
  • TPMs
  • Hardware-Based Zero Trust Supplicant?

Inventory Management

  • Knowing What to Expect
  • Secure Introduction

Renewing Device Trust

  • Local Measurement
  • Remote Measurement

Software Configuration Management

  • CM-Based Inventory
  • Secure Source of Truth

Using Device Data for User Authorization

Trust Signals

  • Time Since Image
  • Historical Access
  • Location
  • Network Communication Patterns

Summary

6. Trusting Users

Identity Authority

Bootstrapping Identity in a Private System

  • Government-Issued Identification
  • Nothing Beats Meatspace
  • Expectations and Stars

Storing Identity

  • User Directories
  • Directory Maintenance

When to Authenticate Identity

  • Authenticating for Trust
  • Trust as the Authentication Driver
  • The Use of Multiple Channels
  • Caching Identity and Trust

How to Authenticate Identity

  • Something You Know: Passwords
  • Something You Have: TOTP
  • Something You Have: Certificates
  • Something You Have: Security Tokens
  • Something You Are: Biometrics
  • Out-of-Band Authentication
  • Single Sign On
  • Moving Toward a Local Auth Solution

Authenticating and Authorizing a Group

  • Shamir’s Secret Sharing
  • Red October

See Something, Say Something

Trust Signals

Summary

7. Trusting Applications

Understanding the Application Pipeline

Trusting Source

  • Securing the Repository
  • Authentic Code and the Audit Trail
  • Code Reviews

Trusting Builds

  • The Risk
  • Trusted Input, Trusted Output
  • Reproducible Builds
  • Decoupling Release and Artifact Versions

Trusting Distribution

  • Promoting an Artifact
  • Distribution Security
  • Integrity and Authenticity
  • Trusting a Distribution Network

Humans in the Loop

Trusting an Instance

  • Upgrade-Only Policy
  • Authorized Instances

Runtime Security

  • Secure Coding Practices
  • Isolation
  • Active Monitoring

Summary

8. Trusting the Traffic

Encryption Versus Authentication

  • Authenticity Without Encryption?

Bootstrapping Trust: The First Packet

  • fwknop

A Brief Introduction to Network Models

  • Network Layers, Visually
  • OSI Network Model
  • TCP/IP Network Model

Where Should Zero Trust Be in the Network Model?

  • Client and Server Split

The Protocols

  • IKE/IPsec
  • Mutually Authenticated TLS

Filtering

  • Host Filtering
  • Bookended Filtering
  • Intermediary Filtering

Summary

9. Realizing a Zero Trust Network

Choosing Scope

  • What’s Actually Required?

Building a System Diagram

Understanding Your Flows

Controller-Less Architecture

  • “Cheating” with Configuration Management
  • Application Authentication and Authorization
  • Authenticating Load Balancers and Proxies
  • Relationship-Oriented Policy
  • Policy Distribution

Defining and Installing Policy

Zero Trust Proxies

Client-Side Versus Server-Side Migrations

Case Studies

  • Case Study: Google BeyondCorp
  • The Major Components of BeyondCorp
  • Leveraging and Extending the GFE
  • Challenges with Multiplatform Authentication
  • Migrating to BeyondCorp
  • Lessons Learned
  • Conclusion

Case Study: PagerDuty’s Cloud Agnostic Network

  • Configuration Management as an Automation Platform
  • Dynamically Calculated Local Firewalls
  • Distributed Traffic Encryption
  • Decentralized User Management
  • Rollout
  • Value of a Provider-Agnostic System

Summary

10. The Adversarial View

Identity Theft

Distributed Denial of Service

Endpoint Enumeration

Untrusted Computing Platform

Social Engineering

Physical Coercion

Invalidation

Control Plane Security

Summary

Footnotes

  1. https://www.amazon.com/Zero-Trust-Networks-Building-Untrusted-dp-1491962194/dp/1491962194/