Inne

Ochrona informacji i systemów teleinformatycznych w cyberprzestrzeni

Jakub Kowalewski, Marian Kowalewski

W skrypcie omówiono zagrożenia informacji i systemów teleinformatycznych, takich jak oprogramowanie złośliwe, cyberprzestępstwa i cyberterroryzm. Zaprezentowano różnorodne metody ochrony informacji przed zagrożeniami w cyberprzestrzeni, dzieląc je na metody administracyjno-organizacyjne, prawne i normalizacyjne, techniczne oraz fizyczne. Omówiono systemy monitorowania i reagowania na zagrożenia w cyberprzestrzeni, działania edukacyjne w zakresie bezpieczeństwa informacji i systemów teleinformatycznych oraz podstawy prawne ich ochrony. Przytoczono także informacje dotyczące zarządzania bezpieczeństwem organizacji.

Operationalizing Threat Intelligence. A guide to developing and operationalizing cyber threat intelligence programs

Kyle Wilhoit, Joseph Opacki

We’re living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and that’s where this book helps.In Operationalizing Threat Intelligence, you’ll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. You’ll start by finding out what threat intelligence is and where it can be applied. Next, you’ll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, you’ll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, you’ll examine detailed mechanisms for the production of intelligence.By the end of this book, you’ll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production.

Oracle 11g Anti-hacker's Cookbook. Make your Oracle database virtually impregnable to hackers using the knowledge in this book. With over 50 recipes, you'll quickly learn protection methodologies that use industry certified techniques to secure the Oracle database server

Adrian Neagu

For almost all organizations, data security is a matter of prestige and credibility. The Oracle Database is one of the most rich in features and probably the most used Database in a variety of industries where security is essential. To ensure security of data both in transit and on the disk, Oracle has implemented the security technologies to achieve a reliable and solid system. In Oracle 11g Anti-Hacker's Cookbook, you will learn about the most important solutions that can be used for better database security.Oracle 11g Anti-hacker's Cookbook covers all the important security measures and includes various tips and tricks to protect your Oracle Database.Oracle 11g Anti-hacker's Cookbook uses real-world scenarios to show you how to secure the Oracle Database server from different perspectives and against different attack scenarios. Almost every chapter has a possible threads section, which describes the major dangers that can be confronted. The initial chapters cover how to defend the operating system, the network, the data and the users. The defense scenarios are linked and designed to prevent these attacks. The later chapters cover Oracle Vault, Oracle VPD, Oracle Labels, and Oracle Audit. Finally, in the Appendices, the book demonstrates how to perform a security assessment against the operating system and the database, and how to use a DAM tool for monitoring.

Oracle Database 12c Security Cookbook. Secure your Oracle Database 12c with this valuable Oracle support resource, featuring more than 100 solutions to the challenges of protecting your data

Maja Veselica & Zoran Pavlovic, Zoran Pavlovic,...

Businesses around the world are paying much greater attention toward database security than they ever have before. Not only does the current regulatory environment require tight security, particularly when dealing with sensitive and personal data, data is also arguably a company’s most valuable asset - why wouldn’t you want to protect it in a secure and reliable database? Oracle Database lets you do exactly that. It’s why it is one of the world’s leading databases – with a rich portfolio of features to protect data from contemporary vulnerabilities, it’s the go-to database for many organizations. Oracle Database 12c Security Cookbook helps DBAs, developers, and architects to better understand database security challenges. Let it guide you through the process of implementing appropriate security mechanisms, helping you to ensure you are taking proactive steps to keep your data safe. Featuring solutions for common security problems in the new Oracle Database 12c, with this book you can be confident about securing your database from a range of different threats and problems.

PCI DSS Version 4.0.1. A guide to the payment card industry data security standard

IT Governance Publishing, Stephen Hancock

This book provides an essential resource for anyone involved in managing or ensuring PCI DSS compliance. It begins by introducing the Payment Card Industry Data Security Standard (PCI DSS), explaining its importance, and the regulatory framework that governs it. Readers will understand how to assess their organization’s compliance status and the vital steps to avoid data breaches. The book offers a comprehensive exploration of compliance programs and how organizations can design their own effective strategies.The text then dives into the specifics of PCI DSS, focusing on its core components and requirements. Key chapters describe how to comply with and maintain compliance, as well as how to use tools like the PCI self-assessment questionnaire (SAQ). Real-world case studies of cardholder data breaches highlight the consequences of non-compliance. Readers will also learn about the integration of PCI DSS with other standards like ISO/IEC 27001.Throughout, this guide emphasizes practical advice for implementing key security frameworks such as the Software Security Framework (SSF) and Point-to-Point Encryption (P2PE). By the end of the book, readers will have a clear roadmap to not only meet but sustain PCI DSS compliance and strengthen their organization's data security practices.

Penetration Testing: A Survival Guide. A Survival Guide

Wolf Halton, Bo Weaver, Srinivasa Rao Kotipalli,...

The need for penetration testers has grown well over what the IT industry ever anticipated. Running just a vulnerability scanner is no longer an effective method to determine whether a business is truly secure. This learning path will help you develop the most effective penetration testing skills to protect your Windows, web applications, and Android devices. The first module focuses on the Windows platform, which is one of the most common OSes, and managing its security spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Employs the most advanced tools and techniques to reproduce the methods used by sophisticated hackers. In this module first,you’ll be introduced to Kali's top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities so you can exploit a system remotely. You’ll not only learn to penetrate in the machine, but will also learn to work with Windows privilege escalations.The second module will help you get to grips with the tools used in Kali Linux 2.0 that relate to web application hacking. You will get to know about scripting and input validation flaws, AJAX, and security issues related to AJAX. You will also use an automated technique called fuzzing so you can identify flaws in a web application. Finally, you’ll understand the web application vulnerabilities and the ways they can be exploited.In the last module, you’ll get started with Android security. Android, being the platform with the largest consumer base, is the obvious primary target for attackers. You’ll begin this journey with the absolute basics and will then slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. You’ll gain the skills necessary to perform Android application vulnerability assessments and to create an Android pentesting lab.This Learning Path is a blend of content from the following Packt products:• Kali Linux 2: Windows Penetration Testing by Wolf Halton and Bo Weaver• Web Penetration Testing with Kali Linux, Second Edition by Juned Ahmed Ansari• Hacking Android by Srinivasa Rao Kotipalli and Mohammed A. Imran

Podstawy kryptografii. Wydanie III

Marcin Karbowski

Przekonaj się, jak fascynująca jest kryptografia! Poznaj historię rozwoju kryptografii Opanuj jej matematyczne podstawy Rozpracuj najważniejsze algorytmy kryptograficzne Dowiedz się, jak zastosować je w praktyce Kryptografia to dziedzina nauki, której sedno stanowią sposoby bezpiecznego przekazywania informacji. Jest ona niemal tak stara, jak nasza cywilizacja, a dziś rozwija się w sposób niezwykle dynamiczny. Gdy tylko narodziły się pierwsze metody zapisu i komunikowania się, pojawiła się też konieczność zabezpieczenia informacji przed tymi, którzy mogliby wykorzystać je na niekorzyść osób dysponujących tymi informacjami. Od bezpieczeństwa ważnych informacji zależały często losy całych państw i narodów. O rozstrzygnięciach wielkich bitew nierzadko decydowały inteligencja i determinacja pojedynczych osób, które potrafiły odpowiednio skutecznie szyfrować (bądź też deszyfrować) nadawane (lub przechwytywane) komunikaty. O tej fascynującej dziedzinie wiedzy opowiada książka Podstawy kryptografii. Wydanie III. Wprowadza ona czytelnika w podstawowe zagadnienia kryptografii bez przygniatania nadmiarem teorii i skomplikowaną matematyką. Kusi za to barwnymi opisami i pasjonującymi przykładami "kryptograficznych wojen". Można dzięki niej poznać historię rozwoju technik szyfrowania informacji, matematyczne podstawy kryptografii, stojącą za nią teorię oraz praktyczne zastosowania tej nauki. Niezależnie od tego, czy chcesz poznać kryptografię na własny użytek, czy jest Ci to potrzebne w celach zawodowych, książka ta okaże się doskonałym przewodnikiem po świecie szyfrów, kluczy i algorytmów zabezpieczających dane. Znajdziesz w niej informacje na temat protokołów SSL i SSH, a także szczegółowy opis algorytmu SHA3. Przegląd klasycznych sposobów szyfrowania Matematyczne podstawy kryptografii Praktyczne zastosowanie mechanizmów matematycznych Teoria kryptoanalizy i informacji oraz jej praktyczne wykorzystanie Przegląd protokołów kryptograficznych Klucze publiczne i prywatne Zasady zabezpieczania danych, połączeń i systemów komputerowych Potwierdzanie tożsamości za pomocą podpisów elektronicznych Zabezpieczanie stron internetowych i szyfrowanie baz danych Naucz się chronić cenne dane!

PowerShell Automation and Scripting for Cybersecurity. Hacking and defense for red and blue teamers

Miriam C. Wiesner, Tanya Janca

Take your cybersecurity skills to the next level with this comprehensive PowerShell security guide! Whether you're on the red or blue team, you'll gain a deep understanding of PowerShell's security capabilities and how to apply them.With years of hands-on experience, the author brings real-world use cases to demonstrate PowerShell’s critical role in offensive and defensive security.After covering PowerShell basics and scripting fundamentals, you'll explore PowerShell Remoting and remote management technologies. You'll learn to configure and analyze Windows event logs, identifying crucial logs and IDs for effective monitoring. The book delves into PowerShell's interaction with system components, Active Directory, and Azure AD, including stealth execution methods. You’ll uncover authentication protocols, enumeration, credential theft, and exploitation, providing strategies to mitigate these risks. A dedicated red and blue team cookbook offers practical security tasks. Finally, you'll delve into mitigations such as Just Enough Administration, AMSI, application control, and code signing, emphasizing configuration, risks, exploitation, bypasses, and best practices.By the end of this book, you’ll confidently apply PowerShell for cybersecurity, from detection to defense, staying ahead of cyber threats.

Practical Digital Forensics. Get started with the art and science of digital forensics with this practical, hands-on guide!

Richard Boddington

Digital Forensics is a methodology which includes using various tools, techniques, and programming language. This book will get you started with digital forensics and then follow on to preparing investigation plan and preparing toolkit for investigation.In this book you will explore new and promising forensic processes and tools based on ‘disruptive technology’ that offer experienced and budding practitioners the means to regain control of their caseloads. During the course of the book, you will get to know about the technical side of digital forensics and various tools that are needed to perform digital forensics. This book will begin with giving a quick insight into the nature of digital evidence, where it is located and how it can be recovered and forensically examined to assist investigators. This book will take you through a series of chapters that look at the nature and circumstances of digital forensic examinations and explains the processes of evidence recovery and preservation from a range of digital devices, including mobile phones, and other media. This book has a range of case studies and simulations will allow you to apply the knowledge of the theory gained to real-life situations. By the end of this book you will have gained a sound insight into digital forensics and its key components.

Practical Internet of Things Security. Beat IoT security threats by strengthening your security strategy and posture against IoT vulnerabilities

Brian Russell, Drew Van Duren

With the advent of Internet of Things (IoT), businesses will be faced with defending against new types of threats. The business ecosystem now includes cloud computing infrastructure, mobile and fixed endpoints that open up new attack surfaces, a desire to share information with many stakeholders and a need to take action quickly based on large quantities of collected data. . It therefore becomes critical to ensure that cyber security threats are contained to a minimum when implementing new IoT services and solutions. . The interconnectivity of people, devices, and companies raises stakes to a new level as computing and action become even more mobile, everything becomes connected to the cloud, and infrastructure is strained to securely manage the billions of devices that will connect us all to the IoT. This book shows you how to implement cyber-security solutions, IoT design best practices and risk mitigation methodologies to address device and infrastructure threats to IoT solutions.This book will take readers on a journey that begins with understanding the IoT and how it can be applied in various industries, goes on to describe the security challenges associated with the IoT, and then provides a set of guidelines to architect and deploy a secure IoT in your Enterprise. The book will showcase how the IoT is implemented in early-adopting industries and describe how lessons can be learned and shared across diverse industries to support a secure IoT.

Practical Linux Security Cookbook. Secure your Linux machines and keep them secured with the help of exciting recipes

Tajinder Kalsi

With the growing popularity of Linux, more and more administrators have started moving to the system to create networks or servers for any task. This also makes Linux the first choice for any attacker now. Due to the lack of information about security-related attacks, administrators now face issues in dealing with these attackers as quickly as possible. Learning about the different types of Linux security will help create a more secure Linux system.Whether you are new to Linux administration or experienced, this book will provide you with the skills to make systems more secure.With lots of step-by-step recipes, the book starts by introducing you to various threats to Linux systems. You then get to walk through customizing the Linux kernel and securing local files. Next you will move on to manage user authentication locally and remotely and also mitigate network attacks. Finally, you will learn to patch bash vulnerability and monitor system logs for security.With several screenshots in each example, the book will supply a great learning experience and help you create more secure Linux systems.

Practical Mobile Forensics. A hands-on guide to mastering mobile forensics for the iOS, Android, and the Windows Phone platforms - Second Edition

Heather Mahalik, Rohit Tamma, Satish Bommisetty

Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This book is an update to Practical Mobile Forensics and it delves into the concepts of mobile forensics and its importance in today's world. We will deep dive into mobile forensics techniques in iOS 8 - 9.2, Android 4.4 - 6, and Windows Phone devices. We will demonstrate the latest open source and commercial mobile forensics tools, enabling you to analyze and retrieve data effectively. You will learn how to introspect and retrieve data from cloud, and document and prepare reports for your investigations.By the end of this book, you will have mastered the current operating systems and techniques so you can recover data from mobile devices by leveraging open source solutions.

Practical Threat Detection Engineering. A hands-on guide to planning, developing, and validating detection capabilities

Megan Roddie, Jason Deyalsingh, Gary J. Katz

Threat validation is the backbone of every strong security detection strategy—it ensures your detection pipeline is effective, reliable, and resilient against real-world threats.This comprehensive guide is designed for those new to detection validation, offering clear, actionable frameworks to help you assess, test, and refine your security detections with confidence. Covering the entire detection lifecycle, from development to validation, this book provides real-world examples, hands-on tutorials, and practical projects to solidify your skills.Beyond just technical know-how, this book empowers you to build a career in detection engineering, equipping you with the essential expertise to thrive in today’s cybersecurity landscape.By the end of this book, you'll have the tools and knowledge to fortify your organization’s defenses, enhance detection accuracy, and stay ahead of cyber threats.

Practical Windows Forensics. Leverage the power of digital forensics for Windows systems

Ayman Shaaban, Konstantin Sapronov

Over the last few years, the wave of the cybercrime has risen rapidly. We have witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evident data from digital evidence, and the best usage of the digital forensic tools and techniques. Regardless of your level of experience in the field of information security in general, this book will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence effectively, and walk you through the various stages of the analysis process.We start by discussing the principles of the digital forensics process and move on to show you the approaches that are used to conduct analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data.

Raspberry Pi: Amazing Projects from Scratch. Explore the powers of Raspberry Pi and build your very own projects right out of the box

Arush Kakkar, Richard Grimmett, Ashwin Pajankar, Matthew...

Looking for inspiration for your next Raspberry Pi project? Not sure where to begin? This Learning Path is the perfect place to begin, providing you with an accessible yet comprehensive journey through Raspberry Pi. Following three modules, you’ll soon be confident and prepared to get creative with your microcomputer. Raspberry Pi by Example is the first module in this Learning Path – and it does exactly what it says. It doesn’t just teach, it shows you how to go and build some awesome Raspberry Pi projects immediately. Build and play your own games with the Pi, build a complete Internet of Things home automation system that controls your house through Twitter… let your imagination run wild!In the next module we’ll look in more depth at building a home security system. You’ll be using some of the skills you devoped through the first module, but apply them to something more intricate and impressive. Using a Linux based operating system as the foundations, you’ll gradually build up an entire security infrastructure adding cameras, remote controls, and even intrusion alerts!In the final module, we’ll take you into the world of Raspberry Pi robotics. By the end of it, you’ll have built a biped robot that can interact with its environment!This Learning Path combines some of the best that Packt has to offer in one complete, curated package. It includes content from the following Packt products:? Raspberry Pi By Example by Ashwin Pajankar and Arush Kakkar? Building a Home Security System with Raspberry Pi by Matthew Pole? Raspberry Pi Robotics Essentials by Richard Grimmett

Red Hat Enterprise Linux 9 Administration. A comprehensive Linux system administration guide for RHCSA certification exam candidates - Second Edition

Pablo Iranzo Gómez, Pedro Ibanez Requena, Miguel...

With Red Hat Enterprise Linux 9 becoming the standard for enterprise Linux used from data centers to the cloud, Linux administration skills are in high demand. With this book, you’ll learn how to deploy, access, tweak, and improve enterprise services on any system on any cloud running Red Hat Enterprise Linux 9.Throughout the book, you’ll get to grips with essential tasks such as configuring and maintaining systems, including software installation, updates, and core services. You’ll also understand how to configure the local storage using partitions and logical volumes, as well as assign and deduplicate storage. You’ll learn how to deploy systems while also making them secure and reliable.This book provides a base for users who plan to become full-time Linux system administrators by presenting key command-line concepts and enterprise-level tools, along with essential tools for handling files, directories, command-line environments, and documentation for creating simple shell scripts or running commands. With the help of command line examples and practical tips, you’ll learn by doing and save yourself a lot of time.By the end of the book, you’ll have gained the confidence to manage the filesystem, users, storage, network connectivity, security, and software in RHEL 9 systems on any footprint.