Cargando…
Zero trust networks : building secure systems in untrusted networks /
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Sebastopol, CA :
O'Reilly Media,
2017.
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Copyright; Table of Contents; Preface; Who Should Read This Book; Why We Wrote This Book; Zero Trust Networks Today; Navigating This Book; Conventions Used in This Book; O'Reilly Safari; How to Contact Us; Acknowledgments; Chapter 1. Zero Trust Fundamentals; What Is a Zero Trust Network?; Introducing the Zero Trust Control Plane; Evolution of the Perimeter Model; Managing the Global IP Address Space; Birth of Private IP Address Space; Private Networks Connect to Public Networks; Birth of NAT; The Contemporary Perimeter Model; Evolution of the Threat Landscape; Perimeter Shortcomings.
- Where the Trust LiesAutomation as an Enabler; Perimeter Versus Zero Trust; Applied in the Cloud; Summary; Chapter 2. Managing Trust; Threat Models; Common Threat Models; Zero Trust's Threat Model; Strong Authentication; Authenticating Trust; What Is a Certificate Authority?; Importance of PKI in Zero Trust; Private Versus Public PKI; Public PKI Strictly Better Than None; Least Privilege; Variable Trust; Control Plane Versus Data Plane; Summary; Chapter 3. Network Agents; What Is an Agent?; Agent Volatility; What's in an Agent?; How Is an Agent Used?; Not for Authentication.
- How to Expose an Agent?No Standard Exists; Rigidity and Fluidity, at the Same Time; Standardization Desirable; In the Meantime?; Summary; Chapter 4. Making Authorization Decisions; Authorization Architecture; Enforcement; Policy Engine; Policy Storage; What Makes Good Policy?; Who Defines Policy?; Trust Engine; What Entities Are Scored?; Exposing Scores Considered Risky; Data Stores; Summary; Chapter 5. Trusting Devices; Bootstrapping Trust; Generating and Securing Identity; Identity Security in Static and Dynamic Systems; Authenticating Devices with the Control Plane; X.509; TPMs.
- Hardware-Based Zero Trust Supplicant?Inventory Management; Knowing What to Expect; Secure Introduction; Renewing Device Trust; Local Measurement; Remote Measurement; Software Configuration Management; CM-Based Inventory; Secure Source of Truth; Using Device Data for User Authorization; Trust Signals; Time Since Image; Historical Access; Location; Network Communication Patterns; Summary; Chapter 6. Trusting Users; Identity Authority; Bootstrapping Identity in a Private System; Government-Issued Identification; Nothing Beats Meatspace; Expectations and Stars; Storing Identity; User Directories.
- Directory MaintenanceWhen to Authenticate Identity; Authenticating for Trust; Trust as the Authentication Driver; The Use of Multiple Channels; Caching Identity and Trust; How to Authenticate Identity; Something You Know: Passwords; Something You Have: TOTP; Something You Have: Certificates; Something You Have: Security Tokens; Something You Are: Biometrics; Out-of-Band Authentication; Single Sign On; Moving Toward a Local Auth Solution; Authenticating and Authorizing a Group; Shamir's Secret Sharing; Red October; See Something, Say Something; Trust Signals; Summary.