Book Description

The only complete guide to designing, implementing, and supporting state-of-the-art certificate-based identity solutions with PKI

• Layered approach is designed to help readers with widely diverse backgrounds quickly learn what they need to know
• Covers the entire PKI project lifecycle, making complex PKI architectures simple to understand and deploy
• Brings together theory and practice, including on-the-ground implementers’ knowledge, insights, best practices, design choices, and troubleshooting details

PKI Uncovered brings together all the techniques IT and security professionals need to apply PKI in any environment, no matter how complex or sophisticated. At the same time, it will help them gain a deep understanding of the foundations of certificate-based identity management. Its layered and modular approach helps readers quickly get the information they need to efficiently plan, design, deploy, manage, or troubleshoot any PKI environment. The authors begin by presenting the foundations of PKI, giving readers the theoretical background they need to understand its mechanisms. Next, they move to high-level design considerations, guiding readers in making the choices most suitable for their own environments.

Download Now »

Book Description

It is capable of establishing direct links between computers across networks and firewalls. It is powerful software, but getting the most from it can be a daunting task.OpenVPN 2 Cookbook provides solutions to common OpenVPN problems. The book covers everything a system administrator needs to manage and run an OpenVPN network, from point to point networks to troubleshooting.

OpenVPN 2 Cookbook offers all the information you need to successfully manage your network. Covering all the common networks, including point to point networks, multi-client tun style networks and multi client tap style networks, this practical guide gives quick answers to common questions and problems.

Each technical aspect is broken down into short recipes that demonstrate solutions with working code, then explain why and how that works. The book is intended to be a desk reference for users with a whole range of experience levels.

What you will learn from this book

• Setting up point-to-point, routed as well as bridged VPNs
• Determining the best type of OpenVPN set up for your networking needs
• Configuring OpenVPN on Linux, Windows and Mac OS X
• Using scripting and plugins to optimize your VPN setup
• Troubleshooting your VPN setup Download Now »

Book Description

Moving your classes and resources online with a Learning Management System such as Moodle opens up a whole world of possibilities for teaching your students. However, it also opens up a number of threats as your students, private information, and resources become vulnerable to cyber attacks. Learn how to safeguard Moodle to keep the bad guys at bay.

Moodle Security will show you how to make sure that only authorized users can access the information on your Moodle site. This may seem simple, but, every day, systems get hacked and information gets lost or misused. Imagine the consequences if that were to happen in your school. The straightforward examples in this book will help you to lock down those access routes one door at a time.

By learning about the different types of potential threat, reading this book will prepare you for the worst. Web robots can harvest your e-mail addresses to send spam e-mails from your account, which could have devastating effects. Moodle comes with a number of set roles and permissions – make sure these are assigned to the right people, and are set to keep out the spam bots, using Moodle’s authentication features. Learn how to secure both Windows and Linux servers and to make sure that none of your system files are accessible to the wrong people. Many of the most dangerous web attacks come from inside your system, so once you have all of your security settings in place, you will learn to monitor user activity to make sure that there are no threats from registered users. You will learn to work with the tools that help you to do this and enable you to back up your settings so that even a crashed system can’t bother you. Download Now »

Book Description

OpenAM is an open source continuation of the OpenSSO project that was taken over, and later scrapped, by Oracle. OpenAM is the only commercial-grade, feature-rich web application that provides SSO solutions. It has a variety of features and a powerful Single Sign-On capability, but the implementation can be tricky, and the unorganized and incoherent online documentation is not very helpful.

The OpenAM book will serve as a guide to everything you need to know to get started with implementing Single Sign-On using OpenAM to protect your web applications, along with real-world examples.

The author’s extensive experience in testing and troubleshooting OpenAM enables him to share insights on how the product works, its strengths, its weaknesses, and some inside information.

If you are reading this, you probably want to protect your web application using OpenAM. The book starts off with an introduction to OpenAM and describing the core features and the kind of problems that can be solved by OpenAM. Then it provides you with detailed instructions on how to protect your web applications by using OpenAM server and policy agents. You will also learn about the user interface elements in order to manage OpenAM successfully. You’ll understand the concepts of identity web services provided by OpenAM. There are examples in the book that describe how the REST-based identity services can be invoked and utilized. In the final chapters, you will find detailed discussions about backup, recovery, and audit logging.

The book concludes by discussing some of the common OpenAM problems Download Now »

Book Description

The latest Web app attacks and countermeasures from world-renowned practitioners

Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today’s hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource.

• Get full details on the hacker’s footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster
• See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation
• Understand how attackers defeat commonly used Web authentication technologies
• See how real-world session attacks leak sensitive data and how to fortify your applications
• Learn the most devastating methods used in today’s hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques Download Now »

Book Description

For an organization to function effectively, its security controls must not be so restrictive that the business is denied the ability to be innovative and flexible. But increasingly pervasive threats mandate vigilance in unlikely areas. Adaptive Security Management Architecture enables security professionals to structure the best program designed to meet the complex needs of an entire organization, taking into account the organization’s business goals as well as the surrounding controls, processes, and units already in existence.

Security aligned with business needs
Introducing the concept of Adaptive Security Management Architecture (ASMA), the book explains how an organization can develop an adaptive security program closely aligned to business needs, making it an enabling force that helps the organization achieve its goals and objectives. Describing how to achieve this adaptability, the book cites several examples and concepts to demonstrate aspects of managing change. It presents the end product of a successful security management system and examines the finer points of how it can be accomplished.

Risk management and governance
The book explores the security and business attributes that must be considered in the development of services and discusses the importance of consistency of management of services. In a section on risk management, the author explains how this important component is directly integrated with the ASMA model. Download Now »