Infrastructure Security Revised Edition

WHAT THIS BOOK COVERS

The chapters of this book progress in an orderly manner, from an introduction to cyber-attack, vulnerabilities, authentication techniques to the particular areas of infrastructure security like software, wireless, cloud, web and then at the end, security management and ethical issues involved in it. Thus, this book progresses through six key areas of interest:

1. Introduction to Infrastructure Security: cyber-attack, vulnerabilities, authentication techniques, authentication and access control services
2. Software Security: software vulnerabilities, Operating System and Database vulnerabilities and security
3. Wireless Security: mobile device security, wireless intrusion detection system
4. Cloud Security: risks in cloud security, countermeasures, cloud identity and access management.
5. Web Security: web security attacks and countermeasures.
6. Information Security and Risk Management: risk analysis, incident management, cybercrimes, ethical issues in security management

The first chapter begins by laying the groundwork. Chapter 1 introduces concept of cyber-attack, vulnerabilities and defense techniques. It is followed by description of authentication methods  and access control policies. At the end of chapter 1, real-time authentication and access control services like RADIUS, TACACS and TACACS+ are analyzed.

Chapter 2 discusses different software vulnerabilities like buffer overflow, XSS, worm etc. in computer software security followed by vulnerabilities in operating system with various protection mechanisms. Database related vulnerabilities and its security is elaborated at the end of the chapter. Chapter 3 describes the threats in mobile security and remedies to threats. The security provided in wireless LAN is discussed further. Wireless Intrusion Detection System (WIDS) is explored at the end of the chapter.

Chapter 4 concentrates on security risks and countermeasures in cloud computing. Then, it throws a light upon Cloud Identity and Access Management and Cloud Security as a Service. At the end of the chapter, token-based authentication and authorization on an Internet are addressed.

Chapter 5 addresses web security in which web security fundamentals, protocols and web-based attacks are explored followed by the discussion of web security countermeasures like firewalls and penetration testing.

Finally, chapter 6 focuses on security and risk management. It covers the process of risk analysis and incident management. At the end of the chapter, cybercrimes, related laws and ethical issues in security management are distilled.