Enterprise Cloud Security and Governance :: Efficiently set data protection and privacy principles.
Modern day businesses and enterprises are moving to cloud simply to improve efficiency and speed, achieve flexibility and cost-effectiveness, and for on-demand cloud services. However, enterprise cloud security remains a major concern for many businesses because migrating to the public cloud require...
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Weitere Verfasser: | |
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Birmingham :
Packt Publishing,
2017.
|
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Zusammenfassung: | Modern day businesses and enterprises are moving to cloud simply to improve efficiency and speed, achieve flexibility and cost-effectiveness, and for on-demand cloud services. However, enterprise cloud security remains a major concern for many businesses because migrating to the public cloud requires transferring some control over ... |
| Beschreibung: | 1 online resource (406 pages) |
| ISBN: | 1788298519 9781788298513 |
Internformat
MARC
| LEADER | 00000cam a2200000Mi 4500 | ||
|---|---|---|---|
| 001 | ZDB-4-EBA-on1020033203 | ||
| 003 | OCoLC | ||
| 005 | 20241004212047.0 | ||
| 006 | m o d | ||
| 007 | cr |n|---||||| | ||
| 008 | 180120s2017 enk o 000 0 eng d | ||
| 040 | |a EBLCP |b eng |e pn |c EBLCP |d NLE |d MERUC |d IDB |d COO |d UOK |d OCLCQ |d WYU |d LVT |d UKAHL |d RDF |d OCLCO |d OCLCF |d N$T |d UKMGB |d OCLCO |d OCLCQ |d OCLCO |d OCLCL | ||
| 015 | |a GBC1L4788 |2 bnb | ||
| 016 | 7 | |a 018690488 |2 Uk | |
| 020 | |a 1788298519 | ||
| 020 | |a 9781788298513 |q (electronic bk.) | ||
| 020 | |z 9781788299558 |q print | ||
| 035 | |a (OCoLC)1020033203 | ||
| 037 | |a 9781788298513 |b Packt Publishing | ||
| 050 | 4 | |a QA76.585 |b .V673 2017eb | |
| 082 | 7 | |a 004.6782 |2 23 | |
| 049 | |a MAIN | ||
| 100 | 1 | |a Vora, Zeal. | |
| 245 | 1 | 0 | |a Enterprise Cloud Security and Governance : |b Efficiently set data protection and privacy principles. |
| 260 | |a Birmingham : |b Packt Publishing, |c 2017. | ||
| 300 | |a 1 online resource (406 pages) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 588 | 0 | |a Print version record. | |
| 520 | |a Modern day businesses and enterprises are moving to cloud simply to improve efficiency and speed, achieve flexibility and cost-effectiveness, and for on-demand cloud services. However, enterprise cloud security remains a major concern for many businesses because migrating to the public cloud requires transferring some control over ... | ||
| 505 | 0 | |a Cover -- Copyright -- Credits -- About the Author -- About the Reviewer -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: The Fundamentals of Cloud Security -- Getting started -- Service models -- Software as a service -- Platform as a service -- Infrastructure as a service -- Deployment models -- Cloud security -- Why is cloud security considered hard? -- Our security posture -- Virtualization -- cloud's best friend -- Understanding the ring architecture -- Hardware virtualization -- Full virtualization with binary translation -- Paravirtualization -- Hardware-assisted virtualization -- Distributed architecture in virtualization -- Enterprise virtualization with oVirt -- Encapsulation -- Point in time snapshots -- Isolation -- Risk assessment in cloud -- Service Level Agreement -- Business Continuity Planning -- Disaster Recovery (BCP/DR) -- Business Continuity Planning -- Disaster Recovery -- Recovery Time Objective -- Recovery Point Objective -- Relation between RTO and RPO -- Real world use case of Disaster Recovery -- Use case to understand BCP/DR -- Policies and governance in cloud -- Audit challenges in the cloud -- Implementation challenges for controls on CSP side -- Vulnerability assessment and penetration testing in the cloud -- Use case of a hacked server -- Summary -- Chapter 2: Defense in Depth Approach -- The CIA triad -- Confidentiality -- Integrity -- Availability -- A use case -- Understanding all three aspects -- The use case -- Introducing Defense in Depth -- First layer -- network layer -- Second layer -- platform layer -- Third layer -- application layer -- Fourth layer -- data layer -- Fifth layer -- response layer -- Summary -- Chapter 3: Designing Defensive Network Infrastructure -- Why do we need cryptography? -- The TCP/IP model -- Scenario -- The Network Transport Layer. | |
| 505 | 8 | |a The Internet Protocol Layer -- The Transport Layer -- The Application Layer -- Firewalls -- How a firewall works? -- How does a firewall inspect packets? -- 3-way handshake -- Modes of firewall -- Stateful packet inspection -- Stateless packet inspection -- Architecting firewall rules -- The deny all and allow some approach -- The allow all and deny some approach -- Firewall justification document -- A sample firewall justification document -- Inbound rules -- Outbound rules -- Tracking firewall changes with alarms -- Best practices -- Application layer security -- Intrusion Prevention Systems -- Overview architecture of IPS -- IPS in a cloud environment -- Implementing IPS in the cloud -- Deep Security -- Anti-malware -- Application control -- The IPS functionality -- A real-world example -- Implementation -- Advantages that IPS will bring to a cloud environment -- A web application firewall -- Architecture -- Implementation -- Network segmentation -- Understanding a flat network -- Segmented network -- Network segmentation in cloud environments -- Segmentation in cloud environments -- Rule of thumb -- Accessing management -- Bastion hosts -- The workings of bastion hosts -- The workings of SSH agent forwarding -- Practical implementation of bastion hosts -- Security of bastion hosts -- Benefits of bastion hosts -- Disadvantages of bastion hosts -- Virtual Private Network -- Routes -- after VPN is connected -- Installation of OpenVPN -- Security for VPN -- Recommended tools for VPN -- Approaching private hosted zones for DNS -- Public hosted zones -- Private hosted zones -- Challenge -- Solution -- Summary -- Chapter 4: Server Hardening -- The basic principle of host-based security -- Keeping systems up-to-date -- The Windows update methodology -- The Linux update methodology -- Using the security functionality of YUM. | |
| 505 | 8 | |a Approach for automatic security updates installation -- Developing a process to update servers regularly -- Knowledge base -- Challenges on a larger scale -- Partitioning and LUKS -- Partitioning schemes -- A separate partition for /boot -- A separate partition for /tmp -- A separate partition for /home -- Conclusion -- LUKS -- Introduction to LUKS -- Solution -- Conclusion -- Access control list -- Use case -- Introduction to Access Control List -- Set ACL -- Show ACL -- Special permissions in Linux -- SUID -- Use case for SUID -- Understanding the permission associated with ping -- Setting a SUID bit for files -- Removing the SUID bit for files -- SETGID -- Associating the SGID for files -- SELinux -- Introduction to SELinux -- Permission sets in SELinux -- SELinux modes -- Confinement of Linux users to SELinux users -- Process confinement -- Conclusion -- Hardening system services and applications -- Hardening services -- Guide for hardening SSH -- Enable multi-factor authentication -- Associated configuration -- Changing the SSH default port -- Associate configuration -- Disabling the root login -- Associated configuration -- Conclusion -- Pluggable authentication modules -- Team Screen application -- File Sharing Application -- Understanding PAM -- The architecture of PAM -- The PAM configuration -- The PAM command structure -- Implementation scenario -- Forcing strong passwords -- Log all user commands -- Conclusion -- System auditing with auditd -- Introduction to auditd -- Use case 1 -- tracking activity of important files -- Use case -- Solution -- First field -- Use case 2 -- monitoring system calls -- Introduction to system calls -- Use case -- Solution -- Conclusion -- Conclusion -- Central identity server -- Use Case 1 -- Use case 2 -- The architecture of IPA -- Client-server architecture -- User access management. | |
| 505 | 8 | |a Best practices to follow -- Conclusion -- Single sign-on -- Idea solution -- Advantages of an SSO solution -- Challenges in the classic method of authentication -- Security Assertion Markup Language -- The high-level overview of working -- Choosing the right identity provider -- Building an SSO from scratch -- Hosted Based Intrusion Detection System -- Exploring OSSEC -- File integrity monitoring -- Log monitoring and active response -- Conclusion -- The hardened image approach -- Implementing hardening standards in scalable environments -- Important to remember -- Conclusion -- Summary -- Chapter 5: Cryptography Network Security -- Introduction to cryptography -- Integrity -- Authenticity -- Real world scenario -- Non-repudiation -- Types of cryptography -- Symmetric key cryptography -- Stream cipher -- The encryption process -- The decryption process -- Advantages of stream ciphers -- Block cipher (AES) -- Padding -- Modes of block ciphers -- Message authentication codes -- The MAC approach -- The challenges with symmetric key storage -- Hardware security modules -- The challenges with HSM in on-premise -- A real-world scenario -- HSM on the cloud -- CloudHSM -- Key management service -- The basic working of AWS KMS -- Encrypting a function in KMS -- Decrypting a function in KMS -- Implementation -- Practical guide -- Configuring AWS CLI -- The decryption function -- Envelope encryption -- The encryption process -- The decryption process -- Implementation steps -- Practical implementation of envelope encryption -- Credential management system with KMS -- Implementation -- Best practices in key management -- Rotation life cycle for encryption keys -- Scenario 1-a single key for all data encryption -- Scenario 2-multiple keys for data encryption -- Protecting the access keys -- Audit trail is important -- Asymmetric key encryption. | |
| 505 | 8 | |a The basic working -- Authentication with the help of an asymmetric key -- Digital signatures -- The benefits and use cases of a digital signature -- SSL/TLS -- Scenario 1 -- A man-in-the-middle attack-storing credentials -- Scenario 2 -- A man-in-the-middle attack-integrity attacks -- Working of SSL/TLS -- Client Hello -- Server Hello -- Certificate -- Server key exchange -- Server Hello done -- Client key exchange -- Change cipher spec -- Security related to SSL/TLS -- Grading TLS configuration with SSL Labs -- Default Settings -- Perfect forward secrecy -- Implementation of perfect forward secrecy in nginx -- HTTP Strict Transport Security -- Implementing HSTS in nginx -- Verifying the integrity of a certificate -- Online certificate status protocol -- OCSP stapling -- Challenge 1 -- Challenge 2 -- An ideal solution -- Architecture -- Implementing TLS termination at the ELB level -- Selecting cipher suites -- Importing certificate -- AWS certificate manager -- Use case 1 -- Use case 2 -- Introduction to AWS Certificate Manager -- Summary -- Chapter 6: Automation in Security -- Configuration management -- Ansible -- Remote command execution -- The structure of the Ansible playbook -- Playbook for SSH hardening -- Running Ansible in dry mode -- Run and rerun and rerun -- Ansible mode of operations -- Ansible pull -- Attaining the desired state with Ansible pull -- Auditing servers with Ansible notifications -- The Ansible Vault -- Deploying the nginx Web Server -- Solution -- Ansible best practices -- Terraform -- Infrastructure migration -- Installing Terraform -- Working with Terraform -- Integrating Terraform with Ansible -- Terraform best practices -- AWS Lambda -- Cost optimization -- Achieving a use case through AWS Lambda -- Testing the Lambda function -- Start EC2 function -- Integrating the Lambda function with events -- Summary. | |
| 650 | 0 | |a Cloud computing |x Security measures. | |
| 650 | 0 | |a Computer networks |x Security measures. |0 http://id.loc.gov/authorities/subjects/sh94001277 | |
| 650 | 6 | |a Infonuagique |x Sécurité |x Mesures. | |
| 650 | 6 | |a Réseaux d'ordinateurs |x Sécurité |x Mesures. | |
| 650 | 7 | |a Computer networking & communications. |2 bicssc | |
| 650 | 7 | |a Cloud computing. |2 bicssc | |
| 650 | 7 | |a Computer systems back-up & data recovery. |2 bicssc | |
| 650 | 7 | |a Privacy & data protection. |2 bicssc | |
| 650 | 7 | |a Computers |x System Administration |x Disaster & Recovery. |2 bisacsh | |
| 650 | 7 | |a Computers |x Internet |x Security. |2 bisacsh | |
| 650 | 7 | |a Computer networks |x Security measures |2 fast | |
| 700 | 1 | |a Pruteanu, Adrian. | |
| 758 | |i has work: |a Enterprise Cloud Security and Governance (Text) |1 https://id.oclc.org/worldcat/entity/E39PCXkXWkWRFqj6wJPkyhBrjd |4 https://id.oclc.org/worldcat/ontology/hasWork | ||
| 776 | 0 | 8 | |i Print version: |a Vora, Zeal. |t Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles. |d Birmingham : Packt Publishing, ©2017 |z 9781788299558 |
| 856 | 4 | 0 | |l FWS01 |p ZDB-4-EBA |q FWS_PDA_EBA |u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1682406 |3 Volltext |
| 938 | |a Askews and Holts Library Services |b ASKH |n BDZ0036146226 | ||
| 938 | |a EBL - Ebook Library |b EBLB |n EBL5216128 | ||
| 938 | |a EBSCOhost |b EBSC |n 1682406 | ||
| 994 | |a 92 |b GEBAY | ||
| 912 | |a ZDB-4-EBA | ||
| 049 | |a DE-863 | ||
Datensatz im Suchindex
| DE-BY-FWS_katkey | ZDB-4-EBA-on1020033203 |
|---|---|
| _version_ | 1816882411072389120 |
| adam_text | |
| any_adam_object | |
| author | Vora, Zeal |
| author2 | Pruteanu, Adrian |
| author2_role | |
| author2_variant | a p ap |
| author_facet | Vora, Zeal Pruteanu, Adrian |
| author_role | |
| author_sort | Vora, Zeal |
| author_variant | z v zv |
| building | Verbundindex |
| bvnumber | localFWS |
| callnumber-first | Q - Science |
| callnumber-label | QA76 |
| callnumber-raw | QA76.585 .V673 2017eb |
| callnumber-search | QA76.585 .V673 2017eb |
| callnumber-sort | QA 276.585 V673 42017EB |
| callnumber-subject | QA - Mathematics |
| collection | ZDB-4-EBA |
| contents | Cover -- Copyright -- Credits -- About the Author -- About the Reviewer -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: The Fundamentals of Cloud Security -- Getting started -- Service models -- Software as a service -- Platform as a service -- Infrastructure as a service -- Deployment models -- Cloud security -- Why is cloud security considered hard? -- Our security posture -- Virtualization -- cloud's best friend -- Understanding the ring architecture -- Hardware virtualization -- Full virtualization with binary translation -- Paravirtualization -- Hardware-assisted virtualization -- Distributed architecture in virtualization -- Enterprise virtualization with oVirt -- Encapsulation -- Point in time snapshots -- Isolation -- Risk assessment in cloud -- Service Level Agreement -- Business Continuity Planning -- Disaster Recovery (BCP/DR) -- Business Continuity Planning -- Disaster Recovery -- Recovery Time Objective -- Recovery Point Objective -- Relation between RTO and RPO -- Real world use case of Disaster Recovery -- Use case to understand BCP/DR -- Policies and governance in cloud -- Audit challenges in the cloud -- Implementation challenges for controls on CSP side -- Vulnerability assessment and penetration testing in the cloud -- Use case of a hacked server -- Summary -- Chapter 2: Defense in Depth Approach -- The CIA triad -- Confidentiality -- Integrity -- Availability -- A use case -- Understanding all three aspects -- The use case -- Introducing Defense in Depth -- First layer -- network layer -- Second layer -- platform layer -- Third layer -- application layer -- Fourth layer -- data layer -- Fifth layer -- response layer -- Summary -- Chapter 3: Designing Defensive Network Infrastructure -- Why do we need cryptography? -- The TCP/IP model -- Scenario -- The Network Transport Layer. The Internet Protocol Layer -- The Transport Layer -- The Application Layer -- Firewalls -- How a firewall works? -- How does a firewall inspect packets? -- 3-way handshake -- Modes of firewall -- Stateful packet inspection -- Stateless packet inspection -- Architecting firewall rules -- The deny all and allow some approach -- The allow all and deny some approach -- Firewall justification document -- A sample firewall justification document -- Inbound rules -- Outbound rules -- Tracking firewall changes with alarms -- Best practices -- Application layer security -- Intrusion Prevention Systems -- Overview architecture of IPS -- IPS in a cloud environment -- Implementing IPS in the cloud -- Deep Security -- Anti-malware -- Application control -- The IPS functionality -- A real-world example -- Implementation -- Advantages that IPS will bring to a cloud environment -- A web application firewall -- Architecture -- Implementation -- Network segmentation -- Understanding a flat network -- Segmented network -- Network segmentation in cloud environments -- Segmentation in cloud environments -- Rule of thumb -- Accessing management -- Bastion hosts -- The workings of bastion hosts -- The workings of SSH agent forwarding -- Practical implementation of bastion hosts -- Security of bastion hosts -- Benefits of bastion hosts -- Disadvantages of bastion hosts -- Virtual Private Network -- Routes -- after VPN is connected -- Installation of OpenVPN -- Security for VPN -- Recommended tools for VPN -- Approaching private hosted zones for DNS -- Public hosted zones -- Private hosted zones -- Challenge -- Solution -- Summary -- Chapter 4: Server Hardening -- The basic principle of host-based security -- Keeping systems up-to-date -- The Windows update methodology -- The Linux update methodology -- Using the security functionality of YUM. Approach for automatic security updates installation -- Developing a process to update servers regularly -- Knowledge base -- Challenges on a larger scale -- Partitioning and LUKS -- Partitioning schemes -- A separate partition for /boot -- A separate partition for /tmp -- A separate partition for /home -- Conclusion -- LUKS -- Introduction to LUKS -- Solution -- Conclusion -- Access control list -- Use case -- Introduction to Access Control List -- Set ACL -- Show ACL -- Special permissions in Linux -- SUID -- Use case for SUID -- Understanding the permission associated with ping -- Setting a SUID bit for files -- Removing the SUID bit for files -- SETGID -- Associating the SGID for files -- SELinux -- Introduction to SELinux -- Permission sets in SELinux -- SELinux modes -- Confinement of Linux users to SELinux users -- Process confinement -- Conclusion -- Hardening system services and applications -- Hardening services -- Guide for hardening SSH -- Enable multi-factor authentication -- Associated configuration -- Changing the SSH default port -- Associate configuration -- Disabling the root login -- Associated configuration -- Conclusion -- Pluggable authentication modules -- Team Screen application -- File Sharing Application -- Understanding PAM -- The architecture of PAM -- The PAM configuration -- The PAM command structure -- Implementation scenario -- Forcing strong passwords -- Log all user commands -- Conclusion -- System auditing with auditd -- Introduction to auditd -- Use case 1 -- tracking activity of important files -- Use case -- Solution -- First field -- Use case 2 -- monitoring system calls -- Introduction to system calls -- Use case -- Solution -- Conclusion -- Conclusion -- Central identity server -- Use Case 1 -- Use case 2 -- The architecture of IPA -- Client-server architecture -- User access management. Best practices to follow -- Conclusion -- Single sign-on -- Idea solution -- Advantages of an SSO solution -- Challenges in the classic method of authentication -- Security Assertion Markup Language -- The high-level overview of working -- Choosing the right identity provider -- Building an SSO from scratch -- Hosted Based Intrusion Detection System -- Exploring OSSEC -- File integrity monitoring -- Log monitoring and active response -- Conclusion -- The hardened image approach -- Implementing hardening standards in scalable environments -- Important to remember -- Conclusion -- Summary -- Chapter 5: Cryptography Network Security -- Introduction to cryptography -- Integrity -- Authenticity -- Real world scenario -- Non-repudiation -- Types of cryptography -- Symmetric key cryptography -- Stream cipher -- The encryption process -- The decryption process -- Advantages of stream ciphers -- Block cipher (AES) -- Padding -- Modes of block ciphers -- Message authentication codes -- The MAC approach -- The challenges with symmetric key storage -- Hardware security modules -- The challenges with HSM in on-premise -- A real-world scenario -- HSM on the cloud -- CloudHSM -- Key management service -- The basic working of AWS KMS -- Encrypting a function in KMS -- Decrypting a function in KMS -- Implementation -- Practical guide -- Configuring AWS CLI -- The decryption function -- Envelope encryption -- The encryption process -- The decryption process -- Implementation steps -- Practical implementation of envelope encryption -- Credential management system with KMS -- Implementation -- Best practices in key management -- Rotation life cycle for encryption keys -- Scenario 1-a single key for all data encryption -- Scenario 2-multiple keys for data encryption -- Protecting the access keys -- Audit trail is important -- Asymmetric key encryption. The basic working -- Authentication with the help of an asymmetric key -- Digital signatures -- The benefits and use cases of a digital signature -- SSL/TLS -- Scenario 1 -- A man-in-the-middle attack-storing credentials -- Scenario 2 -- A man-in-the-middle attack-integrity attacks -- Working of SSL/TLS -- Client Hello -- Server Hello -- Certificate -- Server key exchange -- Server Hello done -- Client key exchange -- Change cipher spec -- Security related to SSL/TLS -- Grading TLS configuration with SSL Labs -- Default Settings -- Perfect forward secrecy -- Implementation of perfect forward secrecy in nginx -- HTTP Strict Transport Security -- Implementing HSTS in nginx -- Verifying the integrity of a certificate -- Online certificate status protocol -- OCSP stapling -- Challenge 1 -- Challenge 2 -- An ideal solution -- Architecture -- Implementing TLS termination at the ELB level -- Selecting cipher suites -- Importing certificate -- AWS certificate manager -- Use case 1 -- Use case 2 -- Introduction to AWS Certificate Manager -- Summary -- Chapter 6: Automation in Security -- Configuration management -- Ansible -- Remote command execution -- The structure of the Ansible playbook -- Playbook for SSH hardening -- Running Ansible in dry mode -- Run and rerun and rerun -- Ansible mode of operations -- Ansible pull -- Attaining the desired state with Ansible pull -- Auditing servers with Ansible notifications -- The Ansible Vault -- Deploying the nginx Web Server -- Solution -- Ansible best practices -- Terraform -- Infrastructure migration -- Installing Terraform -- Working with Terraform -- Integrating Terraform with Ansible -- Terraform best practices -- AWS Lambda -- Cost optimization -- Achieving a use case through AWS Lambda -- Testing the Lambda function -- Start EC2 function -- Integrating the Lambda function with events -- Summary. |
| ctrlnum | (OCoLC)1020033203 |
| dewey-full | 004.6782 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 004 - Computer science |
| dewey-raw | 004.6782 |
| dewey-search | 004.6782 |
| dewey-sort | 14.6782 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>12253cam a2200625Mi 4500</leader><controlfield tag="001">ZDB-4-EBA-on1020033203</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr |n|---|||||</controlfield><controlfield tag="008">180120s2017 enk o 000 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">EBLCP</subfield><subfield code="b">eng</subfield><subfield code="e">pn</subfield><subfield code="c">EBLCP</subfield><subfield code="d">NLE</subfield><subfield code="d">MERUC</subfield><subfield code="d">IDB</subfield><subfield code="d">COO</subfield><subfield code="d">UOK</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">WYU</subfield><subfield code="d">LVT</subfield><subfield code="d">UKAHL</subfield><subfield code="d">RDF</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCF</subfield><subfield code="d">N$T</subfield><subfield code="d">UKMGB</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCL</subfield></datafield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">GBC1L4788</subfield><subfield code="2">bnb</subfield></datafield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">018690488</subfield><subfield code="2">Uk</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1788298519</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781788298513</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781788299558</subfield><subfield code="q">print</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1020033203</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">9781788298513</subfield><subfield code="b">Packt Publishing</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">QA76.585</subfield><subfield code="b">.V673 2017eb</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">004.6782</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Vora, Zeal.</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Enterprise Cloud Security and Governance :</subfield><subfield code="b">Efficiently set data protection and privacy principles.</subfield></datafield><datafield tag="260" ind1=" " ind2=" "><subfield code="a">Birmingham :</subfield><subfield code="b">Packt Publishing,</subfield><subfield code="c">2017.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (406 pages)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Print version record.</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Modern day businesses and enterprises are moving to cloud simply to improve efficiency and speed, achieve flexibility and cost-effectiveness, and for on-demand cloud services. However, enterprise cloud security remains a major concern for many businesses because migrating to the public cloud requires transferring some control over ...</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Cover -- Copyright -- Credits -- About the Author -- About the Reviewer -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: The Fundamentals of Cloud Security -- Getting started -- Service models -- Software as a service -- Platform as a service -- Infrastructure as a service -- Deployment models -- Cloud security -- Why is cloud security considered hard? -- Our security posture -- Virtualization -- cloud's best friend -- Understanding the ring architecture -- Hardware virtualization -- Full virtualization with binary translation -- Paravirtualization -- Hardware-assisted virtualization -- Distributed architecture in virtualization -- Enterprise virtualization with oVirt -- Encapsulation -- Point in time snapshots -- Isolation -- Risk assessment in cloud -- Service Level Agreement -- Business Continuity Planning -- Disaster Recovery (BCP/DR) -- Business Continuity Planning -- Disaster Recovery -- Recovery Time Objective -- Recovery Point Objective -- Relation between RTO and RPO -- Real world use case of Disaster Recovery -- Use case to understand BCP/DR -- Policies and governance in cloud -- Audit challenges in the cloud -- Implementation challenges for controls on CSP side -- Vulnerability assessment and penetration testing in the cloud -- Use case of a hacked server -- Summary -- Chapter 2: Defense in Depth Approach -- The CIA triad -- Confidentiality -- Integrity -- Availability -- A use case -- Understanding all three aspects -- The use case -- Introducing Defense in Depth -- First layer -- network layer -- Second layer -- platform layer -- Third layer -- application layer -- Fourth layer -- data layer -- Fifth layer -- response layer -- Summary -- Chapter 3: Designing Defensive Network Infrastructure -- Why do we need cryptography? -- The TCP/IP model -- Scenario -- The Network Transport Layer.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">The Internet Protocol Layer -- The Transport Layer -- The Application Layer -- Firewalls -- How a firewall works? -- How does a firewall inspect packets? -- 3-way handshake -- Modes of firewall -- Stateful packet inspection -- Stateless packet inspection -- Architecting firewall rules -- The deny all and allow some approach -- The allow all and deny some approach -- Firewall justification document -- A sample firewall justification document -- Inbound rules -- Outbound rules -- Tracking firewall changes with alarms -- Best practices -- Application layer security -- Intrusion Prevention Systems -- Overview architecture of IPS -- IPS in a cloud environment -- Implementing IPS in the cloud -- Deep Security -- Anti-malware -- Application control -- The IPS functionality -- A real-world example -- Implementation -- Advantages that IPS will bring to a cloud environment -- A web application firewall -- Architecture -- Implementation -- Network segmentation -- Understanding a flat network -- Segmented network -- Network segmentation in cloud environments -- Segmentation in cloud environments -- Rule of thumb -- Accessing management -- Bastion hosts -- The workings of bastion hosts -- The workings of SSH agent forwarding -- Practical implementation of bastion hosts -- Security of bastion hosts -- Benefits of bastion hosts -- Disadvantages of bastion hosts -- Virtual Private Network -- Routes -- after VPN is connected -- Installation of OpenVPN -- Security for VPN -- Recommended tools for VPN -- Approaching private hosted zones for DNS -- Public hosted zones -- Private hosted zones -- Challenge -- Solution -- Summary -- Chapter 4: Server Hardening -- The basic principle of host-based security -- Keeping systems up-to-date -- The Windows update methodology -- The Linux update methodology -- Using the security functionality of YUM.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Approach for automatic security updates installation -- Developing a process to update servers regularly -- Knowledge base -- Challenges on a larger scale -- Partitioning and LUKS -- Partitioning schemes -- A separate partition for /boot -- A separate partition for /tmp -- A separate partition for /home -- Conclusion -- LUKS -- Introduction to LUKS -- Solution -- Conclusion -- Access control list -- Use case -- Introduction to Access Control List -- Set ACL -- Show ACL -- Special permissions in Linux -- SUID -- Use case for SUID -- Understanding the permission associated with ping -- Setting a SUID bit for files -- Removing the SUID bit for files -- SETGID -- Associating the SGID for files -- SELinux -- Introduction to SELinux -- Permission sets in SELinux -- SELinux modes -- Confinement of Linux users to SELinux users -- Process confinement -- Conclusion -- Hardening system services and applications -- Hardening services -- Guide for hardening SSH -- Enable multi-factor authentication -- Associated configuration -- Changing the SSH default port -- Associate configuration -- Disabling the root login -- Associated configuration -- Conclusion -- Pluggable authentication modules -- Team Screen application -- File Sharing Application -- Understanding PAM -- The architecture of PAM -- The PAM configuration -- The PAM command structure -- Implementation scenario -- Forcing strong passwords -- Log all user commands -- Conclusion -- System auditing with auditd -- Introduction to auditd -- Use case 1 -- tracking activity of important files -- Use case -- Solution -- First field -- Use case 2 -- monitoring system calls -- Introduction to system calls -- Use case -- Solution -- Conclusion -- Conclusion -- Central identity server -- Use Case 1 -- Use case 2 -- The architecture of IPA -- Client-server architecture -- User access management.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Best practices to follow -- Conclusion -- Single sign-on -- Idea solution -- Advantages of an SSO solution -- Challenges in the classic method of authentication -- Security Assertion Markup Language -- The high-level overview of working -- Choosing the right identity provider -- Building an SSO from scratch -- Hosted Based Intrusion Detection System -- Exploring OSSEC -- File integrity monitoring -- Log monitoring and active response -- Conclusion -- The hardened image approach -- Implementing hardening standards in scalable environments -- Important to remember -- Conclusion -- Summary -- Chapter 5: Cryptography Network Security -- Introduction to cryptography -- Integrity -- Authenticity -- Real world scenario -- Non-repudiation -- Types of cryptography -- Symmetric key cryptography -- Stream cipher -- The encryption process -- The decryption process -- Advantages of stream ciphers -- Block cipher (AES) -- Padding -- Modes of block ciphers -- Message authentication codes -- The MAC approach -- The challenges with symmetric key storage -- Hardware security modules -- The challenges with HSM in on-premise -- A real-world scenario -- HSM on the cloud -- CloudHSM -- Key management service -- The basic working of AWS KMS -- Encrypting a function in KMS -- Decrypting a function in KMS -- Implementation -- Practical guide -- Configuring AWS CLI -- The decryption function -- Envelope encryption -- The encryption process -- The decryption process -- Implementation steps -- Practical implementation of envelope encryption -- Credential management system with KMS -- Implementation -- Best practices in key management -- Rotation life cycle for encryption keys -- Scenario 1-a single key for all data encryption -- Scenario 2-multiple keys for data encryption -- Protecting the access keys -- Audit trail is important -- Asymmetric key encryption.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">The basic working -- Authentication with the help of an asymmetric key -- Digital signatures -- The benefits and use cases of a digital signature -- SSL/TLS -- Scenario 1 -- A man-in-the-middle attack-storing credentials -- Scenario 2 -- A man-in-the-middle attack-integrity attacks -- Working of SSL/TLS -- Client Hello -- Server Hello -- Certificate -- Server key exchange -- Server Hello done -- Client key exchange -- Change cipher spec -- Security related to SSL/TLS -- Grading TLS configuration with SSL Labs -- Default Settings -- Perfect forward secrecy -- Implementation of perfect forward secrecy in nginx -- HTTP Strict Transport Security -- Implementing HSTS in nginx -- Verifying the integrity of a certificate -- Online certificate status protocol -- OCSP stapling -- Challenge 1 -- Challenge 2 -- An ideal solution -- Architecture -- Implementing TLS termination at the ELB level -- Selecting cipher suites -- Importing certificate -- AWS certificate manager -- Use case 1 -- Use case 2 -- Introduction to AWS Certificate Manager -- Summary -- Chapter 6: Automation in Security -- Configuration management -- Ansible -- Remote command execution -- The structure of the Ansible playbook -- Playbook for SSH hardening -- Running Ansible in dry mode -- Run and rerun and rerun -- Ansible mode of operations -- Ansible pull -- Attaining the desired state with Ansible pull -- Auditing servers with Ansible notifications -- The Ansible Vault -- Deploying the nginx Web Server -- Solution -- Ansible best practices -- Terraform -- Infrastructure migration -- Installing Terraform -- Working with Terraform -- Integrating Terraform with Ansible -- Terraform best practices -- AWS Lambda -- Cost optimization -- Achieving a use case through AWS Lambda -- Testing the Lambda function -- Start EC2 function -- Integrating the Lambda function with events -- Summary.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Cloud computing</subfield><subfield code="x">Security measures.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh94001277</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Infonuagique</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Réseaux d'ordinateurs</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networking & communications.</subfield><subfield code="2">bicssc</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Cloud computing.</subfield><subfield code="2">bicssc</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer systems back-up & data recovery.</subfield><subfield code="2">bicssc</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Privacy & data protection.</subfield><subfield code="2">bicssc</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computers</subfield><subfield code="x">System Administration</subfield><subfield code="x">Disaster & Recovery.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computers</subfield><subfield code="x">Internet</subfield><subfield code="x">Security.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Pruteanu, Adrian.</subfield></datafield><datafield tag="758" ind1=" " ind2=" "><subfield code="i">has work:</subfield><subfield code="a">Enterprise Cloud Security and Governance (Text)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCXkXWkWRFqj6wJPkyhBrjd</subfield><subfield code="4">https://id.oclc.org/worldcat/ontology/hasWork</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="a">Vora, Zeal.</subfield><subfield code="t">Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles.</subfield><subfield code="d">Birmingham : Packt Publishing, ©2017</subfield><subfield code="z">9781788299558</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1682406</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">Askews and Holts Library Services</subfield><subfield code="b">ASKH</subfield><subfield code="n">BDZ0036146226</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBL - Ebook Library</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL5216128</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">1682406</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection> |
| id | ZDB-4-EBA-on1020033203 |
| illustrated | Not Illustrated |
| indexdate | 2024-11-27T13:28:11Z |
| institution | BVB |
| isbn | 1788298519 9781788298513 |
| language | English |
| oclc_num | 1020033203 |
| open_access_boolean | |
| owner | MAIN DE-863 DE-BY-FWS |
| owner_facet | MAIN DE-863 DE-BY-FWS |
| physical | 1 online resource (406 pages) |
| psigel | ZDB-4-EBA |
| publishDate | 2017 |
| publishDateSearch | 2017 |
| publishDateSort | 2017 |
| publisher | Packt Publishing, |
| record_format | marc |
| spelling | Vora, Zeal. Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles. Birmingham : Packt Publishing, 2017. 1 online resource (406 pages) text txt rdacontent computer c rdamedia online resource cr rdacarrier Print version record. Modern day businesses and enterprises are moving to cloud simply to improve efficiency and speed, achieve flexibility and cost-effectiveness, and for on-demand cloud services. However, enterprise cloud security remains a major concern for many businesses because migrating to the public cloud requires transferring some control over ... Cover -- Copyright -- Credits -- About the Author -- About the Reviewer -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: The Fundamentals of Cloud Security -- Getting started -- Service models -- Software as a service -- Platform as a service -- Infrastructure as a service -- Deployment models -- Cloud security -- Why is cloud security considered hard? -- Our security posture -- Virtualization -- cloud's best friend -- Understanding the ring architecture -- Hardware virtualization -- Full virtualization with binary translation -- Paravirtualization -- Hardware-assisted virtualization -- Distributed architecture in virtualization -- Enterprise virtualization with oVirt -- Encapsulation -- Point in time snapshots -- Isolation -- Risk assessment in cloud -- Service Level Agreement -- Business Continuity Planning -- Disaster Recovery (BCP/DR) -- Business Continuity Planning -- Disaster Recovery -- Recovery Time Objective -- Recovery Point Objective -- Relation between RTO and RPO -- Real world use case of Disaster Recovery -- Use case to understand BCP/DR -- Policies and governance in cloud -- Audit challenges in the cloud -- Implementation challenges for controls on CSP side -- Vulnerability assessment and penetration testing in the cloud -- Use case of a hacked server -- Summary -- Chapter 2: Defense in Depth Approach -- The CIA triad -- Confidentiality -- Integrity -- Availability -- A use case -- Understanding all three aspects -- The use case -- Introducing Defense in Depth -- First layer -- network layer -- Second layer -- platform layer -- Third layer -- application layer -- Fourth layer -- data layer -- Fifth layer -- response layer -- Summary -- Chapter 3: Designing Defensive Network Infrastructure -- Why do we need cryptography? -- The TCP/IP model -- Scenario -- The Network Transport Layer. The Internet Protocol Layer -- The Transport Layer -- The Application Layer -- Firewalls -- How a firewall works? -- How does a firewall inspect packets? -- 3-way handshake -- Modes of firewall -- Stateful packet inspection -- Stateless packet inspection -- Architecting firewall rules -- The deny all and allow some approach -- The allow all and deny some approach -- Firewall justification document -- A sample firewall justification document -- Inbound rules -- Outbound rules -- Tracking firewall changes with alarms -- Best practices -- Application layer security -- Intrusion Prevention Systems -- Overview architecture of IPS -- IPS in a cloud environment -- Implementing IPS in the cloud -- Deep Security -- Anti-malware -- Application control -- The IPS functionality -- A real-world example -- Implementation -- Advantages that IPS will bring to a cloud environment -- A web application firewall -- Architecture -- Implementation -- Network segmentation -- Understanding a flat network -- Segmented network -- Network segmentation in cloud environments -- Segmentation in cloud environments -- Rule of thumb -- Accessing management -- Bastion hosts -- The workings of bastion hosts -- The workings of SSH agent forwarding -- Practical implementation of bastion hosts -- Security of bastion hosts -- Benefits of bastion hosts -- Disadvantages of bastion hosts -- Virtual Private Network -- Routes -- after VPN is connected -- Installation of OpenVPN -- Security for VPN -- Recommended tools for VPN -- Approaching private hosted zones for DNS -- Public hosted zones -- Private hosted zones -- Challenge -- Solution -- Summary -- Chapter 4: Server Hardening -- The basic principle of host-based security -- Keeping systems up-to-date -- The Windows update methodology -- The Linux update methodology -- Using the security functionality of YUM. Approach for automatic security updates installation -- Developing a process to update servers regularly -- Knowledge base -- Challenges on a larger scale -- Partitioning and LUKS -- Partitioning schemes -- A separate partition for /boot -- A separate partition for /tmp -- A separate partition for /home -- Conclusion -- LUKS -- Introduction to LUKS -- Solution -- Conclusion -- Access control list -- Use case -- Introduction to Access Control List -- Set ACL -- Show ACL -- Special permissions in Linux -- SUID -- Use case for SUID -- Understanding the permission associated with ping -- Setting a SUID bit for files -- Removing the SUID bit for files -- SETGID -- Associating the SGID for files -- SELinux -- Introduction to SELinux -- Permission sets in SELinux -- SELinux modes -- Confinement of Linux users to SELinux users -- Process confinement -- Conclusion -- Hardening system services and applications -- Hardening services -- Guide for hardening SSH -- Enable multi-factor authentication -- Associated configuration -- Changing the SSH default port -- Associate configuration -- Disabling the root login -- Associated configuration -- Conclusion -- Pluggable authentication modules -- Team Screen application -- File Sharing Application -- Understanding PAM -- The architecture of PAM -- The PAM configuration -- The PAM command structure -- Implementation scenario -- Forcing strong passwords -- Log all user commands -- Conclusion -- System auditing with auditd -- Introduction to auditd -- Use case 1 -- tracking activity of important files -- Use case -- Solution -- First field -- Use case 2 -- monitoring system calls -- Introduction to system calls -- Use case -- Solution -- Conclusion -- Conclusion -- Central identity server -- Use Case 1 -- Use case 2 -- The architecture of IPA -- Client-server architecture -- User access management. Best practices to follow -- Conclusion -- Single sign-on -- Idea solution -- Advantages of an SSO solution -- Challenges in the classic method of authentication -- Security Assertion Markup Language -- The high-level overview of working -- Choosing the right identity provider -- Building an SSO from scratch -- Hosted Based Intrusion Detection System -- Exploring OSSEC -- File integrity monitoring -- Log monitoring and active response -- Conclusion -- The hardened image approach -- Implementing hardening standards in scalable environments -- Important to remember -- Conclusion -- Summary -- Chapter 5: Cryptography Network Security -- Introduction to cryptography -- Integrity -- Authenticity -- Real world scenario -- Non-repudiation -- Types of cryptography -- Symmetric key cryptography -- Stream cipher -- The encryption process -- The decryption process -- Advantages of stream ciphers -- Block cipher (AES) -- Padding -- Modes of block ciphers -- Message authentication codes -- The MAC approach -- The challenges with symmetric key storage -- Hardware security modules -- The challenges with HSM in on-premise -- A real-world scenario -- HSM on the cloud -- CloudHSM -- Key management service -- The basic working of AWS KMS -- Encrypting a function in KMS -- Decrypting a function in KMS -- Implementation -- Practical guide -- Configuring AWS CLI -- The decryption function -- Envelope encryption -- The encryption process -- The decryption process -- Implementation steps -- Practical implementation of envelope encryption -- Credential management system with KMS -- Implementation -- Best practices in key management -- Rotation life cycle for encryption keys -- Scenario 1-a single key for all data encryption -- Scenario 2-multiple keys for data encryption -- Protecting the access keys -- Audit trail is important -- Asymmetric key encryption. The basic working -- Authentication with the help of an asymmetric key -- Digital signatures -- The benefits and use cases of a digital signature -- SSL/TLS -- Scenario 1 -- A man-in-the-middle attack-storing credentials -- Scenario 2 -- A man-in-the-middle attack-integrity attacks -- Working of SSL/TLS -- Client Hello -- Server Hello -- Certificate -- Server key exchange -- Server Hello done -- Client key exchange -- Change cipher spec -- Security related to SSL/TLS -- Grading TLS configuration with SSL Labs -- Default Settings -- Perfect forward secrecy -- Implementation of perfect forward secrecy in nginx -- HTTP Strict Transport Security -- Implementing HSTS in nginx -- Verifying the integrity of a certificate -- Online certificate status protocol -- OCSP stapling -- Challenge 1 -- Challenge 2 -- An ideal solution -- Architecture -- Implementing TLS termination at the ELB level -- Selecting cipher suites -- Importing certificate -- AWS certificate manager -- Use case 1 -- Use case 2 -- Introduction to AWS Certificate Manager -- Summary -- Chapter 6: Automation in Security -- Configuration management -- Ansible -- Remote command execution -- The structure of the Ansible playbook -- Playbook for SSH hardening -- Running Ansible in dry mode -- Run and rerun and rerun -- Ansible mode of operations -- Ansible pull -- Attaining the desired state with Ansible pull -- Auditing servers with Ansible notifications -- The Ansible Vault -- Deploying the nginx Web Server -- Solution -- Ansible best practices -- Terraform -- Infrastructure migration -- Installing Terraform -- Working with Terraform -- Integrating Terraform with Ansible -- Terraform best practices -- AWS Lambda -- Cost optimization -- Achieving a use case through AWS Lambda -- Testing the Lambda function -- Start EC2 function -- Integrating the Lambda function with events -- Summary. Cloud computing Security measures. Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Infonuagique Sécurité Mesures. Réseaux d'ordinateurs Sécurité Mesures. Computer networking & communications. bicssc Cloud computing. bicssc Computer systems back-up & data recovery. bicssc Privacy & data protection. bicssc Computers System Administration Disaster & Recovery. bisacsh Computers Internet Security. bisacsh Computer networks Security measures fast Pruteanu, Adrian. has work: Enterprise Cloud Security and Governance (Text) https://id.oclc.org/worldcat/entity/E39PCXkXWkWRFqj6wJPkyhBrjd https://id.oclc.org/worldcat/ontology/hasWork Print version: Vora, Zeal. Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles. Birmingham : Packt Publishing, ©2017 9781788299558 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1682406 Volltext |
| spellingShingle | Vora, Zeal Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles. Cover -- Copyright -- Credits -- About the Author -- About the Reviewer -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: The Fundamentals of Cloud Security -- Getting started -- Service models -- Software as a service -- Platform as a service -- Infrastructure as a service -- Deployment models -- Cloud security -- Why is cloud security considered hard? -- Our security posture -- Virtualization -- cloud's best friend -- Understanding the ring architecture -- Hardware virtualization -- Full virtualization with binary translation -- Paravirtualization -- Hardware-assisted virtualization -- Distributed architecture in virtualization -- Enterprise virtualization with oVirt -- Encapsulation -- Point in time snapshots -- Isolation -- Risk assessment in cloud -- Service Level Agreement -- Business Continuity Planning -- Disaster Recovery (BCP/DR) -- Business Continuity Planning -- Disaster Recovery -- Recovery Time Objective -- Recovery Point Objective -- Relation between RTO and RPO -- Real world use case of Disaster Recovery -- Use case to understand BCP/DR -- Policies and governance in cloud -- Audit challenges in the cloud -- Implementation challenges for controls on CSP side -- Vulnerability assessment and penetration testing in the cloud -- Use case of a hacked server -- Summary -- Chapter 2: Defense in Depth Approach -- The CIA triad -- Confidentiality -- Integrity -- Availability -- A use case -- Understanding all three aspects -- The use case -- Introducing Defense in Depth -- First layer -- network layer -- Second layer -- platform layer -- Third layer -- application layer -- Fourth layer -- data layer -- Fifth layer -- response layer -- Summary -- Chapter 3: Designing Defensive Network Infrastructure -- Why do we need cryptography? -- The TCP/IP model -- Scenario -- The Network Transport Layer. The Internet Protocol Layer -- The Transport Layer -- The Application Layer -- Firewalls -- How a firewall works? -- How does a firewall inspect packets? -- 3-way handshake -- Modes of firewall -- Stateful packet inspection -- Stateless packet inspection -- Architecting firewall rules -- The deny all and allow some approach -- The allow all and deny some approach -- Firewall justification document -- A sample firewall justification document -- Inbound rules -- Outbound rules -- Tracking firewall changes with alarms -- Best practices -- Application layer security -- Intrusion Prevention Systems -- Overview architecture of IPS -- IPS in a cloud environment -- Implementing IPS in the cloud -- Deep Security -- Anti-malware -- Application control -- The IPS functionality -- A real-world example -- Implementation -- Advantages that IPS will bring to a cloud environment -- A web application firewall -- Architecture -- Implementation -- Network segmentation -- Understanding a flat network -- Segmented network -- Network segmentation in cloud environments -- Segmentation in cloud environments -- Rule of thumb -- Accessing management -- Bastion hosts -- The workings of bastion hosts -- The workings of SSH agent forwarding -- Practical implementation of bastion hosts -- Security of bastion hosts -- Benefits of bastion hosts -- Disadvantages of bastion hosts -- Virtual Private Network -- Routes -- after VPN is connected -- Installation of OpenVPN -- Security for VPN -- Recommended tools for VPN -- Approaching private hosted zones for DNS -- Public hosted zones -- Private hosted zones -- Challenge -- Solution -- Summary -- Chapter 4: Server Hardening -- The basic principle of host-based security -- Keeping systems up-to-date -- The Windows update methodology -- The Linux update methodology -- Using the security functionality of YUM. Approach for automatic security updates installation -- Developing a process to update servers regularly -- Knowledge base -- Challenges on a larger scale -- Partitioning and LUKS -- Partitioning schemes -- A separate partition for /boot -- A separate partition for /tmp -- A separate partition for /home -- Conclusion -- LUKS -- Introduction to LUKS -- Solution -- Conclusion -- Access control list -- Use case -- Introduction to Access Control List -- Set ACL -- Show ACL -- Special permissions in Linux -- SUID -- Use case for SUID -- Understanding the permission associated with ping -- Setting a SUID bit for files -- Removing the SUID bit for files -- SETGID -- Associating the SGID for files -- SELinux -- Introduction to SELinux -- Permission sets in SELinux -- SELinux modes -- Confinement of Linux users to SELinux users -- Process confinement -- Conclusion -- Hardening system services and applications -- Hardening services -- Guide for hardening SSH -- Enable multi-factor authentication -- Associated configuration -- Changing the SSH default port -- Associate configuration -- Disabling the root login -- Associated configuration -- Conclusion -- Pluggable authentication modules -- Team Screen application -- File Sharing Application -- Understanding PAM -- The architecture of PAM -- The PAM configuration -- The PAM command structure -- Implementation scenario -- Forcing strong passwords -- Log all user commands -- Conclusion -- System auditing with auditd -- Introduction to auditd -- Use case 1 -- tracking activity of important files -- Use case -- Solution -- First field -- Use case 2 -- monitoring system calls -- Introduction to system calls -- Use case -- Solution -- Conclusion -- Conclusion -- Central identity server -- Use Case 1 -- Use case 2 -- The architecture of IPA -- Client-server architecture -- User access management. Best practices to follow -- Conclusion -- Single sign-on -- Idea solution -- Advantages of an SSO solution -- Challenges in the classic method of authentication -- Security Assertion Markup Language -- The high-level overview of working -- Choosing the right identity provider -- Building an SSO from scratch -- Hosted Based Intrusion Detection System -- Exploring OSSEC -- File integrity monitoring -- Log monitoring and active response -- Conclusion -- The hardened image approach -- Implementing hardening standards in scalable environments -- Important to remember -- Conclusion -- Summary -- Chapter 5: Cryptography Network Security -- Introduction to cryptography -- Integrity -- Authenticity -- Real world scenario -- Non-repudiation -- Types of cryptography -- Symmetric key cryptography -- Stream cipher -- The encryption process -- The decryption process -- Advantages of stream ciphers -- Block cipher (AES) -- Padding -- Modes of block ciphers -- Message authentication codes -- The MAC approach -- The challenges with symmetric key storage -- Hardware security modules -- The challenges with HSM in on-premise -- A real-world scenario -- HSM on the cloud -- CloudHSM -- Key management service -- The basic working of AWS KMS -- Encrypting a function in KMS -- Decrypting a function in KMS -- Implementation -- Practical guide -- Configuring AWS CLI -- The decryption function -- Envelope encryption -- The encryption process -- The decryption process -- Implementation steps -- Practical implementation of envelope encryption -- Credential management system with KMS -- Implementation -- Best practices in key management -- Rotation life cycle for encryption keys -- Scenario 1-a single key for all data encryption -- Scenario 2-multiple keys for data encryption -- Protecting the access keys -- Audit trail is important -- Asymmetric key encryption. The basic working -- Authentication with the help of an asymmetric key -- Digital signatures -- The benefits and use cases of a digital signature -- SSL/TLS -- Scenario 1 -- A man-in-the-middle attack-storing credentials -- Scenario 2 -- A man-in-the-middle attack-integrity attacks -- Working of SSL/TLS -- Client Hello -- Server Hello -- Certificate -- Server key exchange -- Server Hello done -- Client key exchange -- Change cipher spec -- Security related to SSL/TLS -- Grading TLS configuration with SSL Labs -- Default Settings -- Perfect forward secrecy -- Implementation of perfect forward secrecy in nginx -- HTTP Strict Transport Security -- Implementing HSTS in nginx -- Verifying the integrity of a certificate -- Online certificate status protocol -- OCSP stapling -- Challenge 1 -- Challenge 2 -- An ideal solution -- Architecture -- Implementing TLS termination at the ELB level -- Selecting cipher suites -- Importing certificate -- AWS certificate manager -- Use case 1 -- Use case 2 -- Introduction to AWS Certificate Manager -- Summary -- Chapter 6: Automation in Security -- Configuration management -- Ansible -- Remote command execution -- The structure of the Ansible playbook -- Playbook for SSH hardening -- Running Ansible in dry mode -- Run and rerun and rerun -- Ansible mode of operations -- Ansible pull -- Attaining the desired state with Ansible pull -- Auditing servers with Ansible notifications -- The Ansible Vault -- Deploying the nginx Web Server -- Solution -- Ansible best practices -- Terraform -- Infrastructure migration -- Installing Terraform -- Working with Terraform -- Integrating Terraform with Ansible -- Terraform best practices -- AWS Lambda -- Cost optimization -- Achieving a use case through AWS Lambda -- Testing the Lambda function -- Start EC2 function -- Integrating the Lambda function with events -- Summary. Cloud computing Security measures. Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Infonuagique Sécurité Mesures. Réseaux d'ordinateurs Sécurité Mesures. Computer networking & communications. bicssc Cloud computing. bicssc Computer systems back-up & data recovery. bicssc Privacy & data protection. bicssc Computers System Administration Disaster & Recovery. bisacsh Computers Internet Security. bisacsh Computer networks Security measures fast |
| subject_GND | http://id.loc.gov/authorities/subjects/sh94001277 |
| title | Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles. |
| title_auth | Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles. |
| title_exact_search | Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles. |
| title_full | Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles. |
| title_fullStr | Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles. |
| title_full_unstemmed | Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles. |
| title_short | Enterprise Cloud Security and Governance : |
| title_sort | enterprise cloud security and governance efficiently set data protection and privacy principles |
| title_sub | Efficiently set data protection and privacy principles. |
| topic | Cloud computing Security measures. Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Infonuagique Sécurité Mesures. Réseaux d'ordinateurs Sécurité Mesures. Computer networking & communications. bicssc Cloud computing. bicssc Computer systems back-up & data recovery. bicssc Privacy & data protection. bicssc Computers System Administration Disaster & Recovery. bisacsh Computers Internet Security. bisacsh Computer networks Security measures fast |
| topic_facet | Cloud computing Security measures. Computer networks Security measures. Infonuagique Sécurité Mesures. Réseaux d'ordinateurs Sécurité Mesures. Computer networking & communications. Cloud computing. Computer systems back-up & data recovery. Privacy & data protection. Computers System Administration Disaster & Recovery. Computers Internet Security. Computer networks Security measures |
| url | https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1682406 |
| work_keys_str_mv | AT vorazeal enterprisecloudsecurityandgovernanceefficientlysetdataprotectionandprivacyprinciples AT pruteanuadrian enterprisecloudsecurityandgovernanceefficientlysetdataprotectionandprivacyprinciples |