Osoby które kupowały "Zero Trust Networks. 2nd Edition", wybierały także:

• Cisco CCNA 200-301. Kurs video. Administrowanie bezpieczeÅ„stwem sieci. Część 3 665,00 zÅ‚, (39,90 zÅ‚ -94%)
• Cisco CCNA 200-301. Kurs video. Administrowanie urzÄ…dzeniami Cisco. Część 2 665,00 zÅ‚, (39,90 zÅ‚ -94%)
• Cisco CCNA 200-301. Kurs video. Podstawy sieci komputerowych i konfiguracji. Część 1 665,00 zÅ‚, (39,90 zÅ‚ -94%)
• Impact of P2P and Free Distribution on Book Sales 427,14 zÅ‚, (29,90 zÅ‚ -93%)
• Cisco CCNP Enterprise 350-401 ENCOR. Kurs video. Programowanie i automatyzacja sieci 443,33 zÅ‚, (39,90 zÅ‚ -91%)

Spis treści

Zero Trust Networks. 2nd Edition eBook -- spis treści

• Preface
  • Who Should Read This Book
  • Why We Wrote This Book
  • Navigating This Book
  • Conventions Used in This Book
  • OReilly Online Learning
  • How to Contact Us
  • Acknowledgments from the First Edition
  • Acknowledgments from the Second Edition
• 1. Zero Trust Fundamentals
  • What Is a Zero Trust Network?
    • Introducing the Zero Trust Control Plane
  • Evolution of the Perimeter Model
    • Managing the Global IP Address Space
    • Birth of Private IP Address Space
    • Private Networks Connect to Public Networks
    • Birth of NAT
    • The Contemporary Perimeter Model
  • Evolution of the Threat Landscape
  • Perimeter Shortcomings
  • Where the Trust Lies
  • Automation as an Enabler
  • Perimeter Versus Zero Trust
  • Applied in the Cloud
  • Role of Zero Trust in National Cybersecurity
  • Summary
• 2. Managing Trust
  • Threat Models
    • Common Threat Models
    • Zero Trusts Threat Model
  • Strong Authentication
  • Authenticating Trust
    • What Is a Certificate Authority?
    • Importance of PKI in Zero Trust
    • Private Versus Public PKI
    • Public PKI Is Better than None
  • Least Privilege
    • Dynamic Trust
    • Trust Score
    • Challenges with Trust Scores
    • Control Plane Versus Data Plane
  • Summary
• 3. Context-Aware Agents
  • What Is an Agent?
    • Agent Volatility
    • Whats in an Agent?
    • How Is an Agent Used?
    • Agents Are Not for Authentication
  • How to Expose an Agent?
    • Rigidity and Fluidity, at the Same Time
    • Standardization Desirable
    • In the Meantime?
  • Summary
• 4. Making Authorization Decisions
  • Authorization Architecture
  • Enforcement
  • Policy Engine
    • Policy Storage
    • What Makes Good Policy?
    • Who Defines Policy?
    • Policy Reviews
  • Trust Engine
    • What Entities Are Scored?
      • Using network agents for scoring
      • Using devices for scoring
    • Exposing Scores Considered Risky
  • Data Stores
  • Scenario Walkthrough
  • Summary
• 5. Trusting Devices
  • Bootstrapping Trust
    • Generating and Securing Identity
    • Identity Security in Static and Dynamic Systems
  • Authenticating Devices with the Control Plane
    • X.509
      • Certificate chains and certification authorities
      • Device identity and X.509
      • Public and private components
      • Private key storage challenges
      • X.509 for device authentication
    • TPMs
      • Encrypting data using a TPM
      • Intermediary keys and passphrases
      • Platform configuration registers
      • Remote attestation
    • TPMs for Device Authentication
    • HSM and TPM Attack Vectors
    • Hardware-Based Zero Trust Supplicant?
  • Inventory Management
    • Knowing What to Expect
    • Secure Introduction
  • Renewing and Measuring Device Trust
    • Local Measurement
    • Remote Measurement
    • Unified Endpoint Management (UEM)
  • Software Configuration Management
    • CM-Based Inventory
    • Searchable Inventory
    • Secure Source of Truth
  • Using Device Data for User Authorization
  • Trust Signals
    • Time Since Image
    • Historical Access
    • Location
    • Network Communication Patterns
    • Machine Learning
  • Scenario Walkthrough
    • Use Case: Bob Wants to Send a Document for Printing
    • Request Analysis
    • Use Case: Bob Wants to Delete an Email
    • Request Analysis
  • Summary
• 6. Trusting Identities
  • Identity Authority
  • Bootstrapping Identity in a Private System
    • Government-Issued Identification
    • Nothing Beats Meatspace
    • Expectations and Stars
  • Storing Identity
    • User Directories
    • Directory Maintenance
  • When to Authenticate Identity
    • Authenticating for Trust
    • Trust as the Authentication Driver
    • The Use of Multiple Channels
    • Caching Identity and Trust
  • How to Authenticate Identity
    • Something You Know: Passwords
    • Something You Have: TOTP
    • Something You Have: Certificates
    • Something You Have: Security Tokens
    • Something You Are: Biometrics
    • Behavioral Patterns
  • Out-of-Band Authentication
    • Single Sign-On
    • Workload Identities
    • Moving Toward a Local Auth Solution
  • Authenticating and Authorizing a Group
    • Shamirs Secret Sharing
    • Red October
  • See Something, Say Something
  • Trust Signals
  • Scenario Walkthrough
    • Use Case: Bob Wants to View a Sensitive Financial Report
    • Request Analysis
  • Summary
• 7. Trusting Applications
  • Understanding the Application Pipeline
  • Trusting Source Code
    • Securing the Repository
    • Authentic Code and the Audit Trail
    • Code Reviews
  • Trusting Builds
    • Software Bill of Materials (SBOM): The Risk
    • Trusted Input, Trusted Output
    • Reproducible Builds
    • Decoupling Release and Artifact Versions
  • Trusting Distribution
    • Promoting an Artifact
    • Distribution Security
    • Integrity and Authenticity
    • Trusting a Distribution Network
  • Humans in the Loop
  • Trusting an Instance
    • Upgrade-Only Policy
    • Authorized Instances
  • Runtime Security
    • Secure Coding Practices
    • Isolation
    • Active Monitoring
  • Secure Software Development Lifecycle (SDLC)
    • Requirements and Design
    • Coding and Implementation
    • Static and Dynamic Code Analysis
    • Peer Reviews and Code Audits
    • Quality Assurance and Testing
    • Deployment and Maintenance
    • Continuous Improvement
  • Protecting Application and Data Privacy
    • When You Host Applications in a Public Cloud, How Can You Trust It?
    • Confidential Computing
    • Understanding Hardware-Based Root-of-Trust (RoT)
    • Role of Attestation
  • Scenario Walkthrough
    • Use Case: Bob Sends Highly Sensitive Data to Financial Application for Computation
    • Request Analysis
  • Summary
• 8. Trusting the Traffic
  • Encryption Versus Authentication
  • Authenticity Without Encryption?
  • Bootstrapping Trust: The First Packet
    • FireWall KNock OPerator (fwknop)
    • Short-Lived Exceptions
    • SPA Payload
    • Payload Encryption
    • HMAC
  • Where Should Zero Trust Be in the Network Model?
    • Client and Server Split
    • Network Support Issues
    • Device Support Issues
    • Application Support Issues
    • A Pragmatic Approach
    • Microsoft Server Isolation
  • The Protocols
    • IKE and IPsec
    • Mutually Authenticated TLS (mTLS)
      • Separation of duty
      • Bulk encryption
      • Message authenticity
      • Mutually authenticated TLS for device authentication
  • Trusting Cloud Traffic: Challenges and Considerations
  • Cloud Access Security Brokers (CASBs) and Identity Federation
  • Filtering
    • Host Filtering
    • Bookended Filtering
    • Intermediary Filtering
  • Scenario Walkthrough
    • Use Case: Bob Requests Access to an Email Service Over an Anonymous Proxy Network
    • Request Analysis
  • Summary
• 9. Realizing a Zero Trust Network
  • The First Steps Toward a Zero Trust Network: Understanding Your Current Network
    • Choosing Scope
    • Assessment and Planning
    • Requirements: What Is Actually Required?
    • All Network Flows MUST Undergo Authentication Before Processing
      • All network flows SHOULD be encrypted before transmission
      • Authentication and encryption MUST be performed by the application-layer endpoints
      • System access SHOULD be enforced by enumerating all network flows
      • The strongest authentication and encryption suites available SHOULD be used within the network
      • Authentication SHOULD NOT rely on public PKI providersprivate PKI systems should be used instead
      • Devices SHOULD be regularly scanned, patched, and rotated
    • Building a System Diagram
    • Understanding Your Flows
    • Micro-Segmentation
    • Software-Defined Perimeter
    • Controller-Less Architecture
    • Cheating with Configuration Management
  • Implementation Phase: Application Authentication and Authorization
    • Authenticating Load Balancers and Proxies
    • Relationship-Oriented Policy
    • Policy Distribution
    • Defining and Implementing Security Policies
    • Zero Trust Proxies
    • Client-Side Versus Server-Side Migrations
    • Endpoint Security
  • Case Studies
  • Case Study: Google BeyondCorp
    • The Major Components of BeyondCorp
      • Securely identifying the device
      • Device Inventory Database
      • Device identity
      • Securely identifying the user
      • Externalizing applications and workflows: the Access Proxy
      • Implementing inventory-based access control
    • Leveraging and Extending the GFE
      • User authentication
      • Authorization
      • Mutual authentication between the proxy and the backend
    • Challenges with Multiplatform Authentication
      • Desktops and laptops
      • Mobile devices
    • Migrating to BeyondCorp
      • Deploying an unprivileged network
      • Workflow qualification
      • Cutting back on VPN usage
      • Traffic analysis pipeline
      • Unprivileged network simulation
      • Migration strategy
      • Exemption handling
    • Lessons Learned
      • Communication
      • Engineers need support
      • Data quality and correlation
      • Sparse data sets
    • Conclusion
  • Case Study: PagerDutys Cloud-Agnostic Network
    • Configuration Management as an Automation Platform
    • Dynamically Calculated Local Firewalls
    • Distributed Traffic Encryption
    • Decentralized User Management
    • Rollout
    • Value of a Provider-Agnostic System
  • Summary
• 10. The Adversarial View
  • Potential Pitfalls and Dangers
  • Attack Vectors
  • Identity and Access
    • Credential Theft
    • Privilege Escalation and Lateral Movement
  • Infrastructure and Networks
    • Control Plane Security
    • Endpoint Enumeration
    • Untrusted Computing Platform
    • Distributed Denial of Service (DDoS) Attacks
    • Man-in-the-Middle (MitM) Attacks
    • Invalidation
    • Phishing
    • Physical Coercion
  • Role of Cyber Insurance
  • Summary
• 11. Zero Trust Architecture Standards, Frameworks, and Guidelines
  • Governments
    • United States
      • Executive Order (EO) 14028Improving the Nations Cybersecurity
      • National Institute of Standards and Technology (NIST)
      • Zero trust/zero trust architecture definition
      • Zero trust architecturelogical components
      • Zero trust architecturedeployment variations
        • Device agent/gateway-based deployment
        • Enclave gateway model
        • Resource portal-based deployment
        • Device application sandboxing
      • Trust algorithm
        • Evaluation of input sources by the trust algorithm
        • Evaluation of access request by the trust algorithm
      • Threats
      • National Cybersecurity Center of Excellence (NCCoE)
      • Cybersecurity and Infrastructure Security Agency (CISA)
      • Department of Defense (DoD)
      • National Security Agency (NSA)
    • United Kingdom
    • European Union
  • Private and Public Organizations
    • Cloud Security Alliance (CSA)
    • The Open Group
    • Gartner
    • Forrester
    • International Organization for Standardization (ISO)
  • Commercial Vendors
  • Summary
• 12. Challenges and the Road Ahead
  • Challenges
    • Mindset Shift
    • Shadow IT
    • Siloed Organizations
    • Lack of Cohesive Zero Trust Products
    • Scalability and Performance
    • Key Takeaways
  • Technological Advancements
    • Quantum Computing
    • Artificial Intelligence
    • Privacy-Enhancing Technologies
  • Summary
• A. A Brief Introduction to Network Models
  • Network Layers, Visually
  • OSI Network Model
    • Layer 1Physical Layer
    • Layer 2Data Link Layer
    • Layer 3Network Layer
    • Layer 4Transport Layer
    • Layer 5Session Layer
    • Layer 6Presentation Layer
    • Layer 7Application Layer
    • TCP/IP Network Model
• Index