Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Arrow up icon
GO TO TOP
Enterprise Cloud Security and Governance

You're reading from   Enterprise Cloud Security and Governance Efficiently set data protection and privacy principles

Arrow left icon
Product type Paperback
Published in Dec 2017
Publisher Packt
ISBN-13 9781788299558
Length 410 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
 Vora Vora
Author Profile Icon Vora
Vora
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Title Page
Credits
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface
1. The Fundamentals of Cloud Security 2. Defense in Depth Approach FREE CHAPTER 3. Designing Defensive Network Infrastructure 4. Server Hardening 5. Cryptography Network Security 6. Automation in Security 7. Vulnerability, Pentest, and Patch Management 8. Security Logging and Monitoring 9. First Responder 10. Best Practices

Preface

Cloud computing is one of most booming fields nowadays, and many of the big organizations, as well as start-ups, are now migrating to a cloud platform to host their websites and applications from traditional data centers shared hosting or managed VPS-based approach.

With this sudden and fast transition to the cloud, the number of hacking incidents has also increased tremendously because of lack of security awareness, guidance, and governance specifically related to the challenges in the cloud.

Many security approaches that were used in a datacenter or even on-premise cannot be implemented in the cloud because of lack of control and visibility. This poses new challenges related to how to effectively control the security.

This book is designed to provide you with a step-by-step guide along with tools and best practices required to secure your infrastructure based on cloud platforms. Most of the approaches can still be applied to on-premise infrastructure.

All the mentioned approaches, tools, and best practices specified in this book are well tested and are currently being implemented by many of the big organizations while dealing with stringent compliance standards such as PCI DSS and many more.

This book strives to create a balance between introductory, detailed and practical aspects of the topics discussed so that it can be useful for various individuals who might be reading the book.

What this book covers

Chapter 1, The Fundamentals of Cloud Security, begins with providing a solid foundation for cloud computing followed by the challenges faced when an organization moves into the cloud. At the end of the chapter, we look into at a case study of the real-world scenarios about servers of a known start-up getting hacked and analyze the security shortcoming that leads to the downfall.

Chapter 2, Defense in Depth Approach, provides insights into the structural approach for defensive security that can provide a solid base for security in an organization to protect against attacks. We have an abstract overview of the tools and technologies that can be used at these layers. This chapter provides the foundation for the rest of the book.

Chapter 3, Designing Defensive Network Infrastructure, begins with revising the fundamentals related to the TCP/IP model and then continues with understanding the stateful and stateless nature of firewalls, ideal approach to design firewall rules, and best practices. We also look into the implementation approach related to IPS in the cloud along with various technologies like Bastion Hosts and Virtual Private Networks. Throughout this chapter, we discuss the best practices both in terms of process and implementation side that will help the organization build strong network perimeter.

Chapter 4, Server Hardening, deals with the operating system level security. This chapter provides insights into the implementation of the principle of least privilege based approach with the help of various technologies related to centralized authentication and single-sign-on solutions. Along with this we have a great overview related to auditing functionality with help of AuditD and explore pluggable authentication modules as well. At the end, we look into various tools and technologies for disk level encryptions, server hardening, SELinux, host-based intrusion detection system and the approach for building “Hardening / Golden Images”.

Chapter 5, Cryptography Network Security, begins with revising the fundamentals of cryptography and then moves to explore various technologies like hardware security modules, Key Management Service along with looking into the SSL/TLS section along with the associated security best practices related to HSTS, Perfect Forward Secrecy, OCSP stapling and many more.

Chapter 6, Automation in Security, explore more about configuration management and infrastructure as code-based approach and their necessity and importance in building secure environments. In this chapter, we revise and explore tools like Terraform, Ansible along with it’s associated best practices. We look into the approach of “Desired State” that can be achieved with this configuration management and infrastructure as code-based tools and it’s significance in maintaining overall security posture in the organization.

Chapter 7, Vulnerability, Pentest, and Patch Management, gives you insights on how to implement an entire cycle of vulnerability assessment to patch management. This is one of the very important parts of any organization, and many big organizations have been compromised because of not being able to implement and follow this life cycle phase. We look into the industry standard tools, proven best practices, and approaches that you can implement in your organization related to this phase.

 Chapter 8,Security Logging and Monitoring, provides insights into operational considerations related to logging monitoring, an overview of log management activity, and tools and things that need to be captured to give you the right overview of the current happening within your organization.

Chapter 9,First Responder, walks you through incident response. This chapter gives you an overview of incident response and the ideal ways in which you can implement an incident response plan, along with ways in which you can continually check on the preparedness of your incident response team.

Chapter 10, Best Practices, condenses all the chapters and the associated tools into tabular form for easy insights into the overall book.

What you need for this book

Although this book can stand alone, it would be best if you were to practice the implementation approaches that have been discussed.

To begin with, you will need a virtual machine based on CentOS 6 or 7 as a base, followed by various tools that need to be downloaded, depending on the section that is being covered in the book. Most tools that have been discussed are open source variants, and some offer a trial period or free trials.

You will also need an AWS account, as there is a section that covers AWS security-related services.

Who this book is for

If you are a system administrator, or even a solutions architect with a desire to implement strong security in your organization, then this is the book for you. We not only discuss the security terminologies, but also give you the name of the exact tools that can be used, along with the approaches for implementing and using them in the best possible manner.

The things that have been discussed here have been thoroughly tested and proven to be very effective in start-ups as well as bigger organizations.

Conventions

In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "If a developer wants to see the application logs on the server, there is no need to give him full sudo permission."

Any command-line input or output is written as follows:

Sent Message --> "Schedule Launch Date : 27 June 2017 "

New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes, for example, appear in the text like this: "Once you click on Create Key, you will be asked to fill in a certain set of details."

Note

Warnings or important notes appear in a box like this.

Note

Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the color images of this book 

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from http://www.packtpub.com/sites/default/files/downloads/EnterpriseCloudSecurityandGovernance_ColorImages.pdf.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.

Piracy

Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at [email protected] with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $15.99/month. Cancel anytime
Visually different images