Название: Zero Trust Networks: Building Secure Systems in Untrusted Networks, 2nd Edition (Final) Автор: Razi Rais, Christina Morillo, Evan Gilman Издательство: O’Reilly Media, Inc. Год: 2024 Страниц: 332 Язык: английский Формат: pdf, epub (true) Размер: 15.6 MB
This practical book provides a detailed explanation of the zero trust security model. Zero trust is a security paradigm shift that eliminates the concept of traditional perimeter-based security and requires you to "always assume breach" and "never trust but always verify." The updated edition offers more scenarios, real-world examples, and in-depth explanations of key concepts to help you fully comprehend the zero trust security architecture.
Zero trust aims to solve the inherent problems in placing our trust in the network. Instead, it is possible to secure network communication and access so effectively that the physical security of the transport layer can be reasonably disregarded. It goes without saying that this is a lofty goal. The good news is that we’ve got pretty powerful cryptographic algorithms these days, and given the right automation systems, this vision is actually attainable.
What Is a Zero Trust Network? A zero trust network is built upon five fundamental assertions:
• The network is always assumed to be hostile. • External and internal threats exist on the network at all times. • Network locality alone is not sufficient for deciding trust in a network. • Every device, user, and network flow is authenticated and authorized. • Policies must be dynamic and calculated from as many sources of data as possible.
Traditional network security architecture breaks different networks (or pieces of a single network) into zones, contained by one or more firewalls. Each zone is granted some level of trust, which determines the network resources it is permitted to reach. This model provides very strong defense-in-depth.
• Examine fundamental concepts of zero trust security model, including trust engine, policy engine, and context aware agents • Understand how this model embeds security within the system's operation, with guided scenarios at the end of each chapter • Migrate from a perimeter-based network to a zero trust network in production • Explore case studies that provide insights into organizations' zero trust journeys • Learn about the various zero trust architectures, standards, and frameworks developed by NIST, CISA, DoD, and others
Who Should Read This Book: Have you found the overhead of centralized firewalls to be restrictive? Perhaps you’ve even found their operation to be ineffective. Have you struggled with VPN headaches, TLS configuration across a myriad of applications and languages, or compliance and auditing hardships? These problems represent a small subset of those addressed by the zero trust model. If you find yourself thinking that there just has to be a better way, then you’re in luck—this book is for you.
Network engineers, security engineers, CTOs, and everyone in between can benefit from zero trust learnings. Even without a specialized skill set, many of the principles included in this book can be clearly understood, helping leaders make decisions that implement a zero trust model, improving their overall security posture incrementally.
Additionally, readers with experience using configuration management systems will see the opportunity to use those same ideas to build a more secure and operable networked system—one in which resources are secure by default. They will be interested in how automation systems can enable a new network design that is able to apply fine-grained security controls more easily. Finally, this book explores a mature zero trust design, enabling those who have already incorporated the basic philosophies to further the robustness of their security systems.
Скачать Zero Trust Networks: Building Secure Systems in Untrusted Networks, 2nd Edition (Final)
Внимание
Уважаемый посетитель, Вы зашли на сайт как незарегистрированный пользователь.
Мы рекомендуем Вам зарегистрироваться либо войти на сайт под своим именем.
Информация
Посетители, находящиеся в группе Гости, не могут оставлять комментарии к данной публикации.