▶Book Description
Modern day businesses and enterprises are moving to the Cloud, to improve efficiency and speed, achieve flexibility and cost effectiveness, and for on-demand Cloud services. However, enterprise Cloud security remains a major concern because migrating to the public Cloud requires transferring some control over organizational assets to the Cloud provider. There are chances these assets can be mismanaged and therefore, as a Cloud security professional, you need to be armed with techniques to help businesses minimize the risks and misuse of business data.
The book starts with the basics of Cloud security and offers an understanding of various policies, governance, and compliance challenges in Cloud. This helps you build a strong foundation before you dive deep into understanding what it takes to design a secured network infrastructure and a well-architected application using various security services in the Cloud environment.
Automating security tasks, such as Server Hardening with Ansible, and other automation services, such as Monit, will monitor other security daemons and take the necessary action in case these security daemons are stopped maliciously. In short, this book has everything you need to secure your Cloud environment with. It is your ticket to obtain industry-adopted best practices for developing a secure, highly available, and fault-tolerant architecture for organizations.
▶What You Will Learn
⦁ Configure your firewall and Network ACL
⦁ Protect your system against DDOS and application-level attacks
⦁ Explore cryptography and data security for your cloud
⦁ Get to grips with configuration management tools to automate your security tasks
⦁ Perform vulnerability scanning with the help of the standard tools in the industry
⦁ Learn about central log management
▶Key Features
⦁ Gain a firm grasp of Cloud data security and governance, irrespective of your Cloud platform
⦁ Practical examples to ensure you secure your Cloud environment efficiently
⦁ A step-by-step guide that will teach you the unique techniques and methodologies of Cloud data governance
▶Who This Book Is For
If you are a cloud security professional who wants to ensure cloud security and data governance no matter the environment, then this book is for you. A basic understanding of working on any cloud platform would be beneficial
▶What this book covers
⦁ Chapter 1, The Fundamentals of Cloud Security, begins with providing a solid foundation for cloud computing followed by the challenges faced when an organization moves into the cloud. At the end of the chapter, we look into at a case study of the real-world scenarios about servers of a known start-up getting hacked and analyze the security shortcoming that leads to the downfall.
⦁ Chapter 2, Defense in Depth Approach, provides insights into the structural approach for defensive security that can provide a solid base for security in an organization to protect against attacks. We have an abstract overview of the tools and technologies that can be used at these layers. This chapter provides the foundation for the rest of the book.
⦁ Chapter 3, Designing Defensive Network Infrastructure, begins with revising the fundamentals related to the TCP/IP model and then continues with understanding the stateful and stateless nature of firewalls, ideal approach to design firewall rules, and best practices. We also look into the implementation approach related to IPS in the cloud along with various technologies like Bastion Hosts and Virtual Private Networks. Throughout this chapter, we discuss the best practices both in terms of process and implementation side that will help the organization build strong network perimeter.
⦁ Chapter 4, Server Hardening, deals with the operating system level security. This chapter provides insights into the implementation of the principle of least privilege based approach with the help of various technologies related to centralized authentication and single-signon
solutions. Along with this we have a great overview related to auditing functionality with help of AuditD and explore pluggable authentication modules as well. At the end, we look into various tools and technologies for disk level encryptions, server hardening, SELinux, host-based intrusion detection system and the approach for building “Hardening / Golden Images”.
⦁ Chapter 5, Cryptography Network Security, begins with revising the fundamentals of cryptography and then moves to explore various technologies like hardware security modules, Key Management Service along with looking into the SSL/TLS section along with
the associated security best practices related to HSTS, Perfect Forward Secrecy, OCSP stapling and many more.
⦁ Chapter 6, Automation in Security, explore more about configuration management and infrastructure as code-based approach and their necessity and importance in building secure environments. In this chapter, we revise and explore tools like Terraform, Ansible
along with it’s associated best practices. We look into the approach of “Desired State” that can be achieved with this configuration management and infrastructure as code-based tools and it’s significance in maintaining overall security posture in the organization.
⦁ Chapter 7, Vulnerability, Pentest, and Patch Management, gives you insights on how to implement an entire cycle of vulnerability assessment to patch management. This is one of the very important parts of any organization, and many big organizations have been
compromised because of not being able to implement and follow this life cycle phase. We look into the industry standard tools, proven best practices, and approaches that you can implement in your organization related to this phase.
⦁ Chapter 8, Security Logging and Monitoring, provides insights into operational considerations related to logging monitoring, an overview of log management activity, and tools and things that need to be captured to give you the right overview of the current happening within your organization.
⦁ Chapter 9, First Responder, walks you through incident response. This chapter gives you an overview of incident response and the ideal ways in which you can implement an incident response plan, along with ways in which you can continually check on the preparedness of your incident response team.
⦁ Chapter 10, Best Practices, condenses all the chapters and the associated tools into tabular form for easy insights into the overall book.
