Hjem

Introduction xxxix
Chapter 1 Zero Trust Demystified 1 Definition of Zero Trust 1 How It All Began 2 Why We Need Zero Trust 3 Core Principles of Zero Trust 5 Major Zero Trust Industry Standards 11 People, Processes, and Technology 15 On-Premises vs. Cloud 19 Hybrid Environment Recommendations 23 Security Certifications 24 Summary 26 References 27
Chapter 2 Secure Automation and Orchestration Overview 29 Introduction to Automation and Orchestration 29 Building Blocks of Secure Automation 35 Common Automation Practices and Tools 40 AI and Machine Learning with Automation 47 Summary 52
Chapter 3 Zero Trust Network Deployment 53 Elements of Zero Trust Strategy Definitions 54 Tools and Technologies 63 Identifying Business Workflows 66 Applying Zero Trust Using SSE 67 ZTNA Deployment Scenarios 71 Summary 74
Chapter 4 Security and Segmentation 75 Overview 75 Segmentation Options 76 Methods of TrustSec Transport 91 Control Plane TrustSec Transport 96 Summary 101
Chapter 5 DHCP and Dynamic Addressing Concepts 103 Introduction to Dynamic Addressing 103 Zero Trust Approach to Dynamic Addressing 109 DHCP Options 113 DHCP Authentication 114 IPv6 Address Assignment 115 IPv6 First Hop Security 123 Summary 126
Chapter 6 Automating the Campus 127 Overview 127 Planning 128 Execution 135 Summary 147 References 147
Chapter 7 Plug-and-Play and Zero-Touch Provisioning 149 Overview 149 Plug-and-Play Provisioning 150 Zero-Touch Provisioning 165 Template Usage in Catalyst Center 169 Programmability-Based Deployment 172 Customer Use Cases 177 Summary 183
Chapter 8 Routing and Traffic Engineering 185 Overview 185 Routing 187 Traffic Engineering 212 Summary 218 References 218
Chapter 9 Authentication and Authorization 219 Overview 219 A Broader View of Identity 220 Authentication and Authentication Methods 223 Authorization 243 Customer Use Cases 249 Summary 252
Chapter 10 Quantum Security 253 What Is Quantum Computing? 253 Quantum Computing and Emerging Security Threats 265 Approaches to Safeguard Against Quantum Adversaries 270 Summary 278
Chapter 11 Network Convergence and Considerations 279 What Is Convergence? 279 Convergence in Layer 3 Routed Architectures 281 Methodologies of Convergence Testing 300 Monitoring Security Convergence 308 Summary 314
Chapter 12 Software-Defined Network Deployment Best Practices 315 Introduction 315 Network Deployment Lifecycle 317 Stage
1: Planning and Design 318 Stage
2: Deployment and Migration 324 Stage
3: Operations and Management 330 Summary 335 References 336
Chapter 13 Wired and Wireless Assurance 337 What Is the Best Practice for Your Enterprise Architecture? 337 Wired Network Best Practice Design Concepts 338 Tiered Network Design 340 Stacking Constructs 342 Layer 3 Architectures 343 Optimizing Wireless Networks 344 Anchoring Concepts (Catalyst/Meraki) 351 Monitoring TrustSec and Security Enforcement 354 Case Study: Financial Sector Customer 358 Summary 360
Chapter 14 Large-Scale Software-Defined Network Deployment 361 Introduction 361 Network Design 362 Security 367 Automation 369 Implementation: Kyle and Jason Go to Fast Burger 377 Summary 379
Chapter 15 Cloud-Native Security Foundation 381 Introduction to Cloud-Native Security: A Zero Trust Perspective 381 Cloud Infrastructure Security: Pillars and Practices in the Modern Cloud 393 Key Management in Cloud Environments 400 Network Security Evolution and Segmentation 404 Navigating Multicloud and Hybrid Cloud Security 413 Monitoring and Logging Requirements for Compliance 421 Summary 435 References 436
Chapter 16 Cloud-Native Application Security 437 Introduction to Cloud-Native Application Security 437 Role of Cloud-Native Application Protection Platform (CNAPP) 458 Building Secure Applications with Cloud-Native Security 460 Unique Security Considerations for Serverless Architectures 470 Emerging Trends and Future Outlook in Cloud-Native Security 482 Summary 485 References 486
Chapter 17 Data Center Segmentation On-Prem to the Cloud 487 Introduction to Data Center Segmentation in Hybrid and Multicloud Environments 487 Zero Trust and Microsegmentation Principles for Segmentation 489 Segmentation Challenges in Hybrid and Multicloud Environments 491 Ways to Implement End-to-End Segmentation Policies with Zero Trust 493 Ways to Migrate Segmentation Policies: From On-Premises to Cloud 496 Web3 and Immutable Trust in Hybrid Cloud Segmentation 514 Summary 534 References 534
Chapter 18 Using Common Policy to Enforce Security 535 Introduction to Security Policies 535 Designing Common Security Policies 536 Policy Enforcement Mechanisms 539 Identity and Access Management (IAM) Policies 541 Data Protection and Privacy Policies 543 Network Security Policies 543 From SDLC to SDL to SSDLC: A Journey Toward Secure Software Development 544 OWASP SAMM: A Framework for Security Maturity 557 Monitoring, Logging, and Auditing Policies 563 Incident Response and Remediation Policies 564 Policy Compliance and Verification 564 Challenges in Policy Enforcement Across Hybrid Environments 565 Future Directions in Policy-Based Security 565 Summary 568 References 569
Chapter 19 Workload Mobility: On-Prem to Cloud 571 Definition and Scope of Workload Mobility 571 Is Your Cloud Ready for Your Workloads? Understanding the Benefits and Challenges 572 Choosing a Cloud Model with Zero Trust as the Goal 579 Analysis of TCO and ROI for Workload Migration 581 Building Out a Secure Migration Plan 583 Integrating AWS''s Well-Architected Framework: Case Study of ABC Corp 587 Workload Migration Frameworks and Tools 589 Data Security During Workload Migration 593 Data Transfer vs. Cloud Migration: An Overview 598 Cloud Migration Security 604 Quality Engineering: The Heart of Cloud Migration 614 Network and Connectivity Considerations 616 Managing IP Addressing and DNS Changes 637 Ensuring High Availability and Disaster Recovery Readiness 643 Security Posture Adjustment Post-Migration 645 Identity and Access Management in Hybrid Environments 649 Summary 664 References 665
Chapter 20 Resilience and Survivability