You're reading from Zscaler Cloud Security Essentials

Product type Book

Published in Jun 2021

Publisher Packt

ISBN-13 9781800567986

Pages 236 pages

Edition 1st Edition

Languages

Concepts

Cloud Security

Author (1):

Ravi Devarasetty

Table of Contents (15) Chapters

Preface

1. Section 1: Zscaler for Modern Enterprise Internet Security

2. Chapter 1: Security for the Modern Enterprise with Zscaler

3. Chapter 2: Understanding the Modular Zscaler Architecture

4. Chapter 3: Delving into ZIA Policy Features

5. Chapter 4: Understanding Traffic Forwarding and User Authentication Options

6. Chapter 5: Architecting and Implementing Your ZIA Solution

7. Chapter 6: Troubleshooting and Optimizing Your ZIA Solution

8. Section 2: Zero-Trust Network Access (ZTNA) for the Modern Enterprise

9. Chapter 7: Introducing ZTNA with Zscaler Private Access (ZPA)

10. Chapter 8: Exploring the ZPA Admin Portal and Basic Configuration

11. Chapter 9: Using ZPA to Provide Secure Application Access

12. Chapter 10: Architecting and Troubleshooting Your ZPA Solution

13. Assessments

14. Other Books You May Enjoy

Fundamental definitions in security

In this section, we will define some commonly used internet and security terms that are applicable to this book. A detailed explanation of all internet and security concepts is outside the scope of this book. If you are already comfortable with these terms, you can skip ahead to the next section.

Active Directory

Active Directory is a directory service that was originally developed by Microsoft for the Windows environment and was released in 2000. It stores data such as users, groups, and devices. It has many components that assist the user to interact with the domain. Our focus in this book is to authenticate users against their credentials in Active Directory.

Authentication

Authentication is the process by which an end user, a computer, or a software application can prove its identity. This is typically done using a username and a password. The term multi-factor authentication (MFA) is gaining popularity today. MFA means that there is an additional item that is needed in addition to a username and a password. This could be a token number or a biometric such as a fingerprint or a retina scan.

Bad actors

A bad actor is, in general, a malicious party that is usually interested in the following:

Attacking legitimate users and businesses due to various motivations
Stealing sensitive and valuable information from individuals and businesses
Compromising infrastructure such as servers and using them for their needs

Next, we'll look at bandwidth.

Bandwidth

Bandwidth refers to the rate of data transfer over a network. It is typically measured in bits per second. The higher your bandwidth, the faster you can transfer your data across. The data being transferred could be an image, text, a video, or a combination of all three.

Certificate

A certificate is usually a small text file that can be used to establish the identity, authenticity, and reliability of a web server on the internet. Certificates are usually used to assure the confidence of end users trying to use the services of a website and to provide protection against malicious websites. Certificates are issued by certification authorities and they are usually tracked with creation and expiry dates.

DLP

Data Loss Prevention (DLP) is the prevention of loss of any kind of valuable or sensitive data. Valuable data may mean company proprietary formulas and business strategies. Sensitive information may be customer information such as social security numbers, credit card numbers, date of birth, and so on.

DNS

The Domain Name System (DNS) is a system that converts domain names (such as www.google.com) into IP addresses so that web browsers can translate customer requests into lower-level IP packets and carry on data transfer tasks, such as loading websites. The DNS is very crucial for internet security as bad actors can hijack these servers and have the end user traffic sent to their malicious web servers, instead of the legitimate ones.

Firewall

A firewall is a security device or application that monitors traffic through the network and applies security rules configured by the administrator to that network traffic. Firewalls are usually used as perimeter security devices by many organizations.

FTP

The File Transfer Protocol (FTP) is a network protocol (based on IETF standards) that is used primarily to transfer files between a client and a server across a network.

Identity Provider

An Identity Provider (IdP) is a system that creates and maintains identity information for end users or applications. When a company wants to authenticate an end user, they usually make a call to the IdP. An IdP is essentially an Authentication as a Service (AuthaaS).

Intrusion Prevention System

An Intrusion Prevention System (IPS) is a system that sits in the line of the network traffic and looks at possible malicious activity and blocks it. There are many types of IPS systems, with the most recent ones looking to leverage artificial intelligence and machine learning.

Kerberos

Kerberos is an authentication protocol used on computer networks. It issues tickets for end user access and allows end points to communicate over non-secure network systems, and then prove their identity to one another in a secure way.

Logging

In the security world, logging means to record the transactions going across the network to a file on a storage medium. When there is a need to investigate a security incident, these logs are then analyzed by specialized systems to derive insights and conclusions.

Malware

Usually, software applications are used for legitimate purposes, such as for operating and growing a business. But bad actors write malicious software with the intent to steal valuable information or attack infrastructure such as computers. This malicious software is called malware. It could be as damaging as bringing down an entire organization to its knees or as annoying as pesky advertisement popups.

PAC file

Usually, individuals sitting at their home computer access the internet directly. But many organizations use a proxy server that sits between the end users and the internet. They do this to monitor their employees' activity against any company policy violations. A proxy auto-config (PAC) file defines what proxy servers and methods are chosen by end user web browsers. A simple example would be choosing ProxyServer1 when going to www.yahoo.com and choosing ProxyServer2 when going to www.google.com.

SAML

Security Assertion Markup Language (SAML) is an open standard that is used to exchange authentication and authorization information between an IdP and a service provider. For example, some websites allow you to log in using your Google account. End users navigate to the website of interest. They click on Sign in with Google and are then redirected to Google. The user then enters their Google credentials, and they are authenticated and are then redirected to the original website. In this case, the original website is the service provider and Google is acting as the IdP.

Sandbox

A sandbox in security is an isolated environment where software components may be executed to observe their behavior and note down any malicious intent. Unknown software components are typically "detonated" in a sandbox environment before they are passed on to the end user.

Secure Web Gateway

A Secure Web Gateway (SWG) is a component or solution that continuously monitors web traffic between end users and web servers, and filters any traffic that is malicious or does not comply with the enterprise policies.

Secure Sockets Layer/Transport Layer Security

Secure Sockets Layer (SSL)/Transport Layer Security (TLS) are cryptographic protocols that provide secure communication over a typically untrusted connection or network. They are commonly used when exchanging sensitive information, such as typing in your social security number or a credit card number on a website. Your browser typically shows a "lock" icon just in front of the URL in the address bar.

Surrogate IP

When an end user types in their credentials and are authenticated, a relationship is established between that user and the IP address they are currently using to access the network. This assumes that the IP address is used by only one user within the entire organization at any given time. So, this IP address is treated just like the user in terms of granting access to applications and so on.

Tunnel

When using an untrusted network such as the internet, private communications can typically be placed inside of (encapsulated) other packets. This allows for data to be moved across the untrusted network securely. This process is called tunneling. The channel that is established for this purpose is called a tunnel. There are many types of tunnels, such as GRE, IPSec, and so on.

VPN

A Virtual Private Network (VPN) allows an enterprise to extend their private network across a public network. For the end users, it appears as if the other side of the network is right across the room.

XFF

When an end user connects to a website through a proxy, the proxy will put its IP address when communicating with the web server. The X-Forwarded-For (XFF) header field can be used to identify the IP address of the originating end user. It can be extracted by the web server to make decisions based on the originating IP address of the end user.

With that, we have briefly touched upon the basic technologies that you will encounter in this book. Though this was a brief introduction, in this book and in your own work, you will get to know many of these concepts in more detail. In the next section, we will explore the changes that have led to the modern enterprise and workforce that we know today.