Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles.
Modern day businesses and enterprises are moving to cloud simply to improve efficiency and speed, achieve flexibility and cost-effectiveness, and for on-demand cloud services. However, enterprise cloud security remains a major concern for many businesses because migrating to the public cloud require...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | eBook |
| Language: | English |
| Published: |
Birmingham :
Packt Publishing,
2017.
|
| Subjects: | |
| Online Access: | CONNECT CONNECT |
| LEADER | 11777cam a2200517Mi 4500 | ||
|---|---|---|---|
| 001 | mig00005560163 | ||
| 003 | OCoLC | ||
| 005 | 20210517051640.6 | ||
| 006 | m o d | ||
| 007 | cr |n|---||||| | ||
| 008 | 180120s2017 enk o 000 0 eng d | ||
| 020 | |a 1788298519 | ||
| 020 | |a 9781788298513 |q (electronic bk.) | ||
| 035 | |a (OCoLC)1020033203 | ||
| 035 | 0 | 0 | |a ocm00000001wrldshron1020033203 |
| 040 | |a EBLCP |b eng |e pn |c EBLCP |d NLE |d MERUC |d IDB |d COO |d UOK |d OCLCQ |d WYU |d LVT |d UKAHL |d RDF |d OCLCO |d OCLCF |d N$T | ||
| 049 | |a TXMM | ||
| 050 | 4 | |a QA76.585 |b .V673 2017eb | |
| 082 | 0 | 4 | |a 004.6782 |2 23 |
| 100 | 1 | |a Vora, Zeal. | |
| 245 | 1 | 0 | |a Enterprise Cloud Security and Governance : |b Efficiently set data protection and privacy principles. |
| 260 | |a Birmingham : |b Packt Publishing, |c 2017. | ||
| 300 | |a 1 online resource (406 pages) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 588 | 0 | |a Print version record. | |
| 520 | |a Modern day businesses and enterprises are moving to cloud simply to improve efficiency and speed, achieve flexibility and cost-effectiveness, and for on-demand cloud services. However, enterprise cloud security remains a major concern for many businesses because migrating to the public cloud requires transferring some control over ... | ||
| 505 | 0 | |a Cover -- Copyright -- Credits -- About the Author -- About the Reviewer -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: The Fundamentals of Cloud Security -- Getting started -- Service models -- Software as a service -- Platform as a service -- Infrastructure as a service -- Deployment models -- Cloud security -- Why is cloud security considered hard? -- Our security posture -- Virtualization -- cloud's best friend -- Understanding the ring architecture -- Hardware virtualization -- Full virtualization with binary translation -- Paravirtualization -- Hardware-assisted virtualization -- Distributed architecture in virtualization -- Enterprise virtualization with oVirt -- Encapsulation -- Point in time snapshots -- Isolation -- Risk assessment in cloud -- Service Level Agreement -- Business Continuity Planning -- Disaster Recovery (BCP/DR) -- Business Continuity Planning -- Disaster Recovery -- Recovery Time Objective -- Recovery Point Objective -- Relation between RTO and RPO -- Real world use case of Disaster Recovery -- Use case to understand BCP/DR -- Policies and governance in cloud -- Audit challenges in the cloud -- Implementation challenges for controls on CSP side -- Vulnerability assessment and penetration testing in the cloud -- Use case of a hacked server -- Summary -- Chapter 2: Defense in Depth Approach -- The CIA triad -- Confidentiality -- Integrity -- Availability -- A use case -- Understanding all three aspects -- The use case -- Introducing Defense in Depth -- First layer -- network layer -- Second layer -- platform layer -- Third layer -- application layer -- Fourth layer -- data layer -- Fifth layer -- response layer -- Summary -- Chapter 3: Designing Defensive Network Infrastructure -- Why do we need cryptography? -- The TCP/IP model -- Scenario -- The Network Transport Layer. | |
| 505 | 8 | |a The Internet Protocol Layer -- The Transport Layer -- The Application Layer -- Firewalls -- How a firewall works? -- How does a firewall inspect packets? -- 3-way handshake -- Modes of firewall -- Stateful packet inspection -- Stateless packet inspection -- Architecting firewall rules -- The deny all and allow some approach -- The allow all and deny some approach -- Firewall justification document -- A sample firewall justification document -- Inbound rules -- Outbound rules -- Tracking firewall changes with alarms -- Best practices -- Application layer security -- Intrusion Prevention Systems -- Overview architecture of IPS -- IPS in a cloud environment -- Implementing IPS in the cloud -- Deep Security -- Anti-malware -- Application control -- The IPS functionality -- A real-world example -- Implementation -- Advantages that IPS will bring to a cloud environment -- A web application firewall -- Architecture -- Implementation -- Network segmentation -- Understanding a flat network -- Segmented network -- Network segmentation in cloud environments -- Segmentation in cloud environments -- Rule of thumb -- Accessing management -- Bastion hosts -- The workings of bastion hosts -- The workings of SSH agent forwarding -- Practical implementation of bastion hosts -- Security of bastion hosts -- Benefits of bastion hosts -- Disadvantages of bastion hosts -- Virtual Private Network -- Routes -- after VPN is connected -- Installation of OpenVPN -- Security for VPN -- Recommended tools for VPN -- Approaching private hosted zones for DNS -- Public hosted zones -- Private hosted zones -- Challenge -- Solution -- Summary -- Chapter 4: Server Hardening -- The basic principle of host-based security -- Keeping systems up-to-date -- The Windows update methodology -- The Linux update methodology -- Using the security functionality of YUM. | |
| 505 | 8 | |a Approach for automatic security updates installation -- Developing a process to update servers regularly -- Knowledge base -- Challenges on a larger scale -- Partitioning and LUKS -- Partitioning schemes -- A separate partition for /boot -- A separate partition for /tmp -- A separate partition for /home -- Conclusion -- LUKS -- Introduction to LUKS -- Solution -- Conclusion -- Access control list -- Use case -- Introduction to Access Control List -- Set ACL -- Show ACL -- Special permissions in Linux -- SUID -- Use case for SUID -- Understanding the permission associated with ping -- Setting a SUID bit for files -- Removing the SUID bit for files -- SETGID -- Associating the SGID for files -- SELinux -- Introduction to SELinux -- Permission sets in SELinux -- SELinux modes -- Confinement of Linux users to SELinux users -- Process confinement -- Conclusion -- Hardening system services and applications -- Hardening services -- Guide for hardening SSH -- Enable multi-factor authentication -- Associated configuration -- Changing the SSH default port -- Associate configuration -- Disabling the root login -- Associated configuration -- Conclusion -- Pluggable authentication modules -- Team Screen application -- File Sharing Application -- Understanding PAM -- The architecture of PAM -- The PAM configuration -- The PAM command structure -- Implementation scenario -- Forcing strong passwords -- Log all user commands -- Conclusion -- System auditing with auditd -- Introduction to auditd -- Use case 1 -- tracking activity of important files -- Use case -- Solution -- First field -- Use case 2 -- monitoring system calls -- Introduction to system calls -- Use case -- Solution -- Conclusion -- Conclusion -- Central identity server -- Use Case 1 -- Use case 2 -- The architecture of IPA -- Client-server architecture -- User access management. | |
| 505 | 8 | |a Best practices to follow -- Conclusion -- Single sign-on -- Idea solution -- Advantages of an SSO solution -- Challenges in the classic method of authentication -- Security Assertion Markup Language -- The high-level overview of working -- Choosing the right identity provider -- Building an SSO from scratch -- Hosted Based Intrusion Detection System -- Exploring OSSEC -- File integrity monitoring -- Log monitoring and active response -- Conclusion -- The hardened image approach -- Implementing hardening standards in scalable environments -- Important to remember -- Conclusion -- Summary -- Chapter 5: Cryptography Network Security -- Introduction to cryptography -- Integrity -- Authenticity -- Real world scenario -- Non-repudiation -- Types of cryptography -- Symmetric key cryptography -- Stream cipher -- The encryption process -- The decryption process -- Advantages of stream ciphers -- Block cipher (AES) -- Padding -- Modes of block ciphers -- Message authentication codes -- The MAC approach -- The challenges with symmetric key storage -- Hardware security modules -- The challenges with HSM in on-premise -- A real-world scenario -- HSM on the cloud -- CloudHSM -- Key management service -- The basic working of AWS KMS -- Encrypting a function in KMS -- Decrypting a function in KMS -- Implementation -- Practical guide -- Configuring AWS CLI -- The decryption function -- Envelope encryption -- The encryption process -- The decryption process -- Implementation steps -- Practical implementation of envelope encryption -- Credential management system with KMS -- Implementation -- Best practices in key management -- Rotation life cycle for encryption keys -- Scenario 1-a single key for all data encryption -- Scenario 2-multiple keys for data encryption -- Protecting the access keys -- Audit trail is important -- Asymmetric key encryption. | |
| 505 | 8 | |a The basic working -- Authentication with the help of an asymmetric key -- Digital signatures -- The benefits and use cases of a digital signature -- SSL/TLS -- Scenario 1 -- A man-in-the-middle attack-storing credentials -- Scenario 2 -- A man-in-the-middle attack-integrity attacks -- Working of SSL/TLS -- Client Hello -- Server Hello -- Certificate -- Server key exchange -- Server Hello done -- Client key exchange -- Change cipher spec -- Security related to SSL/TLS -- Grading TLS configuration with SSL Labs -- Default Settings -- Perfect forward secrecy -- Implementation of perfect forward secrecy in nginx -- HTTP Strict Transport Security -- Implementing HSTS in nginx -- Verifying the integrity of a certificate -- Online certificate status protocol -- OCSP stapling -- Challenge 1 -- Challenge 2 -- An ideal solution -- Architecture -- Implementing TLS termination at the ELB level -- Selecting cipher suites -- Importing certificate -- AWS certificate manager -- Use case 1 -- Use case 2 -- Introduction to AWS Certificate Manager -- Summary -- Chapter 6: Automation in Security -- Configuration management -- Ansible -- Remote command execution -- The structure of the Ansible playbook -- Playbook for SSH hardening -- Running Ansible in dry mode -- Run and rerun and rerun -- Ansible mode of operations -- Ansible pull -- Attaining the desired state with Ansible pull -- Auditing servers with Ansible notifications -- The Ansible Vault -- Deploying the nginx Web Server -- Solution -- Ansible best practices -- Terraform -- Infrastructure migration -- Installing Terraform -- Working with Terraform -- Integrating Terraform with Ansible -- Terraform best practices -- AWS Lambda -- Cost optimization -- Achieving a use case through AWS Lambda -- Testing the Lambda function -- Start EC2 function -- Integrating the Lambda function with events -- Summary. | |
| 590 | |a EBSCO eBook Academic Comprehensive Collection North America | ||
| 650 | 0 | |a Cloud computing |x Security measures. | |
| 650 | 0 | |a Computer networks |x Security measures. | |
| 700 | 1 | |a Pruteanu, Adrian. | |
| 730 | 0 | |a WORLDSHARE SUB RECORDS | |
| 776 | 0 | 8 | |i Print version: |a Vora, Zeal. |t Enterprise Cloud Security and Governance : Efficiently set data protection and privacy principles. |d Birmingham : Packt Publishing, ©2017 |z 9781788299558 |
| 856 | 4 | 0 | |u https://ezproxy.mtsu.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1682406 |z CONNECT |3 EBSCO |t 0 |
| 907 | |a 4856340 |b 05-27-21 |c 09-30-20 | ||
| 998 | |a wi |b 05-27-21 |c m |d z |e - |f eng |g enk |h 0 |i 2 | ||
| 994 | |a 92 |b TXM | ||
| 999 | f | f | |i 67e169b6-da77-4c6b-b5b0-cd46c8bda6d8 |s 18702cc0-9d3e-42ab-855a-a4b985bc0a45 |t 0 |
| 952 | f | f | |t 1 |e QA76.585 .V673 2017eb |h Library of Congress classification |
| 856 | 4 | 0 | |3 EBSCO |t 0 |u https://ezproxy.mtsu.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1682406 |z CONNECT |
