Название: Cybersecurity: A Practical Engineering Approach Автор: Henrique M. D. Santos Издательство: CRC Press Серия: Chapman & Hall/CRC Textbooks in Computing Год: 2022 Страниц: 341 Язык: английский Формат: pdf (true), epub Размер: 16.9 MB
Cybersecurity: A Practical Engineering Approach introduces the implementation of a secure cyber architecture, beginning with the identification of security risks. It then builds solutions to mitigate risks by considering the technological justification of the solutions as well as their efficiency. The process follows an engineering process model. Each module builds on a subset of the risks, discussing the knowledge necessary to approach a solution, followed by the security control architecture design and the implementation. The modular approach allows students to focus on more manageable problems, making the learning process simpler and more attractive.
Cybersecurity is becoming a central issue to any Information System utilization, affecting everything we interact with nowadays. In a simple way, it starts with the identification of security properties we want to preserve, the main threats that can affect those properties, the weaknesses of the target system, and the techniques and procedures we can use to mitigate those threats.
Kerberos is a network authentication protocol, aiming to achieve strong authentication using secret-key cryptography, in a local network environment with shared services. In fact, it embraces several sub protocols to accomplish that goal. Among the requirements, we can highlight: i) to avoid user impersonation; ii) to promote information confidentiality; and iii) to allow users to sign in once to have granted access to all authorized shared resources. Kerberos is an open-source project, being the base of several commercial and non-commercial solutions to deploy AC at the local network level (including Windows Active Directory).
Pentest (short for Penetration Test, and also referred to by Ethical Hacking) is a fundamental activity in Cybersecurity, aiming to test a computerized system against possible failures resulting from simulated malicious activity. If performed correctly, it allows to find vulnerabilities and, in case they exist, to what extent they can be explored. Contrarily to all techniques discussed so far, Pentest cannot even be classified as a security control but, instead, a security evaluation function. Organizations decide to perform such activity whenever i) performing am InfoSec auditing, or ii) measuring the efficacy of some defense mechanism.
Contents: Preface Chapter 1 - Cybersecurity Fundamentals Chapter 2 - Access Control Techniques Chapter 3 - Basic Cryptography Operations Chapter 4 - Internet and Web Communication Models Chapter 5 - Synthesis of Perimeter Security Technologies Chapter 6 - Anatomy of Network and Computer Attacks 6.1 Summary 6.2 Introduction to Pentest 6.3 Problem statement and chapter exercise description 6.4 Introduction to Kali Linux 6.5 Information gathering 6.6 Scanning ports and services 6.7 Vulnerability Scanning 6.8 Target enumeration 6.9 Target exploitation 6.10 Exercises Bibliography Index
Скачать Cybersecurity: A Practical Engineering Approach