چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

مبانی امنیت سایبری: ابزارهای عملی برای مدافعان دیجیتال امروز

Cybersecurity Essentials: Practical Tools for Today's Digital Defenders

by Bill Watterson، Kodi A. Cochran

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

ناشر
Apress L. P.
سال انتشار
۲۰۲۴
فرمت
PDF
زبان
انگلیسی
حجم فایل
۳٫۳ مگابایت
شابک
9780740748479، 0740748475، 9788868804312، 9798868804311، 9798868804328، 886880431X

دربارهٔ کتاب

Embarking on the journey through this comprehensive cybersecurity guide promises readers a transformative experience, equipping them with invaluable insights, practical skills, and a profound understanding of the intricate world of digital defense. Whether you're an industry professional seeking to enhance your expertise or a newcomer eager to navigate the cybersecurity landscape, this guide serves as your trusted companion. Expect to gain a profound grasp of foundational concepts, illustrated through real-world examples and practical applications. Dive into the logical flow of CompTIA Pentest+ objectives and (ISC)2 SSCP & CCSP, aligning your learning with industry standards. Beyond theory, this guide empowers you with actionable tips and emerging trends, ensuring your knowledge remains current in the dynamic realm of cybersecurity. As you progress through each chapter, anticipate a hands-on exploration of offensive and defensive security, offering a pathway to certification from a vendor-neutral perspective. Ultimately, this guide is designed to not only enhance your cybersecurity skill set but to foster a holistic approach, making you adept at navigating the evolving cyber landscape with confidence and expertise. What You Will Learn Study a step-by-step guide to conducting vulnerability assessments Follow post-exploitation techniques for maintaining access Understand essential network security concepts, including firewalls, intrusion detection systems, and other network security measures Review secure coding practices and the importance of web application security Explore mobile and IoT security best practices Review tools and practices for securing cloud environments Discover tips for recognizing and mitigating social engineering threats Who This Book Is For Anyone interested in cybersecurity: recent graduates, IT professionals transitioning into security, veterans, and those who are self taught. One of the largest motivating factors is that there are several certifications—this book will greatly improve the reader's chance of obtaining. Table of Contents About the Author About the Technical Reviewer Acknowledgments Chapter 1: Safeguarding the Digital Realm A Holistic Approach to Cybersecurity Your Guide to Cybersecurity Mastery Fundamental Concepts of Cybersecurity Confidentiality, Integrity, and Availability (CIA Triad) Risk Management Authentication and Authorization Firewalls and Intrusion Detection Systems (IDS) Encryption Illustrating the Significance of Cybersecurity Equifax Data Breach (2017) Stuxnet Worm (2010) Case Studies Summary Empowering You with Actionable Tips and Emerging Trends Use Strong and Unique Passwords Keep Software and Systems Updated Beware of Phishing Attacks Secure Your Wi-Fi Network Backup Important Data Implement Network Security Measures Educate and Train Users Secure Mobile Devices Monitor for Anomalies Stay Informed About Emerging Threats Conclusion Practice Test Answer Key Effective Learning Strategies Chapter 2: The CIA Triad: Safeguarding Data in the Digital Realm Confidentiality: Securing the Veil Ensuring Confidentiality: Layers of Protection Practical Example: Confidentiality in Action Integrity: Upholding Trustworthiness Upholding Integrity: Layers of Assurance Practical Example: Integrity in Action Availability: Empowering Accessibility Empowering Availability: Elements of Assurance Practical Example: Availability in Action Unlocking the Power of the CIA Triad: A Paradigm Shift in Cybersecurity Confidentiality: Safeguarding Privacy Real-world Example: Encryption in Messaging Apps Integrity: Upholding Trustworthiness Real-World Example: Blockchain Technology Availability: Enabling Digital Interaction Real-World Example: Content Delivery Networks (CDNs) The Synergy of the Three: A Unified Defense Into the Future: A Holistic Approach to Cybersecurity Practice Test Answer Key Summary Chapter 3: Information Gathering and Footprinting in Cybersecurity The Importance of Information Gathering Inventory Management and Understanding the Environment Defining Footprinting The Significance of Footprinting Methods for Footprinting Passive and Active Footprinting Techniques Real-World Examples of Footprinting Methods Corporate Espionage Prevention Vulnerability Assessment for a Financial Institution Healthcare Network Security Audit Tools for Footprinting and Reconnaissance Techniques for Reconnaissance Case Studies: Reconnaissance in Action Case Study 1: Targeted Enterprise Network Intrusion Case Study 2: Government Agency Data Breach Case Study 3: E-commerce Platform Vulnerability Discovery Ethical Considerations in Information Gathering Respecting Privacy and Legality Informed Consent and Transparency Minimizing Harm and Collateral Damage Professional Integrity and Accountability Best Practices for Information Gathering Guidelines for Effective Information Gathering Ethical Considerations Continuous Monitoring and Updating Minimizing Organizational Footprint Education and Training Conclusion: Setting the Stage for Cybersecurity Defense Practice Test Answer Key Chapter 4: Scanning and Enumeration Introduction to Scanning Techniques Defining Scanning in Cybersecurity Highlighting the Importance of Scanning Scanning in the Cybersecurity Strategy Types of Scanning Techniques: Exploring the Digital Landscape Port Scanning: Navigating Digital Gateways Network Scanning: Mapping the Terrain Vulnerability Scanning: Unveiling Weaknesses Real-World Application: Scanning in Action E-commerce Platform Security Assessment Healthcare Network Examination Corporate Infrastructure Evaluation Enumeration in Penetration Testing: Unveiling System Details Understanding Enumeration: The Penetration Tester’s Insight The Role of Enumeration in System Insights Enumerating System Services Extracting User Information Mapping Network Shares and Resources Privilege Enumeration and Escalation Real-World Application: Enumeration in Penetration Testing Techniques for Enumerating Network Resources Mapping Network Resources: Examples of Enumeration in Action User Account Enumeration Share Enumeration Service Enumeration Unveiling the Arsenal: Nmap and Nessus in the Realm of Cybersecurity Nmap: The Swiss Army Knife of Network Scanning Advantages of Nmap Limitations of Nmap Nessus: Unleashing Comprehensive Vulnerability Assessment Advantages of Nessus Limitations of Nessus Exploring Other Tools: The Expansive Toolbox Choosing the Right Tool for the Job Integration with the CIA Triad: Enhancing Cybersecurity Foundations Confidentiality: Safeguarding Sensitive Information Integrity: Ensuring Trustworthiness of Systems and Data Availability: Maximizing System Uptime Balanced Approach: The Key to Effective Cybersecurity Case Studies: Scanning and Enumeration in Action Case Study 1: Retail Data Breach Case Study 2: Healthcare System Disruption Case Study 3: Financial Institution Fraud Attempt Case Studies: Analysis of Impact Ethical Considerations in Scanning and Enumeration Legal Regulations and Consequences Importance of Ethical Behavior Real-World Consequences Best Practices for Scanning and Enumeration Guidelines for Conducting Ethical Scanning and Enumeration: Minimizing Impact on Target Systems Summary: Enhancing Cybersecurity Defenses Practice Test Answer Key Embarking on the Next Chapter Chapter 5: Securing Strength: A Comprehensive Guide to Vulnerability Assessment Defining Vulnerability Assessments in Cybersecurity Highlighting the Importance of Vulnerability Assessment Identifying Common Vulnerabilities Vulnerability Assessments in Cybersecurity Strategy Importance of Identifying Vulnerabilities Illustrating Scenarios of Exploitation Step-by-Step Guide to Conducting Vulnerability Assessments Stage One: Scoping Stage Two: Vulnerability Scanning Stage Three: Analysis Stage Four: Reporting Tools for Vulnerability Scanning and Assessment Open-Source Tools Commercial Tools Choosing Between Open-Source and Commercial Tools Open-Source Tools Commercial Tools Integration of Tools into the Vulnerability Assessment Process Key Details and Highlights of Common Vulnerabilities Real-World Cause and Effects Significance of Security Hazards Common Vulnerabilities in Digital Systems Misconfigurations Software Vulnerabilities Insecure Network Protocols Real-World Examples: Successful Vulnerability Mitigation Case Study 1: Secure Configurations Thwart Unauthorized Access Case Study 2: Swift Patching Rescues from Exploitable Vulnerabilities Case Study 3: Targeted Remediation in Web Application Security Analyzing Successful Mitigation Strategies Positive Outcomes of Proactive Vulnerability Management Ethical Considerations in Vulnerability Assessments Respecting Privacy and Confidentiality Informed Consent Scope Limitations Minimizing Impact Handling Discovered Vulnerabilities Navigating Ethical Dilemmas Legal Compliance Best Practices for Continuous Improvement in Vulnerability Assessment Continuous Learning and Training Regular Tool Evaluation Collaborative Approach Threat Intelligence Integration Process Documentation Continuous Review Risk Prioritization Communication Benchmarking Feedback Loop Automation Reporting Enhancement Regular Updates of Tools and Techniques Adjustments Based on Lessons Learned Incorporating Threat Intelligence Adapting to Emerging Technologies Collaboration and Knowledge Sharing Documentation and Standardization Continuous Training and Skill Development Conclusion: Enhancing Cybersecurity Through Vulnerability Assessment Practice Test Answer Key From Vulnerability Assessment to Exploitation Chapter 6: Exploitation Unveiled: Navigating the Cybersecurity Offensive The Process of Exploiting Vulnerabilities Reconnaissance: Unveiling the Digital Terrain Gaining Access: Breaching the Digital Perimeter Escalation: Ascending the Hierarchy Pivoting: Navigating Within the Environment Maintaining Access: Ensuring Persistent Control Covering Tracks: Erasing Digital Footprints Post-exploitation Activities: Maximizing Compromised Systems Ethical Considerations in Exploitation Responsible Exploration of Exploitation Techniques Legal and Compliance Frameworks The Importance of Responsible Disclosure Nurturing a Culture of Responsibility Common Exploitation Tools Metasploit Kali Linux Burp Suite Wireshark SQLMap Exploitation Methods Social Engineering Malware Zero-Day Exploits Real-World Exploitation Scenarios Exploiting Unpatched Software Social Engineering viva Phishing Injection in Web Applications Zero-Day Exploit in Operating Systems Ransomware Exploiting Misconfigurations Case Studies: Real-World Exploitation Incidents Equifax Data Breach (2017) WannaCry Ransomware Attack (2017) SolarWinds Supply Chain Attack (2020) NotPetya Malware Attack (2017) Stuxnet Worm (2010) Prevention and Mitigation Strategies Utilizing Proper Access Controls Timely Patching and Updates Secure Coding Practices User Education and Awareness Network Segmentation and Access Controls Behavioral Analytics and Anomaly Detection Legal Implications of Exploitation Laws and Regulations Governing Cyber Activities Penalties for Unauthorized Exploitation Global Collaboration in Law Enforcement The Role of Cybersecurity Professionals Identifying and Preventing Exploitation Continuous Learning and Adaptation Key Responsibilities of a Cybersecurity Practitioner Conclusion: Navigating the Exploitation Process Reinforcing Ethical Conduct and Legal Awareness Proactive Defense Strategies Practice Test Answer Key Summary: Exploitation Transition to Post-exploitation Chapter 7: After the Breach: Decoding Post- exploitation Dynamics Defining Post-exploitation in Cybersecurity Significance of Understanding Post-exploitation Maintaining Access After Exploitation: Unveiling the Tactics Backdoors: The Silent Entry Points Rootkits: Unmasking the Masters of Concealment Persistence Mechanisms: Ensuring Longevity in Unauthorized Presence Privilege Escalation in Post-exploitation: Ascending the Digital Hierarchy Understanding Privilege Escalation Common Methods Employed Exploiting Software Vulnerabilities Abusing Misconfigurations Leveraging Weak Authentication Kernel Exploits Mitigation Strategies Covering Tracks and Evading Detection: The Art of Digital Concealment Understanding the Importance of Covering Tracks Tactics Employed by Attackers Log Tampering File Deletion Altering Timestamps The Cat-and-Mouse Game: Evading Detection Post-exploitation Cleanup and Remediation: Restoring Digital Order Strategies for Effective Response and Recovery Incident Response Plans Forensic Analysis Patch Management User Education The Holistic Approach to Cyber Resilience Case Studies: Real-World Post-exploitation Incidents Persistence Through Advanced Tactics Eradicating Traces: The Art of Covering Tracks Impact on Cybersecurity Posture Legal Implications of Post-exploitation Activities Preventing and Mitigating Post-exploitation Risks: Safeguarding Digital Worlds Continuous Adaptation Conclusion: Navigating the Post-exploitation Landscape Key Takeaways Practice Test Answer Key Transition to Network Security Chapter 8: Network Security: Safeguarding Digital Pathways Essential Network Security Concepts: Building Blocks of Cyber Resilience Firewalls: Guardians of the Digital Perimeter Examples of Firewall Deployment Methods and Functions Intrusion Detection and Prevention Systems (IDPS): Safeguarding Networks from Threats Secure Communication: Virtual Private Networks (VPNs) and Secure Sockets Layer (SSL) Network Access Controls and the Three A’s Network Wireless Security Network Security Monitoring and Incident Response Best Practices for Network Security Monitoring Best Practices for Incident Response Unique Challenges in Securing Cloud-Based Networks The Shared Responsibility Model in Cloud Security Best Practices for Cloud Network Security Implementing Robust Network Configuration Settings Prioritizing Strong Authentication Mechanisms Emphasizing Regular Updates and Ongoing Vulnerability Management Conclusion: Strengthening Digital Pathways Practice Test Answer Key Chapter 9: Securing the Airwaves: Essentials of Wireless Security Importance of Wireless Security Nature of a Wireless Network Securing our Internet of Things Devices Mobile Security and Considerations Risks of Eavesdropping and Interception Larger Potential for Unauthorized Access Impact of Vulnerabilities Overview of Wi-Fi Encryption Methods Importance of Encryption in Wireless Security The Benefit of Strong Authentication Multifactor Authentication in Wireless Security Implementing Guest Networks Role of VPNs in Wireless Security Regular Security Audits and Assessments Best Practices for a Secure Wireless Environment Conclusion Practice Test Answer Key Transitioning to the Next Chapter Chapter 10: Fortifying the Digital Front: Mastering Web Application Security Common Vulnerabilities in Web Applications SQL Injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Session Hijacking Insecure Direct Object References Security Misconfiguration Secure Coding Practices Protecting Sensitive Data Compliance with Legal Requirements Tools for Testing and Securing Web Applications Static Application Security Testing (SAST) Use Cases Tools for SAST Benefits of SAST Testing Dynamic Application Security Testing (DAST) Use Cases Tools for DAST Benefits of DAST Testing Web Application Firewalls (WAF) Use Cases Types of WAFs Benefits of WAF Vulnerability Scanners Use Cases Popular Vulnerability Scanners Benefits of Vulnerability Scanners Best Practices for Web Application Security 1. Regular Updates and Patch Management 2. Continuous Security Training and Awareness 3. Role-Based Access Control (RBAC) 4. Security by Design 5. Web Application Firewalls (WAFs) Conclusion Practice Test Answer Key Chapter 11: Securing the Internet of Things and Our Mobile World Define the Significance of Security Security Challenges in Mobile and IoT Mobile Device Security Challenges IoT Device Security Challenges Mobile and IoT Security Best Practices For Mobile Devices For IoT Devices Securing Mobile Applications Importance of Securing Mobile Applications Methods and Tools for Securing Mobile Apps Network Security for Mobile Devices Network Security for IoT Devices Role of VPNs in Mobile Device Security Network Segmentation for IoT Device Security Virtual LANs (VLANs) and Segmentation Mobile Device Management Authentication Authorization IoT Device Management and Security Challenges Best Practices for IoT Device Management and Security Privacy Concerns in Mobile and IoT Data Protection and Compliance Case Studies: Mobile Security Incidents Case Studies: IoT Security Incidents Conclusion Practice Test Answer Key Chapter 12: Securing the Cloud: A Comprehensive Guide to Cloud Security Impact of Cloud Technologies on Business Operations Shared Responsibility Model Responsibilities of Cloud Service Providers (CSPs) Responsibilities of Cloud Customers Infrastructure as a Service (IaaS) Responsibilities of Cloud Provider (CSP) Responsibilities of Cloud Customer Platform as a Service (PaaS) Responsibilities of Cloud Provider (CSP) Responsibilities of Cloud Customer Software as a Service (SaaS) Responsibilities of Cloud Provider (CSP) Responsibilities of Cloud Customer Comparison and Contrast IaaS PaaS SaaS Following Cloud Best Practices Cloud Identity Access Management Securing the Cloud Comprehensive Security Monitoring Incident Response in the Cloud Cloud Automation Compliance and Regulatory Considerations in the Cloud Vendor Compliance and Certifications Impact of Compliance Requirements on Cloud Security Cloud Security Case Studies: Real-World Incidents Cloud Security Trends and Future Challenges Top 3 Potential Challenges in Cloud Security Evolving Threat Landscape and Innovative Solutions Conclusion: Fortifying Cloud Security Practice Test Answer Key Chapter 13: Social Engineering: Manipulating the Human Element Forms of Social Engineering Mechanics of Social Engineering Attacks The Importance of Identifying a Threat Tips and Best Practices for Recognizing Social Engineering Threats Incident Response Case Studies: Social Engineering Incidents Social Engineering Trends and Future Challenges Innovative Solutions and Countermeasures Conclusion: Fortifying Against Social Engineering Practice Test Answer Key Chapter 14: Incident Response, Business Continuity, and Disaster Recovery The Incident Response Process Preparation Phase: Planning, Documentation, and Readiness Identification Phase: Detecting and Recognizing Incidents Containment Phase: Limiting the Impact and Spread of Incidents Eradication Phase: Eliminating the Root Cause of Incidents Recovery Phase: Restoring Normal Operations Lessons Learned Phase: Post-incident Analysis and Improvement Creating an Incident Response Plan Testing Variations in Incident Response The Importance of Continuous Adaptation Understanding Business Continuity and Its Importance Designing a Business Continuity Plan Disaster Recovery Planning and Implementation The Role of Incident Response in Business Continuity and Disaster Recovery Incident Response Tools and Technologies Incident Detection and Alerting Systems Forensic Tools in Incident Investigation SOAR and SIEM Tools for Automation and Orchestration Threat Intelligence and Information Sharing Real World Examples of Incident Response and Business Continuity/Disaster Recovery Case Study 1: Ransomware Attack on Healthcare Provider Case Study 2: Advanced Persistent Threat (APT) on a Financial Institution Case Study 3: Insider Threat at a Technology Company Case Study 4: Distributed Denial of Service (DDoS) Attack on E-Commerce Retailer Legal Frameworks and Compliance Requirements Ethical Considerations in Incident Response Compliance with Data Breach Notification Laws Incident Classification and Prioritization Quantification Qualification Communication and Coordination During Incidents Data Protection and Evidence Preservation Conclusion: Building Resilience Through Incident Response Key Takeaways Practice Test Answer Key Chapter 15: Legal and Compliance Considerations in Cybersecurity Overview of the Evolving Legal and Regulatory Landscape Ethical Considerations and Their Implications for Cybersecurity Major Compliance Standards and Frameworks Data Protection Laws and Their Implications for Organizations Children’s Online Privacy Protection Act (COPPA): Safeguarding Understanding the Principles of Data Protection and Privacy Implications for Global Organizations Dealing with International Data Transfer Incident Notification and Reporting in Consideration to Compliance Requirements Ethical Hacking and Responsible Disclosure Navigating Legal and Compliance Challenges Conclusion: The Legal and Ethical Framework of Cybersecurity Practice Test Answer Key Words from the Author Brief Summary Index

قیمت نهایی

۴۴٬۰۰۰ تومان