Security intelligence a practitioner's guide to solving enterprise security challenges
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Indianapolis, Indiana :
Wiley
2015.
|
| Edición: | 1st ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009849120906719 |
Tabla de Contenidos:
- Intro
- Security Intelligence: A Practitioner's Guide to Solving Enterprise Security Challenges
- Contents
- Foreword
- Preface
- Chapter 1 Fundamentals of Secure Proxies
- Security Must Protect and Empower Users
- The Birth of Shadow IT
- Internet of Things and Connected Consumer Appliances
- Conventional Security Solutions
- Traditional Firewalls: What Are Their Main Deficiencies?
- Firewall with DPI: A Better Solution?
- IDS/IPS and Firewall
- Unified Threat Management and Next-Generation Firewall
- Security Proxy-A Necessary Extension of the End Point
- Transaction-Based Processing
- The Proxy Architecture
- SSL Proxy and Interception
- Interception Strategies
- Certificates and Keys
- Certificate Pinning and OCSP Stapling
- SSL Interception and Privacy
- Summary
- Chapter 2 Proxy Deployment Strategies and Challenges
- Definitions of Proxy Types: Transparent Proxy and Explicit Proxy
- Inline Deployment of Transparent Proxy: Physical Inline and Virtual Inline
- Physical Inline Deployment
- Virtual Inline Deployment
- Traffic Redirection Methods: WCCP and PBR
- LAN Port and WAN Port
- Forward Proxy and Reverse Proxy
- Challenges of Transparent Interception
- Directionality of Connections
- Maintaining Traffic Paths
- Avoiding Interception
- Asymmetric Traffic Flow Detection and Clustering
- Proxy Chaining
- Summary
- Chapter 3 Proxy Policy Engine and Policy Enforcements
- Policy System Overview
- Conditions and Properties
- Policy Transaction
- Policy Ticket
- Policy Updates and Versioning System
- Security Implications
- Policy System in the Cloud Security Operation
- Policy Evaluation
- Policy Checkpoint
- Policy Execution Timing
- Revisiting the Proxy Interception Steps
- Enforcing External Policy Decisions
- Summary
- Chapter 4 Malware and Malware Delivery Networks.
- Cyber Warfare and Targeted Attacks
- Espionage and Sabotage in Cyberspace
- Industrial Espionage
- Operation Aurora
- Watering Hole Attack
- Breaching the Trusted Third Party
- Casting the Lures
- Spear Phishing
- Pharming
- Cross-Site Scripting
- Search Engine Poisoning
- Drive-by Downloads and the Invisible iframe
- Tangled Malvertising Networks
- Malware Delivery Networks
- Fast-Flux Networks
- Explosion of Domain Names
- Abandoned Sites and Domain Names
- Antivirus Software and End-Point Solutions - The Losing Battle
- Summary
- Chapter 5 Malnet Detection Techniques
- Automated URL Reputation System
- Creating URL Training Sets
- Extracting URL Feature Sets
- Classifier Training
- Dynamic Webpage Content Rating
- Keyword Extraction for Category Construction
- Keyword Categorization
- Detecting Malicious Web Infrastructure
- Detecting Exploit Servers through Content Analysis
- Topology-Based Detection of Dedicated Malicious Hosts
- Detecting C2 Servers
- Detection Based on Download Similarities
- Crawlers
- Detecting Malicious Servers with a Honeyclient
- High Interaction versus Low Interaction
- Capture-HPC: A High-Interaction Honeyclient
- Thug: A Low-Interaction Honeyclient
- Evading Honeyclients
- Summary
- Chapter 6 Writing Policies
- Overview of the ProxySG Policy Language
- Scenarios and Policy Implementation
- Web Access
- Access Logging
- User Authentication
- Safe Content Retrieval
- SSL Proxy
- Reverse Proxy Deployment
- DNS Proxy
- Data Loss Prevention
- E-mail Filtering
- A Primer on SMTP
- E-mail Filtering Techniques
- Summary
- Chapter 7 The Art of Application Classification
- A Brief History of Classification Technology
- Signature Based Pattern Matching Classification
- Extracting Matching Terms - Aho-Corasick Algorithm
- Prefi x-Tree Signature Representation.
- Manual Creation of Application Signatures
- Automatic Signature Generation
- Flow Set Construction
- Extraction of Common Terms
- Signature Distiller
- Considerations
- Machine Learning-Based Classification Technique
- Feature Selection
- Supervised Machine Learning Algorithms
- Naïve Bayes Method
- Unsupervised Machine Learning Algorithms
- Expectation-Maximization
- K-Means Clustering
- Classifier Performance Evaluation
- Proxy versus Classifier
- Summary
- Chapter 8 Retrospective Analysis
- Data Acquisition
- Logs and Retrospective Analysis
- Log Formats
- Log Management and Analysis
- Packet Captures
- Capture Points
- Capture Formats
- Capture a Large Volume of Data
- Data Indexing and Query
- B-tree Index
- B-tree Search
- B-tree Insertion
- Range Search and B+-tree
- Bitmap Index
- Bitmap Index Search
- Bitmap Index Compression
- Inverted File Index
- Inverted File
- Inverted File Index Query
- Inverted File Compression
- Performance of a Retrospective Analysis System
- Index Sizes
- Index Building Overhead
- Query Response Delay
- Scalability
- Notes on Building a Retrospective Analysis System
- MapReduce and Hadoop
- MapReduce for Parallel Processing
- Hadoop
- Open Source Data Storage and Management Solution
- Why a Traditional RDBMS Falls Short
- NoSQL and Search Engines
- NoSQL and Hadoop
- Summary
- Chapter 9 Mobile Security
- Mobile Device Management, or Lack Thereof
- Mobile Applications and Their Impact on Security
- Security Threats and Hazards in Mobile Computing
- Cross-Origin Vulnerability
- Near Field Communication
- Application Signing Transparency
- Library Integrity and SSL Verification Challenges
- Ad Fraud
- Research Results and Proposed Solutions
- Infrastructure-Centric Mobile Security Solution
- Towards the Seamless Integration of WiFi and Cellular Networks.
- Security in the Network
- Summary
- Bibliography
- Index
- EULA.
