Practical Security
Simple Practices for Defending Your Systems
by: Roman Zabicki
| Published | 2019-02-13 |
|---|---|
| Internal code | rzsecur |
| Print status | In Print |
| Pages | 132 |
| User level | |
| Keywords | Computer security, hacking, security basics, security best practices |
| Related titles | |
| ISBN | 9781680506341 |
| Other ISBN |
Channel epub: 9781680506686 Channel PDF: 9781680506693 Kindle: 9781680506662 Safari: 9781680506679 Kindle: 9781680506662 |
| BISACs | COM053000 COMPUTERS / Security / GeneralCOM043050 COMPUTERS / Security / NetworkingCOM043050 COMPUTERS / Security / Networking |
Highlight
Most security professionals don’t have the words “security” or “hacker” in their job title. Instead, as a developer or admin you often have to fit in security alongside your official responsibilities — building and maintaining computer systems. Implement the basics of good security now, and you’ll have a solid foundation if you bring in a dedicated security staff later. Identify the weaknesses in your system, and defend against the attacks most likely to compromise your organization, without needing to become a trained security professional.
Description
Computer security is a complex issue. But you don’t have to be an expert in all the esoteric details to prevent many common attacks. Attackers are opportunistic and won’t use a complex attack when a simple one will do. You can get a lot of benefit without too much complexity, by putting systems and processes in place that ensure you aren’t making the obvious mistakes. Secure your systems better, with simple (though not always easy) practices.
Plan to patch often to improve your security posture. Identify the most common software vulnerabilities, so you can avoid them when writing software. Discover cryptography — how it works, how easy it is to get wrong, and how to get it right. Configure your Windows computers securely. Defend your organization against phishing attacks with training and technical defenses.
Make simple changes to harden your system against attackers.
Contents and Extracts
- Acknowledgments
- <b>Introduction</b>
- Who Is This Book For?
- What’s in This Book
- Online Resources
- Patching <b>excerpt</b>
- Upgrading Third-Party Libraries and Software
- Library Inventory
- Network Inventory
- Patching Windows
- Finding Published Vulnerabilities
- Testing Your Patches
- If Patching Hurts, Do It More Often
- A Practical Application of Fear
- What’s Next?
- Vulnerabilities
- SQL Injection
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (XSRF)
- Misconfiguration
- Suggested Reading
- What’s Next?
- Cryptography <b>excerpt</b>
- Don’t Roll Your Own Crypto
- Don’t Use Low-Level Crypto Libraries
- Evaluating Crypto Libraries Without Being a Crypto Expert
- Password Storage
- Storing Passwords When You’re the Client
- Minimizing the Cost of Credential Loss
- Keeping Passwords Hard to Predict
- TLS Configuration
- What’s Next?
- Windows
- Windows Users
- Login and Mimikatz
- Password Policy
- Active Directory: What Else Is It Good For?
- BitLocker
- What’s Next?
- Phishing
- Types of Phishing Attacks
- Social Defense
- Don’t DIY
- DNS-Based Defense
- Authentication-Based Defense
- In-Application Defense
- Got Phished. Now What?
- Wrapping Up