Bezpieczeństwo sieci
Threat Modeling Best Practices. Proven frameworks and practical techniques to secure modern systems
Derek Fisher
Threat modeling has become a cornerstone of modern cybersecurity, yet it is often overlooked, leaving security gaps that attackers can exploit. With the rise in system complexity, cloud adoption, AI-driven threats, and stricter compliance requirements, security teams need a structured approach to proactively spot and stop risks before attackers do. This book delivers exactly that, offering actionable insights for applying industry best practices and emerging technologies to secure systems. It breaks down the fundamentals of threat modeling and walks you through key frameworks and tools such as STRIDE, MITRE ATT&CK, PyTM, and Attack Paths, helping you choose the right model and create a roadmap tailored to your business. You'll learn how to use leading threat modeling tools, identify and prioritize potential threats, and integrate these practices into the software development life cycle to detect risks early. The book also examines how AI can enhance analysis and streamline security decision-making for faster, stronger defenses.By the end, you'll have everything you need to build systems that anticipate and withstand evolving threats, keeping your organization secure in an ever-changing digital landscape.*Email sign-up and proof of purchase required
Threat Modeling Gameplay with EoP. A reference manual for spotting threats in software architecture
Brett Crawley, Adam Shostack
Are you looking to navigate security risks, but want to make your learning experience fun? Here's a comprehensive guide that introduces the concept of play to protect, helping you discover the threats that could affect your software design via gameplay.Each chapter in this book covers a suit in the Elevation of Privilege (EoP) card deck (a threat category), providing example threats, references, and suggested mitigations for each card. You’ll explore the methodology for threat modeling—Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege (S.T.R.I.D.E.) with Privacy deck and the T.R.I.M. extension pack. T.R.I.M. is a framework for privacy that stands for Transfer, Retention/Removal, Inference, and Minimization. Throughout the book, you’ll learn the meanings of these terms and how they should be applied. From spotting vulnerabilities to implementing practical solutions, the chapters provide actionable strategies for fortifying the security of software systems.By the end of this book, you will be able to recognize threats, understand privacy regulations, access references for further exploration, and get familiarized with techniques to protect against these threats and minimize risks.
Dr. Paul Duplys, Dr. Roland Schmitz
TLS is the most widely used cryptographic protocol today, enabling e-commerce, online banking, and secure online communication. Written by Dr. Paul Duplys, Security, Privacy & Safety Research Lead at Bosch, and Dr. Roland Schmitz, Internet Security Professor at Stuttgart Media University, this book will help you gain a deep understanding of how and why TLS works, how past attacks on TLS were possible, and how vulnerabilities that enabled them were addressed in the latest TLS version 1.3. By exploring the inner workings of TLS, you’ll be able to configure it and use it more securely.Starting with the basic concepts, you’ll be led step by step through the world of modern cryptography, guided by the TLS protocol. As you advance, you’ll be learning about the necessary mathematical concepts from scratch. Topics such as public-key cryptography based on elliptic curves will be explained with a view on real-world applications in TLS. With easy-to-understand concepts, you’ll find out how secret keys are generated and exchanged in TLS, and how they are used to creating a secure channel between a client and a server.By the end of this book, you’ll have the knowledge to configure TLS servers securely. Moreover, you’ll have gained a deep knowledge of the cryptographic primitives that make up TLS.
Eric F Crist
OpenVPN, the most widely used open source VPN package, allows you to create a secure network across systems, keeping your private data secure. Connectivity and other issues are a pain to deal with, especially if they are impacting your business. This book will help you resolve the issues faced by OpenVPN users and teach the techniques on how to troubleshoot it like a true expert. This book is a one stop solution for troubleshooting any issue related to OpenVPN. We will start by introducing you to troubleshooting techniques such as Packet Sniffing, Log Parsing, and OpenSSL. You will see how to overcome operating system specific errors. Later on, you will get to know about network and routing errors by exploring the concepts of IPv4 and IPv6 networking issues. You will discover how to overcome these issues to improve the performance of your OpenVPN deployment. By the end of the book, you will know the best practices, tips, and tricks to ensure the smooth running of your OpenVPN.
Twoje dziecko w sieci. Przewodnik po cyfrowym świecie dla czasami zdezorientowanych rodziców
Agnieszka E. Taper
Internet jest wszędzie zajrzyj, poznaj wirtualny świat młodych i pytaj o wszystko! Obowiązkowa lektura dla rodziców dzieci w każdym wieku! Bo wszyscy jesteśmy online. Codziennie każdy z nas, niezależnie od wieku, spędza wiele czasu w Internecie. Młodzi ludzie dużo szybciej i sprawniej w nim buszują, a my rodzice, nauczyciele i opiekunowie potrzebujemy narzędzi, by mądrze im towarzyszyć, dostrzegać ewentualne zagrożenia i szybko działać. Jak reagować na cyberprzemoc niezależnie od tego, czy jesteśmy jej świadkami, ofiarami czy rodzicami jej twórców? Gdzie szukać dobrych i rzetelnych informacji na temat otaczającego nas świata i w jaki sposób unikać fake newsów? Jak zadbać o to, by maksymalnie ograniczać dostęp do pornografii, pedofilii, ruchów pro-ana i wszelkich oszustw? Dzieci i nastolatki bardziej ufają internetowi niż dorosłym i to w sieci szukają informacji na temat otaczającego ich świata. Ten poradnik pomoże choć trochę zmienić tę tendencję. Znajdziesz w nim dużą dawkę wiedzy, wiele ciekawych profili, linków i rad, dzięki którym pokierujesz aktywnością dziecka online.
Zhassulan Zhussupov
Skuteczne wzmacnianie cyberbezpieczeństwa wymaga wiedzy o sposobach działania hakerów. Żaden analityk złośliwego oprogramowania, pentester czy łowca zagrożeń nie obejdzie się bez wiedzy o budowie malware ani bez umiejętności programowania ofensywnego. Innymi słowy, jeśli chcesz poprawić bezpieczeństwo IT w swojej organizacji, musisz dobrze znać narzędzia, taktyki i techniki używane przez cyberprzestępców. Ta książka jest kompleksowym przewodnikiem po ciemnej stronie cyberbezpieczeństwa ― zapewni Ci wiedzę i umiejętności niezbędne do skutecznego zwalczania złośliwego oprogramowania. Nauczysz się poruszać wśród zawiłości związanych z tworzeniem złośliwego oprogramowania, a także dobrze poznasz techniki i strategie stosowane przez cyberprzestępców. Zdobędziesz też praktyczne doświadczenie w projektowaniu i implementowaniu popularnych rozwiązań stosowanych w prawdziwych złośliwych aplikacjach, na przykład Carbanak, Carberp, Stuxnet, Conti, Babuk i BlackCat. Nie zabrakło tu zasad etycznego hakingu i tajników budowy złośliwego oprogramowania, jak techniki unikania wykrycia, mechanizmy persystencji i wiele innych, które poznasz dzięki lekturze. W książce: sposób myślenia twórców złośliwego oprogramowania techniki stosowane w różnych rodzajach malware rekonstrukcja ataków APT metody obchodzenia mechanizmów bezpieczeństwa ponad 80 działających przykładów malware matematyczne podstawy współczesnego złośliwego oprogramowania O książce w mediach: Eksperyment myślowy ― recenzja książki
Jose Lazaro, Marcus Burnap, Rod Trent
In the evolving cybersecurity landscape, the integration of Microsoft Defender XDR and Security Copilot presents a game-changing approach to modern threat detection and response. With this book, you’ll understand how these tools, in conjunction with Microsoft’s extensive ecosystem, enable organizations to outpace emerging threats.Starting with core XDR concepts, security frameworks, and Microsoft’s competitive advantages in cybersecurity, you’ll master the foundational aspects of deploying Microsoft Sentinel, configuring security infrastructure, and optimizing security operations using AI-driven tools. Advanced topics, including Zero-Trust strategies, DevSecOps integration, and partner programs, prepare you for increasingly sophisticated scenarios in Microsoft cloud security. You’ll also explore practical deployment workflows, covering cost analysis, role-based access configurations, and fast-tracked Sentinel deployment using CI/CD pipelines.By the end of this book, you’ll have gained insights into security automation, threat detection, and AI integration with Security Copilot for optimized operations and have the confidence to implement and manage Microsoft Defender XDR and Sentinel in complex environments, driving scalable and secure solutions.*Email sign-up and proof of purchase required
Abd El Monem A Mohamed El Bawab
If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.