Facebook Pixel
Searching...
English
EnglishEnglish
EspañolSpanish
简体中文Chinese
FrançaisFrench
DeutschGerman
日本語Japanese
PortuguêsPortuguese
ItalianoItalian
한국어Korean
РусскийRussian
NederlandsDutch
العربيةArabic
PolskiPolish
हिन्दीHindi
Tiếng ViệtVietnamese
SvenskaSwedish
ΕλληνικάGreek
TürkçeTurkish
ไทยThai
ČeštinaCzech
RomânăRomanian
MagyarHungarian
УкраїнськаUkrainian
Bahasa IndonesiaIndonesian
DanskDanish
SuomiFinnish
БългарскиBulgarian
עבריתHebrew
NorskNorwegian
HrvatskiCroatian
CatalàCatalan
SlovenčinaSlovak
LietuviųLithuanian
SlovenščinaSlovenian
СрпскиSerbian
EestiEstonian
LatviešuLatvian
فارسیPersian
മലയാളംMalayalam
தமிழ்Tamil
اردوUrdu
Zero Trust Networks

Zero Trust Networks

Building Secure Systems in Untrusted Networks
by Evan Gilman 2017 238 pages
4.02
100+ ratings
Listen
9 minutes

Key Takeaways

1. Zero Trust Networks: A Paradigm Shift in Cybersecurity

The zero trust model turns this diagram inside out.

Fundamental shift in security. Zero trust networks represent a revolutionary approach to cybersecurity, abandoning the traditional perimeter-based model. Instead of assuming trust within a network, zero trust assumes no trust by default, regardless of whether a user or device is inside or outside the corporate network. This model requires:

  • Authentication and authorization for every network request
  • Encryption of all data in transit
  • Continuous monitoring and validation of security posture

Key principles:

  • The network is always assumed to be hostile
  • External and internal threats exist at all times
  • Network locality is not sufficient for deciding trust
  • Every device, user, and network flow is authenticated and authorized
  • Policies must be dynamic and calculated from multiple data sources

2. The Perimeter Model is Dead: Embrace the Zero Trust Architecture

Switching to a trust score model for policies isn't without its downsides.

Evolution of network security. The traditional perimeter model, which relied on firewalls and VPNs to create a "secure" internal network, is no longer sufficient in today's complex and distributed IT environments. Zero trust architecture addresses the limitations of the perimeter model by:

  • Eliminating the concept of a trusted internal network
  • Implementing strong authentication and authorization for all resources
  • Applying micro-segmentation to limit lateral movement
  • Using encryption to protect data in transit and at rest

Benefits of zero trust:

  • Improved security posture against both external and internal threats
  • Better visibility and control over network traffic
  • Reduced attack surface and limited blast radius in case of a breach
  • Simplified network management and reduced dependence on VPNs

3. Identity and Access Management: The Cornerstone of Zero Trust

Authentication comes with another interesting property.

Identity is crucial. In a zero trust model, strong identity and access management (IAM) is fundamental. Every user, device, and application must have a verifiable identity, and access decisions are made based on these identities and associated attributes.

Key components of IAM in zero trust:

  • Multi-factor authentication (MFA) for all users
  • Fine-grained access controls based on user roles and attributes
  • Continuous authentication and authorization
  • Identity federation and single sign-on (SSO) capabilities
  • Dynamic policy enforcement based on real-time risk assessment

Trust scoring: Implement a dynamic trust scoring system that considers factors such as:

  • User behavior patterns
  • Device health and compliance
  • Location and time of access
  • Sensitivity of the requested resource

4. Device Trust: Securing the Endpoints in a Zero Trust Network

Trusting devices in a zero trust network is extremely critical; it's also an exceedingly difficult problem.

Endpoint security is vital. In a zero trust network, devices are potential entry points for attackers and must be thoroughly secured and continuously monitored. Key aspects of device trust include:

  • Strong device authentication using certificates or hardware-backed credentials
  • Continuous assessment of device health and compliance
  • Automated patching and updates
  • Endpoint detection and response (EDR) capabilities
  • Device isolation and remote wipe capabilities

Implementing device trust:

  1. Establish a robust device inventory and management system
  2. Implement a secure device onboarding process
  3. Use hardware security modules (HSM) or Trusted Platform Modules (TPM) when possible
  4. Regularly rotate device credentials and certificates
  5. Monitor device behavior for anomalies and potential compromises

5. Application Security: Building Trust from Code to Execution

Trusting the device is just half of the story. One must also trust the code and the programmers who wrote it.

Secure the entire pipeline. Application security in a zero trust environment extends beyond just securing the running application. It encompasses the entire software development lifecycle and runtime environment. Key considerations include:

  • Secure coding practices and developer training
  • Regular code reviews and static analysis
  • Vulnerability scanning and penetration testing
  • Runtime application self-protection (RASP)
  • Continuous monitoring and logging of application behavior

Application trust measures:

  • Use code signing to ensure integrity of deployed applications
  • Implement application-level encryption and access controls
  • Employ micro-segmentation to limit application-to-application communication
  • Utilize container security and orchestration tools for containerized applications
  • Implement just-in-time (JIT) and just-enough-access (JEA) principles for application privileges

6. Network Traffic Security: Encryption, Authentication, and Authorization

Encryption brings confidentiality, but it can also be an occasional nuisance.

Secure all communications. In a zero trust network, all traffic must be encrypted, authenticated, and authorized, regardless of its origin or destination. This approach ensures data confidentiality and integrity while preventing unauthorized access and lateral movement.

Key aspects of network traffic security:

  • Use of strong encryption protocols (e.g., TLS 1.3, IPsec)
  • Mutual authentication for all network connections
  • Network segmentation and micro-segmentation
  • Software-defined perimeter (SDP) or black cloud architecture
  • Continuous monitoring and analysis of network traffic patterns

Implementation strategies:

  1. Deploy a public key infrastructure (PKI) for managing certificates
  2. Implement protocol-aware proxies for fine-grained access control
  3. Use network encryption gateways for legacy systems
  4. Employ network detection and response (NDR) tools for threat detection
  5. Implement DNS security measures (DNSSEC, DoH, DoT)

7. Implementing Zero Trust: A Gradual and Pragmatic Approach

Zero trust advocates for a control plane that injects the results of authorization decisions into the network to allow trusted communication to occur.

Phased implementation. Transitioning to a zero trust model is a significant undertaking that requires careful planning and execution. A gradual, phased approach allows organizations to realize benefits while minimizing disruption to existing operations.

Steps for implementing zero trust:

  1. Assess current security posture and identify gaps
  2. Define zero trust objectives and priorities
  3. Start with a pilot project or specific use case
  4. Implement strong identity and access management
  5. Enhance device security and management
  6. Secure applications and workloads
  7. Implement network segmentation and traffic encryption
  8. Deploy monitoring and analytics capabilities
  9. Continuously refine and expand the zero trust model

Key considerations:

  • Involve stakeholders from across the organization
  • Focus on user experience to ensure adoption
  • Leverage existing security investments where possible
  • Plan for integration with cloud and hybrid environments
  • Develop metrics to measure the effectiveness of zero trust implementation

8. The Human Element: Social Engineering and Physical Security in Zero Trust

Social engineering attacks, which trick trusted humans into taking action on a trusted device, are still very much a concern in zero trust networks.

Human vulnerabilities persist. While zero trust significantly improves technical security, human factors remain a potential weak point. Social engineering attacks, insider threats, and physical security risks must be addressed alongside technological controls.

Strategies to address human-centric risks:

  • Comprehensive security awareness training for all employees
  • Simulated phishing and social engineering exercises
  • Clear policies and procedures for handling sensitive information
  • Physical security measures (e.g., access controls, surveillance)
  • Background checks and periodic security clearance reviews
  • Insider threat detection and prevention programs

Balancing security and usability:

  • Implement user-friendly security tools and processes
  • Provide clear explanations for security measures
  • Offer multiple authentication options to suit different user needs
  • Use behavioral analytics to detect anomalies without burdening users
  • Regularly gather feedback and adjust policies to improve user experience

Human-centric security measures are crucial to complement the technological aspects of zero trust, creating a holistic and resilient security posture.

Last updated:

Review Summary

4.02 out of 5
Average of 100+ ratings from Goodreads and Amazon.

Zero Trust Networks receives mostly positive reviews, with an average rating of 4.02/5. Readers praise its comprehensive overview of zero trust concepts, though some find it too theoretical. The book is lauded for explaining the philosophy behind zero trust networks and comparing them to traditional security models. Critics note a lack of practical implementation details and suggest it may be most relevant for large organizations. Overall, it's considered a valuable introduction to an emerging security paradigm, despite some limitations in applicability.

Your rating:

About the Author

Evan Gilman is a respected author and expert in the field of network security. He co-authored "Zero Trust Networks: Building Secure Systems in Untrusted Networks" with Doug Barth, which has become a seminal work on the zero trust security model. Gilman's expertise lies in designing and implementing secure network architectures, particularly those based on zero trust principles. His work has contributed significantly to the advancement of modern cybersecurity practices, focusing on treating all network traffic as untrusted and implementing strong authentication and access control measures. Gilman's insights have been influential in shaping how organizations approach network security in increasingly complex and distributed environments.

Download PDF

To save this Zero Trust Networks summary for later, download the free PDF. You can print it out, or read offline at your convenience.
Download PDF
File size: 0.24 MB     Pages: 11

Download EPUB

To read this Zero Trust Networks summary on your e-reader device or app, download the free EPUB. The .epub digital book format is ideal for reading ebooks on phones, tablets, and e-readers.
Download EPUB
File size: 2.97 MB     Pages: 9
0:00
-0:00
1x
Dan
Andrew
Michelle
Lauren
Select Speed
1.0×
+
200 words per minute
Create a free account to unlock:
Bookmarks – save your favorite books
History – revisit books later
Ratings – rate books & see your ratings
Unlock unlimited listening
Your first week's on us!
Today: Get Instant Access
Listen to full summaries of 73,530 books. That's 12,000+ hours of audio!
Day 4: Trial Reminder
We'll send you a notification that your trial is ending soon.
Day 7: Your subscription begins
You'll be charged on Nov 30,
cancel anytime before.
Compare Features Free Pro
Read full text summaries
Summaries are free to read for everyone
Listen to summaries
12,000+ hours of audio
Unlimited Bookmarks
Free users are limited to 10
Unlimited History
Free users are limited to 10
What our users say
30,000+ readers
“...I can 10x the number of books I can read...”
“...exceptionally accurate, engaging, and beautifully presented...”
“...better than any amazon review when I'm making a book-buying decision...”
Save 62%
Yearly
$119.88 $44.99/yr
$3.75/mo
Monthly
$9.99/mo
Try Free & Unlock
7 days free, then $44.99/year. Cancel anytime.
Settings
Appearance