With their rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. This hands-on book guides you through security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up. Developers, IT architects, and security professionals will learn cloud-specific techniques for securing popular cloud platforms such as Amazon Web Services, Microsoft Azure, and IBM Cloud. Chris Dotson—an IBM senior technical staff member—shows you how to establish data asset management, identity and access management, vulnerability management, network security, and incident response in your cloud environment.
Use ACI fabrics to drive unprecedented value from your data center environment With the Cisco Application Centric Infrastructure (ACI) software-defined networking platform, you can achieve dramatic improvements in data center performance, redundancy, security, visibility, efficiency, and agility. In Deploying ACI, three leading Cisco experts introduce this breakthrough platform, and walk network professionals through all facets of design, deployment, and operation. The authors demonstrate how ACI changes data center networking, security, and management; and offer multiple field-proven configurations. Deploying ACI is organized to follow the key decision points associated with implementing data center network fabrics. After a practical introduction to ACI concepts and design, the authors show how to bring your fabric online, integrate virtualization and external connections, and efficiently manage your ACI network. You’ll master new techniques for improving visibility, control, and availability; managing multitenancy; and seamlessly inserting service devices into application data flows. The authors conclude with expert advice for troubleshooting and automation, helping you deliver data center services with unprecedented efficiency. Understand the problems ACI solves,and how it solves them Design your ACI fabric, build it, and interface with devices to bring it to life Integrate virtualization technologieswith your ACI fabric Perform networking within an ACI fabric (and understand how ACI changes data center networking) Connect external networks and devices at Layer 2/Layer 3 levels Coherently manage unified ACI networks with tenants and application policies Migrate to granular policies based on applications and their functions Establish multitenancy, and evolve networking, security, and services to support it Integrate L4–7 services: device types, design scenarios, and implementation Use multisite designs to meet rigorous requirements for redundancy and business continuity Troubleshoot and monitor ACI fabrics Improve operational efficiency through automation and programmability
This book serves as a security practitioner's guide to today's most crucial issues in cyber security and IT infrastructure. It offers in-depth coverage of theory, technology, and practice as they relate to established technologies as well as recent advancements. It explores practical solutions to a wide range of cyber-physical and IT infrastructure protection issues. Composed of 11 chapters contributed by leading experts in their fields, this highly useful book covers disaster recovery, biometrics, homeland security, cyber warfare, cyber security, national infrastructure security, access controls, vulnerability assessments and audits, cryptography, and operational and organizational security, as well as an extensive glossary of security terms and acronyms. Written with instructors and students in mind, this book includes methods of analysis and problem-solving techniques through hands-on exercises and worked examples as well as questions and answers and the ability to implement practical solutions through real-life case studies. For example, the new format includes the following pedagogical elements: • Checklists throughout each chapter to gauge understanding • Chapter Review Questions/Exercises and Case Studies • Ancillaries: Solutions Manual; slide package; figure files This format will be attractive to universities and career schools as well as federal and state agencies, corporate security training programs, ASIS certification, etc. - Chapters by leaders in the field on theory and practice of cyber security and IT infrastructure protection, allowing the reader to develop a new level of technical expertise - Comprehensive and up-to-date coverage of cyber security issues allows the reader to remain current and fully informed from multiple viewpoints - Presents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions
This book describes cloud computing as a service that is "highly scalable" and operates in "a resilient environment". The authors emphasize architectural layers and models - but also business and security factors.
A scientific approach to the new field of critical infrastructure protection This book offers a unique scientific approach to the new field of critical infrastructure protection: it uses network theory, optimization theory, and simulation software to analyze and understand how infrastructure sectors evolve, where they are vulnerable, and how they can best be protected. The author demonstrates that infrastructure sectors as diverse as water, power, energy, telecommunications, and the Internet have remarkably similar structures. This observation leads to a rigorous approach to vulnerability analysis in all of these sectors. The analyst can then decide the best way to allocate limited funds to minimize risk, regardless of industry sector. The key question addressed in this timely book is: What should be protected and how? The author proposes that the answer lies in allocating a nation's scarce resources to the most critical components of each infra-structure--the so-called critical nodes. Using network theory as a foundation, readers learn how to identifya small handful of critical nodes and then allocate resources to reduce or eliminate risk across the entire sector. A comprehensive set of electronic media is provided on a CD-ROM in the back of the book that supports in-class and self-tutored instruction. Students can copy these professionally produced audio-video lectures onto a PC (Microsoft Windows(r) and Apple Macintosh(r) compatible) for repeated viewing at their own pace. Another unique feature of the book is the open-source software for demonstrating concepts and streamlining the math needed for vulnerability analysis. Updates, as well as a discussion forum, are available from www.CHDS.us. This book is essential for all corporate, government agency, and military professionals tasked with assessingvulnerability and developing and implementing protection systems. In addition, the book is recommended for upper-level undergraduate and graduate students studying national security, computing, and other disciplines where infrastructure security is an issue.
Reduce organizational cybersecurity risk and build comprehensive WiFi, private cellular, and IOT security solutions Wireless Security Architecture: Designing and Maintaining Secure Wireless for Enterprise offers readers an essential guide to planning, designing, and preserving secure wireless infrastructures. It is a blueprint to a resilient and compliant architecture that responds to regulatory requirements, reduces organizational risk, and conforms to industry best practices. This book emphasizes WiFi security, as well as guidance on private cellular and Internet of Things security. Readers will discover how to move beyond isolated technical certifications and vendor training and put together a coherent network that responds to contemporary security risks. It offers up-to-date coverage—including data published for the first time—of new WPA3 security, Wi-Fi 6E, zero-trust frameworks, and other emerging trends. It also includes: Concrete strategies suitable for organizations of all sizes, from large government agencies to small public and private companies Effective technical resources and real-world sample architectures Explorations of the relationships between security, wireless, and network elements Practical planning templates, guides, and real-world case studies demonstrating application of the included concepts Perfect for network, wireless, and enterprise security architects, Wireless Security Architecture belongs in the libraries of technical leaders in firms of all sizes and in any industry seeking to build a secure wireless network.
Discover the pillars of AWS infrastructure automation, starting with API-driven infrastructure concepts and its immediate benefits such as increased agility, automation of the infrastructure life cycle, and flexibility in experimenting with new architectures. With this base established, the book discusses infrastructure-as-code concepts in a general form, establishing principled outcomes such as security and reproducibility. Inescapably, we delve into how these concepts enable and underpin the DevOps movement. The Definitive Guide to AWS Infrastructure Automation begins by discussing services and tools that enable infrastructure-as-code solutions; first stop: AWS's CloudFormation service. You’ll then cover the ever-expanding ecosystem of tooling emerging in this space, including CloudFormation wrappers such as Troposphere and orchestrators such as Sceptre, to completely independent third-party tools such as Terraform and Pulumi. As a bonus, you’ll also work with AWS' newly-released CDK (Cloud Development Kit). You’ll then look at how to implement modular, robust, and extensible solutions across a few examples -- in the process building out each solution with several different tools to compare and contrast the strengths and weaknesses of each. By the end of the journey, you will have gained a wide knowledge of both the AWS-provided and third-party ecosystem of infrastructure-as-code/provisioning tools, and the strengths and weaknesses of each. You’ll possess a mental framework for how to craft an infrastructure-as-code solution to solve future problems based on examples discussed throughout the book. You’ll also have a demonstrable understanding of the hands-on operation of each tool, situational appropriateness of each tool, and how to leverage the tool day to day. What You Will Learn Discover the technological and organizational benefits to infrastructure-as-code solutions Examine the overall landscape of infrastructure-as-code tooling and solutions available to consumers of AWS services See the strengths and weaknesses of these tools relative to one another as examined through hands-on implementation of several solutions Gain hands-on experience, best practices, and tips and tricks learned through several years’ real-world experience delivering solutions using these very tools in a wide variety of scenarios Engineer solid solutions that leave room for new requirements and changes without requiring needless refactoring Who This Book Is For DevOps engineers, cloud engineers and architects focused on the AWS ecosystem, software engineers/developers working within the AWS ecosystem, and engineering leaders looking for best practices.
The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Implementation Tiers, and the Framework Profiles. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across sectors and critical infrastructure. Elements of the Core provide detailed guidance for developing individual organizational Profiles. Through use of Profiles, the Framework will help an organization to align and prioritize its cybersecurity activities with its business/mission requirements, risk tolerances, and resources. The Tiers provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk, which will help in prioritizing and achieving cybersecurity objectives.
New edition of the bestselling guide to Mastering Windows Server, updated to Windows Server 2022 with improved security, better platform flexibility, new windows admin center, upgraded Hyper-V manager and hybrid cloud support Key Features Develop necessary skills to design and implement Microsoft Server 2019 in enterprise environment Provide support to your medium to large enterprise and leverage your experience in administering Microsoft Server 2019 Effectively administering Windows server 2019 with the help of practical examples Book DescriptionMastering Windows Server 2019 – Second Edition covers all of the essential information needed to implement and utilize this latest-and-greatest platform as the core of your data center computing needs. You will begin by installing and managing Windows Server 2019, and by clearing up common points of confusion surrounding the versions and licensing of this new product. Centralized management, monitoring, and configuration of servers is key to an efficient IT department, and you will discover multiple methods for quickly managing all of your servers from a single pane of glass. To this end, you will spend time inside Server Manager, PowerShell, and even the new Windows Admin Center, formerly known as Project Honolulu. Even though this book is focused on Windows Server 2019 LTSC, we will still discuss containers and Nano Server, which are more commonly related to the SAC channel of the server platform, for a well-rounded exposition of all aspects of using Windows Server in your environment. We also discuss the various remote access technologies available in this operating system, as well as guidelines for virtualizing your data center with Hyper-V. By the end of this book, you will have all the ammunition required to start planning for, implementing, and managing Windows.What you will learn Work with the updated Windows Server 2019 interface, including Server Core and Windows Admin Center Secure your network and data with new technologies in Windows Server 2019 Learn about containers and understand the appropriate situations to use Nano Server Discover new ways to integrate your data center with Microsoft Azure Harden your Windows Servers to help keep the bad guys out Virtualize your data center with Hyper-V Who this book is for If you are a System Administrator or an IT professional interested in designing and deploying Windows Server 2019 then this book is for you. Previous experience of Windows Server operating systems and familiarity with networking concepts is required.
Conducted properly, information security risk assessments provide managers with the feedback needed to manage risk through the understanding of threats to corporate assets, determination of current control vulnerabilities, and appropriate safeguards selection. Performed incorrectly, they can provide the false sense of security that allows potential threats to develop into disastrous losses of proprietary information, capital, and corporate value. Picking up where its bestselling predecessors left off, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Third Edition gives you detailed instruction on how to conduct a security risk assessment effectively and efficiently, supplying wide-ranging coverage that includes security risk analysis, mitigation, and risk assessment reporting. The third edition has expanded coverage of essential topics, such as threat analysis, data gathering, risk analysis, and risk assessment methods, and added coverage of new topics essential for current assessment projects (e.g., cloud security, supply chain management, and security risk assessment methods). This handbook walks you through the process of conducting an effective security assessment, and it provides the tools, methods, and up-to-date understanding you need to select the security measures best suited to your organization. Trusted to assess security for small companies, leading organizations, and government agencies, including the CIA, NSA, and NATO, Douglas J. Landoll unveils the little-known tips, tricks, and techniques used by savvy security professionals in the field. It includes features on how to Better negotiate the scope and rigor of security assessments Effectively interface with security assessment teams Gain an improved understanding of final report recommendations Deliver insightful comments on draft reports This edition includes detailed guidance on gathering data and analyzes over 200 administrative, technical, and physical controls using the RIIOT data gathering method; introduces the RIIOT FRAME (risk assessment method), including hundreds of tables, over 70 new diagrams and figures, and over 80 exercises; and provides a detailed analysis of many of the popular security risk assessment methods in use today. The companion website (infosecurityrisk.com) provides downloads for checklists, spreadsheets, figures, and tools.
