Bezpieczeństwo systemów
Richard Diver, Gary Bushey, John Perkins
Microsoft Sentinel is a security information and event management (SIEM) tool developed by Microsoft that helps you integrate cloud security and artificial intelligence (AI). This book will teach you how to implement Microsoft Sentinel and understand how it can help detect security incidents in your environment with integrated AI, threat analysis, and built-in and community-driven logic.The first part of this book will introduce you to Microsoft Sentinel and Log Analytics, then move on to understanding data collection and management, as well as how to create effective Microsoft Sentinel queries to detect anomalous behaviors and activity patterns. The next part will focus on useful features, such as entity behavior analytics and Microsoft Sentinel playbooks, along with exploring the new bi-directional connector for ServiceNow. In the next part, you’ll be learning how to develop solutions that automate responses needed to handle security incidents and find out more about the latest developments in security, techniques to enhance your cloud security architecture, and explore how you can contribute to the security community.By the end of this book, you’ll have learned how to implement Microsoft Sentinel to fit your needs and protect your environment from cyber threats and other security issues.
Microsoft Windows Server 2003/2008. Bezpieczeństwo środowiska z wykorzystaniem Forefront Security
Światowiak Jacek
Zapewnij bezpieczeństwo Twoim systemom informatycznym! Jak w pełni wykorzystać serwer ISA 2006? Jak zautomatyzować proces aktualizacji, korzystając z WSUS? Czym jest infrastruktura klucza publicznego, jak ją zaprojektować i wdrożyć? Jak chronić specjalizowane serwery i stacje robocze przed szkodliwym oprogramowaniem oraz spamem? Niniejsza książka jest unikalną na rynku wydawniczym publikacją, podejmującą temat bezpieczeństwa z wykorzystaniem pakietu Forefront Security Suite. Pakiet ten, będący odpowiedzią Microsoftu na rosnące wymagania w zakresie bezpieczeństwa systemów oraz danych przetwarzanych w nich i składowanych, oferuje całą gamę narzędzi zapewniających bezpieczne przechowywanie oraz przesyłanie danych, ochronę przed szkodliwym oprogramowaniem i niechcianą pocztą. Teraz możesz dowiedzieć się, jak w praktyce wykorzystać te możliwości! W trakcie lektury zapoznasz się z architekturą systemu Forefront Security Suite oraz jego zaletami. Zdobędziesz wiedzę na temat infrastruktury klucza publicznego, usługi WSUS (skrót od ang. Windows System Update Service) oraz metod wdrażania jednostki certyfikacyjnej. Ponadto dowiesz się, jak zagwarantować najwyższy poziom wiarygodności w systemach z rodziny Windows Server 2003/2008 oraz wykorzystać wszystkie programy i narzędzia pakietu. Dodatkowo zgłębisz tajniki zabezpieczania stacji roboczych z użyciem Forefront Client Security. Książka ta adresowana jest do administratorów serwerów, administratorów sieci, specjalistów od zabezpieczeń oraz pasjonatów zagadnień związanych z bezpieczeństwem systemów informatycznych. Architektura Microsoft Forefront Automatyczna aktualizacja systemów oraz oprogramowania Wdrażanie infrastruktury klucza publicznego Wykorzystanie kreatora konfiguracji zabezpieczeń Instalacja i praca z ISA Server 2006 w wersji Standard oraz Enterprise Dostęp VPN z wykorzystaniem serwera ISA 2006 Ochrona antyspamowa w Exchange 2003 oraz 2007 Zabezpieczanie serwerów Exchange - Forefront Server Security for Exchange Ochrona serwerów SharePoint - Forefront Server Security for SharePoint Zabezpieczanie środowiska OCS 2007 - Forefront Server Security for Office Communications Server 2007 Zarządzanie bezpieczeństwem serwerów z wykorzystaniem Forefront Server Security Management Console Przyszłość technologii - Forefront Threat Management Gateway oraz technologia Stirling Kompletne źródło informacji na temat bezpieczeństwa w systemach Windows Server 2003/2008!
Abhinav Mishra
Mobile App Reverse Engineering is a practical guide focused on helping cybersecurity professionals scale up their mobile security skills. With the IT world’s evolution in mobile operating systems, cybercriminals are increasingly focusing their efforts on mobile devices. This book enables you to keep up by discovering security issues through reverse engineering of mobile apps.This book starts with the basics of reverse engineering and teaches you how to set up an isolated virtual machine environment to perform reverse engineering. You’ll then learn about modern tools such as Ghidra and Radare2 to perform reverse engineering on mobile apps as well as understand how Android and iOS apps are developed. Next, you’ll explore different ways to reverse engineer some sample mobile apps developed for this book. As you advance, you’ll learn how reverse engineering can help in penetration testing of Android and iOS apps with the help of case studies. The concluding chapters will show you how to automate the process of reverse engineering and analyzing binaries to find low-hanging security issues.By the end of this reverse engineering book, you’ll have developed the skills you need to be able to reverse engineer Android and iOS apps and streamline the reverse engineering process with confidence.
Mobile Forensics - Advanced Investigative Strategies. Click here to enter text
Oleg Afonin, Vladimir Katalov
Investigating digital media is impossible without forensic tools. Dealing with complex forensic problems requires the use of dedicated tools, and even more importantly, the right strategies. In this book, you’ll learn strategies and methods to deal with information stored on smartphones and tablets and see how to put the right tools to work.We begin by helping you understand the concept of mobile devices as a source of valuable evidence. Throughout this book, you will explore strategies and plays and decide when to use each technique. We cover important techniques such as seizing techniques to shield the device, and acquisition techniques including physical acquisition (via a USB connection), logical acquisition via data backups, over-the-air acquisition. We also explore cloud analysis, evidence discovery and data analysis, tools for mobile forensics, and tools to help you discover and analyze evidence.By the end of the book, you will have a better understanding of the tools and methods used to deal with the challenges of acquiring, preserving, and extracting evidence stored on smartphones, tablets, and the cloud.
Igor Mikhaylov
Considering the emerging use of mobile phones, there is a growing need for mobile forensics. Mobile forensics focuses specifically on performing forensic examinations of mobile devices, which involves extracting, recovering and analyzing data for the purposes of information security, criminal and civil investigations, and internal investigations.Mobile Forensics Cookbook starts by explaining SIM cards acquisition and analysis using modern forensics tools. You will discover the different software solutions that enable digital forensic examiners to quickly and easily acquire forensic images. You will also learn about forensics analysis and acquisition on Android, iOS, Windows Mobile, and BlackBerry devices. Next, you will understand the importance of cloud computing in the world of mobile forensics and understand different techniques available to extract data from the cloud. Going through the fundamentals of SQLite and Plists Forensics, you will learn how to extract forensic artifacts from these sources with appropriate tools. By the end of this book, you will be well versed with the advanced mobile forensics techniques that will help you perform the complete forensic acquisition and analysis of user data stored in different devices.
Modele rozwiązań prawnych w systemie cyberbepiczeństwa RP. Rekomendacje
red. Katarzyna Chałubińska-Jentkiewicz, Agnieszka Brzostek
Przedmiotem zainteresowania Autorów stało się interdyscyplinarnie postrzegane cyberbezpieczeństwo, zaś badaniom poddano prawne i organizacyjne rozwiązania na rzecz efektywnego przeciwdziałania oraz zwalczania niebezpiecznych zachowań w cyberprzestrzeni. Wyzwaniem badawczym stały się także relacje pomiędzy systemem cyberbezpieczeństwa a systemem prawa i związanym z tym działaniem organów władzy publicznej. Ważne zagadnienie stanowiła również analiza prawno-administracyjnych uregulowań w zakresie ochrony danych osobowych oraz ochrony informacji w cyberprzestrzeni, a także odpowiedzialności karnej za naruszenie dóbr podlegających przedmiotowej ochronie. Prof. dr hab. Waldemar KITLER, ASZWOJ Publikacja wpisuje się w aktualny nurt nauk o cyberbezpieczeństwie i jest interdyscyplinarna, tak samo jak pojęcie i system cyberbezpieczeństwa, obejmując swoim zakresem prawo publiczne i prywatne. Istotą i tym co odróżnia ją o innych dostępnych na rynku opracowań w zakresie systemu cyberbezpieczeństwa jest wskazanie przez każdego z Autorów rekomendacji w zakresie rozwoju określonych dziedzin prawa w systemie cyberbezpieczeństwa. dr hab. Jarosław Kostrubiec, prof. UMCS
Lisa Bock
In today's world, it is important to have confidence in your data storage and transmission strategy. Cryptography can provide you with this confidentiality, integrity, authentication, and non-repudiation. But are you aware of just what exactly is involved in using cryptographic techniques? Modern Cryptography for Cybersecurity Professionals helps you to gain a better understanding of the cryptographic elements necessary to secure your data.The book begins by helping you to understand why we need to secure data and how encryption can provide protection, whether it be in motion or at rest. You'll then delve into symmetric and asymmetric encryption and discover how a hash is used. As you advance, you'll see how the public key infrastructure (PKI) and certificates build trust between parties, so that we can confidently encrypt and exchange data. Finally, you'll explore the practical applications of cryptographic techniques, including passwords, email, and blockchain technology, along with securely transmitting data using a virtual private network (VPN).By the end of this cryptography book, you'll have gained a solid understanding of cryptographic techniques and terms, learned how symmetric and asymmetric encryption and hashed are used, and recognized the importance of key management and the PKI.
Mroczne odmęty phishingu. Nie daj się złowić!
Christopher Hadnagy, Michele Fincher, Robin Dreeke (Foreword)
Ofensywne i defensywne strony ataków e-mailowych Ataki za pomocą specjalnie spreparowanych wiadomości e-mail stały się jednym z najczęstszych i najbardziej uciążliwych zagrożeń. Mimo kampanii edukacyjnych i szeroko zakrojonych programów bezpieczeństwa phishing wciąż jest niezwykle skuteczną bronią przestępców. Jest tak, gdyż wykorzystuje odruchy, którymi kieruje się znakomita większość ludzi. Aby więc ochronić się przed atakiem, trzeba poznać zarówno podstawy ataków e-mailowych, jak i pewnych zasad psychologii i metod manipulacji ludzkim postępowaniem. Trzymasz w ręku świetny przewodnik po mrocznym świecie phishingu. Opisano tu formy tego rodzaju ataków, przedstawiono sposoby rozpoznawania fałszywych wiadomości e-mail czy sklonowanych stron internetowych. Omówiono również socjotechniczne aspekty phishingu, dzięki czemu lepiej zrozumiesz psychologiczne mechanizmy rządzące postępowaniem ofiary. Po lekturze tej książki będziesz również wiedział, jak udoskonalić firmowy system bezpieczeństwa, aby skutecznie odpierać ataki e-mailowe — nawet te bardzo wyrafinowane! W tej książce: opis słynnych włamań dokonanych za pomocą spreparowanych e-maili analiza celów ataku i korzyści, jakie osiągają atakujący psychologiczne i socjologiczne podstawy phishingu analiza przyczyn nieskuteczności firmowych programów budowania świadomości bezpieczeństwa informacji metody rozpoznawania ataków metody ochrony systemu informatycznego przed phishingiem Nie daj się złapać na haczyk! Strzeż swego bezpieczeństwa! Christopher Hadnagy jest założycielem spółki Social-Engineer. Od ponad 15 lat zajmuje się kwestiami bezpieczeństwa informacji. Specjalizuje się w badaniu socjotechnicznych metod zdobywania nieuprawnionego dostępu do informacji. Wzięty autor i aktywny uczestnik wielu konferencji. Michele Fincher jest behawiorystką, badaczką i ekspertką w dziedzinie bezpieczeństwa informacji. Pracowała dla Sił Powietrznych USA, gdzie zajmowała się bezpieczeństwem informacji, włączając w to wykłady w Air Force Academy. Obecnie przyczynia się do sukcesu firmy Social-Engineer.
Peter Rising, Nate Chamberlain
Exam MS-700: Managing Microsoft Teams tests your knowledge and competence in the deployment, management, and monitoring of Microsoft Teams features within the Microsoft 365 platform.This book will teach you how to effectively plan and implement the required services using both the Teams admin centre within Microsoft 365 and Windows PowerShell. Throughout the chapters, you'll learn about all the policies relating to messaging, teams, meetings, and more; get to grips with the settings; and explore configuration options that a Teams administrator would encounter in their day-to-day responsibilities. You'll also discover best practices for rolling out and managing Teams services for users within your Microsoft 365 tenant as you explore each objective in detail.By the end of this Microsoft Teams book, you'll have covered everything you need to pass the MS-700 certification exam and have a handy, on-the-job desktop reference guide.
Arun Narayanan, Praseed Pai, Shine Xavier
Knowing about design patterns enables developers to improve their code base, promoting code reuse and making their design more robust.This book focuses on the practical aspects of programming in .NET. You will learn about some of the relevant design patterns (and their application) that are most widely used. We start with classic object-oriented programming (OOP) techniques, evaluate parallel programming and concurrency models, enhance implementations by mixing OOP and functional programming, and finally to the reactive programming model where functional programming and OOP are used in synergy to write better code. Throughout this book, we’ll show you how to deal with architecture/design techniques, GoF patterns, relevant patterns from other catalogs, functional programming, and reactive programming techniques. After reading this book, you will be able to convincingly leverage these design patterns (factory pattern, builder pattern, prototype pattern, adapter pattern, facade pattern, decorator pattern, observer pattern and so on) for your programs. You will also be able to write fluid functional code in .NET that would leverage concurrency and parallelism!
.NET MAUI for C# Developers. Build cross-platform mobile and desktop applications
Jesse Liberty, Rodrigo Juarez, Maddy Montaquila (Leger)
While UI plays a pivotal role in retaining users in a highly competitive landscape, maintaining the same UI can be tricky if you use different languages for different platforms, leading to mismatches and un-synced pages. In this book, you'll see how .NET MAUI allows you to create a real-world application that will run natively on different platforms. By building on your C# experience, you’ll further learn to create beautiful and engaging UI using XAML, architect a solid app, and discover best practices for this Microsoft platform.The book starts with the fundamentals and quickly moves on to intermediate and advanced topics on laying out your pages, navigating between them, and adding controls to gather and display data. You’ll explore the key architectural pattern of Model-View-ViewModel: and ways to leverage it. You’ll also use xUnit and NSubstitute to create robust and reliable code.By the end of this book, you’ll be well-equipped to leverage .NET MAUI and create an API for your app to interact with a web frontend to the backend data using C#.
Aditya Mukherjee
With advanced cyber attacks severely impacting industry giants and the constantly evolving threat landscape, organizations are adopting complex systems to maintain robust and secure environments. Network Security Strategies will help you get well-versed with the tools and techniques required to protect any network environment against modern cyber threats.You’ll understand how to identify security vulnerabilities across the network and how to effectively use a variety of network security techniques and platforms. Next, the book will show you how to design a robust network that provides top-notch security to protect against traditional and new evolving attacks. With the help of detailed solutions and explanations, you'll be able to monitor networks skillfully and identify potential risks. Finally, the book will cover topics relating to thought leadership and the management aspects of network security.By the end of this network security book, you'll be well-versed in defending your network from threats and be able to consistently maintain operational efficiency, security, and privacy in your environment.
Network Security with pfSense. Architect, deploy, and operate enterprise-grade firewalls
Manuj Aggarwal
While connected to the internet, you’re a potential target for an array of cyber threats, such as hackers, keyloggers, and Trojans that attack through unpatched security holes. A firewall works as a barrier (or ‘shield’) between your computer and cyberspace. pfSense is highly versatile firewall software. With thousands of enterprises using pfSense, it is fast becoming the world's most trusted open source network security solution.Network Security with pfSense begins with an introduction to pfSense, where you will gain an understanding of what pfSense is, its key features, and advantages. Next, you will learn how to configure pfSense as a firewall and create and manage firewall rules. As you make your way through the chapters, you will test pfSense for failover and load balancing across multiple wide area network (WAN) connections. You will then configure pfSense with OpenVPN for secure remote connectivity and implement IPsec VPN tunnels with pfSense. In the concluding chapters, you’ll understand how to configure and integrate pfSense as a Squid proxy server.By the end of this book, you will be able to leverage the power of pfSense to build a secure network.
Network Vulnerability Assessment. Identify security loopholes in your network’s infrastructure
Sagar Rahalkar
The tech world has been taken over by digitization to a very large extent, and so it’s become extremely important for an organization to actively design security mechanisms for their network infrastructures. Analyzing vulnerabilities can be one of the best ways to secure your network infrastructure.Network Vulnerability Assessment starts with network security assessment concepts, workflows, and architectures. Then, you will use open source tools to perform both active and passive network scanning. As you make your way through the chapters, you will use these scanning results to analyze and design a threat model for network security. In the concluding chapters, you will dig deeper into concepts such as IP network analysis, Microsoft Services, and mail services. You will also get to grips with various security best practices, which will help you build your network security mechanism.By the end of this book, you will be in a position to build a security framework fit for an organization.
NHibernate 4.x Cookbook. Click here to enter text. - Second Edition
Gunnar Liljas, Alexander Zaytsev, Jason Dentler
NHibernate is a mature, flexible, scalable, and feature-complete open source project for data access. Although it sounds like an easy task to build and maintain database applications, it can be challenging to get beyond the basics and develop applications that meet your needs perfectly. NHibernate allows you to use plain SQL and stored procedures less and keep focus on your application logic instead. Learning the best practices for a NHibernate-based application will help you avoid problems and ensure that your project is a success. The book will take you from the absolute basics of NHibernate through to its most advanced features, showing you how to take full advantage of each concept to quickly create amazing database applications. You will learn several techniques for each of the four core NHibernate tasks—configuration, mapping, session and transaction management, and querying—and which techniques fit best with various types of applications. In short, you will be able to build an application using NHibernate by the end of the book. You will also learn how to best implement enterprise application architecture patterns using NHibernate, leading to clean, easy-to-understand code and increased productivity. In addition to new features, you will learn creative ways to extend the NHibernate core, as well as gaining techniques to work with the NHibernate search, shards, spatial, envers, and validation projects.
NIST CSF 2.0. Your essential introduction to managing cybersecurity risks
IT Governance Publishing, Andrew Pattison
This comprehensive guide introduces the origins, aims, and components of the NIST Cybersecurity Framework (CSF) 2.0. It explores the core structure including functions, categories, subcategories, and profiles, and provides detailed implementation tiers and examples.Readers are then guided through a deep dive into all six framework categories—from Govern to Recover—and learn how to develop and apply risk management strategies within an organization. The content covers NIST SP 800-53, informative references, and practical quick-start guides to help translate theory into action.The final sections offer a seven-step implementation roadmap, including gap analysis, target profiles, and continuous improvement. The book concludes by mapping the CSF to international standards like ISO 27001 and ISO 22301, offering a well-rounded and interoperable cybersecurity strategy.