Zero Trust Security

Preface ix
Acknowledgements xi
About the Author xiii
Introduction xv

1 Use Case: Juice Factory 1
1.1 Company Profile 2
1.2 Getting to Know the Business and Finding the Crown Jewels 3

2 Zero Trust 7
2.1 Why Perimeter Security Is Insufficient 8
2.2 Zero Trust: Principles 8
2.3 NIST SP 800-207: Zero Trust Security Architecture 10
2.4 Implementing Zero Trust 12
2.5 Why Zero Trust Projects Fail 13
2.6 Applying Zero Trust to Juice Factory 14
2.7 Processes and Procedures 17
2.8 Summary 18

3 Docker 21
3.1 Installing Docker on Windows 23
3.2 Handling Containers with Docker 24
3.3 Docker Compose 26
3.4 Summary 27

4 Initial Design of the Juice Factory Network 29
4.1 Services and Docker Images 29
4.2 Summary 33

5 Network Segmentation and Network Security 35
5.1 Segmenting the Network 37
5.2 Key Technologies for Network Segmentation 38
5.3 Implementing Network Segmentation 39
5.4 Segmenting the Juice Factory Network 41
5.5 IPv6 46
5.6 Web Proxy 52
5.7 Summary 55

6 Network Monitoring 57
6.1 What Traffic to Monitor? 58
6.2 Techniques for Monitoring 59
6.3 Implementing Network Monitoring with Suricata 67
6.4 Blackhole and Darknet 72
6.5 Summary 73

7 Identity Access Management and Jump Box 75
7.1 Identity Access Management 75
7.2 Multi-factor Authentication 76
7.3 Credential Rotation 78
7.4 Single Sign-on 80
7.5 Applying Zero Trust to IAM 83
7.6 Importance of Separation of Duties 84
7.7 Jump Box 85
7.8 Summary 90

8 Endpoint Detection and Response 91
8.1 Core EDR Components 92
8.2 Comparison to Traditional AV 93
8.3 Adding EDR to Our ZTA 94
8.4 Velociraptor: An Open-source EDR 96
8.5 Deployment of Velociraptor in Our Environment 97
8.6 Working with Velociraptor 98
8.7 Application Allow Listing 105
8.8 Summary 109

9 Security Information and Event Management 111
9.1 SIEM Architecture 112
9.2 Log Collection 113
9.3 Data Processing Engine 117
9.4 Log Enrichment 118
9.5 Storage and Retention 118
9.6 Analysis and Visualisation Interface 118
9.7 What to Log? 118
9.8 Zero Trust SIEM 120
9.9 Implementing SIEM with ELK 122
9.10 Analyse Logs with Kibana 130
9.11 Incident Response 133
9.12 Detection Tuning 135
9.13 Sigma 135
9.14 Security Orchestration, Automation, and Response 140
9.15 Managed Security Service Provider 141
9.16 Summary 142

10 Vulnerability Management 143
10.1 Vulnerability Scanner 144
10.2 Zero Trust Vulnerability Management 146
10.3 Deployment of Nessus Within Our Docker Environment 149
10.4 Summary 156

11 DevSecOps and Web Protection 159
11.1 The CALMS Framework 160
11.2 OWASP Top 10 161
11.3 Applying Zero Trust to the Development Process: Static and Dynamic Code Analysis 163
11.4 Web Application Firewall 165
11.5 Software Bill of Material 171
11.6 Applying DevSecOps to Security 172
11.7 Summary 174

12 What About People? 175
12.1 Culture 176
12.2 Tabletop Exercise 178
12.3 Summary 182

13 Journey from Flat Network to Zero Trust 185
13.1 Cloud 186
13.2 All That We Have Achieved So Far 187

Glossary 195
Index 197