September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
330
|
第
20
章
红队不等同于漏洞扫描或渗透测试团队。
漏洞扫描团队
借助可自动扫描手段,检测软件和
配置中可预测及已知的弱点。
渗透测试团队
更关注发现大量的漏洞,并尝试利用。这两个
团队的关注范围更窄,专注于特定产品、基础设施组件或流程。由于仅关注组织安全防御
体系中的防护和检测方面,通常来说,他们参与的时间仅有数天。
相比之下,红队是以目标为导向的,并且参与时间通常持续数周。他们有特定的目标,如
窃取知识产权或客户数据。他们涉及的范围很广,在安全限制范围内穿梭在各类产品、基
础设施和企业内
/
外边界间,借助任何必要的手段来达到目的。
只要时间充足,好的红队就可以在不被发现的前提下达到目标。不要将红队演习是否成功
作为对一个业务部门好坏的判断,而应该用这些信息以不追责的方式
8
,对更复杂的系统做
更全面的了解。借助红队演习的机会,更好地了解这些系统是如何相互连接的,以及是如
何共享信任边界的。红队的目的是帮助完善威胁建模并建立防御机制。
因为红队演习并不能完全模拟外部攻击者的行为,所以它对检测和响应能力
的测试并非完美。尤其是如果红队由内部工程师组成,那么他们对要渗透的
系统已有所了解。
也不可能频繁地开展红队演习来呈现会被攻击的实时漏洞情况,或是形成针
对检测和响应团队的重要度量指标。红队旨在找到正常测试无法发现的罕见
边缘问题。先不论所有注意事项,定期开展红队演习是一种了解安全态势的
好方法。
你也可以借助红队演习来对设计、实施和维护系统的人员开展教育,让他们树立起对抗风
险的意识。例如,通过一个小项目将这些人员直接分到攻击团队中 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.