Cover image for Zscaler Cloud Security Essentials

Zscaler Cloud Security Essentials

Release Date: 2021/06/01
ISBN: 9781800567986
Topic:
0%
18
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Harness the capabilities of Zscaler to deliver a secure, cloud-based, scalable web proxy and provide a zero-trust network access solution for private enterprise application access to end users

Key Features

  • Get up to speed with Zscaler without the need for expensive training
  • Implement Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) security solutions with real-world deployments
  • Find out how to choose the right options and features to architect a customized solution with Zscaler

Book Description

Many organizations are moving away from on-premises solutions to simplify administration and reduce expensive hardware upgrades. This book uses real-world examples of deployments to help you explore Zscaler, an information security platform that offers cloud-based security for both web traffic and private enterprise applications.

You'll start by understanding how Zscaler was born in the cloud, how it evolved into a mature product, and how it continues to do so with the addition of sophisticated features that are necessary to stay ahead in today's corporate environment. The book then covers Zscaler Internet Access and Zscaler Private Access architectures in detail, before moving on to show you how to map future security requirements to ZIA features and transition your business applications to ZPA. As you make progress, you'll get to grips with all the essential features needed to architect a customized security solution and support it. Finally, you'll find out how to troubleshoot the newly implemented ZIA and ZPA solutions and make them work efficiently for your enterprise.

By the end of this Zscaler book, you'll have developed the skills to design, deploy, implement, and support a customized Zscaler security solution.

What you will learn

  • Understand the need for Zscaler in the modern enterprise
  • Study the fundamental architecture of the Zscaler cloud
  • Get to grips with the essential features of ZIA and ZPA
  • Find out how to architect a Zscaler solution
  • Discover best practices for deploying and implementing Zscaler solutions
  • Familiarize yourself with the tasks involved in the operational maintenance of the Zscaler solution

Who this book is for

This book is for security engineers, security architects, security managers, and security operations specialists who may be involved in transitioning to or from Zscaler or want to learn about deployment, implementation, and support of a Zscaler solution. Anyone looking to step into the ever-expanding world of zero-trust network access using the Zscaler solution will also find this book useful.

Table of Contents

  1. Zscaler Cloud Security Essentials
  2. Contributors
  3. About the author
  4. About the reviewer
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the color images
    5. Conventions used
    6. Get in touch
    7. Reviews
  6. Section 1: Zscaler for Modern Enterprise Internet Security
  7. Chapter 1: Security for the Modern Enterprise with Zscaler
    1. Fundamental definitions in security
    2. Active Directory
    3. Authentication
    4. Bad actors
    5. Bandwidth
    6. Certificate
    7. DLP
    8. DNS
    9. Firewall
    10. FTP
    11. Identity Provider
    12. Intrusion Prevention System
    13. Kerberos
    14. Logging
    15. Malware
    16. PAC file
    17. SAML
    18. Sandbox
    19. Secure Web Gateway
    20. Secure Sockets Layer/Transport Layer Security
    21. Surrogate IP
    22. Tunnel
    23. VPN
    24. XFF
    25. Understanding the evolution of the modern enterprise and its workforce
    26. Evolution of the workforce
    27. Enterprise infrastructure evolution
    28. Exploring the need for scalable, cloud-based security
    29. Workforce evolution requirements
    30. Enterprise preferences
    31. Scalable, highly available, cloud-based solutions
    32. Internet security for everyone
    33. Using Zscaler Internet Access for a safe and secure internet experience
    34. Why safe internet?
    35. How ZIA works
    36. Using Zscaler Private Access for secure application access
    37. What is Private Access?
    38. How ZPA works
    39. ZCC
    40. Summary
    41. Questions
  8. Chapter 2: Understanding the Modular Zscaler Architecture
    1. Introducing the Zscaler cloud architecture
    2. SSMA
    3. High availability and redundancy
    4. Understanding the CA – where the core resides
    5. Admin Portal
    6. Using Zscaler PSEs – where the policies are applied and enforced
    7. SSL inspection
    8. Virtual Service Edge (formerly called Virtual ZEN or VZEN)
    9. Monitoring user and application activity using Nanolog clusters
    10. Nanolog Streaming Service (NSS)
    11. Protecting enterprise users and infrastructure with Sandbox
    12. Understanding the need for a sandbox
    13. Cloud Sandbox configuration options
    14. Summary
    15. Questions
    16. Further reading
  9. Chapter 3: Delving into ZIA Policy Features
    1. Technical requirements
    2. Understanding the ZIA Web policy
    3. Security
    4. Access Control
    5. DLP
    6. Exploring the ZIA Mobile policy
    7. Zscaler Client Connector Configuration
    8. Zscaler Mobile Security
    9. Zscaler Mobile Access Control
    10. Learning about the ZIA Firewall policy
    11. Firewall Control
    12. NAT Control Policy
    13. DNS Control
    14. FTP Control
    15. IPS Control
    16. Order of policy enforcement
    17. Summary
    18. Questions
    19. Further reading
  10. Chapter 4: Understanding Traffic Forwarding and User Authentication Options
    1. Technical requirements
    2. Understanding traffic forwarding
    3. GRE tunnel forwarding
    4. IPsec tunnel forwarding
    5. Creating GRE or IPsec locations
    6. PAC file forwarding
    7. Exploring ZCC internet traffic forwarding
    8. ZCC internet access forwarding scenarios
    9. ZCC internet access forwarding options
    10. ZCC silent authentication
    11. ZCC ZIA process flow
    12. Evaluating user authentication options
    13. Benefits of user authentication
    14. Surrogate IP
    15. User provisioning
    16. User authentication process flow
    17. User authentication options
    18. Summary
    19. Questions
    20. Further reading
  11. Chapter 5: Architecting and Implementing Your ZIA Solution
    1. Analyzing the security posture of the enterprise
    2. Zscaler question set
    3. Creating a customized ZIA solution for the enterprise
    4. Traffic forwarding
    5. User authentication
    6. Policy
    7. Implementing the ZIA solution across the enterprise
    8. Planning
    9. Configuration
    10. Pilot rollout
    11. Production rollout
    12. Summary
    13. Questions
    14. Further reading
  12. Chapter 6: Troubleshooting and Optimizing Your ZIA Solution
    1. Technical requirements
    2. Setting up proactive ticketing and alerts
    3. ZIA alerts
    4. ZIA ticketing
    5. Producing reports for management review
    6. System-defined reports
    7. Insights
    8. Generating custom widgets for the ZIA Dashboard
    9. Editing current widgets
    10. Adding new widgets
    11. Creating a unified ZIA troubleshooting guide
    12. Basic troubleshooting
    13. Advanced troubleshooting
    14. End users are unable to access websites
    15. End users get a Website Blocked error
    16. The ZCC App displays a Captive Portal Fail Open Error message
    17. The ZCC App shows a Network Error message
    18. The ZCC App displays an Internal Error message
    19. The ZCC App exhibits a Connection Error message
    20. The ZCC App has a Local FW/AV Error message
    21. The ZCC App shows a Driver Error message
    22. User authentication errors
    23. Users are unable to upload or download files
    24. Slow website response
    25. URL formatting
    26. Application SSL inspection
    27. Application authentication
    28. Summary
    29. Questions
    30. Further reading
  13. Section 2: Zero-Trust Network Access (ZTNA) for the Modern Enterprise
  14. Chapter 7: Introducing ZTNA with Zscaler Private Access (ZPA)
    1. What is ZTNA and how does ZPA fit in to this?
    2. ZTNA core principles
    3. Why is ZTNA needed?
    4. ZPA security principles
    5. Delving into the ZPA architecture
    6. ZPA CA
    7. ZPA PSEs
    8. ZCC application
    9. App Connectors
    10. Z tunnels
    11. Microtunnels
    12. Logging and analytics cluster
    13. LSS
    14. Exploring clientless ZPA solutions
    15. Understanding the Zscaler Cloud Connector ZPA solution
    16. Delving into the BA ZPA solution
    17. Questions
    18. Further reading
  15. Chapter 8: Exploring the ZPA Admin Portal and Basic Configuration
    1. Navigating around the ZPA Admin Portal
    2. ZPA dashboards
    3. ZPA administration
    4. Configuring the ZPA log servers for activity insights
    5. Integrating with Azure AD and Okta for SSO
    6. Adding an IdP
    7. Configuring the ZCC app for ZPA
    8. ZCC app installation
    9. ZCC app enrollment and authentication
    10. ZPA application access
    11. Device posture control
    12. ZPA process flow
    13. Summary
    14. Questions
    15. Further reading
  16. Chapter 9: Using ZPA to Provide Secure Application Access
    1. Deploying App Connectors
    2. Connector requirements
    3. Installing the connector
    4. Connector updates
    5. Connector provisioning
    6. Configuring ZPA applications
    7. DNS search domains
    8. Adding an application segment
    9. Configure SAML attributes
    10. Configuring end user access policies
    11. Application health monitoring
    12. Exploring the best practices for enterprise deployments
    13. App Connectors
    14. Certificates
    15. Authentication
    16. ZCC app
    17. Application
    18. Monitoring
    19. Log streaming service
    20. Summary
    21. Questions
    22. Further reading
  17. Chapter 10: Architecting and Troubleshooting Your ZPA Solution
    1. Architecting your ZPA solution
    2. Stepping through the ZPA Question Set
    3. Inventory of existing applications
    4. Discovering end user access
    5. Pilot rollout
    6. Expanded rollout
    7. Final rollout
    8. Troubleshooting your ZPA solution
    9. Unable to access a service due to a captive portal error
    10. Unable to access a service due to a network error
    11. Unable to access a service due to an internal error
    12. Unable to access a service due to a connection error
    13. Unable to access a service due to a local FW/AV error
    14. Unable to access a service due to a driver error
    15. Unable to access a private application/service due to an unauthenticated error
    16. Unable to access a private application/service
    17. Unable to access any application/service
    18. Unable to authenticate due to a SAML transit error
    19. Unable to authenticate due to a SAML account error
    20. Unable to authenticate due to a SAML format error
    21. Summary
    22. Questions
    23. Further reading
  18. Assessments
    1. Chapter 1 – Security for the Modern Enterprise with Zscaler
    2. Chapter 2 – Understanding the Modular Zscaler Architecture
    3. Chapter 3 – Delving into ZIA Policy Features
    4. Chapter 4 – Understanding Traffic Forwarding and User Authentication Options
    5. Chapter 5 – Architecting and Implementing Your ZIA Solution
    6. Chapter 6 – Troubleshooting and Optimizing Your ZIA Solution
    7. Chapter 7 – Introducing ZTNA with Zscaler Private Access (ZPA)
    8. Chapter 8 – Exploring the ZPA Admin Portal and Basic Configuration
    9. Chapter 9 – Using ZPA to Provide Secure Application Access
    10. Chapter 10 – Architecting and Troubleshooting Your ZPA Solution
    11. Why subscribe?
  19. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Leave a review - let other readers know what you think
3.135.195.249