Security without Obscurity: A Guide to PKI Operations
Most books on public key infrastructure (PKI) seem to focus on asymmetric cryptography, X.509 certificates, certificate authority (CA) hierarchies, or certificate policy (CP), and certificate practice statements. While algorithms, certificates, and theoretical policy are all excellent discussions, the real-world issues for operating a commercial or private CA can be overwhelming.
Security without Obscurity: A Guide to PKI Operations provides a no-nonsense approach and realistic guide to operating a PKI system. In addition to discussions on PKI best practices, the book supplies warnings against bad PKI practices. Scattered throughout the book are anonymous case studies identifying both good and bad practices.
The highlighted bad practices, based on real-world scenarios from the authors’ experiences, illustrate how bad things are often done with good intentions but cause bigger problems than the original one being solved.
This book offers readers the opportunity to benefit from the authors’ more than 50 years of combined experience in developing PKI-related policies, standards, practices, procedures, and audits, as well as designing and operating various commercial and private PKI systems.
Provides a no-nonsense approach and realistic guide for operating a PKI system
Includes discussions on PKI best practices and contains warnings against PKI bad practices
Presents multiple anonymous case studies that illustrate what not to do when handling particular problems
Out of stock
The first comprehensive guide to discovering and preventing attacks on the Android OS As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world’s foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them. If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox. A crack team of leading Android security researchers explain Android security risks, security design and architecture, rooting, fuzz testing, and vulnerability analysis Covers Android application building blocks and security as well as debugging and auditing Android apps Prepares mobile device administrators, security researchers, Android app developers, and security consultants to defend Android systems against attack Android Hacker’s Handbook is the first comprehensive resource for IT professionals charged with smartphone security.
About the Author
JOSHUA J. DRAKE is a Director of Research Science at Accuvant LABS. PAU OLIVA FORA is a Mobile Security Engineer with viaForensics. ZACH LANIER is a Senior Security Researcher at Duo Security. COLLIN MULLINER is a postdoctoral researcher at Northeastern University. STEPHEN A. RIDLEY is a Principal Researcher with Xipiter. GEORG WICHERSKI is a Senior Security Researcher with CrowdStrike.
Everything in the book will have practical application for information security professionals. The entire purpose of data analysis and visualization is to gather feedback from the environment to make better and more informed technology decisions. Within information security that means identifying ways to prevent or detect breaches and then measuring the effectiveness in doing so, which is all wrapped up under “risk management.” All of the examples will be directed at answering real-world questions. One of the key points is not just to analyze what is in front of us, but collect and analyze the data we need to answer the questions that will lead to better decisions and prevention of hacks and vulnerabilities.
The book will present the core elements of analyzing I.T. system data and information security feedback by using 30 use cases and domain-specific data sets with a focus on practical “how-to.” This hands-on approach will be covered in context and will not be limited to just the analysis, but all the supporting skills needed to learn from our data. Data analysis from start to finish: from the data collection and preparation through the data storage and management fundamentals then into the analysis and finally data visualization and communication techniques all in the context of security.Use cases will include: Discovering anomalous firewall trafficHow to acquire and prepare security dataCreating a repeatable data analysis toolkit and workflowWhitehat stats reportSecurity event correlationVulnerability countsUsing inferential stats to detect malware outbreaksVisualizing system logsMapping BotnetsUsing NLP and Data Loss PreventionPredicting rogue behaviorHow to perform predictive analytics.
About the Author
Jay Jacobs is the coauthor of Verizon Data Breach Investigation Reports and the cofounder of the Society of Information Risk Analysts, where he currently sits on the board of directors. Bob Rudis is the Director of Enterprise Information Security & IT Risk Management at Liberty Mutual Insurance and was named one of the Top 25 Influencers in Information Security by Tripwire .
An expert guide to selecting the right cloud service model for your business Cloud computing is all the rage, allowing for the delivery of computing and storage capacity to a diverse community of end-recipients. However, before you can decide on a cloud model, you need to determine what the ideal cloud service model is for your business. Helping you cut through all the haze, Architecting the Cloud is vendor neutral and guides you in making one of the most critical technology decisions that you will face: selecting the right cloud service model(s) based on a combination of both business and technology requirements. Guides corporations through key cloud design considerations Discusses the pros and cons of each cloud service model Highlights major design considerations in areas such as security, data privacy, logging, data storage, SLA monitoring, and more Clearly defines the services cloud providers offer for each service model and the cloud services IT must provide Arming you with the information you need to choose the right cloud service provider, Architecting the Cloud is a comprehensive guide covering everything you need to be aware of in selecting the right cloud service model for you.
About the Author
MICHAEL J. KAVIS is Principal Architect at Cloud Technology Partners, a vendor independent, cloud-exclusive, nimble alternative to large technology consultants. He has served in numerous technical roles such as CTO, Chief Architect, and Vice President and has over 25 years of experience in software development and architecture. Kavis is a pioneer in cloud computing and led a team that built the worlds first high-speed transaction network in Amazons public cloud. He is the former CTO of startup M-Dot Network, which won the 2010 Amazon AWS Global Startup Challenge.
About the Author
Adam Shostack is a principal program manager on Microsofts Trustworthy Computing Team. His experience as an operational systems manager and product developer at companies from startups to Microsoft ensures this book is practical and grounded. He helped found the CVE, the Privacy Enhancing Technologies Symposium, and more.