وبلاگ بلیان

Thinking Security: Stopping Next Year's Hackers (Addison-Wesley Professional Computing Series)

جلد کتاب Thinking Security: Stopping Next Year's Hackers (Addison-Wesley Professional Computing Series)

معرفی کتاب «Thinking Security: Stopping Next Year's Hackers (Addison-Wesley Professional Computing Series)» نوشتهٔ Steven M. Bellovin، منتشرشده توسط نشر Addison-Wesley Professional در سال 2016. این کتاب در 6 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است.

If you’re a security or network professional, you already know the “do’s and don’ts”: run AV software and firewalls, lock down your systems, use encryption, watch network traffic, follow best practices, hire expensive consultants . . . but it isn’t working. You’re at greater risk than ever, and even the world’s most security-focused organizations are being victimized by massive attacks. In **__**Thinking Security,**__** author Steven M. Bellovin provides a new way to think about security. As one of the world’s most respected security experts, Bellovin helps you gain new clarity about what you’re doing and why you’re doing it. He helps you understand security as a systems problem, including the role of the all-important human element, and shows you how to match your countermeasures to actual threats. You’ll learn how to move beyond last year’s checklists at a time when technology is changing so rapidly. You’ll also understand how to design security architectures that don’t just prevent attacks wherever possible, but also deal with the consequences of failures. And, within the context of your coherent architecture, you’ll learn how to decide when to invest in a new security product and when not to. Bellovin, co-author of the best-selling Firewalls and Internet Security, caught his first hackers in 1971. Drawing on his deep experience, he shares actionable, up-to-date guidance on issues ranging from SSO and federated authentication to BYOD, virtualization, and cloud security. Perfect security is impossible. Nevertheless, it’s possible to build and operate security systems far more effectively. **__**Thinking Security**__** will help you do just that. MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict Contents 8 Preface 12 I: Defining the Problem 18 1 Introduction 20 1.1 Changes 20 1.2 Adapting to Change 22 1.3 Security Analysis 26 1.4 A Few Words on Terminology 29 2 Thinking About Security 32 2.1 The Security Mindset 32 2.2 Know Your Goals 34 2.3 Security as a Systems Problem 38 2.4 Thinking Like the Enemy 42 3 Threat Models 48 3.1 Who's Your Enemy? 48 3.2 Classes of Attackers 51 3.3 Advanced Persistent Threats 53 3.4 What's at Risk? 57 3.5 The Legacy Problem 59 II: Technologies 60 4 Antivirus Software 62 4.1 Characteristics 62 4.2 The Care and Feeding of Antivirus Software 68 4.3 Is Antivirus Always Needed? 70 4.4 Analysis 74 5 Firewalls and Intrusion Detection Systems 78 5.1 What Firewalls Don't Do 78 5.2 A Theory of Firewalls 80 5.3 Intrusion Detection Systems 86 5.4 Intrusion Prevention Systems 88 5.5 Extrusion Detection 89 5.6 Analysis 93 6 Cryptography and VPNs 98 6.1 Cryptography, the Wonder Drug 98 6.2 Key Distribution 101 6.3 Transport Encryption 102 6.4 Object Encryption 106 6.5 VPNs 109 6.6 Protocol, Algorithm, and Key Size Recommendations 114 6.7 Analysis 121 7 Passwords and Authentication 124 7.1 Authentication Principles 124 7.2 Passwords 125 7.3 Storing Passwords: Users 132 7.4 Password Compromise 137 7.5 Forgotten Passwords 138 7.6 Biometrics 141 7.7 One-Time Passwords 145 7.8 Cryptographic Authentication 149 7.9 Tokens and Mobile Phones 151 7.10 Single-Sign-On and Federated Authentication 154 7.11 Storing Passwords: Servers 156 7.12 Analysis 160 8 PKI: Public Key Infrastructures 166 8.1 What's a Certificate? 166 8.2 PKI: Whom Do You Trust? 168 8.3 PKI versus pki 172 8.4 Certificate Expiration and Revocation 177 8.5 Analysis 183 9 Wireless Access 186 9.1 Wireless Insecurity Myths 186 9.2 Living Connected 192 9.3 Living Disconnected 195 9.4 Smart Phones, Tablets, Toys, and Mobile Phone Access 196 9.5 Analysis 197 10 Clouds and Virtualization 202 10.1 Distribution and Isolation 202 10.2 Virtual Machines 203 10.3 Sandboxes 205 10.4 The Cloud 209 10.5 Security Architecture of Cloud Providers 210 10.6 Cloud Computing 211 10.7 Cloud Storage 212 10.8 Analysis 214 III: Secure Operations 220 11 Building Secure Systems 222 11.1 Correct Coding 223 11.2 Design Issues 227 11.3 External Links 230 11.4 Trust Patterns 234 11.5 Legacy Systems 237 11.6 Structural Defenses 239 11.7 Security Evaluations 242 12 Selecting Software 246 12.1 The Quality Problem 246 12.2 Selecting Software Wisely 250 13 Keeping Software Up to Date 256 13.1 Holes and Patches 256 13.2 The Problem with Patches 259 13.3 How to Patch 260 14 People 264 14.1 Employees, Training, and Education 265 14.2 Users 268 14.3 Social Engineering 270 14.4 Usability 273 14.5 The Human Element 280 15 System Administration 284 15.1 Sysadmins: Your Most Important Security Resource 284 15.2 Steering the Right Path 286 15.3 System Administration Tools and Infrastructure 289 15.4 Outsourcing System Administration 292 15.5 The Dark Side Is Powerful 293 16 Security Process 296 16.1 Planning 296 16.2 Security Policies 297 16.3 Logging and Reporting 300 16.4 Incident Response 304 IV: The Future 308 17 Case Studies 310 17.1 A Small Medical Practice 310 17.2 An E-Commerce Site 312 17.3 A Cryptographic Weakness 315 17.4 The Internet of Things 318 18 Doing Security Properly 326 18.1 Obsolescence 326 18.2 New Devices 327 18.3 New Threats 328 18.4 New Defenses 329 18.5 Thinking about Privacy 330 18.6 Putting It All Together 331 References 334 Index 372 A 372 B 374 C 375 D 377 E 378 F 379 G 380 H 380 I 381 J 382 K 383 L 383 M 384 N 385 O 386 P 386 Q 388 R 388 S 389 T 391 U 392 V 392 W 393 X 394 Y 394 Z 394 If you're a security or network professional, you already know the "do's and don'ts": run AV software and firewalls, lock down your systems, use encryption, watch network traffic, follow best practices, hire expensive consultants ... but it isn't working. You're at greater risk than ever, and even the world's most security-focused organizations are being victimized by massive attacks. In Thinking Security, author Steven M. Bellovin provides a new way to think about security. As one of the world's most respected security experts, Bellovin helps you gain new clarity about what you're doing and why you're doing it. He helps you understand security as a systems problem, including the role of the all-important human element, and shows you how to match your countermeasures to actual threats. You'll learn how to move beyond last year's checklists at a time when technology is changing so rapidly. You'll also understand how to design security architectures that don't just prevent attacks wherever possible, but also deal with the consequences of failures. And, within the context of your coherent architecture, you'll learn how to decide when to invest in a new security product and when not to. Bellovin, co-author of the best-selling Firewalls and Internet Security, caught his first hackers in 1971. Drawing on his deep experience, he shares actionable, up-to-date guidance on issues ranging from SSO and federated authentication to BYOD, virtualization, and cloud security. Perfect security is impossible. Nevertheless, it's possible to build and operate security systems far more effectively. Thinking Security will help you do just that.-- Provided by Publisher You already know the endless list of security "do's and don'ts": run AV software and firewalls, lock everything down, encrypt everything, watch all your network traffic, follow checklists But even if you're spending a fortune doing all that, you're at greater risk than ever: even the world's most security-focused organizations are being victimized by massive attacks
دانلود کتاب Thinking Security: Stopping Next Year's Hackers (Addison-Wesley Professional Computing Series)