Zero trust security an enterprise guide
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
[Place of publication not identified] :
Apress
[2021]
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009631691906719 |
Tabla de Contenidos:
- Intro
- Table of Contents
- About the Authors
- About the Technical Reviewer
- Acknowledgments
- Foreword
- Part I: Overview
- Chapter 1: Introduction
- Chapter 2: What Is Zero Trust?
- History and Evolution
- Forrester's Zero Trust eXtended (ZTX) Model
- Gartner's Approach to Zero Trust
- Our Perspective on Zero Trust
- Core Principles
- Expanded Principles
- A Working Definition
- Zero Trust Platform Requirements
- Summary
- Chapter 3: Zero Trust Architectures
- A Representative Enterprise Architecture
- Identity and Access Management
- Network Infrastructure (Firewalls, DNS, Load Balancers)
- Jump Boxes
- Privileged Access Management
- Network Access Control
- Intrusion Detection/Intrusion Prevention
- Virtual Private Network
- Next-Generation Firewalls
- Security Information and Event Management
- Web Server and Web Application Firewall
- Infrastructure as a Service
- Software as a Service and Cloud Access Security Brokers
- A Zero Trust Architecture
- The NIST Zero Trust Model
- A Conceptual Zero Trust Architecture
- Policy Components
- Types of Policy Enforcement Points
- What Is a Policy Enforcement Point?
- Zero Trust Deployment Models
- Resource-Based Deployment Model
- Enclave-Based Deployment Model
- Cloud-Routed Deployment Model
- Microsegmentation Deployment Model
- Summary
- Chapter 4: Zero Trust in Practice
- Google's BeyondCorp
- PagerDuty's Zero Trust Network
- The Software-Defined Perimeter and Zero Trust
- Mutual TLS Communications
- Single-Packet Authorization
- SDP Case Study
- Zero Trust and Your Enterprise
- Summary
- Part II: Zero Trust and Enterprise Architecture Components
- Chapter 5: Identity and Access Management
- IAM in Review
- Identity Stores (Directories)
- Databases
- LDAP
- Identity-as-a-Service
- Identity Lifecycle
- Lifecycle Management.
- Identity Governance
- Access Management
- Authentication
- LDAP
- RADIUS
- SAML
- OAuth2
- OpenID Connect (OIDC)
- Certificate-Based Authentication
- FIDO2
- Mobile and Biometrics
- Authorization
- Zero Trust and IAM
- Authentication, Authorization, and Zero Trust Integration
- Enhancing Legacy System Authentication
- Zero Trust as Catalyst for Improving IAM
- Summary
- Chapter 6: Network Infrastructure
- Network Firewalls
- The Domain Name System
- Public DNS Servers
- Private DNS Servers
- Monitoring DNS for Security
- Wide Area Networks
- Load Balancers, Application Delivery Controllers, and API Gateways
- Web Application Firewalls
- Summary
- Chapter 7: Network Access Control
- Introduction to Network Access Control
- Zero Trust and Network Access Control
- Unmanaged Guest Network Access
- Managed Guest Network Access
- Managed vs. Unmanaged Guest Networks: A Debate
- Employee BYOD
- Device Posture Checks
- Device Discovery and Access Controls
- Summary
- Chapter 8: Intrusion Detection and Prevention Systems
- Types of IDPS
- Host-Based Systems
- Network-Based Systems
- Network Traffic Analysis and Encryption
- Zero Trust and IDPS
- Summary
- Chapter 9: Virtual Private Networks
- Enterprise VPNs and Security
- Zero Trust and VPNs
- Summary
- Chapter 10: Next-Generation Firewalls
- History and Evolution
- Zero Trust and NGFWs
- Network Traffic Encryption: Implications
- Network Architectures
- Summary
- Chapter 11: Security Operations
- Security Information and Event Management
- Security Orchestration, Automation, and Response
- Zero Trust in the Security Operations Center
- Enriched Log Data
- Orchestration and Automation (Triggers and Events)
- Authentication Trigger
- Resource Access Trigger
- Periodic (Session Expiration) Trigger
- External Trigger.
- Zero Trust Querying for Additional Context (Authentication Trigger)
- SIEM/SOAR Invoking Zero Trust System (External Trigger)
- Indirect Integration (External Trigger)
- Summary
- Chapter 12: Privileged Access Management
- Password Vaulting
- Secrets Management
- Privileged Session Management
- Zero Trust and PAM
- Summary
- Chapter 13: Data Protection
- Data Types and Data Classification
- Data Lifecycle
- Data Creation
- Data Usage
- Data Destruction
- Data Security
- Zero Trust and Data
- Summary
- Chapter 14: Infrastructure and Platform as a Service
- Definitions
- Zero Trust and Cloud Services
- Service Meshes
- Summary
- Chapter 15: Software as a Service
- SaaS and Cloud Security
- Native SaaS Controls
- Secure Web Gateways
- Cloud Access Security Brokers
- Zero Trust and SaaS
- Zero Trust and Edge Services
- Summary
- Chapter 16: IoT Devices and "Things"
- IoT Device Networking and Security Challenges
- Zero Trust and IoT Devices
- Summary
- Part III: Putting It All Together
- Chapter 17: A Zero Trust Policy Model
- Policy Components
- Subject Criteria
- Action
- Target
- Access to Host 10.6.1.34
- Access to Host appserver1.internal.example.com
- Access to Hosts on the Subnet 10.5.1.0/24
- Access to Systems Tagged as "department=Marketing"
- Access to Systems Tagged as "stage=test"
- Condition
- Time of Day Is Between 08:00 and 18:00
- User Has Performed a Valid MFA or Step-Up Authentication Within the Last 90 Minutes
- Device Posture Meets Requirements: Anti-malware Service Is Running
- Device Posture Meets Requirements: Endpoint Security Scan Completed Fewer Than 48 Hours Ago
- A Service Desk Ticket Is in an Open State for This Resource
- Both the Subject and the Target Must Be Servers Tagged as Being in a "Production" State
- Subject Criteria vs. Conditions
- Example Policies.
- Policies, Applied
- Attributes
- Policy Scenarios
- Target-Initiated Access
- Microsegmentation
- Policy Evaluation and Enforcement Flows
- Authentication Trigger
- Access Trigger
- Session Expiration Trigger
- External Trigger
- Summary
- Chapter 18: Zero Trust Scenarios
- VPN Replacement/VPN Alternative
- Considerations
- Resources
- Users and User Experience
- Identity Providers
- Networking
- Recommendations
- Third-Party Access
- Considerations
- Architecture
- Users and User Experience
- Recommendations
- Cloud Migration
- Migration Categories
- Forklift Migration
- Refactor the Application
- Rewrite the Application
- Adopt SaaS
- Considerations
- Architecture
- Forklift
- Refactor the Application
- Rewrite the Application
- Adopt SaaS
- Users and User Experience
- Recommendations
- Service-to-Service Access
- Considerations
- Recommendations
- DevOps
- DevOps Phases
- Plan and Code
- Build and Test
- Release and Deploy
- Operate and Monitor
- Considerations
- Recommendations
- Mergers and Acquisitions
- Considerations
- Recommendations
- Divestiture
- Full Zero Trust Network/Network Transformation
- Considerations
- Recommendations
- Summary
- Chapter 19: Making Zero Trust Successful
- Zero Trust: A Strategic Approach (Top-Down)
- Governance Board
- Architecture Review Board
- Change Management Board
- Value Drivers
- Security
- Audit and Compliance
- Agility/New Business Initiatives
- Customer/Partner Integrations
- Technology Modernization
- Zero Trust: A Tactical Approach (Bottom-Up)
- Sample Zero Trust Deployments
- Scenario 1: A Tactical Zero Trust Project
- Define Problem
- Research Zero Trust Solutions
- Review Approach and Proposed Architecture
- POC Two Candidate Zero Trust Platforms
- Present POC Results
- Production Pilot
- Validate Pilot Results and Value.
- Full Production Rollout
- Scenario 2: A Strategic Zero Trust Initiative
- Common Roadblocks
- Identity Management Immaturity
- Political Resistance
- Regulatory or Compliance Constraints
- Discovery and Visibility of Resources
- Analysis Paralysis
- Summary
- Chapter 20: Conclusion
- Chapter 21: Afterword
- Plan, Plan, Then Plan Some More
- Zero Trust Is (Unfortunately) Political
- Dream Big, Start Small
- Show Me the Money
- Digital Transformation Is Your Friend
- Appendix A: Further Reading: An Annotated List
- Industry Standards and Specifications
- Books
- Research Documents and Publications
- Index.
