Take a look at our Cybersecurity books. Shulph carries a great selection of Cybersecurity books, and we are always adding more.
Use an open source firewall and features such as failover, load balancer, OpenVPN, IPSec, and Squid to protect your network Key Features Explore pfSense, a trusted open source network security solution Configure pfSense as a firewall and create and manage firewall rules Test pfSense for failover and load balancing across multiple WAN connections Book Description While connected to the internet, you're a potential target for an array of cyber threats, such as hackers, keyloggers, and Trojans that attack through unpatched security holes. A firewall works as a barrier (or 'shield') between your computer and cyberspace. pfSense is highly versatile firewall software. With thousands of enterprises using pfSense, it is fast becoming the world's most trusted open source network security solution. Network Security with pfSense begins with an introduction to pfSense, where you will gain an understanding of what pfSense is, its key features, and advantages. Next, you will learn how to configure pfSense as a firewall and create and manage firewall rules. As you make your way through the chapters, you will test pfSense for failover and load balancing across multiple wide area network (WAN) connections. You will then configure pfSense with OpenVPN for secure remote connectivity and implement IPsec VPN tunnels with pfSense. In the concluding chapters, you'll understand how to configure and integrate pfSense as a Squid proxy server. By the end of this book, you will be able to leverage the power of pfSense to build a secure network. What you will learn Understand what pfSense is, its key features, and advantages Configure pfSense as a firewall Set up pfSense for failover and load balancing Connect clients through an OpenVPN client Configure an IPsec VPN tunnel with pfSense Integrate the Squid proxy into pfSense Who this book is for Network Security with pfSense is for IT administrators, security administrators, technical architects, chief experience officers, and individuals who own a home or small office network and want to secure it.
Build a network security threat model with this comprehensive learning guide Key Features Develop a network security threat model for your organization Gain hands-on experience in working with network scanning and analyzing tools Learn to secure your network infrastructure Book Description The tech world has been taken over by digitization to a very large extent, and so it's become extremely important for an organization to actively design security mechanisms for their network infrastructures. Analyzing vulnerabilities can be one of the best ways to secure your network infrastructure. Network Vulnerability Assessment starts with network security assessment concepts, workflows, and architectures. Then, you will use open source tools to perform both active and passive network scanning. As you make your way through the chapters, you will use these scanning results to analyze and design a threat model for network security. In the concluding chapters, you will dig deeper into concepts such as IP network analysis, Microsoft Services, and mail services. You will also get to grips with various security best practices, which will help you build your network security mechanism. By the end of this book, you will be in a position to build a security framework fit for an organization. What you will learn Develop a cost-effective end-to-end vulnerability management program Implement a vulnerability management program from a governance perspective Learn about various standards and frameworks for vulnerability assessments and penetration testing Understand penetration testing with practical learning on various supporting tools and techniques Gain insight into vulnerability scoring and reporting Explore the importance of patching and security hardening Develop metrics to measure the success of the vulnerability management program Who this book is for Network Vulnerability Assessment is for security analysts, threat analysts, and any security professionals responsible for developing a network threat model for an organization. This book is also for any individual who is or wants to be part of a vulnerability management team and implement an end-to-end robust vulnerability management program.
Skillfully navigate through the complex realm of implementing scalable, trustworthy industrial systems and architectures in a hyper-connected business world. Key Features Gain practical insight into security concepts in the Industrial Internet of Things (IIoT) architecture Demystify complex topics such as cryptography and blockchain Comprehensive references to industry standards and security frameworks when developing IIoT blueprints Book Description Securing connected industries and autonomous systems is a top concern for the Industrial Internet of Things (IIoT) community. Unlike cybersecurity, cyber-physical security is an intricate discipline that directly ties to system reliability as well as human and environmental safety. Practical Industrial Internet of Things Security enables you to develop a comprehensive understanding of the entire spectrum of securing connected industries, from the edge to the cloud. This book establishes the foundational concepts and tenets of IIoT security by presenting real-world case studies, threat models, and reference architectures. You'll work with practical tools to design risk-based security controls for industrial use cases and gain practical know-how on the multi-layered defense techniques including Identity and Access Management (IAM), endpoint security, and communication infrastructure. Stakeholders, including developers, architects, and business leaders, can gain practical insights in securing IIoT lifecycle processes, standardization, governance and assess the applicability of emerging technologies, such as blockchain, Artificial Intelligence, and Machine Learning, to design and implement resilient connected systems and harness significant industrial opportunities. What you will learn Understand the crucial concepts of a multi-layered IIoT security framework Gain insight on securing identity, access, and configuration management for large-scale IIoT deployments Secure your machine-to-machine (M2M) and machine-to-cloud (M2C) connectivity Build a concrete security program for your IIoT deployment Explore techniques from case studies on industrial IoT threat modeling and mitigation approaches Learn risk management and mitigation planning Who this book is for Practical Industrial Internet of Things Security is for the IIoT community, which includes IIoT researchers, security professionals, architects, developers, and business stakeholders. Anyone who needs to have a comprehensive understanding of the unique safety and security challenges of connected industries and practical methodologies to secure industrial assets will find this book immensely helpful. This book is uniquely designed to benefit professionals from both IT and industrial operations backgrounds.
A practical, indispensable security guide that will navigate you through the complex realm of securely building and deploying systems in our IoT-connected world Key Features Learn best practices to secure your data from the device to the cloud Use systems security engineering and privacy-by-design principles to design a secure IoT ecosystem A practical guide that will help you design and implement cyber security strategies for your organization Book Description With the advent of the Internet of Things (IoT), businesses have to defend against new types of threat. The business ecosystem now includes the cloud computing infrastructure, mobile and fixed endpoints that open up new attack surfaces. It therefore becomes critical to ensure that cybersecurity threats are contained to a minimum when implementing new IoT services and solutions. This book shows you how to implement cybersecurity solutions, IoT design best practices, and risk mitigation methodologies to address device and infrastructure threats to IoT solutions. In this second edition, you will go through some typical and unique vulnerabilities seen within various layers of the IoT technology stack and also learn new ways in which IT and physical threats interact. You will then explore the different engineering approaches a developer/manufacturer might take to securely design and deploy IoT devices. Furthermore, you will securely develop your own custom additions for an enterprise IoT implementation. You will also be provided with actionable guidance through setting up a cryptographic infrastructure for your IoT implementations. You will then be guided on the selection and configuration of Identity and Access Management solutions for an IoT implementation. In conclusion, you will explore cloud security architectures and security best practices for operating and managing cross-organizational, multi-domain IoT deployments. What you will learn Discuss the need for separate security requirements and apply security engineering principles on IoT devices Master the operational aspects of planning, deploying, managing, monitoring, and detecting the remediation and disposal of IoT systems Use Blockchain solutions for IoT authenticity and integrity Explore additional privacy features emerging in the IoT industry, such as anonymity, tracking issues, and countermeasures Design a fog computing architecture to support IoT edge analytics Detect and respond to IoT security incidents and compromises Who this book is for This book targets IT Security Professionals and Security Engineers (including pentesters, security architects and ethical hackers) who would like to ensure the security of their organization's data when connected through the IoT. Business analysts and managers will also find this book useful.
Enhance file system security and learn about network attack, security tools and different versions of Linux build. Key Features Hands-on recipes to create and administer a secure Linux system Enhance file system security and local and remote user authentication Use various security tools and different versions of Linux for different tasks Book Description Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it. Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security ?aws, and these security ?aws allow attackers to get into your system and modify or even destroy your important data. But there's no need to panic, since there are various mechanisms by which these ?aws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system. With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux. By the end of this book, you will be able to secure your Linux systems and create a robust environment. What you will learn Learn about vulnerabilities and exploits in relation to Linux systems Configure and build a secure kernel and test it Learn about file permissions and how to securely modify files Authenticate users remotely and securely copy files on remote systems Review different network security methods and tools Perform vulnerability scanning on Linux machines using tools Learn about malware scanning and read through logs Who this book is for This book is intended for all those Linux users who already have knowledge of Linux file systems and administration. You should be familiar with basic Linux commands. Understanding information security and its risks to a Linux system is also helpful in understanding the recipes more easily.
Prepare yourself for any type of audit and minimise security findings Key Features It follows a lifecycle approach to information security by understanding: Why we need Information security How we can implement How to operate securely and maintain a secure posture How to face audits Description This book is a guide for Network professionals to understand real-world information security scenarios. It offers a systematic approach to prepare for security assessments including process security audits, technical security audits and Penetration tests. This book aims at training pre-emptive security to network professionals in order to improve their understanding of security infrastructure and policies. With our network being exposed to a whole plethora of security threats, all technical and non-technical people are expected to be aware of security processes. Every security assessment (technical/ non-technical) leads to new findings and the cycle continues after every audit. This book explains the auditor’s process and expectations. What You Will Learn This book is solely focused on aspects of Information security that Network professionals (Network engineer, manager and trainee) need to deal with, for different types of Audits. Information Security Basics, security concepts in detail, threat Securing the Network focuses on network security design aspects and how policies influence network design decisions. Secure Operations is all about incorporating security in Network operations. Managing Audits is the real test. Who This Book is For IT Heads, Network managers, Network planning engineers, Network Operation engineer or anybody interested in understanding holistic network security. Table of Contents 1. Basics of Information Security 2. Threat Paradigm 3. Information Security Controls 4. Decoding Policies Standards Procedures & Guidelines 5. Network security design 6. Know your assets 7. Implementing Network Security 8. Secure Change Management 9. Vulnerability and Risk Management 10. Access Control 11. Capacity Management 12. Log Management 13. Network Monitoring 14. Information Security Audit 15. Technical Compliance Audit 16. Penetration Testing About the Author Neha Saxena is currently teaching at Symbiosis International (Deemed University) as guest faculty and working as a Freelance security consultant with various organizations. She has previously worked with HP Singapore, Etihad airways Abu Dhabi, Quadrant Risk Management Dubai, Noor Islamic bank Dubai as Information security Officer (ISO), Senior Consultant and Team Lead. Her recently concluded projects include ISO27001 audit preparation for one of Dubai’s government subsidiary and Process Gap assessment at a Bank in Abu Dhabi. During her tenure at various jobs she wore many hats including Pen Tester, Application security assessor, Security Trainer, ISO27001 Implementer etc. Later on she moved to leading Audit and Compliance team. Currently she enjoys the thrill of challenges posed by doing different type of security/ teaching assignments as well as flexibility of working as a Freelancer. She takes each project as an opportunity to learn new things, new environment and meet interesting people around the world. She holds a Master’s degree in Computer Applications from Symbiosis International (Deemed University). She resides with her family in Pune, India currently. When not working she indulges herself in reading books, watching movies & paranormal/fantasy TV series, yoga and meditation.
Your one stop guide to automating infrastructure security using DevOps and DevSecOps Key Features Secure and automate techniques to protect web, mobile or cloud services Automate secure code inspection in C++, Java, Python, and JavaScript Integrate security testing with automation frameworks like fuzz, BDD, Selenium and Robot Framework Book Description Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention. This book will teach you to adopt security automation techniques to continuously improve your entire software development and security testing. You will learn to use open source tools and techniques to integrate security testing tools directly into your CI/CD framework. With this book, you will see how to implement security inspection at every layer, such as secure code inspection, fuzz testing, Rest API, privacy, infrastructure security, and web UI testing. With the help of practical examples, this book will teach you to implement the combination of automation and Security in DevOps. You will learn about the integration of security testing results for an overall security status for projects. By the end of this book, you will be confident implementing automation security in all layers of your software development stages and will be able to build your own in-house security automation platform throughout your mobile and cloud releases. What you will learn Automate secure code inspection with open source tools and effective secure code scanning suggestions Apply security testing tools and automation frameworks to identify security vulnerabilities in web, mobile and cloud services Integrate security testing tools such as OWASP ZAP, NMAP, SSLyze, SQLMap, and OpenSCAP Implement automation testing techniques with Selenium, JMeter, Robot Framework, Gauntlt, BDD, DDT, and Python unittest Execute security testing of a Rest API Implement web application security with open source tools and script templates for CI/CD integration Integrate various types of security testing tool results from a single project into one dashboard Who this book is for The book is for software developers, architects, testers and QA engineers who are looking to leverage automated security testing techniques.
Plug the gaps in your network's infrastructure with resilient network security models Key Features Develop a cost-effective and end-to-end vulnerability management program Explore best practices for vulnerability scanning and risk assessment Understand and implement network enumeration with Nessus and Network Mapper (Nmap) Book Description Digitization drives technology today, which is why it's so important for organizations to design security mechanisms for their network infrastructures. Analyzing vulnerabilities is one of the best ways to secure your network infrastructure. This Learning Path begins by introducing you to the various concepts of network security assessment, workflows, and architectures. You will learn to employ open source tools to perform both active and passive network scanning and use these results to analyze and design a threat model for network security. With a firm understanding of the basics, you will then explore how to use Nessus and Nmap to scan your network for vulnerabilities and open ports and gain back door entry into a network. As you progress through the chapters, you will gain insights into how to carry out various key scanning tasks, including firewall detection, OS detection, and access management to detect vulnerabilities in your network. By the end of this Learning Path, you will be familiar with the tools you need for network scanning and techniques for vulnerability scanning and network protection. This Learning Path includes content from the following Packt books: Network Scanning Cookbook by Sairam Jetty Network Vulnerability Assessment by Sagar Rahalkar What you will learn Explore various standards and frameworks for vulnerability assessments and penetration testing Gain insight into vulnerability scoring and reporting Discover the importance of patching and security hardening Develop metrics to measure the success of a vulnerability management program Perform configuration audits for various platforms using Nessus Write custom Nessus and Nmap scripts on your own Install and configure Nmap and Nessus in your network infrastructure Perform host discovery to identify network devices Who this book is for This Learning Path is designed for security analysts, threat analysts, and security professionals responsible for developing a network threat model for an organization. Professionals who want to be part of a vulnerability management team and implement an end-to-end robust vulnerability management program will also find this Learning Path useful.
A complete guide to understanding, developing, and testing popular security-token smart contracts Key Features Understand key Blockchain and Ethereum platforms concepts Step-by-step guide to developing STO smart contracts on Ethereum Monetize digital tokens under various U.S. securities laws Book Description The failure of initial coin offerings (ICOs) is no accident, as most ICOs do not link to a real asset and are not regulated. Realizing the shortcomings of ICOs, the blockchain community and potential investors embraced security token offerings (STOs) and stablecoins enthusiastically. In this book, we start with an overview of the blockchain technology along with its basic concepts. We introduce the concept behind STO, and cover the basic requirements for launching a STO and the relevant regulations governing its issuance. We discuss U.S. securities laws development in launching security digital tokens using blockchain technology and show some real use cases. We also explore the process of STO launches and legal considerations. We introduce popular security tokens in the current blockchain space and talk about how to develop a security token DApp, including smart contract development for ERC1404 tokens. Later, you'll learn to build frontend side functionalities to interact with smart contracts. Finally, we discuss stablecoin technical design functionalities for issuing and operating STO tokens by interacting with Ethereum smart contracts. By the end of this book, you will have learned more about STOs and gained a detailed knowledge of building relevant applications—all with the help of practical examples. What you will learn Understand the basic requirements for launching a security token offering Explore various US securities laws governing the offering of security digital tokens Get to grips with the stablecoin concept with the help of use cases Learn how to develop security token decentralized applications Understand the difference between ERC-20 and ERC-721 tokens Learn how to set up a development environment and build security tokens Explore the technical design of stablecoins Who this book is for This book is ideal for blockchain beginners and business user developers who want to quickly master popular Security Token Offerings and stablecoins. Readers will learn how to develop blockchain/digital cryptos, guided by U.S. securities laws and utilizing some real use cases. Prior exposure to an Object-Oriented Programming language such as JavaScript would be an advantage, but is not mandatory.
Ace the CompTIA Security+ exam with over 700 practice exam questions written using the style and format of the Security+ exam Key Features Get a detailed breakdown of the type of questions and the exam environment Discover a step-by-step process that guides you through the study process week-by-week Reinforce your learning by solving 100 questions for each domain Book Description Security+ certification is the most popular entry-level certification for cybersecurity professionals. It has no work experience requirement, making it accessible to everyone willing to put in the time to prepare for the exam. Security+Ⓡ Practice Tests are the perfect tools to prepare for the CompTIA Security+ exam. The first six chapters each cover one of the six Security+ domains. Each of those chapters contains around 100 practice test questions covering the material from that domain. The last two chapters each contain a full-length Security+ practice test that’s designed to assess your readiness to take the actual test. At the end of each chapter, you’ll find the answers to all of the questions along with detailed explanations to help reinforce your learning of the material. By the end of the book, you’ll have enough practice to easily ace the CompTIA Security+ exam. What you will learn Familiarize yourself with the format of the Security+ exam Target your test preparation on each of the Security+ domains Brush up on your understanding by testing yourself on realistic practice questions Discover areas for improvement by comparing your responses to the answers provided Measure your readiness with full-length practice tests Know what to expect on test day and Learn helpful strategies for tackling the different question types Who this book is for This book is designed for service desk analysts, system support engineers, and other IT professionals who want to start their career in managing the IT infrastructure of an organization. Basic knowledge of hardware, software, other relevant components of the IT industry will help you easily grasp the concepts explained in this book.