Op werkdagen voor 23:00 besteld, morgen in huis Gratis verzending vanaf €20

Practical Cloud Security

A Guide for Secure Design and Deployment

Paperback Engels 2019 9781492037514
Verwachte levertijd ongeveer 8 werkdagen

Samenvatting

With their rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. This hands-on book guides you through security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up.

Developers, IT architects, and security professionals will learn cloud-specific techniques for securing popular cloud platforms such as Amazon Web Services, Microsoft Azure, and IBM Cloud. Chris Dotson—an IBM senior technical staff member—shows you how to establish data asset management, identity and access management, vulnerability management, network security, and incident response in your cloud environment.

Specificaties

ISBN13:9781492037514
Taal:Engels
Bindwijze:paperback
Aantal pagina's:196
Uitgever:O'Reilly
Druk:1
Verschijningsdatum:22-3-2019
Hoofdrubriek:IT-management / ICT

Lezersrecensies

Wees de eerste die een lezersrecensie schrijft!

Geef uw waardering

Zeer goed Goed Voldoende Matig Slecht

Inhoudsopgave

Preface
Conventions Used in This Book
O’Reilly Online Learning Platform
How to Contact Us
Acknowledgments

1. Principles and Concepts
Least Privilege
Defense in Depth
Threat Actors, Diagrams, and Trust Boundaries
Cloud Delivery Models
The Cloud Shared Responsibility Model
Risk Management

2. Data Asset Management and Protection
Data Identification and Classification
Example Data Classification Levels
Relevant Industry or Regulatory Requirements
Data Asset Management in the Cloud
Tagging Cloud Resources
Protecting Data in the Cloud
Tokenization
Encryption
Summary

3. Cloud Asset Management and Protection
Differences from Traditional IT
Types of Cloud Assets
Compute Assets
Storage Assets
Network Assets
Asset Management Pipeline
Procurement Leaks
Processing Leaks
Tooling Leaks
Findings Leaks
Tagging Cloud Assets
Summary

4. Identity and Access Management
Differences from Traditional IT
Life Cycle for Identity and Access
Request
Approve
Create, Delete, Grant, or Revoke
Authentication
Cloud IAM Identities
Business-to-Consumer and Business-to-Employee
Multi-Factor Authentication
Passwords and API Keys
Shared IDs
Federated Identity
Single Sign-On
Instance Metadata and Identity Documents
Secrets Management
Authorization
Centralized Authorization
Roles
Revalidate
Putting It All Together in the Sample Application
Summary

5. Vulnerability Management
Differences from Traditional IT
Vulnerable Areas
Data Access
Application
Middleware
Operating System
Network
Virtualized Infrastructure
Physical Infrastructure
Finding and Fixing Vulnerabilities
Network Vulnerability Scanners
Agentless Scanners and Configuration Management
Agent-Based Scanners and Configuration Management
Cloud Provider Security Management Tools
Container Scanners
Dynamic Application Scanners (DAST)
Static Application Scanners (SAST)
Software Composition Analysis Scanners (SCA)
Interactive Application Scanners (IAST)
Runtime Application Self-Protection Scanners (RASP)
Manual Code Reviews
Penetration Tests
User Reports
Example Tools for Vulnerability and Configuration Management
Risk Management Processes
Vulnerability Management Metrics
Tool Coverage
Mean Time to Remediate
Systems/Applications with Open Vulnerabilities
Percentage of False Positives
Percentage of False Negatives
Vulnerability Recurrence Rate
Change Management
Putting It All Together in the Sample Application
Summary

6. Network Security
Differences from Traditional IT
Concepts and Definitions
Whitelists and Blacklists
DMZs
Proxies
Software-Defined Networking
Network Features Virtualization
Overlay Networks and Encapsulation
Virtual Private Clouds
Network Address Translation
IPv6
Putting It All Together in the Sample Application
Encryption in Motion
Firewalls and Network Segmentation
Allowing Administrative Access
Web Application Firewalls and RASP
Anti-DDoS
Intrusion Detection and Prevention Systems
Egress Filtering
Data Loss Prevention
Summary

7. Detecting, Responding to, and Recovering from Security Incidents
Differences from Traditional IT
What to Watch
Privileged User Access
Logs from Defensive Tooling
Cloud Service Logs and Metrics
Operating System Logs and Metrics
Middleware Logs
Secrets Server
Your Application
How to Watch
Aggregation and Retention
Parsing Logs
Searching and Correlation
Alerting and Automated Response
Security Information and Event Managers
Threat Hunting
Preparing for an Incident
Team
Plans
Tools
Responding to an Incident
Cyber Kill Chains
The OODA Loop
Cloud Forensics
Blocking Unauthorized Access
Stopping Data Exfiltration and Command and Control
Recovery
Redeploying IT Systems
Notifications
Lessons Learned
Example Metrics
Example Tools for Detection, Response, and Recovery
Putting It All Together in the Sample Application
Monitoring the Protective Systems
Monitoring the Application
Monitoring the Administrators
Understanding the Auditing Infrastructure
Summary

Index

Managementboek Top 100

Rubrieken

Populaire producten

    Personen

      Trefwoorden

        Practical Cloud Security