Defensive Security Handbook: Best Practices for Securing Infrastructure

Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don't have the budget to establish or outsource an information security (InfoSec) program, forcing them to learn on the job. For companies obliged to improvise, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost. Each chapter in this book provides step-by-step instructions for dealing with a specific issue, including breaches and disasters, compliance, network infrastructure and password management, vulnerability scanning, and penetration testing, among others. Network engineers, system administrators, and security professionals will learn tools and techniques to help improve security in sensible, manageable chunks.

Book contents:

  1. Introduction

  2. Creating a Security Program

  3. Asset Management and Documentation

  4. Policies

  5. Standards and Procedures

  6. User Education

  7. Incident Response

  8. Disaster Recovery

  9. Industry Compliance Standards and Frameworks

  10. Physical Security

  11. Microsoft Windows Infrastructure

  12. Unix Application Servers

  13. Endpoints

  14. Password Management and Multifactor Authentication

  15. Network Infrastructure

  16. Segmentation

  17. Vulnerability Management

  18. Development

  19. Purple Teaming

  20. IDS and IPS

  21. Logging and Monitoring

  22. The Extra Mile

  23. User Education Templates