reklama - zainteresowany?

Practical Cloud Security. A Guide for Secure Design and Deployment - Helion

Practical Cloud Security. A Guide for Secure Design and Deployment
ebook
Autor: Chris Dotson
ISBN: 978-14-920-3746-0
stron: 196, Format: ebook
Data wydania: 2019-03-04
Księgarnia: Helion

Cena książki: 152,15 zł (poprzednio: 176,92 zł)
Oszczędzasz: 14% (-24,77 zł)

Dodaj do koszyka Practical Cloud Security. A Guide for Secure Design and Deployment

With the fast, competitive evolution of new cloud services, particularly those related to security, cloud deployment is now definitively as secure as on-premises servers, and probably even more secure. This practical book surveys current security challenges and shows security professionals, IT architects, and developers how to meet them while deploying systems to popular cloud services.

You’ll find up-to-date, cloud-specific security guidance for popular cloud platforms in the areas of cloud and data asset management, identity and access management, vulnerability management, network security, and incident response. Author Chris Dotson offers practical cloud security best practices for multi-vendor cloud environments whether you’re just starting to design your cloud environment or have legacy projects to secure.

Dodaj do koszyka Practical Cloud Security. A Guide for Secure Design and Deployment

 

Osoby które kupowały "Practical Cloud Security. A Guide for Secure Design and Deployment", wybierały także:

  • Windows Media Center. Domowe centrum rozrywki
  • Ruby on Rails. Ćwiczenia
  • DevOps w praktyce. Kurs video. Jenkins, Ansible, Terraform i Docker
  • Przywództwo w Å›wiecie VUCA. Jak być skutecznym liderem w niepewnym Å›rodowisku
  • Scrum. O zwinnym zarzÄ…dzaniu projektami. Wydanie II rozszerzone

Dodaj do koszyka Practical Cloud Security. A Guide for Secure Design and Deployment

Spis treści

Practical Cloud Security. A Guide for Secure Design and Deployment eBook -- spis treści

  • Preface
    • Conventions Used in This Book
    • OReilly Online Learning Platform
    • How to Contact Us
    • Acknowledgments
  • 1. Principles and Concepts
    • Least Privilege
    • Defense in Depth
    • Threat Actors, Diagrams, and Trust Boundaries
    • Cloud Delivery Models
    • The Cloud Shared Responsibility Model
    • Risk Management
  • 2. Data Asset Management and Protection
    • Data Identification and Classification
      • Example Data Classification Levels
      • Relevant Industry or Regulatory Requirements
    • Data Asset Management in the Cloud
      • Tagging Cloud Resources
    • Protecting Data in the Cloud
      • Tokenization
      • Encryption
        • Encryption of data in use
        • Encryption of data at rest
          • Key management
          • Server-side and client-side encryption
          • Cryptographic erasure
        • How encryption foils different types of attacks
          • Attacker gains unauthorized access to physical media
          • Attacker gains unauthorized access to the platform or storage system
          • Attacker gains unauthorized access to the hypervisor
          • Attacker gains unauthorized access to the operating system
          • Attacker gains unauthorized access to the application
    • Summary
  • 3. Cloud Asset Management and Protection
    • Differences from Traditional IT
    • Types of Cloud Assets
      • Compute Assets
        • Virtual machines
        • Containers
          • Native container model
          • Mini-VM container model
          • Container orchestration systems
        • Application Platform as a Service
        • Serverless
      • Storage Assets
        • Block storage
        • File storage
        • Object storage
        • Images
        • Cloud databases
        • Message queues
        • Configuration storage
        • Secrets configuration storage
        • Encryption key storage
        • Certificate storage
        • Source code repositories and deployment pipelines
      • Network Assets
        • Virtual private clouds and subnets
        • Content delivery networks
        • DNS records
        • TLS certificates
        • Load balancers, reverse proxies, and web application firewalls
    • Asset Management Pipeline
      • Procurement Leaks
      • Processing Leaks
      • Tooling Leaks
      • Findings Leaks
    • Tagging Cloud Assets
    • Summary
  • 4. Identity and Access Management
    • Differences from Traditional IT
    • Life Cycle for Identity and Access
    • Request
    • Approve
    • Create, Delete, Grant, or Revoke
    • Authentication
      • Cloud IAM Identities
      • Business-to-Consumer and Business-to-Employee
      • Multi-Factor Authentication
      • Passwords and API Keys
      • Shared IDs
      • Federated Identity
      • Single Sign-On
        • SAML and OIDC
        • SSO with legacy applications
      • Instance Metadata and Identity Documents
      • Secrets Management
    • Authorization
      • Centralized Authorization
      • Roles
    • Revalidate
    • Putting It All Together in the Sample Application
    • Summary
  • 5. Vulnerability Management
    • Differences from Traditional IT
    • Vulnerable Areas
      • Data Access
      • Application
      • Middleware
      • Operating System
      • Network
      • Virtualized Infrastructure
      • Physical Infrastructure
    • Finding and Fixing Vulnerabilities
      • Network Vulnerability Scanners
      • Agentless Scanners and Configuration Management
      • Agent-Based Scanners and Configuration Management
        • Credentials
        • Deployment
        • Network
      • Cloud Provider Security Management Tools
      • Container Scanners
      • Dynamic Application Scanners (DAST)
      • Static Application Scanners (SAST)
      • Software Composition Analysis Scanners (SCA)
      • Interactive Application Scanners (IAST)
      • Runtime Application Self-Protection Scanners (RASP)
      • Manual Code Reviews
      • Penetration Tests
      • User Reports
      • Example Tools for Vulnerability and Configuration Management
    • Risk Management Processes
    • Vulnerability Management Metrics
      • Tool Coverage
      • Mean Time to Remediate
      • Systems/Applications with Open Vulnerabilities
      • Percentage of False Positives
      • Percentage of False Negatives
      • Vulnerability Recurrence Rate
    • Change Management
    • Putting It All Together in the Sample Application
    • Summary
  • 6. Network Security
    • Differences from Traditional IT
    • Concepts and Definitions
      • Whitelists and Blacklists
      • DMZs
      • Proxies
      • Software-Defined Networking
      • Network Features Virtualization
      • Overlay Networks and Encapsulation
      • Virtual Private Clouds
      • Network Address Translation
      • IPv6
    • Putting It All Together in the Sample Application
      • Encryption in Motion
      • Firewalls and Network Segmentation
        • Perimeter control
        • Internal segmentation
        • Security groups
        • Service endpoints
        • Container firewalling and network segmentation
      • Allowing Administrative Access
        • Bastion hosts
        • Virtual private networks (VPNs)
        • Site-to-site VPNs
        • Client-to-site VPNs
      • Web Application Firewalls and RASP
      • Anti-DDoS
      • Intrusion Detection and Prevention Systems
      • Egress Filtering
      • Data Loss Prevention
    • Summary
  • 7. Detecting, Responding to, and Recovering from Security Incidents
    • Differences from Traditional IT
    • What to Watch
      • Privileged User Access
      • Logs from Defensive Tooling
        • Anti-DDoS
        • Web application firewalls
        • Firewalls and intrusion detection systems
        • Antivirus
        • Endpoint detection and response
        • File integrity monitoring
      • Cloud Service Logs and Metrics
      • Operating System Logs and Metrics
      • Middleware Logs
      • Secrets Server
      • Your Application
    • How to Watch
      • Aggregation and Retention
      • Parsing Logs
      • Searching and Correlation
      • Alerting and Automated Response
      • Security Information and Event Managers
      • Threat Hunting
    • Preparing for an Incident
      • Team
      • Plans
      • Tools
    • Responding to an Incident
      • Cyber Kill Chains
      • The OODA Loop
      • Cloud Forensics
      • Blocking Unauthorized Access
      • Stopping Data Exfiltration and Command and Control
    • Recovery
      • Redeploying IT Systems
      • Notifications
      • Lessons Learned
    • Example Metrics
    • Example Tools for Detection, Response, and Recovery
    • Putting It All Together in the Sample Application
      • Monitoring the Protective Systems
      • Monitoring the Application
      • Monitoring the Administrators
      • Understanding the Auditing Infrastructure
    • Summary
  • Index

Dodaj do koszyka Practical Cloud Security. A Guide for Secure Design and Deployment

Code, Publish & WebDesing by CATALIST.com.pl



(c) 2005-2024 CATALIST agencja interaktywna, znaki firmowe należą do wydawnictwa Helion S.A.