|
Book details / order |
SECURITY INTELLIGENCE |
Security intelligence: a practitioner's guide to solving enterprise security challenges guides you through a deciphering process that translates each security goal into a set of security variables, substitutes each variable with a specific security technology domain, formulates the equation that is the deployment strategy, then verifies the solution against the original problem by analyzing security incidents and mining hidden breaches, ultimately refines the security formula iteratively in a perpetual cycle.
foreword
preface
chapter 1 fundamentals of secure proxies
security must protect and empower users
the birth of shadow it
internet of things and connected consumer appliances
conventional security solutions
traditional firewalls: what are their main deficiencies?
firewall with dpi: a better solution?
ids/ips and firewall
unified threat management and nextÂ]generation firewall
security proxy--a necessary extension of the end point
transactionÂ]based processing
the proxy architecture
ssl proxy and interception
interception strategies
certificates and keys
certificate pinning and ocsp stapling
ssl interception and privacy
chapter 2 proxy deployment strategies and challenges
definitions of proxy types: transparent proxy and explicit proxy
inline deployment of transparent proxy: physical inline and virtual inline
physical inline deployment
virtual inline deployment
traffic redirection methods: wccp and pbr
lan port and wan port
forward proxy and reverse proxy
challenges of transparent interception
directionality of connections
maintaining traffic paths
avoiding interception
asymmetric traffic flow detection and clustering
proxy chaining
chapter 3 proxy policy engine and policy enforcements
policy system overview
conditions and properties
policy transaction
policy ticket
policy updates and versioning system
security implications
policy system in the cloud security operation
policy evaluation
policy checkpoint
policy execution timing
revisiting the proxy interception steps
enforcing external policy decisions
chapter 4 malware and malware delivery networks
cyber warfare and targeted attacks
espionage and sabotage in cyberspace
industrial espionage
operation aurora
watering hole attack
breaching the trusted third party
casting the lures
spear phishing
pharming
crossÂ]site scripting
search engine poisoning
driveÂ]by downloads and the invisible iframe
tangled malvertising networks
malware delivery networks
fastÂ]flux networks
explosion of domain names
abandoned sites and domain names
antivirus software and endÂ]point solutions -- the losing battle
chapter 5 malnet detection techniques
automated url reputation system
creating url training sets
extracting url feature sets
classifier training
dynamic webpage content rating
keyword extraction for category construction
keyword categorization
detecting malicious web infrastructure
detecting exploit servers through content analysis
topologyÂ]based detection of dedicated malicious hosts
detecting c2 servers
detection based on download similarities
crawlers
detecting malicious servers with a honey client
high interaction versus low interaction
captureÂ]hpc: a highÂ]interaction honey client
thug: a lowÂ]interaction honey client
evading honey clients
chapter 6 writing policies
overview of the proxysg policy language
scenarios and policy implementation
web access
access logging
user authentication
safe content retrieval
ssl proxy
reverse proxy deployment
dns proxy
data loss prevention
eÂ]mail filtering
a primer on smtp
eÂ]mail filtering techniques
chapter 7 the art of application classification
a brief history of classification technology
signature based pattern matching classification
extracting matching terms -- ahoÂ]corasick algorithm
prefixÂ]tree signature representation
manual creation of application signatures
automatic signature generation
flow set construction
extraction of common terms
signature distiller
considerations
machine learningÂ]based classification technique
feature selection
supervised machine learning algorithms
naive bayes method
unsupervised machine learning algorithms
expectationÂ]maximization
kÂ]means clustering
classifier performance evaluation
proxy versus classifier
chapter 8 retrospective analysis
data acquisition
logs and retrospective analysis
log formats
log management and analysis
packet captures
capture points
capture formats
capture a large volume of data
data indexing and query
bÂ]tree index
bÂ]tree search
bÂ]tree insertion
range search and b+Â]tree
bitmap index
bitmap index search
bitmap index compression
inverted file index
inverted file
inverted file index query
inverted file compression
performance of a retrospective analysis system
index sizes
index building overhead
query response delay
scalability
notes on building a retrospective analysis system
mapreduce and hadoop
mapreduce for parallel processing
hadoop
open source data storage and management solution
why a traditional rdbms falls short
nosql and search engines
nosql and hadoop
chapter 9 mobile security
mobile device management or lack thereof
mobile applications and their impact on security
security threats and hazards in mobile computing
crossÂ]origin vulnerability
near field communication
application signing transparency
library integrity and ssl verification challenges
ad fraud
research results and proposed solutions
infrastructureÂ]centric mobile security solution
towards the seamless integration of wifi and cellular networks
security in the network
summary
bibliography
index
Author : Qing li
Publication : Wiley
Isbn : 9788126555895
Store book number : 107
NRS 960.00
|
|
|
|
|
|
|
|
|
|