Book description
If you’re a security or network professional, you already know the “do’s and don’ts”: run AV software and firewalls, lock down your systems, use encryption, watch network traffic, follow best practices, hire expensive consultants . . . but it isn’t working. You’re at greater risk than ever, and even the world’s most security-focused organizations are being victimized by massive attacks.
In Thinking Security, author Steven M. Bellovin provides a new way to think about security. As one of the world’s most respected security experts, Bellovin helps you gain new clarity about what you’re doing and why you’re doing it. He helps you understand security as a systems problem, including the role of the all-important human element, and shows you how to match your countermeasures to actual threats. You’ll learn how to move beyond last year’s checklists at a time when technology is changing so rapidly.
You’ll also understand how to design security architectures that don’t just prevent attacks wherever possible, but also deal with the consequences of failures. And, within the context of your coherent architecture, you’ll learn how to decide when to invest in a new security product and when not to.
Bellovin, co-author of the best-selling Firewalls and Internet Security, caught his first hackers in 1971. Drawing on his deep experience, he shares actionable, up-to-date guidance on issues ranging from SSO and federated authentication to BYOD, virtualization, and cloud security.
Perfect security is impossible. Nevertheless, it’s possible to build and operate security systems far more effectively. Thinking Security will help you do just that.
Table of contents
- About This eBook
- Title Page
- Copyright Page
- Dedication Page
- Contents
- Preface
- Part I: Defining the Problem
-
Part II: Technologies
- Chapter 4. Antivirus Software
- Chapter 5. Firewalls and Intrusion Detection Systems
- Chapter 6. Cryptography and VPNs
-
Chapter 7. Passwords and Authentication
- 7.1 Authentication Principles
- 7.2 Passwords
- 7.3 Storing Passwords: Users
- 7.4 Password Compromise
- 7.5 Forgotten Passwords
- 7.6 Biometrics
- 7.7 One-Time Passwords
- 7.8 Cryptographic Authentication
- 7.9 Tokens and Mobile Phones
- 7.10 Single-Sign-On and Federated Authentication
- 7.11 Storing Passwords: Servers
- 7.12 Analysis
- Chapter 8. PKI: Public Key Infrastructures
- Chapter 9. Wireless Access
- Chapter 10. Clouds and Virtualization
- Part III: Secure Operations
- Part IV: The Future
- References
- Index
- Credits
- Colophon
- Code Snippets
Product information
- Title: Thinking Security: Stopping Next Year’s Hackers
- Author(s):
- Release date: November 2015
- Publisher(s): Addison-Wesley Professional
- ISBN: 9780134278223
You might also like
book
Infrastructure as Code, 2nd Edition
Six years ago, Infrastructure as Code was a new concept. Today, as even banks and other …
book
Practical Cloud Security
With their rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and …
book
Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents
Create, maintain, and manage a continual cybersecurity incident response program using the practical steps presented in …
book
Computer Security Art and Science, 2nd Edition
The Comprehensive Guide to Computer Security, Extensively Revised with Newer Technologies, Methods, Ideas, and Examples In …