Identity-Native Infrastructure Access Management - Helion

ebook

Autor: Ev Kontsevoy, Sakshyam Shah, Peter Conrad
ISBN: 9781098131852
stron: 152, Format: ebook
Data wydania: 2023-09-13
Księgarnia: Helion

Cena książki: 160,65 zł (poprzednio: 186,80 zł)
Oszczędzasz: 14% (-26,15 zł)

Osoby, które kupiły tę książkę, wybierały także »

Traditional secret-based credentials can't scale to meet the complexity and size of cloud and on-premises infrastructure. Today's applications are spread across a diverse range of clouds and colocation facilities, as well as on-prem data centers. Each layer of this modern stack has its own attack vectors and protocols to consider.

How can you secure access to diverse infrastructure components, from bare metal to ephemeral containers, consistently and simply? In this practical book, authors Ev Kontsevoy, Sakshyam Shah, and Peter Conrad break this topic down into manageable pieces. You'll discover how different parts of the approach fit together in a way that enables engineering teams to build more secure applications without slowing down productivity.

With this book, you'll learn:

The four pillars of access: connectivity, authentication, authorization, and audit
Why every attack follows the same pattern, and how to make this threat impossible
How to implement identity-based access across your entire infrastructure with digital certificates
Why it's time for secret-based credentials to go away
How to securely connect to remote resources including servers, databases, K8s Pods, and internal applications such as Jenkins and GitLab
Authentication and authorization methods for gaining access to and permission for using protected resources

Osoby które kupowały "Identity-Native Infrastructure Access Management", wybierały także:

Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
DevOps w praktyce. Kurs video. Jenkins, Ansible, Terraform i Docker 190,00 zł, (39,90 zł -79%)
Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)

Spis treści

Identity-Native Infrastructure Access Management eBook -- spis treści

Preface
- Who Should Read This Book
- Goals of the Book
- Navigating This Book
- Conventions Used in This Book
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
1. Introduction: The Pillars of Access
- Most Attacks Are the Same
- Access
  - Secure Connectivity
  - Authentication
  - Authorization
  - Audit
- Security Versus Convenience
- Scaling Hardware, Software, and Peopleware
- Identity-Native Infrastructure Access
2. Identity
- Identity and Access Management
- Identity and Credentials
  - Traditional Approaches to Access
    - Why secrets are bad
    - Why shared secrets are worse
    - Secrets are a vector for human error
  - Identity-Based Credentials
- Establishing Trust in Identity
- Identities in Infrastructure
- Long-Lived Identities
- Ephemeral Identities
- Identity-Native Access
  - Identity Storage
  - Identity Attestation
    - Credentials at scale
    - How digital certificates work as credentials
    - How certificates are created
  - Reducing the Number of Secrets to One
- A Path to Identity-Native Infrastructure Access
  - Eliminate Access Silos
  - Move to Certificates for Identity Proofing
  - Extend Identity-Native Access to Service Accounts
3. Secure Connectivity
- Cryptography
  - One-Way Functions and Hashing
  - Symmetric Encryption
    - Stream cipher
    - Block cipher
    - Authenticated encryption with associated data (AEAD)
  - Asymmetric Encryption
    - Public-private key pairs
    - Key exchange
    - Digital signatures and document signing
  - Certificates as Public Keys
- The Untrusted Network
  - Encrypted and Authenticated Connectivity
  - Moving Up in the Networking Stack
  - Perimeterless Networking for North-South Traffic
  - Microsegmentation for East-West Traffic
  - Unifying the Infrastructure Connectivity Layer
- Secure Connectivity and Zero Trust
4. Authentication
- Evaluating Authentication Methods
  - Robustness
  - Ubiquity
  - Scalability
  - Secret-Based Authentication
    - Secrets: Robustness
    - Secrets: Ubiquity
    - Secrets: Scalability
  - Public Key Authentication
    - Public key authentication: Robustness
    - Public key authentication: Ubiquity
    - Public key authentication: Scalability
  - Certificate-Based Authentication
    - Certificates: Robustness
    - Certificates: Ubiquity
    - Certificates: Scalability
- Multifactor Authentication
- Single Sign-On
  - How SSO Works
    - SSO with domain credentials
    - SSO with credential injection
    - SSO with federated authentication
  - Beyond Traditional SSO
- Identity-Native Authentication
  - Identity Proofing
  - Device Attestation
  - WebAuthn
  - Authenticating Machines
  - Preserving Identity Postauthentication
5. Authorization
- Infrastructure Protects Data
- Types of Authorization
  - Discretionary Access Control
  - Mandatory Access Control
  - The BellLaPadula Model
    - Simple Security (SS) Property
    - * (Star) Security Property
    - The Discretionary Security (DS) Property
  - Multics
    - Files and segments
    - Access control in Multics
      - Multics ACLs
      - Multics protection ring mechanism
      - Access Isolation Mechanism (AIM)
      - Multics security in sum
  - Mandatory Access Control in Linux
  - Nondiscretionary Access Control
    - Role-based access control
    - Attribute-based access control
    - Task-based access control
- Privilege Management
  - Principle of Least Privilege
  - Zero Standing Privilege
  - Just-in-Time Access
  - Dual Authorization
- Challenges in Authorization
  - Access Silos
  - Privilege Classification
  - Authorization for Machines
  - Complexity and Granularity
- Identity and Zero Trust
  - Identity First
  - Single Source of Policy Truth
  - Context-Driven Access
  - Identity-Aware Proxy
6. Auditing
- Types of Logs
  - Audit Logs
  - Session Recordings
- Logging at Different Layers
  - Host Logging
    - Syslog
    - Advanced system monitoring
  - Network Monitoring
  - Log Aggregation
- Security Information and Event Management (SIEM)
- Log Schemas
- Storage Trade-Offs and Techniques
- Evolution of the Cloud Data Warehouse
- Log Analysis Techniques
  - Log Analysis Example: Modern Ransomware Attack
    - Reconnaissance
    - Weaponization
    - Delivery
    - Exploitation
    - Installation
    - Command and control
    - Actions on objective
    - Attack postmortem
- Auditing and Logging in an Identity-Native System
7. Scaling Access: An Example Using Teleport
- Access at Scale
- Identity-Native Access Checklist
- Necessary Components
- The Teleport Infrastructure Access Platform
  - The Cluster
    - Auth Service
    - Proxy Service
    - Access services
  - How Teleport Works
  - Managing Users
  - Managing Client Devices
  - Managing Permissions
  - Managing Audit
  - Zero Trust Configuration
- Living the Principles of Identity-Native Access
8. A Call to Action
- Security and Convenience at Scale
- The Future of Trust
- Infrastructure as One Big Machine
- The Future of Security Threats
- Closing Words
Index