Principles of Computer Security, 5th Edition
Learn IT security fundamentals while getting complete coverage of the objectives for the latest release of CompTIA Security+ certification exam SY0-501. This thoroughly revised, full-color textbook discusses communication, infrastructure, operational security attack prevention, disaster recovery, computer forensics, and much more. Written by a pair of highly respected security educators, Principles of Computer Security: CompTIA Security+ and Beyond, Fifth Edition (Exam SY0-501) will help you pass the exam and become a CompTIA certified computer security expert.
Ensure operational, organizational, and physical security; Use cryptography and public key infrastructures (PKIs); Secure remote access, wireless networks, and virtual private networks (VPNs); Authenticate users and lock down mobile devices; Harden network devices, operating systems, and applications; Prevent network attacks, such as denial of service, spoofing, hijacking, and password guessing; Co ...
Windows Server 2016 Security, Certificates, and Remote Access Cookbook
Windows Server 2016 is an operating system designed to run on today's highly performant servers, both on-premise and in the cloud. It supports enterprise-level data storage, communications, management, and applications. This book builds off a basic knowledge of the Windows Server operating system, and assists administrators with taking the security of their systems one step further.
You will learn tips for configuring proper networking, especially on multi-homed systems, and tricks for locking down access to your servers.
Then you will move onto one of the hottest security topics of the year - certificates. You will learn how to build your own PKI, or how to better administer one that you already have. You will publish templates, issue certificates, and even configure autoenrollment in your network.
When we say "networking" we don't only mean inside the LAN. To deal safely with mobile devices, you will learn about the capabilities of Windows Server 2016 for conne ...
Machine Learning and Security
Can machine learning techniques solve our computer security problems and finally put an end to the cat-and-mouse game between attackers and defenders? Or is this hope merely hype? Now you can dive into the science and answer this question for yourself. With this practical guide, you'll explore ways to apply machine learning to security issues such as intrusion detection, malware classification, and network analysis.
Machine learning and security specialists Clarence Chio and David Freeman provide a framework for discussing the marriage of these two fields, as well as a toolkit of machine-learning algorithms that you can apply to an array of security problems. This book is ideal for security engineers and data scientists alike.
Learn how machine learning has contributed to the success of modern spam filters; Quickly detect anomalies, including breaches, fraud, and impending system failure; Conduct malware analysis by extracting useful information ...
Enterprise Cybersecurity Study Guide
Use the methodology in this study guide to design, manage, and operate a balanced enterprise cybersecurity program that is pragmatic and realistic in the face of resource constraints and other real-world limitations. This guide is an instructional companion to the book Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. The study guide will help you understand the book's ideas and put them to work. The guide can be used for self-study or in the classroom.
Enterprise cybersecurity is about implementing a cyberdefense program that will succeed in defending against real-world attacks. While we often know what should be done, the resources to do it often are not sufficient. The reality is that the Cybersecurity Conundrum - what the defenders request, what the frameworks specify, and what the budget allows versus what the attackers exploit - gets in the way of what needs to be done. Cyberattacks in the headlines affectin ...
Agile Application Security
Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren't up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development.
Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security and how they worked to solve them.
Add security practices to each stage of your existing development lifecycle; Integrate security with planning, requirements, design, and at the co ...
Network Security Through Data Analysis, 2nd Edition
Traditional intrusion detection and logfile analysis are no longer enough to protect today's complex networks. In the updated second edition of this practical guide, security researcher Michael Collins shows InfoSec personnel the latest techniques and tools for collecting and analyzing network traffic datasets. You'll understand how your network is used, and what actions are necessary to harden and defend the systems within it.
In three sections, this book examines the process of collecting and organizing data, various tools for analysis, and several different analytic scenarios and techniques. New chapters focus on active monitoring and traffic manipulation, insider threat detection, data mining, regression and machine learning, and other topics.
Use sensors to collect network, service, host, and active domain data; Work with the SiLK toolset, Python, and other tools and techniques for manipulating data you collect; Detect unusual phenomena through exploratory data analys ...
Gray Hat C#
Learn to use C#'s powerful set of core libraries to automate tedious yet important tasks like fuzzing, performing vulnerability scans, and analyzing malware. With some help from Mono, you'll write your own practical security tools that will run on Windows, OS X, Linux, and even mobile devices.
After a crash course in C# and some of its advanced features, you'll learn how to: Generate shellcode in Metasploit to create cross-platform and cross-architecture payloads; Automate Nessus, OpenVAS, and sqlmap to scan for vulnerabilities and exploit SQL injections; Write a .NET decompiler for OS X and Linux; Parse and read offline registry hives to dump system information; Automate the security tools Arachni and Metasploit using their MSGPACK RPCs.
Streamline and simplify your workday by making the most of C#'s extensive repertoire of powerful tools and libraries with Gray Hat C#. ...
CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide (CS0-001)
This highly effective self-study system provides complete coverage of every objective for the challenging CompTIA CySA+ Cybersecurity Analyst exam. You'll find learning objectives at the beginning of each chapter, exam tips, in-depth explanations, and practice exam questions. All questions closely mirror those on the live test in content, format, and tone. Designed to help you pass exam CS0-001 with ease, this definitive guide also serves as an essential on-the-job reference. ...
Hacking Exposed Malware & Rootkits, 2nd Edition
Thwart debilitating cyber-attacks and dramatically improve your organization's security posture using the proven defense strategies in this thoroughly updated guide. Hacking Exposed Malware and Rootkits: Security Secrets & Solutions, Second Edition fully explains the hacker's latest methods alongside ready-to-deploy countermeasures. Discover how to block pop-up and phishing exploits, terminate embedded code, and identify and eliminate rootkits. You will get up-to-date coverage of intrusion detection, firewall, honeynet, antivirus, and anti-rootkit technology.
Learn how malware infects, survives, and propagates across an enterprise; See how hackers develop malicious code and target vulnerable systems; Detect, neutralize, and remove user-mode and kernel-mode rootkits; Use hypervisors and honeypots to uncover and kill virtual rootkits; Defend against keylogging, redirect, click fraud, and identity theft; Block spear phishing, client-side, and embedded-code exploits; Effec ...
Hacking Exposed Industrial Control Systems
This hands-on guide exposes the devious methods cyber threat actors use to compromise the hardware and software central to petroleum pipelines, electrical grids, and nuclear refineries. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets and Solutions shows, step-by-step, how to implement and maintain an ICS-focused risk mitigation framework that is targeted, efficient, and cost-effective. The book arms you with the skills necessary to defend against attacks that are debilitating? and potentially deadly. See how to assess risk, perform ICS-specific threat modeling, carry out penetration tests using "ICS safe" methods, and block malware. Throughout, the authors use case studies of notorious attacks to illustrate vulnerabilities alongside actionable, ready-to-deploy countermeasures.
Assess your exposure and develop an effective risk management plan; Adopt the latest ICS-focused threat intelligence techniques; Use threat modeling to create realistic risk s ...
Mastering Kali Linux Wireless Pentesting
Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It gives access to a large collection of security-related tools for professional security testing - some of the major ones being Nmap, Aircrack-ng, Wireshark, and Metasploit.
This book will take you on a journey where you will learn to master advanced tools and techniques to conduct wireless penetration testing with Kali Linux.
You will begin by gaining an understanding of setting up and optimizing your penetration testing environment for wireless assessments. Then, the book will take you through a typical assessment from reconnaissance, information gathering, and scanning the network through exploitation and data extraction from your target. You will get to know various ways to compromise the wireless network using browser exploits, vulnerabilities in firmware, web-based attacks, client-side exploits, and many other hacking methods. You will also discover how to crack w ...