Practical Cloud Security. 2nd Edition

(ebook) (audiobook) (audiobook)

Autor:: Chris Dotson

Practical Cloud Security. 2nd Edition Chris Dotson - okładka ebooka

Practical Cloud Security. 2nd Edition Chris Dotson - okładka audiobooka MP3

Practical Cloud Security. 2nd Edition Chris Dotson - okładka audiobooks CD

Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 230
Dostępne formaty:: ePub

Mobi

+160 pkt

Ebook (152,15 zł najniższa cena z 30 dni)

~~189,00 zł~~ (-15%)
160,65 zł

Dodaj do koszyka lub Kup na prezent
Kup 1-kliknięciem

( 152,15 zł najniższa cena z 30 dni)

Przenieś na półkę

Do przechowalni

With rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. In this updated second edition, you'll examine security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up.

Developers, IT architects, and security professionals will learn cloud-specific techniques for securing popular cloud platforms such as Amazon Web Services, Microsoft Azure, and IBM Cloud. IBM Distinguished Engineer Chris Dotson shows you how to establish data asset management, identity and access management (IAM), vulnerability management, network security, and incident response in your cloud environment.

Learn the latest threats and challenges in the cloud security space
Manage cloud providers that store or process data or deliver administrative control
Learn how standard principles and concepts—such as least privilege and defense in depth—apply in the cloud
Understand the critical role played by IAM in the cloud
Use best tactics for detecting, responding, and recovering from the most common security incidents
Manage various types of vulnerabilities, especially those common in multicloud or hybrid cloud architectures
Examine privileged access management in cloud environments

Wybrane bestsellery

Ebooka "Practical Cloud Security. 2nd Edition" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka "Practical Cloud Security. 2nd Edition" posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolnych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video "Practical Cloud Security. 2nd Edition" zobaczysz:

Oceny i opinie klientów: Practical Cloud Security. 2nd Edition Chris Dotson (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.

Szczegóły ebooka

ISBN Ebooka:: 978-10-981-4813-3, 9781098148133
Data wydania ebooka:: 2023-10-06 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
Język publikacji:: angielski
Rozmiar pliku ePub:: 4.7MB
Rozmiar pliku Mobi:: 9.1MB

Kategorie

Kliknij, aby zgłosić błędnie przypisaną kategorię »

Informatyka » Hacking » Bezpieczeństwo sieci

Spis treści ebooka

Preface
- Who Should Read This Book
- Navigating This Book
- Whats New in the Second Edition
- Conventions Used in This Book
- OReilly Online Learning Platform
- How to Contact Us
- Acknowledgments
1. Principles and Concepts
- Least Privilege
- Defense in Depth
- Zero Trust
- Threat Actors, Diagrams, and Trust Boundaries
- Cloud Service Delivery Models
- The Cloud Shared Responsibility Model
- Risk Management
- Conclusion
- Exercises
2. Data Asset Management and Protection
- Data Identification and Classification
  - Example Data Classification Levels
  - Relevant Industry or Regulatory Requirements
- Data Asset Management in the Cloud
- Tagging Cloud Resources
- Protecting Data in the Cloud
  - Tokenization
  - Encryption
    - Confidential computing
    - Encryption of data at rest
      - Key management
      - Server-side and client-side encryption
      - Cryptographic erasure
    - How encryption foils different types of attacks
      - Disk-level encryption
      - Platform-level encryption
      - Application-level encryption
- Conclusion
- Exercises
3. Cloud Asset Management and Protection
- Differences from Traditional IT
- Types of Cloud Assets
  - Compute Assets
    - Virtual machines
    - Containers
      - Native container model
      - Mini-VM container model
      - Container orchestration systems
    - Application Platform as a Service
    - Serverless functions
  - Storage Assets
    - Block storage
    - File storage
    - Object storage
    - Images
    - Cloud databases
    - Message queues
    - Configuration storage
    - Secrets configuration storage
    - Encryption key storage
    - Certificate storage
    - Source code repositories and deployment pipelines
  - Network Assets
    - Virtual private clouds and subnets
    - Content delivery networks
    - DNS records
    - TLS certificates
    - Load balancers, reverse proxies, and web application firewalls
- Asset Management Pipeline
  - Procurement Leaks
  - Processing Leaks
  - Tooling Leaks
  - Findings Leaks
- Tagging Cloud Assets
- Conclusion
- Exercises
4. Identity and Access Management
- Differences from Traditional IT
- Life Cycle for Identity and Access
- Request
- Approve
- Create, Delete, Grant, or Revoke
- Authentication
  - Cloud IAM Identities
  - Business-to-Consumer and Business-to-Employee
  - Multi-Factor Authentication
  - Passwords, Passphrases, and API Keys
  - Shared IDs
  - Federated Identity
  - Single Sign-On
    - SAML and OIDC
    - SSO with legacy applications
  - Instance Metadata and Identity Documents
  - Secrets Management
- Authorization
  - Centralized Authorization
  - Roles
- Revalidate
- Putting It All Together in the Sample Application
- Conclusion
- Exercises
5. Vulnerability Management
- Differences from Traditional IT
- Vulnerable Areas
  - Data Access
  - Application
  - Middleware
  - Operating System
  - Network
  - Virtualized Infrastructure
  - Physical Infrastructure
- Finding and Fixing Vulnerabilities
  - Network Vulnerability Scanners
  - Agentless Scanners and Configuration Management Systems
  - Agent-Based Scanners and Configuration Management Systems
    - Credentials
    - Deployment
    - Network
    - Least privilege
    - Choosing an agent-based or agentless scanner
  - Cloud Workload Protection Platforms
  - Container Scanners
  - Dynamic Application Scanners (DAST)
  - Static Application Scanners (SAST)
  - Software Composition Analysis Tools (SCA)
  - Interactive Application Scanners (IAST)
  - Runtime Application Self-Protection Scanners (RASP)
  - Manual Code Reviews
  - Penetration Tests
  - User Reports
  - Example Tools for Vulnerability and Configuration Management
- Risk Management Processes
- Vulnerability Management Metrics
  - Tool Coverage
  - Mean Time to Remediate
  - Systems/Applications with Open Vulnerabilities
  - Percentage of False Positives
  - Percentage of False Negatives
  - Vulnerability Recurrence Rate
- Change Management
- Putting It All Together in the Sample Application
- Conclusion
- Exercises
6. Network Security
- Differences from Traditional IT
- Concepts and Definitions
  - Zero Trust Networking
  - Allowlists and Denylists
  - DMZs
  - Proxies
  - Software-Defined Networking
  - Network Functions Virtualization
  - Overlay Networks and Encapsulation
  - Virtual Private Clouds
  - Network Address Translation
  - IPv6
- Network Defense in Action in the Sample Application
  - Encryption in Motion
  - Firewalls and Network Segmentation
    - Perimeter control
    - Internal segmentation
    - Security groups
    - Service endpoints
    - Container firewalling and network segmentation
  - Allowing Administrative Access
    - Bastion hosts
    - Virtual private networks
    - Site-to-site VPNs
    - Client-to-site VPNs
  - Network Defense Tools
    - Web application firewalls
    - RASP modules
    - Anti-DDoS
    - Intrusion detection and prevention systems
  - Egress Filtering
  - Data Loss Prevention
- Conclusion
- Exercises
7. Detecting, Responding to, and Recovering from Security Incidents
- Differences from Traditional IT
- What to Watch
  - Privileged User Access
  - Logs from Defensive Tooling
    - Anti-DDoS
    - Web application firewalls
    - Firewalls and intrusion detection systems
    - Antivirus
    - Detection and response tools
    - File integrity monitoring
    - Cloud provider monitoring tools
  - Cloud Service Logs and Metrics
  - Operating System Logs and Metrics
  - Middleware Logs
  - Secrets Server
  - Your Application
- How to Watch
  - Aggregation and Retention
  - Parsing Logs
  - Searching and Correlation
  - Alerting and Automated Response
  - Security Information and Event Managers
  - Threat Hunting
- Preparing for an Incident
  - Team
  - Plans
  - Tools
- Responding to an Incident
  - Cyber Kill Chains and MITRE ATT&CK
  - The OODA Loop
  - Cloud Forensics
  - Blocking Unauthorized Access
  - Stopping Data Exfiltration and Command and Control
- Recovery
  - Redeploying IT Systems
  - Notifications
  - Lessons Learned
- Example Metrics
- Example Tools for Detection, Response, and Recovery
- Detection and Response in a Sample Application
  - Monitoring the Protective Systems
  - Monitoring the Application
  - Monitoring the Administrators
  - Understanding the Auditing Infrastructure
- Conclusion
- Exercises
A. Exercise Solutions
- Chapter 1
- Chapter 2
- Chapter 3
- Chapter 4
- Chapter 5
- Chapter 6
- Chapter 7
Index

pokaż cały spis treści

Practical Cloud Security. 2nd Edition

Ebook (152,15 zł najniższa cena z 30 dni)

Najczęściej kupowane razem