Defensive Security Handbook: Best Practices for Securing Infrastructure, 2nd Edition (Final)КНИГИ » СЕТЕВЫЕ ТЕХНОЛОГИИ
Название: Defensive Security Handbook: Best Practices for Securing Infrastructure, 2nd Edition (Final) Автор: Amanda Berlin, Lee Brotherston, William F. Reyor III Издательство: O’Reilly Media, Inc. Год: 2024 Страниц: 417 Язык: английский Формат: epub Размер: 10.1 MB
Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don't have the budget for an information security (InfoSec) program. If you're forced to protect yourself by improvising on the job, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost.
Each chapter in this book provides step-by-step instructions for dealing with issues such as breaches and disasters, compliance, network infrastructure, password management, vulnerability scanning, penetration testing, and more. Network engineers, system administrators, and security professionals will learn how to use frameworks, tools, and techniques to build and improve their cybersecurity programs.
Spend any time in the information security world, and it will become quickly evident that most of the press and accolades go to those folks working on the offensive side of security. From finding new vulnerabilities, creating exploits, breaking into systems, bug bounties, the occasional cable TV show, and capture the flag contests, the red teams get all the glory. But there is more—much more—to the security world than just offense.
Being on the defensive side, the blue team, can seem a lonely, unappreciated battle. But doing defense is a vital, noble, and worthwhile pursuit. We defenders matter, greatly, to the future of our organizations and the jobs and livelihoods of our coworkers. When the bad guys win, people lose their jobs, organizations are distracted from their core goals, and the bad guys are often enriched to continue their nefarious pursuits. And, like something out of a cyberpunk novel, with the trend of the Internet of Things, soon actually lives may be at threat when the bad guys are successful.
So many of us got our start in the security world as tool engineers, running perhaps a firewall or intrusion detection system (IDS) platform for our employer. Though those skills are highly valued, moving beyond them to a more holistic view of defensive security can sometimes be a challenge without the right resources to bring a bigger-picture view. As we continue to experience a shortage of valuable information security defensive talent, we will need more folks than ever to continue to learn and grow into the defensive security role, and to do it well, they need a holistic view of the security landscape.
This book will help you:
Plan and design incident response, disaster recovery, compliance, and physical security Learn and apply basic penetration-testing concepts through purple teaming Conduct vulnerability management using automated processes and tools Use IDS, IPS, SOC, logging, and monitoring Bolster Microsoft and Unix systems, network infrastructure, and password management Use segmentation practices and designs to compartmentalize your network Reduce exploitable errors by developing code securely
Who This Book Is For: This book is designed to serve as a Security 101 handbook that is applicable to as many environments as possible, in order to drive maximum improvement in your security posture for the minimum financial spend. Types of positions that will be able to take away knowledge and actionable data from this include upper-level chief information officers (CIOs), directors, security analysts, systems administrators, and other technological roles.
Preface 1. Creating a Security Program 2. Asset Management and Documentation 3. Policies 4. Standards and Procedures 5. User Education 6. Incident Response 7. Disaster Recovery 8. Industry Compliance Standards and Frameworks 9. Physical Security 10. Microsoft Windows Infrastructure 11. Unix Application Servers 12. Endpoints 13. Databases 14. Cloud Infrastructure 15. Authentication 16. Secure Network Infrastructure 17. Segmentation 18. Vulnerability Management 19. Development 20. OSINT and Purple Teaming 21. Understanding IDSs and IPSs 22. Logging and Monitoring 23. The Extra Mile A. User Education Templates Index
Скачать Defensive Security Handbook: Best Practices for Securing Infrastructure, 2nd Edition (Final)