Loading...
ru

Security Intelligence: A Practitioner's Guide to Solving Enterprise Security Challenges | Форум

Павел Кульков
Павел Кульков Июль 13 '16

Книга во вложении.


Содержание:


Chapter 1 Fundamentals of Secure Proxies
Security Must Protect and Empower Users
The Birth of Shadow IT
Internet of Things and Connected Consumer Appliances
Conventional Security Solutions
Traditional Firewalls: What Are Their Main Defiiencies?
Firewall with DPI: A Better Solution?
IDS/IPS and Firewall 
Unif ed Threat Management and Next‐Generation Firewall
Security Proxy—A Necessary Extension of the End Point 
Transaction‐Based Processing 
The Proxy Architecture 
SSL Proxy and Interception 
Interception Strategies 
Certif cates and Keys 
Certif cate Pinning and OCSP Stapling 
SSL Interception and Privacy 
Summary 
Chapter 2 Proxy Deployment Strategies and Challenges 
Def nitions of Proxy Types: Transparent Proxy and Explicit Proxy 
Inline Deployment of Transparent Proxy: Physical Inline and Virtual Inline 
Physical Inline Deployment 
Virtual Inline Deployment 
Traffic Redirection Methods: WCCP and PBR 
LAN Port and WAN Port 
Forward Proxy and Reverse Proxy 
Challenges of Transparent Interception 
Directionality of Connections 
Maintaining Traff c Paths 
Avoiding Interception 
Asymmetric Traff c Flow Detection and Clustering 
Proxy Chaining 
Summary 
Chapter 3 Proxy Policy Engine and Policy Enforcements 
Policy System Overview 
Conditions and Properties 
Policy Transaction 
Policy Ticket 
Policy Updates and Versioning System 
Security Implications 
Policy System in the Cloud Security Operation 
Policy Evaluation 
Policy Checkpoint 
Policy Execution Timing 
Revisiting the Proxy Interception Steps 
Enforcing External Policy Decisions 
Summary 
Chapter 4 Malware and Malware Delivery Networks  
Cyber Warfare and Targeted Attacks 
Espionage and Sabotage in Cyberspace 
Industrial Espionage
Operation Aurora 
Watering Hole Attack 
Breaching the Trusted Third Party 
Casting the Lures 
Spear Phishing 
Pharming 
Cross‐Site Scripting 
Search Engine Poisoning 
Drive‐by Downloads and the Invisible iframe 
Tangled Malvertising Networks 
Malware Delivery Networks 
Fast‐Flux Networks 
Explosion of Domain Names 
Abandoned Sites and Domain Names 
Antivirus Software and End‐Point Solutions – The Losing Battle 
Summary 
Chapter 5 Malnet Detection Techniques 
Automated URL Reputation System 
Creating URL Training Sets 
Extracting URL Feature Sets 
Classif er Training 
Dynamic Webpage Content Rating 
Keyword Extraction for Category Construction 
Keyword Categorization 
Detecting Malicious Web Infrastructure 
Detecting Exploit Servers through Content Analysis 
Topology‐Based Detection of Dedicated Malicious Hosts 
Detecting C2 Servers 
Detection Based on Download Similarities 
Crawlers 
Detecting Malicious Servers with a Honeyclient 
High Interaction versus Low Interaction 
Capture‐HPC: A High‐Interaction Honeyclient 
Thug: A Low‐Interaction Honeyclient 
Evading Honeyclients 
Summary 
Chapter 6 Writing Policies  
Overview of the ProxySG Policy Language 
Scenarios and Policy Implementation 
Web Access 
Access Logging 
User Authentication 
Safe Content Retrieval 
SSL Proxy 
Reverse Proxy Deployment 
DNS Proxy 
Data Loss Prevention 
E‐mail Filtering 
A Primer on SMTP 
E‐mail Filtering Techniques 
Summary 
Chapter 7 The Art of Application Classif cation 
A Brief History of Classif cation Technology 
Signature Based Pattern Matching Classif cation 
Extracting Matching Terms – Aho‐Corasick Algorithm 
Pref x‐Tree Signature Representation 
Manual Creation of Application Signatures 
Automatic Signature Generation 
Flow Set Construction 
Extraction of Common Terms 
Signature Distiller 
Considerations 
Machine Learning‐Based Classif cation Technique 
Feature Selection 
Supervised Machine Learning Algorithms
Naïve Bayes Method 
Unsupervised Machine Learning Algorithms 
Expectation‐Maximization 
K‐Means Clustering 
Classif er Performance Evaluation 
Proxy versus Classif er 
Summary 
Chapter 8 Retrospective Analysis 
Data Acquisition 
Logs and Retrospective Analysis 
Log Formats 
Log Management and Analysis 
Packet Captures 
Capture Points 
Capture Formats 
Capture a Large Volume of Data 
Data Indexing and Query 
B‐tree Index 
B‐tree Search 
B‐tree Insertion 
Range Search and B+‐tree 
Bitmap Index 
Bitmap Index Search 
Bitmap Index Compression 
Inverted File Index 
Inverted File 
Inverted File Index Query 
Inverted File Compression 
Performance of a Retrospective Analysis System 
Index Sizes 
Index Building Overhead 
Query Response Delay 
Scalability 
Notes on Building a Retrospective Analysis System 
MapReduce and Hadoop 
MapReduce for Parallel Processing 
Hadoop 
Open Source Data Storage and Management Solution 
Why a Traditional RDBMS Falls Short 
NoSQL and Search Engines 
NoSQL and Hadoop 
Summary 
Chapter 9 Mobile Security  
Mobile Device Management, or Lack Thereof 
Mobile Applications and Their Impact on Security 
Security Threats and Hazards in Mobile Computing 
Cross‐Origin Vulnerability 
Near Field Communication 
Application Signing Transparency 
Library Integrity and SSL Verif cation Challenges 
Ad Fraud 
Research Results and Proposed Solutions 
Infrastructure‐Centric Mobile Security Solution 
Towards the Seamless Integration of WiFi and Cellular Networks 
Security in the Network 
Summary 

Сообщение отредактировал(а) Павел Кульков Июль 13 '16
Присоединённые файлы:
  Security Intelligence.pdf (24763Kb)
Поделиться: