Take a look at our Network Security books. Shulph carries a great selection of Network Security books, and we are always adding more.
Learn to build robust security controls for the infrastructure, data, and applications in the AWS Cloud. Key Features -Takes a comprehensive layered security approach that covers major use-cases. -Covers key AWS security features leveraging the CLI and Management Console. -Step-by-step instructions for all topics with graphical illustrations. -Relevant code samples written in JavaScript (for Node.js runtime). Description If you're looking for a comprehensive guide to Amazon Web Services (AWS) security, this book is for you. With the help of this book, cloud professionals and the security team will learn how to protect their cloud infrastructure components and applications from external and internal threats. The book uses a comprehensive layered security approach to look into the relevant AWS services in each layer and discusses how to use them. It begins with an overview of the cloud's shared responsibility model and how to effectively use the AWS Identity and Access Management (IAM) service to configure identities and access controls for various services and components. The subsequent chapter covers AWS infrastructure security, data security, and AWS application layer security. Finally, the concluding chapters introduce the various logging, monitoring, and auditing services available in AWS, and the book ends with a chapter on AWS security best practices. By the end, as readers, you will gain the knowledge and skills necessary to make informed decisions and put in place security controls to create AWS application ecosystems that are highly secure. What you will learn -Learn to create a layered security architecture and employ defense in depth. -Master AWS IAM and protect APIs. -Use AWS WAF, AWS Secrets Manager, and AWS Systems Manager Parameter Store. -Learn to secure data in Amazon S3, EBS, DynamoDB, and RDS using AWS Key Management Service. -Secure Amazon VPC, filter IPs, use Amazon Inspector, use ECR image scans, etc. -Protect cloud infrastructure from DDoS attacks and use AWS Shield. Who this book is for The book is intended for cloud architects and security professionals interested in delving deeper into the AWS cloud's security ecosystem and determining the optimal way to leverage AWS security features. Working knowledge of AWS and its core services is necessary. Table of Contents 1. Introduction to Security in AWS 2. Identity And Access Management 3. Infrastructure Security 4. Data Security 5. Application Security 6. Logging, Monitoring, And Auditing 7. Security Best Practices
Exploring techniques and tools and best practices used in the real world. Key Features - Explore private and public key-based solutions and their applications in the real world. - Learn about security protocols implemented at various TCP/IP stack layers. - Insight on types of ciphers, their modes, and implementation issues.. Description Cryptography and Network Security teaches you everything about cryptography and how to make its best use for both, network and internet security. To begin with, you will learn to explore security goals, the architecture, its complete mechanisms, and the standard operational model. You will learn some of the most commonly used terminologies in cryptography such as substitution, and transposition. While you learn the key concepts, you will also explore the difference between symmetric and asymmetric ciphers, block and stream ciphers, and monoalphabetic and polyalphabetic ciphers. This book also focuses on digital signatures and digital signing methods, AES encryption processing, public key algorithms, and how to encrypt and generate MACs. You will also learn about the most important real-world protocol called Kerberos and see how public key certificates are deployed to solve public key-related problems. Real-world protocols such as PGP, SMIME, TLS, and IPsec Rand 802.11i are also covered in detail. What you will learn - Describe and show real-world connections of cryptography and applications of cryptography and secure hash functions. - How one can deploy User Authentication, Digital Signatures, and AES Encryption process. - How the real-world protocols operate in practice and their theoretical implications. - Describe different types of ciphers, exploit their modes for solving problems, and finding their implementation issues in system security. Who this book is for This book is for security professionals, network engineers, IT managers, students, and teachers who are interested in learning Cryptography and Network Security. Table of Contents 1. Network and information security overview 2. Introduction to cryptography 3. Block ciphers and attacks 4. Number Theory Fundamentals 5. Algebraic structures 6. Stream cipher modes 7. Secure hash functions 8. Message authentication using MAC 9. Authentication and message integrity using Digital Signatures 10. Advanced Encryption Standard 11. Pseudo-Random numbers 12. Public key algorithms and RSA 13. Other public-key algorithms 14. Key Management and Exchange 15. User authentication using Kerberos 16. User authentication using public key certificates 17. Email security 18. Transport layer security 19. IP security 20. Wireless security 21. System security About the Authors Prof. Bhushan Trivedi, Ph. D. is working as the Dean, Faculty of Computer Technology (FoCT) at the GLS University. He has two MOOCs, three international books, 100 odd research papers to his credit. He has conducted numerous workshops and seminar talks on pedagogy, research, online content preparation and management and various realms of security. Dr. Savita Gandhi is Dean, Faculty of Computer Science and IT at GLS University. Prior to holding her current position she was the Director of the School of Computer Science and headed the Dept. of Computer Science at Gujarat University. Dr Dhiren Pandit is working as an Assistant Professor in Mathematics at the Institute of Technology, Nirma University. He did his Doctorate from NIT Surat in the field of image processing and data mining. Due to his interdisciplinary work in the application of mathematics in computer science and experience, he is able to contribute to this project.
Identify vulnerabilities across applications, network and systems using simplified cybersecurity scripting Key Features - Exciting coverage on red teaming methodologies and penetration testing techniques. - Explore the exploitation development environment and process of creating exploit scripts. - Includes powerful Python libraries to analyze the web and helps identifying critical vulnerabilities. - Conduct wireless attacks and identify potential threats using Python. Description This book starts with an understanding of penetration testing and red teaming methodologies and teaches Python 3.x from scratch for those who are not familiar with programming. The book gives the skills of how to create scripts for cracking, and brute force attacks. The second part of this book focuses on the network and wireless level. The book teaches you the skills of how to create an offensive tool using Python 3.x to identify different services and ports using different Python network modules and conducting network attacks. In the network monitoring section, you will be able to monitor layers 3 and 4. And finally, you will be able to conduct different attacks on wireless. The last part of this book focuses on web applications and exploitation developments. It focuses on how to create scripts to extract web information such as links, images, documents, etc. It also focuses on how to create scripts to identify and exploit web vulnerabilities and how to bypass WAF. The last chapter of this book focuses on exploitation development starting with how to play with the stack and then moving on to how to use Python in fuzzing and creating exploitation scripts. What you will learn - Learn to code Python scripts from scratch to identify web vulnerabilities. - Conduct network attacks, create offensive tools, and identify vulnerable services and ports. - Perform deep monitoring of network up to layers 3 and 4. - Execute web scraping scripts to extract images, documents, and links. Who this book is for This book is for Penetration Testers, Security Researchers, Red Teams, Security Auditors and IT Administrators who want to start with an action plan in protecting their IT systems. All you need is some basic understanding of programming concepts and working of IT systems. Hands-on experience with python will be more beneficial but not required. Table of Contents 1. Start with Penetration Testing and Basic Python 2. Cracking with Python 3. Service and Applications Brute Forcing with Python 4. Python Services Identifications - Ports and Banner 5. Python Network Modules and Nmap 6. Network Monitoring with Python 7. Attacking Wireless with Python 8. Analyze Web Applications with Python 9. Attack Web Application with Python 10. Exploitation Development with Python
Perform effective and efficient penetration testing in an enterprise scenario Key Features - Understand the penetration testing process using a highly customizable modular framework. - Exciting use-cases demonstrating every action of penetration testing on target systems. - Equipped with proven techniques and best practices from seasoned pen-testing practitioners. - Experience-driven from actual penetration testing activities from multiple MNCs. Description This book is designed to introduce the topic of penetration testing using a structured and easy-to-learn process-driven framework. Understand the theoretical aspects of penetration testing and create a penetration testing lab environment consisting of various targets to learn and practice your skills. Learn to comfortably navigate the Kali Linux and perform administrative activities, get to know shell scripting, and write simple scripts to effortlessly run complex commands and automate repetitive testing tasks. Explore the various phases of the testing framework while practically demonstrating the numerous tools and techniques available within Kali Linux. Starting your journey from gathering initial information about the targets and performing enumeration to identify potential weaknesses and sequentially building upon this knowledge to refine the attacks and utilize weaknesses to fully compromise the target machines. The authors of the book lay a particularly strong emphasis on documentation and the importance of generating crisp and concise reports which keep the various stakeholders’ requirements at the center stage. What you will learn - Understand the Penetration Testing Process and its various phases. - Perform practical penetration testing using the various tools available in Kali Linux. - Get to know the process of Penetration Testing and set up the Kali Linux virtual environment. - Perform active and passive reconnaissance. Who this book is for This book caters to all IT professionals with a basic understanding of operating systems, networking, and Linux can use this book to build a skill set for performing real-world penetration testing. Table of Contents 1. The Basics of Penetration Testing 2. Penetration Testing Lab 3. Finding Your Way Around Kali Linux 4. Understanding the PT Process and Stages 5. Planning and Reconnaissance 6. Service Enumeration and Scanning 7. Vulnerability Research 8. Exploitation 9. Post Exploitation 10. Reporting About the Authors Pranav Joshi has over 20 years of Information and Cybersecurity experience in leading and delivering large-scale projects for clients in diverse business verticals such as banking, finance, national stock exchanges, insurance, energy, petrochemical, retail, media, advertising, e-commerce, IT & ITES, government, defense, including Fortune 100 companies. In his previous role, he has been responsible for managing the security of information assets, infrastructure, and applications covering 65 countries significantly reducing compliance-related incidents. LinkedIn Profile: https://www.linkedin.com/in/joshipranav/ Deepayan Chanda, a seasoned cybersecurity professional, architect, cybersecurity strategist, and advisor has a strong intent to solve cybersecurity problems for enterprises. He is driven by more than 24 years of diverse security domain experience and creates a balance between security and business goals. He has worked for the Indian Air Force. Currently, he is working with National Australia Bank. Previously, he has worked with Standard Chartered Bank and many major products and security MNCs by demonstrating strong leadership in driving security projects and solutions along with significant contributions to the industry as a mentor and advisors to many cybersecurity start-ups and authoring books. LinkedIn Profile: https://www.linkedin.com/in/deepayan/
Prepare yourself for any type of audit and minimise security findings Key Features It follows a lifecycle approach to information security by understanding: Why we need Information security How we can implement How to operate securely and maintain a secure posture How to face audits Description This book is a guide for Network professionals to understand real-world information security scenarios. It offers a systematic approach to prepare for security assessments including process security audits, technical security audits and Penetration tests. This book aims at training pre-emptive security to network professionals in order to improve their understanding of security infrastructure and policies. With our network being exposed to a whole plethora of security threats, all technical and non-technical people are expected to be aware of security processes. Every security assessment (technical/ non-technical) leads to new findings and the cycle continues after every audit. This book explains the auditor’s process and expectations. What You Will Learn This book is solely focused on aspects of Information security that Network professionals (Network engineer, manager and trainee) need to deal with, for different types of Audits. Information Security Basics, security concepts in detail, threat Securing the Network focuses on network security design aspects and how policies influence network design decisions. Secure Operations is all about incorporating security in Network operations. Managing Audits is the real test. Who This Book is For IT Heads, Network managers, Network planning engineers, Network Operation engineer or anybody interested in understanding holistic network security. Table of Contents 1. Basics of Information Security 2. Threat Paradigm 3. Information Security Controls 4. Decoding Policies Standards Procedures & Guidelines 5. Network security design 6. Know your assets 7. Implementing Network Security 8. Secure Change Management 9. Vulnerability and Risk Management 10. Access Control 11. Capacity Management 12. Log Management 13. Network Monitoring 14. Information Security Audit 15. Technical Compliance Audit 16. Penetration Testing About the Author Neha Saxena is currently teaching at Symbiosis International (Deemed University) as guest faculty and working as a Freelance security consultant with various organizations. She has previously worked with HP Singapore, Etihad airways Abu Dhabi, Quadrant Risk Management Dubai, Noor Islamic bank Dubai as Information security Officer (ISO), Senior Consultant and Team Lead. Her recently concluded projects include ISO27001 audit preparation for one of Dubai’s government subsidiary and Process Gap assessment at a Bank in Abu Dhabi. During her tenure at various jobs she wore many hats including Pen Tester, Application security assessor, Security Trainer, ISO27001 Implementer etc. Later on she moved to leading Audit and Compliance team. Currently she enjoys the thrill of challenges posed by doing different type of security/ teaching assignments as well as flexibility of working as a Freelancer. She takes each project as an opportunity to learn new things, new environment and meet interesting people around the world. She holds a Master’s degree in Computer Applications from Symbiosis International (Deemed University). She resides with her family in Pune, India currently. When not working she indulges herself in reading books, watching movies & paranormal/fantasy TV series, yoga and meditation.
The information security industry is undergoing a major change, forced by the rise of end-to-end encryption, encryption that cannot be intercepted, transport protocol stack evolution, "zero trust networks", and distributed computing. While we understand the logical connections between these trends, there is little analysis of all of these trends in combination. Examination of all five trends uncovers opportunities that not only improve the state of information security and the general posture, but also lead to resource reductions necessary for information security to be sustainable. In this exciting new book from security expert Kathleen M. Moriarty, the examination of all five trends uncovers opportunities to change the state of information security. Providing a unique perspective from the center of the debates on end-to-end encryption, Moriarty explores emerging trends in both information security and transport protocol evolution, going beyond simply pointing out today's problems to providing solutions for the future of our product space.