Название: Cybersecurity: A Practical Engineering Approach
Автор: Henrique M. D. Santos
Издательство: CRC Press
Серия: Chapman & Hall/CRC Textbooks in Computing
Год: 2022
Страниц: 341
Язык: английский
Формат: pdf (true), epub
Размер: 16.9 MB

Cybersecurity: A Practical Engineering Approach introduces the implementation of a secure cyber architecture, beginning with the identification of security risks. It then builds solutions to mitigate risks by considering the technological justification of the solutions as well as their efficiency. The process follows an engineering process model. Each module builds on a subset of the risks, discussing the knowledge necessary to approach a solution, followed by the security control architecture design and the implementation. The modular approach allows students to focus on more manageable problems, making the learning process simpler and more attractive.

Cybersecurity is becoming a central issue to any Information System utilization, affecting everything we interact with nowadays. In a simple way, it starts with the identification of security properties we want to preserve, the main threats that can affect those properties, the weaknesses of the target system, and the techniques and procedures we can use to mitigate those threats.

Kerberos is a network authentication protocol, aiming to achieve strong authentication using secret-key cryptography, in a local network environment with shared services. In fact, it embraces several sub protocols to accomplish that goal. Among the requirements, we can highlight: i) to avoid user impersonation; ii) to promote information confidentiality; and iii) to allow users to sign in once to have granted access to all authorized shared resources. Kerberos is an open-source project, being the base of several commercial and non-commercial solutions to deploy AC at the local network level (including Windows Active Directory).

Pentest (short for Penetration Test, and also referred to by Ethical Hacking) is a fundamental activity in Cybersecurity, aiming to test a computerized system against possible failures resulting from simulated malicious activity. If performed correctly, it allows to find vulnerabilities and, in case they exist, to what extent they can be explored. Contrarily to all techniques discussed so far, Pentest cannot even be classified as a security control but, instead, a security evaluation function. Organizations decide to perform such activity whenever i) performing am InfoSec auditing, or ii) measuring the efficacy of some defense mechanism.

Contents:
Preface
Chapter 1 - Cybersecurity Fundamentals
Chapter 2 - Access Control Techniques
Chapter 3 - Basic Cryptography Operations
Chapter 4 - Internet and Web Communication Models
Chapter 5 - Synthesis of Perimeter Security Technologies
Chapter 6 - Anatomy of Network and Computer Attacks
6.1 Summary
6.2 Introduction to Pentest
6.3 Problem statement and chapter exercise description
6.4 Introduction to Kali Linux
6.5 Information gathering
6.6 Scanning ports and services
6.7 Vulnerability Scanning
6.8 Target enumeration
6.9 Target exploitation
6.10 Exercises
Bibliography
Index




ОТСУТСТВУЕТ ССЫЛКА/ НЕ РАБОЧАЯ ССЫЛКА ЕСТЬ РЕШЕНИЕ, ПИШИМ СЮДА!