The Zero Trust Framework: Threat Hunting & Quantum Mechanics

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

The Cybersecurity landscape is a daunting one today. It is nothing like it was 10 years ago. Now, it has become very complex, covert, dynamic, and stealthy. It has literally become a cat and mouse game, in which the Cyberattacker is still one step ahead. This is despite all of the technology that is available to us a society, which includes Artificial Intelligence (AI) and Machine Learning.

Part of the other problem is that human beings are resistant to change. For example, the password is still the favored way of authenticating and authorizing an individual, but it too has shown its grave limitations. Despite the use of Password Managers, which can create long and complex passwords, people still resort to their old fashioned ways of doing things.

So what is needed now is an extreme change, in which, unfortunately, people have no choice in whether or not they will participate. It is called the Zero Trust Framework, and in this methodology, absolutely nobody can be trusted in either the internal or the external environments. The mantra here is to keep verifying everybody, all the time.

The Zero Trust Framework also involves the concept of segmentation, in which the IT and Network Infrastructure of a business is broken down into smaller components, much like a Subnet. Each component will have its own layer of security, and every individual must be authenticated via the use of Multifactor Authentication (MFA).

In this book, we review both the concepts and mechanics behind the Zero Trust Framework. We also introduce advanced technologies into it, including the use of Biometrics, the Public Key Infrastructure, and Quantum Mechanics/Quantum Cryptography.

Author(s): Ravindra Das
Publisher: CRC Press
Year: 2023

Language: English
Pages: 157
City: Boca Raton

Cover
Half Title
Title Page
Copyright Page
Dedication
Table of Contents
Acknowledgments
Chapter 1: Introduction
Chapter 2: The Fundamental Components of the Zero Trust Framework
The Password
The Rise of Two-Factor Authentication
Multifactor Authentication
An Introduction to Biometrics
Definition and Unique Features
The Process of Identification
Other Important Concepts
The Biometric Sensor
A Review of Fingerprint Recognition
The Process of Fingerprint Recognition
Fingerprint Recognition Quality Control Checks
A Review of Facial Recognition
The Techniques of Facial Recognition – Unique Feature Extraction
Iris Recognition
The Physiological Structure of the Iris
Iris Recognition: How It Works
Conclusions
Chapter 3: The Public Key Infrastructure and BioCryptography
An Overview of the Public Key Infrastructure (PKI)
What It Is All About
The Public Key and the Private Key
The Mathematical Algorithms of the PKI
The Components of the PKI
The Digital Certificates
How Public Key Infrastructure Works
Public Key Infrastructure Policies and Rules
The LDAP Protocol
The PKI Standards
Parameters of Public Keys and Private Keys
A Review into Biocryptography
The Cipher Biometric Template
Biocryptography in an MFA for the Zero Trust Framework
Biocryptography and Virtual Private Networks
The Hashing Mechanism
Chapter 4: Quantum Physics
The Origins of the Zero Trust Framework
In 2011
In 2018
In 2019
In 2021
From 2021 to Present
The Demise of Perimeter Security
The Emergence of the Zero Trust Framework
The Basic Zero Trust Framework Model
What Is Segmentation?
The Advantages of the Zero Trust Framework
The Disadvantages of the Zero Trust Framework
Some of the Best Practices
The Flaws with the Traditional Zero Trust Framework Model
The Use of Biometrics
The Weakness of Repeated Authorization and Authentication
The Strains of an on Prem PAM
Why PAM Is Better Suited for the Cloud
The Advantages of Using PAM in the Cloud
A Best Practices Guide for Deploying a PAM-Based Solution
The Mistakes that Are Made when Deploying PAM Solutions and How to Fix Them
The Importance of Just in Time (JIT) Access
The Types of JIT Access Accounts
The Benefits of JIT Access
The Four Pillars to PAM Success
The Finer Points of Privileged Access Management
The Use of Quantum Mechanics in Our Proposed Model of the Zero Trust Framework
Quantum Cryptography
The Literature Review
The Quantum Key Distribution Center (QKDC)
The Photon Particle Array Structures
Our Proposed Zero Trust Framework Model
Chapter 5: Threat Modeling/Threat Hunting
What Exactly Is Threat Modeling?
The Process Involved in Threat Modeling
Making the Case for Threat Modeling
To the Software Development Team
From Upper Management
From the Project Management Team
How to Have Quality-Based Threat Modeling Meetings
The Composition of the Team Meetings
The Decision-Making Process
The Components of an Effective Threat Modeling Meeting
The Penetration Testing Process
Automated Penetration Testing and Its Benefits
How to Carry Out Threat Modeling in the Software Development Lifecycle
The Waterfall Methodology
The Agile Methodology
Valuing Your Threat Modelers
Measuring the Overall Value of Threat Hunting
When Does Threat Modeling End in the Project Management or SDLC?
Another Way to Measure Threat Modeling Success
Who Leads the Threat Modeling Team?
Widely Used Threat Modeling Techniques
Sources for Chapter 5
Chapter 6: Conclusions
Index