Security without Obscurity: A Guide to PKI Operations
Most books on public key infrastructure (PKI) seem to focus on asymmetric cryptography, X.509 certificates, certificate authority (CA) hierarchies, or certificate policy (CP), and certificate practice statements. While algorithms, certificates, and theoretical policy are all excellent discussions, the real-world issues for operating a commercial or private CA can be overwhelming.
Security without Obscurity: A Guide to PKI Operations provides a no-nonsense approach and realistic guide to operating a PKI system. In addition to discussions on PKI best practices, the book supplies warnings against bad PKI practices. Scattered throughout the book are anonymous case studies identifying both good and bad practices.
The highlighted bad practices, based on real-world scenarios from the authors’ experiences, illustrate how bad things are often done with good intentions but cause bigger problems than the original one being solved.
This book offers readers the opportunity to benefit from the authors’ more than 50 years of combined experience in developing PKI-related policies, standards, practices, procedures, and audits, as well as designing and operating various commercial and private PKI systems.
Provides a no-nonsense approach and realistic guide for operating a PKI system
Includes discussions on PKI best practices and contains warnings against PKI bad practices
Presents multiple anonymous case studies that illustrate what not to do when handling particular problems
Out of stock
About the Author
Adam Shostack is a principal program manager on Microsofts Trustworthy Computing Team. His experience as an operational systems manager and product developer at companies from startups to Microsoft ensures this book is practical and grounded. He helped found the CVE, the Privacy Enhancing Technologies Symposium, and more.
For one-semester, undergraduate- or graduate-level courses in Cryptography, Computer Security, and Network Security A practical survey of cryptography and network security with unmatched support for instructors and students In this age of universal electronic connectivity, viruses and hackers, electronic eavesdropping, and electronic fraud, security is paramount. This text provides a practical survey of both the principles and practice of cryptography and network security. First, the basic issues to be addressed by a network security capability are explored through a tutorial and survey of cryptography and network security technology. Then, the practice of network security is explored via practical applications that have been implemented and are in use today. An unparalleled support package for instructors and students ensures a successful teaching and learning experience. Teaching and Learning Experience To provide a better teaching and learning experience, for both instructors and students, this program will: *Support Instructors and Students: An unparalleled support package for instructors and students ensures a successful teaching and learning experience. *Apply Theory and/or the Most Updated Research: A practical survey of both the principles and practice of cryptography and network security. *Engage Students with Hands-on Projects: Relevant projects demonstrate the importance of the subject, offer a real-world perspective, and keep students interested.
The first comprehensive guide to discovering and preventing attacks on the Android OS As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world’s foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them. If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox. A crack team of leading Android security researchers explain Android security risks, security design and architecture, rooting, fuzz testing, and vulnerability analysis Covers Android application building blocks and security as well as debugging and auditing Android apps Prepares mobile device administrators, security researchers, Android app developers, and security consultants to defend Android systems against attack Android Hacker’s Handbook is the first comprehensive resource for IT professionals charged with smartphone security.
About the Author
JOSHUA J. DRAKE is a Director of Research Science at Accuvant LABS. PAU OLIVA FORA is a Mobile Security Engineer with viaForensics. ZACH LANIER is a Senior Security Researcher at Duo Security. COLLIN MULLINER is a postdoctoral researcher at Northeastern University. STEPHEN A. RIDLEY is a Principal Researcher with Xipiter. GEORG WICHERSKI is a Senior Security Researcher with CrowdStrike.
A clear, actionable blueprint for securing the vital information and IT services of global organizations of all sizes Information Assurance Handbook provides an overall strategy for safeguarding your organization’s critical data. The book presents a body of knowledge and outlines the steps necessary for senior management to effectively work with risk and learn to strategically, systematically, and economically plan for security challenges. You’ll learn how to implement technology, practices, and processes to mitigate and manage risk over time and also how to prevent, detect, contain, and recover from security breaches. The professional practices outlined are essential knowledge for effective security and risk management. Reveals how to predict known–and yet unknown–security risks Invaluable best practices technically vetted by a panel of global security leaders Outlines privacy law and critical standards and practices required to make strategic choices about compliance, risk acceptance, and performance Explains the critical differences between assets, threats, vulnerabilities, and controls to achieve effective decision-making for risk management throughout all levels of the organization.
About the Author
Corey Schou, Ph.D., is a fellow and vice chairperson of (ISC)2, the University Professor of Informatics and professor of computer science at Idaho State University, and the director of the Informatics Research Institute and the National Information Assurance Training and Education Center (NIATEC). Steven Hernandez, MBA, CISSP, is the chief information security officer for the Office of Inspector General at the U.S. Department of Health and Human Services (HHS).