 Название: Defensive Security Handbook: Best Practices for Securing Infrastructure, 2nd Edition (Final)
Автор: Amanda Berlin, Lee Brotherston, William F. Reyor III
Издательство: O’Reilly Media, Inc.
Год: 2024
Страниц: 417
Язык: английский
Формат: epub
Размер: 10.1 MB
Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don't have the budget for an information security (InfoSec) program. If you're forced to protect yourself by improvising on the job, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost.
Each chapter in this book provides step-by-step instructions for dealing with issues such as breaches and disasters, compliance, network infrastructure, password management, vulnerability scanning, penetration testing, and more. Network engineers, system administrators, and security professionals will learn how to use frameworks, tools, and techniques to build and improve their cybersecurity programs.
Spend any time in the information security world, and it will become quickly evident that most of the press and accolades go to those folks working on the offensive side of security. From finding new vulnerabilities, creating exploits, breaking into systems, bug bounties, the occasional cable TV show, and capture the flag contests, the red teams get all the glory. But there is more—much more—to the security world than just offense.
Being on the defensive side, the blue team, can seem a lonely, unappreciated battle. But doing defense is a vital, noble, and worthwhile pursuit. We defenders matter, greatly, to the future of our organizations and the jobs and livelihoods of our coworkers. When the bad guys win, people lose their jobs, organizations are distracted from their core goals, and the bad guys are often enriched to continue their nefarious pursuits. And, like something out of a cyberpunk novel, with the trend of the Internet of Things, soon actually lives may be at threat when the bad guys are successful.
So many of us got our start in the security world as tool engineers, running perhaps a firewall or intrusion detection system (IDS) platform for our employer. Though those skills are highly valued, moving beyond them to a more holistic view of defensive security can sometimes be a challenge without the right resources to bring a bigger-picture view. As we continue to experience a shortage of valuable information security defensive talent, we will need more folks than ever to continue to learn and grow into the defensive security role, and to do it well, they need a holistic view of the security landscape.
This book will help you:
Plan and design incident response, disaster recovery, compliance, and physical security
Learn and apply basic penetration-testing concepts through purple teaming
Conduct vulnerability management using automated processes and tools
Use IDS, IPS, SOC, logging, and monitoring
Bolster Microsoft and Unix systems, network infrastructure, and password management
Use segmentation practices and designs to compartmentalize your network
Reduce exploitable errors by developing code securely
Who This Book Is For:
This book is designed to serve as a Security 101 handbook that is applicable to as many environments as possible, in order to drive maximum improvement in your security posture for the minimum financial spend. Types of positions that will be able to take away knowledge and actionable data from this include upper-level chief information officers (CIOs), directors, security analysts, systems administrators, and other technological roles.
Contents:
Preface
1. Creating a Security Program
2. Asset Management and Documentation
3. Policies
4. Standards and Procedures
5. User Education
6. Incident Response
7. Disaster Recovery
8. Industry Compliance Standards and Frameworks
9. Physical Security
10. Microsoft Windows Infrastructure
11. Unix Application Servers
12. Endpoints
13. Databases
14. Cloud Infrastructure
15. Authentication
16. Secure Network Infrastructure
17. Segmentation
18. Vulnerability Management
19. Development
20. OSINT and Purple Teaming
21. Understanding IDSs and IPSs
22. Logging and Monitoring
23. The Extra Mile
A. User Education Templates
Index
Скачать Defensive Security Handbook: Best Practices for Securing Infrastructure, 2nd Edition (Final)
|
Навигация
Вход на сайт
Реклама
Defensive Security Handbook: Best Practices for Securing Infrastructure, 2nd Edition (Final) 
