Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Preface
Who Should Read This Book Why We Wrote This Book Zero Trust Networks Today Navigating This Book Conventions Used in This Book O’Reilly Safari How to Contact Us Acknowledgments
1. Zero Trust Fundamentals
What Is a Zero Trust Network?
Introducing the Zero Trust Control Plane
Evolution of the Perimeter Model
Managing the Global IP Address Space Birth of Private IP Address Space Private Networks Connect to Public Networks Birth of NAT The Contemporary Perimeter Model
Evolution of the Threat Landscape Perimeter Shortcomings Where the Trust Lies Automation as an Enabler Perimeter Versus Zero Trust Applied in the Cloud Summary
2. Managing Trust
Threat Models
Common Threat Models Zero Trust’s Threat Model
Strong Authentication Authenticating Trust
What Is a Certificate Authority? Importance of PKI in Zero Trust Private Versus Public PKI Public PKI Strictly Better Than None
Least Privilege Variable Trust Control Plane Versus Data Plane Summary
3. Network Agents
What Is an Agent?
Agent Volatility What’s in an Agent?
How Is an Agent Used?
Not for Authentication
How to Expose an Agent? No Standard Exists
Rigidity and Fluidity, at the Same Time Standardization Desirable In the Meantime?
Summary
4. Making Authorization Decisions
Authorization Architecture Enforcement Policy Engine
Policy Storage What Makes Good Policy? Who Defines Policy?
Trust Engine
What Entities Are Scored? Exposing Scores Considered Risky
Data Stores Summary
5. Trusting Devices
Bootstrapping Trust
Generating and Securing Identity Identity Security in Static and Dynamic Systems
Authenticating Devices with the Control Plane
X.509
Certificate chains and certification authorities Device identity and X.509 Public and private components Private key storage X.509 for device authentication
TPMs
Encrypting data using a TPM
Intermediary keys and passphrases
Platform configuration registers Remote attestation TPMs for device authentication
Hardware-Based Zero Trust Supplicant?
Inventory Management
Knowing What to Expect Secure Introduction
What Makes a Good Secure Introduction System?
Renewing Device Trust
Local Measurement Remote Measurement
Software Configuration Management
CM-Based Inventory
Searchable inventory
Secure Source of Truth
Using Device Data for User Authorization Trust Signals
Time Since Image Historical Access Location Network Communication Patterns
Summary
6. Trusting Users
Identity Authority Bootstrapping Identity in a Private System
Government-Issued Identification Nothing Beats Meatspace Expectations and Stars
Storing Identity
User Directories Directory Maintenance
When to Authenticate Identity
Authenticating for Trust Trust as the Authentication Driver The Use of Multiple Channels Caching Identity and Trust
How to Authenticate Identity
Something You Know: Passwords Something You Have: TOTP Something You Have: Certificates Something You Have: Security Tokens Something You Are: Biometrics Out-of-Band Authentication Single Sign On Moving Toward a Local Auth Solution
Authenticating and Authorizing a Group
Shamir’s Secret Sharing Red October
See Something, Say Something Trust Signals Summary
7. Trusting Applications
Understanding the Application Pipeline Trusting Source
Securing the Repository Authentic Code and the Audit Trail Code Reviews
Trusting Builds
The Risk Trusted Input, Trusted Output Reproducible Builds Decoupling Release and Artifact Versions
Trusting Distribution
Promoting an Artifact Distribution Security Integrity and Authenticity Trusting a Distribution Network
Humans in the Loop Trusting an Instance
Upgrade-Only Policy Authorized Instances
Runtime Security
Secure Coding Practices Isolation Active Monitoring
Summary
8. Trusting the Traffic
Encryption Versus Authentication
Authenticity Without Encryption?
Bootstrapping Trust: The First Packet
fwknop
Short-lived exceptions SPA payload Payload encryption HMAC
A Brief Introduction to Network Models
Network Layers, Visually OSI Network Model
Layer 1—Physical Layer Layer 2—Data Link Layer Layer 3—Network Layer Layer 4—Transport Layer Layer 5—Session Layer Layer 6—Presentation Layer Layer 7—Application Layer
TCP/IP Network Model
Where Should Zero Trust Be in the Network Model?
Client and Server Split
Network support issues Device support issues Application support issues A pragmatic approach
The Protocols
IKE/IPsec
IKE and IPsec Authentication credentials IKE SA_INIT and AUTH Cipher suite selection IPsec security associations IPsec tunnel mode versus transport mode IKE/IPsec for device authentication
Mutually Authenticated TLS
Cipher suite negotiation and selection
Who gets to say Key exchange Perfect Forward Secrecy Mind Your Curves Authentication
Separation of duty Bulk encryption Message authenticity Mutually authenticated TLS for device authentication
Filtering
Host Filtering Bookended Filtering Intermediary Filtering
Summary
9. Realizing a Zero Trust Network
Choosing Scope
What’s Actually Required?
All network flows MUST be authenticated before being processed All network flows SHOULD be encrypted before being transmitted Authentication and encryption MUST be performed by the application-layer endpoints All network flows MUST be enumerated so that access can be enforced by the system The strongest authentication and encryption suites available SHOULD be used within the network Authentication SHOULD NOT rely on public PKI providers—private PKI systems should be used instead Devices SHOULD be regularly scanned, patched, and rotated
Building a System Diagram Understanding Your Flows Controller-Less Architecture
“Cheating” with Configuration Management Application Authentication and Authorization Authenticating Load Balancers and Proxies Relationship-Oriented Policy Policy Distribution
Defining and Installing Policy Zero Trust Proxies Client-Side Versus Server-Side Migrations Case Studies Case Study: Google BeyondCorp
The Major Components of BeyondCorp
Securely identifying the device
Device inventory database Device identity
Securely identifying the user Externalizing applications and workflows: The access proxy Implementing inventory-based access control
Leveraging and Extending the GFE
User authentication Authorization Mutual authentication between the proxy and the backend
Challenges with Multiplatform Authentication
Desktops and laptops Mobile devices
Migrating to BeyondCorp
Deploying an unprivileged network Workflow qualification Cutting back on VPN usage Traffic analysis pipeline Unprivileged network simulation Migration strategy Exemption handling
Lessons Learned
Communication Engineers need support Data quality and correlation Sparse data sets
Conclusion
Case Study: PagerDuty’s Cloud Agnostic Network
Configuration Management as an Automation Platform Dynamically Calculated Local Firewalls Distributed Traffic Encryption Decentralized User Management Rollout Value of a Provider-Agnostic System
Summary
10. The Adversarial View
Identity Theft Distributed Denial of Service Endpoint Enumeration Untrusted Computing Platform Social Engineering Physical Coercion Invalidation Control Plane Security Summary
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion