Zscaler Cloud Security Essentials
eBook - ePub

Zscaler Cloud Security Essentials

Ravi Devarasetty

Buch teilen
  1. 236 Seiten
  2. English
  3. ePUB (handyfreundlich)
  4. Über iOS und Android verfügbar
eBook - ePub

Zscaler Cloud Security Essentials

Ravi Devarasetty

Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben

Über dieses Buch

Harness the capabilities of Zscaler to deliver a secure, cloud-based, scalable web proxy and provide a zero-trust network access solution for private enterprise application access to end usersKey Features• Get up to speed with Zscaler without the need for expensive training• Implement Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) security solutions with real-world deployments• Find out how to choose the right options and features to architect a customized solution with ZscalerBook DescriptionMany organizations are moving away from on-premises solutions to simplify administration and reduce expensive hardware upgrades. This book uses real-world examples of deployments to help you explore Zscaler, an information security platform that offers cloud-based security for both web traffic and private enterprise applications. You'll start by understanding how Zscaler was born in the cloud, how it evolved into a mature product, and how it continues to do so with the addition of sophisticated features that are necessary to stay ahead in today's corporate environment. The book then covers Zscaler Internet Access and Zscaler Private Access architectures in detail, before moving on to show you how to map future security requirements to ZIA features and transition your business applications to ZPA. As you make progress, you'll get to grips with all the essential features needed to architect a customized security solution and support it. Finally, you'll find out how to troubleshoot the newly implemented ZIA and ZPA solutions and make them work efficiently for your enterprise. By the end of this Zscaler book, you'll have developed the skills to design, deploy, implement, and support a customized Zscaler security solution. What you will learn• Understand the need for Zscaler in the modern enterprise• Study the fundamental architecture of the Zscaler cloud• Get to grips with the essential features of ZIA and ZPA• Find out how to architect a Zscaler solution• Discover best practices for deploying and implementing Zscaler solutions• Familiarize yourself with the tasks involved in the operational maintenance of the Zscaler solutionWho this book is forThis book is for security engineers, security architects, security managers, and security operations specialists who may be involved in transitioning to or from Zscaler or want to learn about deployment, implementation, and support of a Zscaler solution. Anyone looking to step into the ever-expanding world of zero-trust network access using the Zscaler solution will also find this book useful.

Häufig gestellte Fragen

Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Zscaler Cloud Security Essentials als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Zscaler Cloud Security Essentials von Ravi Devarasetty im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Computer Networking. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.

Information

Verlag
Packt Publishing
Jahr
2021
ISBN
9781800567368
Auflage
1
Thema
Computer Science
Thema
Computer Networking

Section 1: Zscaler for Modern Enterprise Internet Security

In this part, you will learn about the need for security and how it needs to change as the modern enterprise and workforce evolves.
This section comprises the following chapters:
  • Chapter 1, Security for the Modern Enterprise with Zscaler
  • Chapter 2, Understanding the Modular Zscaler Architecture
  • Chapter 3, Delving into ZIA Policy Features
  • Chapter 4, Understanding Traffic Forwarding and User Authentication Options
  • Chapter 5, Architecting and Implementing Your ZIA Solution
  • Chapter 6, Troubleshooting and Optimizing Your ZIA Solution

Chapter 1: Security for the Modern Enterprise with Zscaler

In the past few years, there has been a momentous shift in the way modern enterprises have evolved. They have moved from a traditional hub-and-spoke, data center type of network to a cloud-based or anywhere-access type of network. The core locations have become more decentralized because the employees are now based in various geographies and the applications are migrating to the cloud.
When we look at the infrastructure itself, enterprises invest in a variety of products such as routers, switches, and firewalls to implement various functions such as authentication and security. These products very quickly reach end-of-life from a capacity and a vendor-support perspective. This, in turn, causes the enterprises to upgrade in a 3- to 5-year cycle where they must do a lift and shift of the entire hardware in their data center. This moves the enterprise expenditure from an OPEX to a CAPEX model, which is not desirable from a business and planning perspective.
In this chapter, we will see how Zscaler steps in as a cloud-based security solution. The ZIA product provides secure internet access and the ZPA product brings the geographically spread-out end users and enterprise applications together. They both provide the following benefits:
  • There are no upgrade cycles for the enterprise as Zscaler takes care of that.
  • There is a shift from CAPEX to OPEX, which enterprises like because of predictability.
  • An amazing user experience as users can access applications using the best path.
In this chapter, we are going to cover the following main topics:
  • Fundamental definitions in security
  • Shift of the modern enterprise and its workforce
  • The need for scalable, cloud-based security
  • Zscaler Internet Access (ZIA) for a safe and secure internet experience
  • Zscaler Private Access (ZPA) for a zero-trust private application access
Let's get started!

Fundamental definitions in security

In this section, we will define some commonly used internet and security terms that are applicable to this book. A detailed explanation of all internet and security concepts is outside the scope of this book. If you are already comfortable with these terms, you can skip ahead to the next section.

Active Directory

Active Directory is a directory service that was originally developed by Microsoft for the Windows environment and was released in 2000. It stores data such as users, groups, and devices. It has many components that assist the user to interact with the domain. Our focus in this book is to authenticate users against their credentials in Active Directory.

Authentication

Authentication is the process by which an end user, a computer, or a software application can prove its identity. This is typically done using a username and a password. The term multi-factor authentication (MFA) is gaining popularity today. MFA means that there is an additional item that is needed in addition to a username and a password. This could be a token number or a biometric such as a fingerprint or a retina scan.

Bad actors

A bad actor is, in general, a malicious party that is usually interested in the following:
  • Attacking legitimate users and businesses due to various motivations
  • Stealing sensitive and valuable information from individuals and businesses
  • Compromising infrastructure such as servers and using them for their needs
Next, we'll look at bandwidth.

Bandwidth

Bandwidth refers to the rate of data transfer over a network. It is typically measured in bits per second. The higher your bandwidth, the faster you can transfer your data across. The data being transferred could be an image, text, a video, or a combination of all three.

Certificate

A certificate is usually a small text file that can be used to establish the identity, authenticity, and reliability of a web server on the internet. Certificates are usually used to assure the confidence of end users trying to use the services of a website and to provide protection against malicious websites. Certificates are issued by certification authorities and they are usually tracked with creation and expiry dates.

DLP

Data Loss Prevention (DLP) is the prevention of loss of any kind of valuable or sensitive data. Valuable data may mean company proprietary formulas and business strategies. Sensitive information may be customer information such as social security numbers, credit card numbers, date of birth, and so on.

DNS

The Domain Name System (DNS) is a system that converts domain names (such as www.google.com) into IP addresses so that web browsers can translate customer requests into lower-level IP packets and carry on data transfer tasks, such as loading websites. The DNS is very crucial for internet security as bad actors can hijack these servers and have the end user traffic sent to their malicious web servers, instead of the legitimate ones.

Firewall

A firewall is a security device or application that monitors traffic through the network and applies security rules configured by the administrator to that network traffic. Firewalls are usually used as perimeter security devices by many organizations.

FTP

The File Transfer Protocol (FTP) is a network protocol (based on IETF standards) that is used primarily to transfer files between a client and a server across a network.

Identity Provider

An Identity Provider (IdP) is a system that creates and maintains identity information for end users or applications. When a company wants to authenticate an end user, they usually make a call to the IdP. An IdP is essentially an Authentication as a Service (AuthaaS).

Intrusion Prevention System

An Intrusion Prevention System (IPS) is a system that sits in the line of the network traffic and looks at possible malicious activity and blocks it. There are many types of IPS systems, with the most recent ones looking to leverage ar...

Inhaltsverzeichnis