What do you think?
Rate this book
Zero Trust Networks: Building Secure Systems in Untrusted Networks
The perimeter defenses guarding your network perhaps are not as secure as you think. Hosts behind the firewall have no defenses of their own, so when a host in the "trusted" zone is breached, access to your data center is not far behind. That’s an all-too-familiar scenario today. With this practical book, you’ll learn the principles behind zero trust architecture, along with details necessary to implement it.
The Zero Trust Model treats all hosts as if they’re internet-facing, and considers the entire network to be compromised and hostile. By taking this approach, you’ll focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility.
Understand how perimeter-based defenses have evolved to become the broken model we use todayExplore two case studies of zero trust in production networks on the client side (Google) and on the server side (PagerDuty)Get example configuration for open source tools that you can use to build a zero trust networkLearn how to migrate from a perimeter-based network to a zero trust network in production
The Zero Trust Model treats all hosts as if they’re internet-facing, and considers the entire network to be compromised and hostile. By taking this approach, you’ll focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility.
Understand how perimeter-based defenses have evolved to become the broken model we use todayExplore two case studies of zero trust in production networks on the client side (Google) and on the server side (PagerDuty)Get example configuration for open source tools that you can use to build a zero trust networkLearn how to migrate from a perimeter-based network to a zero trust network in production
398 pages, Kindle Edition
Published June 19, 2017
181 people are currently reading
522 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 20 of 20 reviews
July 13, 2018
The notion of zero trust networks (ZTN) was created in 2010 by John Kindervag, then of Forrester. Kindervag felt that as enterprises moved slowly towards a data-centric world with shifting threats and perimeters, a new concept of what constituted a secure network had to be created. It was ahead of its time and to a degree still is.
In a world of zero trust, all network traffic is considered untrusted. What this means from a security perspective is that anything that connects to that network must be fully secured. Much of a ZTN is predicated on strong authentication and access control, rounded out by effective data inspection and logging.
Most security professionals, and especially those studying for the CISSP exam, by default think of the 3-tier network architecture of the Internet, DMZ and trusted internal network. The ZT model throws that away and treats every device as if it’s an untrusted internet facing host. This means that every host on the internal network is considered hostile and compromised. To say this can create cognitive dissonance for some information security professionals is an understatement.
In Zero Trust Networks: Building Secure Systems in Untrusted Networks, authors Evan Gilman and Doug Barth have written a first-rate guide that details the core concepts of ZTN, in addition how to implement them. Note to the reader, if you think that designing and building a ZTN is plug and play, think again. Parenthetically, the authors write of the dangers of UPnP, which can allow any application to reconfigure a device. In the ZT model, this would never occur as there is a chain of trust between the host policies.
At the recent RSA Conference 2018, there were a few vendors touting zero trust solutions. The concept is still a few years away from being ubiquitous, but it is growing. From a security perspective, it is certainly an idea whose time has come. But the future growth of ZTN will likely be quite slow.
So just what is this thing called a ZTN? The book notes that a ZTN is built on these fundamental assertions:
The network is always assumed to be hostile.
External and internal threats exist on the network at all times.
Network locality is not sufficient for deciding trust in a network.
Every device, user, and network flow is authenticated and authorized.
Policies must be dynamic and calculated from as many sources of data as possible.
For those who thought PKI was dead, the authors write that all ZTN rely on PKI to prove identity throughout the network. But while public PKI are trusted by the internet at large, the authors write that it is not recommended for use in a ZTN.
A ZTN is particularly valuable when it comes to mobile devices. The authors write that surprisingly neither iOS nor Android ship with a host-based firewall. For those, the ZT model introduces the concept of single packet authentication (SPA) to reduce the attack surface on a mobile, or in fact, any host.
Chapter 9 details how to actually create a ZTN. The ZTN is predicated on 7 fundamental concepts. A few of them include that all network flows must be authenticated before being processed, all network flows should be encrypted before being transmitted, all network flows must be enumerated so that access can be enforced by the system, and more. Implementing those concepts is a challenge, but the benefits of a ZTN are quite compelling and make security sense. This chapter should be seen as a high-level introduction to the topics, as the notion of building a ZTN is far too complex and challenging to be fully covered in this 34-page chapter.
The authors are not so naïve to think that ZTN are a complete information security panacea. They are honest enough to note that ZTN, like every technology, protocol and the like are subject to attack. The book closes with how adversaries could attack a ZTN. From social engineering, DDoS and more, these must be considered when deploying a ZTN.
The concept of a ZTN forces network designers to rethink almost everything they know about security network design. As attacks get more sophisticated and network perimeters become more porous, the need for a ZTN will become more compelling. A ZTN is leading-edge infosec, but it won’t likely stay that way for much longer.
ZTN moves security from the network, obliterates the notion of a perimeter, and places it in the realm of identity and application-based security. For those looking to get a head-start on what the future of a secure network may look like, Zero Trust Networks: Building Secure Systems in Untrusted Networks is an excellent reference to get a solid introduction on the concept.
In a world of zero trust, all network traffic is considered untrusted. What this means from a security perspective is that anything that connects to that network must be fully secured. Much of a ZTN is predicated on strong authentication and access control, rounded out by effective data inspection and logging.
Most security professionals, and especially those studying for the CISSP exam, by default think of the 3-tier network architecture of the Internet, DMZ and trusted internal network. The ZT model throws that away and treats every device as if it’s an untrusted internet facing host. This means that every host on the internal network is considered hostile and compromised. To say this can create cognitive dissonance for some information security professionals is an understatement.
In Zero Trust Networks: Building Secure Systems in Untrusted Networks, authors Evan Gilman and Doug Barth have written a first-rate guide that details the core concepts of ZTN, in addition how to implement them. Note to the reader, if you think that designing and building a ZTN is plug and play, think again. Parenthetically, the authors write of the dangers of UPnP, which can allow any application to reconfigure a device. In the ZT model, this would never occur as there is a chain of trust between the host policies.
At the recent RSA Conference 2018, there were a few vendors touting zero trust solutions. The concept is still a few years away from being ubiquitous, but it is growing. From a security perspective, it is certainly an idea whose time has come. But the future growth of ZTN will likely be quite slow.
So just what is this thing called a ZTN? The book notes that a ZTN is built on these fundamental assertions:
The network is always assumed to be hostile.
External and internal threats exist on the network at all times.
Network locality is not sufficient for deciding trust in a network.
Every device, user, and network flow is authenticated and authorized.
Policies must be dynamic and calculated from as many sources of data as possible.
For those who thought PKI was dead, the authors write that all ZTN rely on PKI to prove identity throughout the network. But while public PKI are trusted by the internet at large, the authors write that it is not recommended for use in a ZTN.
A ZTN is particularly valuable when it comes to mobile devices. The authors write that surprisingly neither iOS nor Android ship with a host-based firewall. For those, the ZT model introduces the concept of single packet authentication (SPA) to reduce the attack surface on a mobile, or in fact, any host.
Chapter 9 details how to actually create a ZTN. The ZTN is predicated on 7 fundamental concepts. A few of them include that all network flows must be authenticated before being processed, all network flows should be encrypted before being transmitted, all network flows must be enumerated so that access can be enforced by the system, and more. Implementing those concepts is a challenge, but the benefits of a ZTN are quite compelling and make security sense. This chapter should be seen as a high-level introduction to the topics, as the notion of building a ZTN is far too complex and challenging to be fully covered in this 34-page chapter.
The authors are not so naïve to think that ZTN are a complete information security panacea. They are honest enough to note that ZTN, like every technology, protocol and the like are subject to attack. The book closes with how adversaries could attack a ZTN. From social engineering, DDoS and more, these must be considered when deploying a ZTN.
The concept of a ZTN forces network designers to rethink almost everything they know about security network design. As attacks get more sophisticated and network perimeters become more porous, the need for a ZTN will become more compelling. A ZTN is leading-edge infosec, but it won’t likely stay that way for much longer.
ZTN moves security from the network, obliterates the notion of a perimeter, and places it in the realm of identity and application-based security. For those looking to get a head-start on what the future of a secure network may look like, Zero Trust Networks: Building Secure Systems in Untrusted Networks is an excellent reference to get a solid introduction on the concept.
July 25, 2017
If you are interested in CSA's Software Defined Perimeter (SDP), then this book will help you get in the right mindset building on The Zero Trust Network Architecture envisioned by John Kindervag and Google's BeyondCorp research.
Easy to understand but it ventures on the theoretical side of Security Architecture. You might have a difficult time finding turnkey solutions to implement some of the concepts this book lays out. It does pack a lot in a concise well-written book.
Easy to understand but it ventures on the theoretical side of Security Architecture. You might have a difficult time finding turnkey solutions to implement some of the concepts this book lays out. It does pack a lot in a concise well-written book.
September 18, 2019
Today, providing security for software system is a necessary and complicated task. Book explains concepts and philosophies that are used to build a zero trust network. A zero trust network can provides security and the same time have enough flexibility to cover different access requirements of your system. Book don’t focus on implementations of a zero trust network. Network engineers, security engineers, CTOs, and everyone in between can benefit from zero trust learnings.
April 1, 2021
I'm a bit surprised that "Zero Trust Networks" is one of a small handful of books that I could find that deals with this topic. After all, the concept started kicking around security circles in the early 2000s. The Jericho Forum began talking about De-perimeterisation as far back as 2004. The problem they were trying to solve was that most of us install an electronic perimeter, a wall that bars access to our digital assets. But once you have legitimately logged in, you have access to everything inside the electronic wall. By de-perimeterisation, the Jericho Forum meant that verifying identity and granting access authorization would happen away from all of our digital assets. In other words, it would happen outside the electronic wall. Once granted, the user would get access to THE asset they needed, not all of the assets within the perimeter.
The US military incorporated some of those ideas into their Black Core initiative in 2007. Somewhere between then and 2010, the community started to refer to De-perimeterisation as Software Defined Perimeter or SDP. In 2010, John Kindervag, working for Forrester, published his essential Zero Trust white paper that solidified the concept and expanded upon it. That same year, because Google got hit by a massive Chinese cyber espionage attack coined Operation Aurora, their Site reliability Engineers rolled out an internal version of SDP as part of a network re-design. A few years later, about the same time that the Cloud Security Alliance adopted SDP as a best practice, Google launched a commercial offering of their internal SDP architecture called Beyond Core.
Let me be clear, SDP is not a complete zero trust solution as John Kindervag would likely point out. There are may things you can do to improve your zero trust posture, but if you deployed an SDP architecture, you would be along way down the road on your zero trust journey.
Enter Evan Gilman and Doug Barth. They published "Zero Trust Networks" in 2017 becoming first to market with what I thought would be a boat load of books on the subject. But that just hasn't happened. At this point, Gilman and Barth have written the authoritative source, at least in books, on the subject of zero trust.
Their first few chapters discuss what zero trust is and why you need it. Most of the rest of the book concerns how you might build your own zero trust system. More accurately, the authors focus on how you would build your own SDP system. They even included a Beyond Corp chapter written by Betsy Beyer, a technical writer for Google Site Reliability Engineering in NYC and a coauthor of another Cybersecurity Canon Hall of Fame Book: "Site Reliability Engineering: How Google Runs Production Systems." Through those chapters, readers learn about a different security design to consider, a zero trust design, that might and probably should replace their traditional perimeter defense architectures and defense in depth strategies.
I believe that that a zero trust architecture is a key first principle strategy that everybody should adopt in order to decrease the probability of material impact to your organization due to a cyber attack. It's not the only one, but it is an essential one. Gilman and Barth's book will help you understand what you need to do whether you build it yourself, buy it from Google (Beyond Core) or use some other third party who offer SDP services. In that regard, I recommend it for inclusion into the Cybersecurity Canon Hall of Fame.
The US military incorporated some of those ideas into their Black Core initiative in 2007. Somewhere between then and 2010, the community started to refer to De-perimeterisation as Software Defined Perimeter or SDP. In 2010, John Kindervag, working for Forrester, published his essential Zero Trust white paper that solidified the concept and expanded upon it. That same year, because Google got hit by a massive Chinese cyber espionage attack coined Operation Aurora, their Site reliability Engineers rolled out an internal version of SDP as part of a network re-design. A few years later, about the same time that the Cloud Security Alliance adopted SDP as a best practice, Google launched a commercial offering of their internal SDP architecture called Beyond Core.
Let me be clear, SDP is not a complete zero trust solution as John Kindervag would likely point out. There are may things you can do to improve your zero trust posture, but if you deployed an SDP architecture, you would be along way down the road on your zero trust journey.
Enter Evan Gilman and Doug Barth. They published "Zero Trust Networks" in 2017 becoming first to market with what I thought would be a boat load of books on the subject. But that just hasn't happened. At this point, Gilman and Barth have written the authoritative source, at least in books, on the subject of zero trust.
Their first few chapters discuss what zero trust is and why you need it. Most of the rest of the book concerns how you might build your own zero trust system. More accurately, the authors focus on how you would build your own SDP system. They even included a Beyond Corp chapter written by Betsy Beyer, a technical writer for Google Site Reliability Engineering in NYC and a coauthor of another Cybersecurity Canon Hall of Fame Book: "Site Reliability Engineering: How Google Runs Production Systems." Through those chapters, readers learn about a different security design to consider, a zero trust design, that might and probably should replace their traditional perimeter defense architectures and defense in depth strategies.
I believe that that a zero trust architecture is a key first principle strategy that everybody should adopt in order to decrease the probability of material impact to your organization due to a cyber attack. It's not the only one, but it is an essential one. Gilman and Barth's book will help you understand what you need to do whether you build it yourself, buy it from Google (Beyond Core) or use some other third party who offer SDP services. In that regard, I recommend it for inclusion into the Cybersecurity Canon Hall of Fame.
August 31, 2020
Zero trust networks emerged as a reaction to protect assets in a complex world of BYOD (bring your own devices) and work from anywhere. This is especially relevant in the post-COVID19 world. The book does a good job of covering the fundamentals and philosophy of Zero0Trust networks and compares them well with perimeter-based security.
The book is logically divided into the different chapters and goes through the fundamental firsts and the differences between perimeter-based security and Zero-Trust networks, slowly building up to implementation details and case studies. The book is quite high level so you will be disappointed if you are looking for cookbook-style guidelines or implementation-specific details related to vendor equipment. Overall a good read on a new style of building more secure networks.
The book is logically divided into the different chapters and goes through the fundamental firsts and the differences between perimeter-based security and Zero-Trust networks, slowly building up to implementation details and case studies. The book is quite high level so you will be disappointed if you are looking for cookbook-style guidelines or implementation-specific details related to vendor equipment. Overall a good read on a new style of building more secure networks.
April 26, 2019
Describing a security model more resilient to penetration, and less susceptible to break down for a time where a firewall is less and less adequate. The book does a good job of demonstrating the need to secure all computing assets and running through the implications of setting up an environment of pervasive security. It is also concise, reading this book is not a huge commitment.
It gives a good sense of how the practice of system administration has evolved over the last ten years.
It gives a good sense of how the practice of system administration has evolved over the last ten years.
May 25, 2020
The chapter 9 suggested playbook is good, and highlights the two case studies, which are helpful. Sidecar pattern is not mentioned even though it is quite evident in how some of the “sidecar” solutions are pitching their value proposition to implement more “granular” zero trust networks.
There is not much mentioned about cloud implementation scenarios and some parts felt half discussed like how to practically deal with ipsec, if they are not widely used. There is quite a need to use the book’s material to research on practical details.
The TPM reality when I discovered on the internet also seems to suggest that it might not be as matured as a technology. Guess ultimately, this is an evolving field and the hardware implementations aren’t as far ahead as the software implementation.
I think having more practice and getting on your own to the level of details can enhance the value of beyond reading the book.
There is not much mentioned about cloud implementation scenarios and some parts felt half discussed like how to practically deal with ipsec, if they are not widely used. There is quite a need to use the book’s material to research on practical details.
The TPM reality when I discovered on the internet also seems to suggest that it might not be as matured as a technology. Guess ultimately, this is an evolving field and the hardware implementations aren’t as far ahead as the software implementation.
I think having more practice and getting on your own to the level of details can enhance the value of beyond reading the book.
January 30, 2021
The book started great with a nice introduction to ZTN, then it focuses on its specific niche and, well it's not bad, let's be honest, but it doesn't apply to that many systems. Even if you are 'just' designing your microservices, maybe the ideas regarding auth you get from this book are too extreme.
Just to be clear, the book is just theory. It doesn't really talk concepts through an example that evolves through the chapters. A pity.
Overall, not bad as an introduction, but I was looking for something more... generic.
Just to be clear, the book is just theory. It doesn't really talk concepts through an example that evolves through the chapters. A pity.
Overall, not bad as an introduction, but I was looking for something more... generic.
March 15, 2021
Too much theory, too many fundamentals being reviewed for no reason multiple times during the book, too many things being said over and over again, too many ideas that have no practical way of being implemented today and/or no technology even remotely available for implementing them, some ideas that are just flat out ridiculous.
Read Google's beyondcorp papers and Gitlab's zeroTrust papers for a MUCH MUCH better introduction to zero trust networks and a practical way to implement them.
Read Google's beyondcorp papers and Gitlab's zeroTrust papers for a MUCH MUCH better introduction to zero trust networks and a practical way to implement them.
August 25, 2021
Professional development read for work. Recommended by an individual that I highly respect and is incredibly brilliant.
A lot of this material however, is extensively covered within my masters degree program, CISSP, and other professional development pursuits I have undergone.
Would be rated significantly higher if I read this book about 3-4 years ago.
A lot of this material however, is extensively covered within my masters degree program, CISSP, and other professional development pursuits I have undergone.
Would be rated significantly higher if I read this book about 3-4 years ago.
August 3, 2023
Good high level overview of zero trust networks. Covers the topic at a high-level which is easy to understand. Won't help someone trying to get started in zero trust networks, but does provide pointers on where to look, and what should be considered.
January 6, 2019
Good review of the area
The book also gives a nice overview of cyber security. It covers many concepts that are forgotten in the day to day work.
The book also gives a nice overview of cyber security. It covers many concepts that are forgotten in the day to day work.
February 10, 2023
Reading and understanding this book got me a job at Google lol
September 30, 2025
The book is a good introduction to the concept of zero trust networks.
August 22, 2020
Clear principles, good language.
February 11, 2021
I am not sure, what is the target audience of this book. First 8 chapters are purely theoretical and describe nice (not to say beautiful) security framework not relying on network zoning to establish trust. Unfortunately, the level of maturity of the most organisations if so beyond the prerequisites for this framework efficient implementation, that it most probably will be damaging to implement it. In other words, if you are not Google or Facebook, don’t try this at home.
Chapter 9 describes practical implementation and consist of two cases discussed: Google and PagerDuty. Google case is a set of fragments directly pasted from their “beyondcorp” whitepaper with little to no additional information. You’d be better off reading “Beyondcorp” series if you want to learn how Google approach security on the corp side. They are freely available on Google’s site. PagerDuty case is basically “we run host based firewall and transport IPSec on all servers”. It is really not worth reading and definitely does not correspond to what the authors described earlier in the book.
To sum it up. If you are Google, Facebook or Airbus, it might be of interest for you, but then you either already know what to do, or you will gain more by reading “beyondcorp” series. If you are not one of them, put your authentication and software update policies in order, this will be more helpful in the long run.
Chapter 9 describes practical implementation and consist of two cases discussed: Google and PagerDuty. Google case is a set of fragments directly pasted from their “beyondcorp” whitepaper with little to no additional information. You’d be better off reading “Beyondcorp” series if you want to learn how Google approach security on the corp side. They are freely available on Google’s site. PagerDuty case is basically “we run host based firewall and transport IPSec on all servers”. It is really not worth reading and definitely does not correspond to what the authors described earlier in the book.
To sum it up. If you are Google, Facebook or Airbus, it might be of interest for you, but then you either already know what to do, or you will gain more by reading “beyondcorp” series. If you are not one of them, put your authentication and software update policies in order, this will be more helpful in the long run.
This entire review has been hidden because of spoilers.
Read
February 23, 2024A bit high level but that's to be expected in such a short book. I haven't been this excited by a new concept in a long while. If you actually do ZTN (BeyondCorp) "properly" it allows you to bring in the End-to-End principle again. Not allowing other layers to act as a cheap proxy for security that should have been done at the end point. I realize why we (collectively) made those choices over the years, but now we have the computing power and tools to realize it, we should go for it.
June 14, 2020
A book of choice if you want to improve your organization security
May 18, 2021
Just read the google whitepapers and the NIST publication on ZTN
June 28, 2018
Zero Trust Network is a book discussing a complex yet important concept for many businesses and employees. The book does a fantastic job of introducing concepts in a logical order which continue to build upon previous ideas until the conclusion where case studies and security considerations are discussed. For those new to zero trust networks, this book offers many great details and ideas to work towards. Sadly, for those with more experience this book may not provide enough concrete examples and methodologies to know how to convert the theory here into practice within your environment. With that said, this is a great book full of well thought out information and I’m glad I read it. I hope that I can influence change based on what I learned here.
Displaying 1 - 20 of 20 reviews