| Description |
1 online resource (306 pages) |
|
text file |
|
PDF |
| Bibliography |
Includes bibliographical references and index. |
| Summary |
Understand how Zero Trust security can and should integrate into your organization. This book covers the complexity of enterprise environments and provides the realistic guidance and requirements your security team needs to successfully plan and execute a journey to Zero Trust while getting more value from your existing enterprise security architecture. After reading this book, you will be ready to design a credible and defensible Zero Trust security architecture for your organization and implement a step-wise journey that delivers significantly improved security and streamlined operations. Zero Trust security has become a major industry trend, and yet there still is uncertainty about what it means. Zero Trust is about fundamentally changing the underlying philosophy and approach to enterprise securitymoving from outdated and demonstrably ineffective perimeter-centric approaches to a dynamic, identity-centric, and policy-based approach. Making this type of shift can be challenging. Your organization has already deployed and operationalized enterprise security assets such as Directories, IAM systems, IDS/IPS, and SIEM, and changing things can be difficult. Zero Trust Security uniquely covers the breadth of enterprise security and IT architectures, providing substantive architectural guidance and technical analysis with the goal of accelerating your organizations journey to Zero Trust. You will: Understand Zero Trust security principles and why it is critical to adopt them See the security and operational benefits of Zero Trust Make informed decisions about where, when, and how to apply Zero Trust security architectures Discover how the journey to Zero Trust will impact your enterprise and security architecture Be ready to plan your journey toward Zero Trust, while identifying projects that can deliver immediate security benefits for your organization. |
| Contents |
Intro -- Table of Contents -- About the Authors -- About the Technical Reviewer -- Acknowledgments -- Foreword -- Part I: Overview -- Chapter 1: Introduction -- Chapter 2: What Is Zero Trust? -- History and Evolution -- Forrester's Zero Trust eXtended (ZTX) Model -- Gartner's Approach to Zero Trust -- Our Perspective on Zero Trust -- Core Principles -- Expanded Principles -- A Working Definition -- Zero Trust Platform Requirements -- Summary -- Chapter 3: Zero Trust Architectures -- A Representative Enterprise Architecture -- Identity and Access Management |
|
Network Infrastructure (Firewalls, DNS, Load Balancers) -- Jump Boxes -- Privileged Access Management -- Network Access Control -- Intrusion Detection/Intrusion Prevention -- Virtual Private Network -- Next-Generation Firewalls -- Security Information and Event Management -- Web Server and Web Application Firewall -- Infrastructure as a Service -- Software as a Service and Cloud Access Security Brokers -- A Zero Trust Architecture -- The NIST Zero Trust Model -- A Conceptual Zero Trust Architecture -- Policy Components -- Types of Policy Enforcement Points -- What Is a Policy Enforcement Point? |
|
Zero Trust Deployment Models -- Resource-Based Deployment Model -- Enclave-Based Deployment Model -- Cloud-Routed Deployment Model -- Microsegmentation Deployment Model -- Summary -- Chapter 4: Zero Trust in Practice -- Google's BeyondCorp -- PagerDuty's Zero Trust Network -- The Software-Defined Perimeter and Zero Trust -- Mutual TLS Communications -- Single-Packet Authorization -- SDP Case Study -- Zero Trust and Your Enterprise -- Summary -- Part II: Zero Trust and Enterprise Architecture Components -- Chapter 5: Identity and Access Management -- IAM in Review -- Identity Stores (Directories) |
|
Databases -- LDAP -- Identity-as-a-Service -- Identity Lifecycle -- Lifecycle Management -- Identity Governance -- Access Management -- Authentication -- LDAP -- RADIUS -- SAML -- OAuth2 -- OpenID Connect (OIDC) -- Certificate-Based Authentication -- FIDO2 -- Mobile and Biometrics -- Authorization -- Zero Trust and IAM -- Authentication, Authorization, and Zero Trust Integration -- Enhancing Legacy System Authentication -- Zero Trust as Catalyst for Improving IAM -- Summary -- Chapter 6: Network Infrastructure -- Network Firewalls -- The Domain Name System -- Public DNS Servers |
|
Private DNS Servers -- Monitoring DNS for Security -- Wide Area Networks -- Load Balancers, Application Delivery Controllers, and API Gateways -- Web Application Firewalls -- Summary -- Chapter 7: Network Access Control -- Introduction to Network Access Control -- Zero Trust and Network Access Control -- Unmanaged Guest Network Access -- Managed Guest Network Access -- Managed vs. Unmanaged Guest Networks: A Debate -- Employee BYOD -- Device Posture Checks -- Device Discovery and Access Controls -- Summary -- Chapter 8: Intrusion Detection and Prevention Systems -- Types of IDPS |
| Subject |
Computer networks -- Security measures.
|
|
Réseaux d'ordinateurs -- Sécurité -- Mesures. |
|
Computer networks -- Security measures |
| Added Author |
Chapman, Jerry W., author.
|
| Other Form: |
Print version: Garbis, Jason. Zero Trust Security : An Enterprise Guide. Berkeley, CA : Apress L.P., ©2021 9781484267011 |
| ISBN |
9781484267028 (electronic bk.) |
|
1484267028 (electronic bk.) |
|
9781484267035 (print) |
|
1484267036 |
| Standard No. |
10.1007/978-1-4842-6702-8 doi |
|
More Resources