Zero Trust Networks: Building Secure Systems in Untrusted Networks 1st Edition1
Thoughts
There is no better time to read this book than now. We’re at a point in history where were have examples of massive data breaches in the past to study from, and also an unprecedented number of businesses going online at a rapid pace, accelerated by shelter-in-place rules enforced to stem the spread of covid-19 virus.
Folks in IT operations, especially in big companies, know that it is not easy to get ahead of the constant attacks. In spite of all the hard work behind maintaining a centralized firewall, configuring TLS across various applications, doing penetration testing and auditing, once the perimeter is breached, there is no defense. The hosts in the internal network are in the trusted zone and rely so much on the wall that if an attacker gains access to internal network, say through phishing, then it is free-access to all the internal resources.
Zero-trust model is one which treats all hosts as if they’re internet-facing, and considers the entire network to be compromised and hostile.
The book is very well written and teaches concepts one after the other never jumping into a complex topic without background.
TOC
1. Zero Trust Fundamentals
What Is a Zero Trust Network?
- Introducing the Zero Trust Control Plane
Evolution of the Perimeter Model
- Managing the Global IP Address Space
- Birth of Private IP Address Space
- Private Networks Connect to Public Networks
- Birth of NAT
- The Contemporary Perimeter Model
Evolution of the Threat Landscape
Perimeter Shortcomings
Where the Trust Lies
Automation as an Enabler
Perimeter Versus Zero Trust
Applied in the Cloud
Summary
2. Managing Trust
Threat Models
- Common Threat Models
- Zero Trust’s Threat Model
Strong Authentication
Authenticating Trust
- What Is a Certificate Authority?
- Importance of PKI in Zero Trust
- Private Versus Public PKI
- Public PKI Strictly Better Than None
Least Privilege
Variable Trust
Control Plane Versus Data Plane
Summary
3. Network Agents
What Is an Agent?
- Agent Volatility
- What’s in an Agent?
How Is an Agent Used?
- Not for Authentication
How to Expose an Agent?
No Standard Exists
- Rigidity and Fluidity, at the Same Time
- Standardization Desirable
- In the Meantime?
Summary
4. Making Authorization Decisions
Authorization Architecture
Enforcement
Policy Engine
- Policy Storage
- What Makes Good Policy?
- Who Defines Policy?
Trust Engine
- What Entities Are Scored?
- Exposing Scores Considered Risky
Data Stores
Summary
5. Trusting Devices
Bootstrapping Trust
- Generating and Securing Identity
- Identity Security in Static and Dynamic Systems
Authenticating Devices with the Control Plane
- X.509
- TPMs
- Hardware-Based Zero Trust Supplicant?
Inventory Management
- Knowing What to Expect
- Secure Introduction
Renewing Device Trust
- Local Measurement
- Remote Measurement
Software Configuration Management
- CM-Based Inventory
- Secure Source of Truth
Using Device Data for User Authorization
Trust Signals
- Time Since Image
- Historical Access
- Location
- Network Communication Patterns
Summary
6. Trusting Users
Identity Authority
Bootstrapping Identity in a Private System
- Government-Issued Identification
- Nothing Beats Meatspace
- Expectations and Stars
Storing Identity
- User Directories
- Directory Maintenance
When to Authenticate Identity
- Authenticating for Trust
- Trust as the Authentication Driver
- The Use of Multiple Channels
- Caching Identity and Trust
How to Authenticate Identity
- Something You Know: Passwords
- Something You Have: TOTP
- Something You Have: Certificates
- Something You Have: Security Tokens
- Something You Are: Biometrics
- Out-of-Band Authentication
- Single Sign On
- Moving Toward a Local Auth Solution
Authenticating and Authorizing a Group
- Shamir’s Secret Sharing
- Red October
See Something, Say Something
Trust Signals
Summary
7. Trusting Applications
Understanding the Application Pipeline
Trusting Source
- Securing the Repository
- Authentic Code and the Audit Trail
- Code Reviews
Trusting Builds
- The Risk
- Trusted Input, Trusted Output
- Reproducible Builds
- Decoupling Release and Artifact Versions
Trusting Distribution
- Promoting an Artifact
- Distribution Security
- Integrity and Authenticity
- Trusting a Distribution Network
Humans in the Loop
Trusting an Instance
- Upgrade-Only Policy
- Authorized Instances
Runtime Security
- Secure Coding Practices
- Isolation
- Active Monitoring
Summary
8. Trusting the Traffic
Encryption Versus Authentication
- Authenticity Without Encryption?
Bootstrapping Trust: The First Packet
- fwknop
A Brief Introduction to Network Models
- Network Layers, Visually
- OSI Network Model
- TCP/IP Network Model
Where Should Zero Trust Be in the Network Model?
- Client and Server Split
The Protocols
- IKE/IPsec
- Mutually Authenticated TLS
Filtering
- Host Filtering
- Bookended Filtering
- Intermediary Filtering
Summary
9. Realizing a Zero Trust Network
Choosing Scope
- What’s Actually Required?
Building a System Diagram
Understanding Your Flows
Controller-Less Architecture
- “Cheating” with Configuration Management
- Application Authentication and Authorization
- Authenticating Load Balancers and Proxies
- Relationship-Oriented Policy
- Policy Distribution
Defining and Installing Policy
Zero Trust Proxies
Client-Side Versus Server-Side Migrations
Case Studies
- Case Study: Google BeyondCorp
- The Major Components of BeyondCorp
- Leveraging and Extending the GFE
- Challenges with Multiplatform Authentication
- Migrating to BeyondCorp
- Lessons Learned
- Conclusion
Case Study: PagerDuty’s Cloud Agnostic Network
- Configuration Management as an Automation Platform
- Dynamically Calculated Local Firewalls
- Distributed Traffic Encryption
- Decentralized User Management
- Rollout
- Value of a Provider-Agnostic System