Cargando…
Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles.
Modern day businesses and enterprises are moving to cloud simply to improve efficiency and speed, achieve flexibility and cost-effectiveness, and for on-demand cloud services. However, enterprise cloud security remains a major concern for many businesses because migrating to the public cloud require...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Otros Autores: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing,
2017.
|
| Temas: | |
| Acceso en línea: | Texto completo |
MARC
| LEADER | 00000cam a2200000Mi 4500 | ||
|---|---|---|---|
| 001 | EBSCO_on1020033203 | ||
| 003 | OCoLC | ||
| 005 | 20231017213018.0 | ||
| 006 | m o d | ||
| 007 | cr |n|---||||| | ||
| 008 | 180120s2017 enk o 000 0 eng d | ||
| 040 | |a EBLCP |b eng |e pn |c EBLCP |d NLE |d MERUC |d IDB |d COO |d UOK |d OCLCQ |d WYU |d LVT |d UKAHL |d RDF |d OCLCO |d OCLCF |d N$T |d UKMGB |d OCLCO |d OCLCQ |d OCLCO | ||
| 015 | |a GBC1L4788 |2 bnb | ||
| 016 | 7 | |a 018690488 |2 Uk | |
| 020 | |a 1788298519 | ||
| 020 | |a 9781788298513 |q (electronic bk.) | ||
| 020 | |z 9781788299558 |q print | ||
| 029 | 1 | |a UKMGB |b 018690488 | |
| 035 | |a (OCoLC)1020033203 | ||
| 037 | |a 9781788298513 |b Packt Publishing | ||
| 050 | 4 | |a QA76.585 |b .V673 2017eb | |
| 082 | 0 | 4 | |a 004.6782 |2 23 |
| 049 | |a UAMI | ||
| 100 | 1 | |a Vora, Zeal. | |
| 245 | 1 | 0 | |a Enterprise Cloud Security and Governance : |b Efficiently set data protection and privacy principles. |
| 260 | |a Birmingham : |b Packt Publishing, |c 2017. | ||
| 300 | |a 1 online resource (406 pages) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 588 | 0 | |a Print version record. | |
| 520 | |a Modern day businesses and enterprises are moving to cloud simply to improve efficiency and speed, achieve flexibility and cost-effectiveness, and for on-demand cloud services. However, enterprise cloud security remains a major concern for many businesses because migrating to the public cloud requires transferring some control over ... | ||
| 505 | 0 | |a Cover -- Copyright -- Credits -- About the Author -- About the Reviewer -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: The Fundamentals of Cloud Security -- Getting started -- Service models -- Software as a service -- Platform as a service -- Infrastructure as a service -- Deployment models -- Cloud security -- Why is cloud security considered hard? -- Our security posture -- Virtualization -- cloud's best friend -- Understanding the ring architecture -- Hardware virtualization -- Full virtualization with binary translation -- Paravirtualization -- Hardware-assisted virtualization -- Distributed architecture in virtualization -- Enterprise virtualization with oVirt -- Encapsulation -- Point in time snapshots -- Isolation -- Risk assessment in cloud -- Service Level Agreement -- Business Continuity Planning -- Disaster Recovery (BCP/DR) -- Business Continuity Planning -- Disaster Recovery -- Recovery Time Objective -- Recovery Point Objective -- Relation between RTO and RPO -- Real world use case of Disaster Recovery -- Use case to understand BCP/DR -- Policies and governance in cloud -- Audit challenges in the cloud -- Implementation challenges for controls on CSP side -- Vulnerability assessment and penetration testing in the cloud -- Use case of a hacked server -- Summary -- Chapter 2: Defense in Depth Approach -- The CIA triad -- Confidentiality -- Integrity -- Availability -- A use case -- Understanding all three aspects -- The use case -- Introducing Defense in Depth -- First layer -- network layer -- Second layer -- platform layer -- Third layer -- application layer -- Fourth layer -- data layer -- Fifth layer -- response layer -- Summary -- Chapter 3: Designing Defensive Network Infrastructure -- Why do we need cryptography? -- The TCP/IP model -- Scenario -- The Network Transport Layer. | |
| 505 | 8 | |a The Internet Protocol Layer -- The Transport Layer -- The Application Layer -- Firewalls -- How a firewall works? -- How does a firewall inspect packets? -- 3-way handshake -- Modes of firewall -- Stateful packet inspection -- Stateless packet inspection -- Architecting firewall rules -- The deny all and allow some approach -- The allow all and deny some approach -- Firewall justification document -- A sample firewall justification document -- Inbound rules -- Outbound rules -- Tracking firewall changes with alarms -- Best practices -- Application layer security -- Intrusion Prevention Systems -- Overview architecture of IPS -- IPS in a cloud environment -- Implementing IPS in the cloud -- Deep Security -- Anti-malware -- Application control -- The IPS functionality -- A real-world example -- Implementation -- Advantages that IPS will bring to a cloud environment -- A web application firewall -- Architecture -- Implementation -- Network segmentation -- Understanding a flat network -- Segmented network -- Network segmentation in cloud environments -- Segmentation in cloud environments -- Rule of thumb -- Accessing management -- Bastion hosts -- The workings of bastion hosts -- The workings of SSH agent forwarding -- Practical implementation of bastion hosts -- Security of bastion hosts -- Benefits of bastion hosts -- Disadvantages of bastion hosts -- Virtual Private Network -- Routes -- after VPN is connected -- Installation of OpenVPN -- Security for VPN -- Recommended tools for VPN -- Approaching private hosted zones for DNS -- Public hosted zones -- Private hosted zones -- Challenge -- Solution -- Summary -- Chapter 4: Server Hardening -- The basic principle of host-based security -- Keeping systems up-to-date -- The Windows update methodology -- The Linux update methodology -- Using the security functionality of YUM. | |
| 505 | 8 | |a Approach for automatic security updates installation -- Developing a process to update servers regularly -- Knowledge base -- Challenges on a larger scale -- Partitioning and LUKS -- Partitioning schemes -- A separate partition for /boot -- A separate partition for /tmp -- A separate partition for /home -- Conclusion -- LUKS -- Introduction to LUKS -- Solution -- Conclusion -- Access control list -- Use case -- Introduction to Access Control List -- Set ACL -- Show ACL -- Special permissions in Linux -- SUID -- Use case for SUID -- Understanding the permission associated with ping -- Setting a SUID bit for files -- Removing the SUID bit for files -- SETGID -- Associating the SGID for files -- SELinux -- Introduction to SELinux -- Permission sets in SELinux -- SELinux modes -- Confinement of Linux users to SELinux users -- Process confinement -- Conclusion -- Hardening system services and applications -- Hardening services -- Guide for hardening SSH -- Enable multi-factor authentication -- Associated configuration -- Changing the SSH default port -- Associate configuration -- Disabling the root login -- Associated configuration -- Conclusion -- Pluggable authentication modules -- Team Screen application -- File Sharing Application -- Understanding PAM -- The architecture of PAM -- The PAM configuration -- The PAM command structure -- Implementation scenario -- Forcing strong passwords -- Log all user commands -- Conclusion -- System auditing with auditd -- Introduction to auditd -- Use case 1 -- tracking activity of important files -- Use case -- Solution -- First field -- Use case 2 -- monitoring system calls -- Introduction to system calls -- Use case -- Solution -- Conclusion -- Conclusion -- Central identity server -- Use Case 1 -- Use case 2 -- The architecture of IPA -- Client-server architecture -- User access management. | |
| 505 | 8 | |a Best practices to follow -- Conclusion -- Single sign-on -- Idea solution -- Advantages of an SSO solution -- Challenges in the classic method of authentication -- Security Assertion Markup Language -- The high-level overview of working -- Choosing the right identity provider -- Building an SSO from scratch -- Hosted Based Intrusion Detection System -- Exploring OSSEC -- File integrity monitoring -- Log monitoring and active response -- Conclusion -- The hardened image approach -- Implementing hardening standards in scalable environments -- Important to remember -- Conclusion -- Summary -- Chapter 5: Cryptography Network Security -- Introduction to cryptography -- Integrity -- Authenticity -- Real world scenario -- Non-repudiation -- Types of cryptography -- Symmetric key cryptography -- Stream cipher -- The encryption process -- The decryption process -- Advantages of stream ciphers -- Block cipher (AES) -- Padding -- Modes of block ciphers -- Message authentication codes -- The MAC approach -- The challenges with symmetric key storage -- Hardware security modules -- The challenges with HSM in on-premise -- A real-world scenario -- HSM on the cloud -- CloudHSM -- Key management service -- The basic working of AWS KMS -- Encrypting a function in KMS -- Decrypting a function in KMS -- Implementation -- Practical guide -- Configuring AWS CLI -- The decryption function -- Envelope encryption -- The encryption process -- The decryption process -- Implementation steps -- Practical implementation of envelope encryption -- Credential management system with KMS -- Implementation -- Best practices in key management -- Rotation life cycle for encryption keys -- Scenario 1-a single key for all data encryption -- Scenario 2-multiple keys for data encryption -- Protecting the access keys -- Audit trail is important -- Asymmetric key encryption. | |
| 505 | 8 | |a The basic working -- Authentication with the help of an asymmetric key -- Digital signatures -- The benefits and use cases of a digital signature -- SSL/TLS -- Scenario 1 -- A man-in-the-middle attack-storing credentials -- Scenario 2 -- A man-in-the-middle attack-integrity attacks -- Working of SSL/TLS -- Client Hello -- Server Hello -- Certificate -- Server key exchange -- Server Hello done -- Client key exchange -- Change cipher spec -- Security related to SSL/TLS -- Grading TLS configuration with SSL Labs -- Default Settings -- Perfect forward secrecy -- Implementation of perfect forward secrecy in nginx -- HTTP Strict Transport Security -- Implementing HSTS in nginx -- Verifying the integrity of a certificate -- Online certificate status protocol -- OCSP stapling -- Challenge 1 -- Challenge 2 -- An ideal solution -- Architecture -- Implementing TLS termination at the ELB level -- Selecting cipher suites -- Importing certificate -- AWS certificate manager -- Use case 1 -- Use case 2 -- Introduction to AWS Certificate Manager -- Summary -- Chapter 6: Automation in Security -- Configuration management -- Ansible -- Remote command execution -- The structure of the Ansible playbook -- Playbook for SSH hardening -- Running Ansible in dry mode -- Run and rerun and rerun -- Ansible mode of operations -- Ansible pull -- Attaining the desired state with Ansible pull -- Auditing servers with Ansible notifications -- The Ansible Vault -- Deploying the nginx Web Server -- Solution -- Ansible best practices -- Terraform -- Infrastructure migration -- Installing Terraform -- Working with Terraform -- Integrating Terraform with Ansible -- Terraform best practices -- AWS Lambda -- Cost optimization -- Achieving a use case through AWS Lambda -- Testing the Lambda function -- Start EC2 function -- Integrating the Lambda function with events -- Summary. | |
| 590 | |a eBooks on EBSCOhost |b EBSCO eBook Subscription Academic Collection - Worldwide | ||
| 650 | 0 | |a Cloud computing |x Security measures. | |
| 650 | 0 | |a Computer networks |x Security measures. | |
| 650 | 6 | |a Infonuagique |x Sécurité |x Mesures. | |
| 650 | 6 | |a Réseaux d'ordinateurs |x Sécurité |x Mesures. | |
| 650 | 7 | |a Computer networking & communications. |2 bicssc | |
| 650 | 7 | |a Cloud computing. |2 bicssc | |
| 650 | 7 | |a Computer systems back-up & data recovery. |2 bicssc | |
| 650 | 7 | |a Privacy & data protection. |2 bicssc | |
| 650 | 7 | |a Computers |x System Administration |x Disaster & Recovery. |2 bisacsh | |
| 650 | 7 | |a Computers |x Internet |x Security. |2 bisacsh | |
| 650 | 7 | |a Computer networks |x Security measures |2 fast | |
| 700 | 1 | |a Pruteanu, Adrian. | |
| 776 | 0 | 8 | |i Print version: |a Vora, Zeal. |t Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles. |d Birmingham : Packt Publishing, ©2017 |z 9781788299558 |
| 856 | 4 | 0 | |u https://ebsco.uam.elogim.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1682406 |z Texto completo |
| 938 | |a Askews and Holts Library Services |b ASKH |n BDZ0036146226 | ||
| 938 | |a EBL - Ebook Library |b EBLB |n EBL5216128 | ||
| 938 | |a EBSCOhost |b EBSC |n 1682406 | ||
| 994 | |a 92 |b IZTAP | ||