Let’s face it. The perimeter-based architecture has failed us. Today’s attack vectors can easily defeat expensive stateful firewalls and evade IDS systems. Perhaps even worse, a perimeter tricks people into believing that the network behind it is somehow “safe,” despite the fact that chances are overwhelmingly high that at least one device on that network is already compromised.
It is time to consider an alternative approach. Zero Trust is a new security model that considers all parts of the network to be equally untrusted. Taking this stance dramatically changes the way we implement security systems. For instance, how useful is a perimeter firewall if the networks on either side are equally untrusted? What is your VPN protecting if the network you’re dialing into is untrusted? The Zero Trust architecture is very different indeed.
Doug and Evan show how to leverage a network’s strengths by combining traditional SRE security approaches with novel technological arrangements while using software and hardware to secure the systems operating in those networks as they explore the Zero Trust model itself, why it’s so important, what a Zero Trust network looks like, and what components are required in order to actually meet the challenge.
Evan Gilman is a site reliability engineer currently focusing on Zero Trust research. With roots in academia, Evan finds passion in both reliable, performant systems, and the networks they run on. When he’s not building automated network systems, he can be found at the nearest pinball table or working on his upcoming book, Zero Trust Networks.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org