چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Red Hat Enterprise Linux 8 Security hardening

Red Hat, Inc.

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

نویسنده
Red Hat, Inc.
ناشر
Red Hat
سال انتشار
۲۰۲۰
فرمت
PDF
زبان
انگلیسی
حجم فایل
۱٫۰ مگابایت

دربارهٔ کتاب

Table of Contents PROVIDING FEEDBACK ON RED HAT DOCUMENTATION CHAPTER 1. OVERVIEW OF SECURITY HARDENING IN RHEL 1.1. WHAT IS COMPUTER SECURITY? 1.2. STANDARDIZING SECURITY 1.3. CRYPTOGRAPHIC SOFTWARE AND CERTIFICATIONS 1.4. SECURITY CONTROLS 1.4.1. Physical controls 1.4.2. Technical controls 1.4.3. Administrative controls 1.5. VULNERABILITY ASSESSMENT 1.5.1. Defining assessment and testing 1.5.2. Establishing a methodology for vulnerability assessment 1.5.3. Vulnerability assessment tools 1.6. SECURITY THREATS 1.6.1. Threats to network security 1.6.2. Threats to server security 1.6.3. Threats to workstation and home PC security 1.7. COMMON EXPLOITS AND ATTACKS CHAPTER 2. SECURING RHEL DURING INSTALLATION 2.1. BIOS AND UEFI SECURITY 2.1.1. BIOS passwords 2.1.1.1. Non-BIOS-based systems security 2.2. DISK PARTITIONING 2.3. RESTRICTING NETWORK CONNECTIVITY DURING THE INSTALLATION PROCESS 2.4. INSTALLING THE MINIMUM AMOUNT OF PACKAGES REQUIRED 2.5. POST-INSTALLATION PROCEDURES CHAPTER 3. USING SYSTEM-WIDE CRYPTOGRAPHIC POLICIES 3.1. SYSTEM-WIDE CRYPTOGRAPHIC POLICIES Tool for managing crypto policies Strong crypto defaults by removing insecure cipher suites and protocols Cipher suites and protocols disabled in all policy levels Cipher suites and protocols enabled in the crypto-policies levels 3.2. SWITCHING THE SYSTEM-WIDE CRYPTOGRAPHIC POLICY TO MODE COMPATIBLE WITH EARLIER RELEASES 3.3. SWITCHING THE SYSTEM TO FIPS MODE 3.4. ENABLING FIPS MODE IN A CONTAINER 3.5. EXCLUDING AN APPLICATION FROM FOLLOWING SYSTEM-WIDE CRYPTO POLICIES 3.5.1. Examples of opting out of system-wide crypto policies 3.6. CUSTOMIZING SYSTEM-WIDE CRYPTOGRAPHIC POLICIES WITH POLICY MODIFIERS 3.7. CREATING AND SETTING A CUSTOM SYSTEM-WIDE CRYPTOGRAPHIC POLICY 3.8. RELATED INFORMATION CHAPTER 4. CONFIGURING APPLICATIONS TO USE CRYPTOGRAPHIC HARDWARE THROUGH PKCS #11 4.1. CRYPTOGRAPHIC HARDWARE SUPPORT THROUGH PKCS #11 4.2. USING SSH KEYS STORED ON A SMART CARD 4.3. USING HSMS PROTECTING PRIVATE KEYS IN APACHE AND NGINX 4.4. CONFIGURING APPLICATIONS TO AUTHENTICATE USING CERTIFICATES FROM SMART CARDS 4.5. RELATED INFORMATION CHAPTER 5. USING SHARED SYSTEM CERTIFICATES 5.1. THE SYSTEM-WIDE TRUST STORE 5.2. ADDING NEW CERTIFICATES 5.3. MANAGING TRUSTED SYSTEM CERTIFICATES 5.4. RELATED INFORMATION CHAPTER 6. SCANNING THE SYSTEM FOR CONFIGURATION COMPLIANCE AND VULNERABILITIES 6.1. CONFIGURATION COMPLIANCE TOOLS IN RHEL 6.2. VULNERABILITY SCANNING 6.2.1. Red Hat Security Advisories OVAL feed 6.2.2. Scanning the system for vulnerabilities 6.2.3. Scanning remote systems for vulnerabilities 6.3. CONFIGURATION COMPLIANCE SCANNING 6.3.1. Configuration compliance in RHEL 8 6.3.2. Possible results of an OpenSCAP scan 6.3.3. Viewing profiles for configuration compliance 6.3.4. Assessing configuration compliance with a specific baseline 6.4. REMEDIATING THE SYSTEM TO ALIGN WITH A SPECIFIC BASELINE 6.5. REMEDIATING THE SYSTEM TO ALIGN WITH A SPECIFIC BASELINE USING THE SSG ANSIBLE PLAYBOOK 6.6. CREATING A REMEDIATION ANSIBLE PLAYBOOK TO ALIGN THE SYSTEM WITH A SPECIFIC BASELINE 6.7. CREATING A REMEDIATION BASH SCRIPT FOR A LATER APPLICATION 6.8. SCANNING THE SYSTEM WITH A CUSTOMIZED PROFILE USING SCAP WORKBENCH 6.8.1. Using SCAP Workbench to scan and remediate the system 6.8.2. Customizing a security profile with SCAP Workbench 6.8.3. Related information 6.9. DEPLOYING SYSTEMS THAT ARE COMPLIANT WITH A SECURITY PROFILE IMMEDIATELY AFTER AN INSTALLATION 6.9.1. Deploying baseline-compliant RHEL systems using the graphical installation 6.9.2. Deploying baseline-compliant RHEL systems using Kickstart 6.10. SCANNING CONTAINER AND CONTAINER IMAGES FOR VULNERABILITIES 6.11. ASSESSING SECURITY COMPLIANCE OF A CONTAINER OR A CONTAINER IMAGE WITH A SPECIFIC BASELINE 6.12. SUPPORTED VERSIONS OF THE SCAP SECURITY GUIDE IN RHEL 6.13. RELATED INFORMATION CHAPTER 7. CHECKING INTEGRITY WITH AIDE 7.1. INSTALLING AIDE 7.2. PERFORMING INTEGRITY CHECKS WITH AIDE 7.3. UPDATING AN AIDE DATABASE 7.4. RELATED INFORMATION CHAPTER 8. ENCRYPTING BLOCK DEVICES USING LUKS 8.1. LUKS DISK ENCRYPTION 8.2. LUKS VERSIONS IN RHEL 8 8.3. OPTIONS FOR DATA PROTECTION DURING LUKS2 RE-ENCRYPTION 8.4. ENCRYPTING EXISTING DATA ON A BLOCK DEVICE USING LUKS2 8.5. ENCRYPTING EXISTING DATA ON A BLOCK DEVICE USING LUKS2 WITH A DETACHED HEADER 8.6. ENCRYPTING A BLANK BLOCK DEVICE USING LUKS2 CHAPTER 9. CONFIGURING AUTOMATED UNLOCKING OF ENCRYPTED VOLUMES USING POLICY-BASED DECRYPTION 9.1. NETWORK-BOUND DISK ENCRYPTION 9.2. INSTALLING AN ENCRYPTION CLIENT - CLEVIS 9.3. DEPLOYING A TANG SERVER WITH SELINUX IN ENFORCING MODE 9.4. ROTATING TANG SERVER KEYS AND UPDATING BINDINGS ON CLIENTS 9.5. DEPLOYING AN ENCRYPTION CLIENT FOR AN NBDE SYSTEM WITH TANG 9.6. REMOVING A CLEVIS PIN FROM A LUKS-ENCRYPTED VOLUME MANUALLY 9.7. DEPLOYING AN ENCRYPTION CLIENT WITH A TPM 2.0 POLICY 9.8. CONFIGURING MANUAL ENROLLMENT OF LUKS-ENCRYPTED VOLUMES 9.9. CONFIGURING AUTOMATED ENROLLMENT OF LUKS-ENCRYPTED VOLUMES USING KICKSTART 9.10. CONFIGURING AUTOMATED UNLOCKING OF A LUKS-ENCRYPTED REMOVABLE STORAGE DEVICE 9.11. DEPLOYING HIGH-AVAILABILITY NBDE SYSTEMS 9.11.1. High-available NBDE using Shamir’s Secret Sharing 9.11.1.1. Example 1: Redundancy with two Tang servers 9.11.1.2. Example 2: Shared secret on a Tang server and a TPM device 9.12. DEPLOYMENT OF VIRTUAL MACHINES IN A NBDE NETWORK 9.13. BUILDING AUTOMATICALLY-ENROLLABLE VM IMAGES FOR CLOUD ENVIRONMENTS USING NBDE 9.14. ADDITIONAL RESOURCES CHAPTER 10. AUDITING THE SYSTEM 10.1. LINUX AUDIT 10.2. AUDIT SYSTEM ARCHITECTURE 10.3. CONFIGURING AUDITD FOR A SECURE ENVIRONMENT 10.4. STARTING AND CONTROLLING AUDITD 10.5. UNDERSTANDING AUDIT LOG FILES 10.6. USING AUDITCTL FOR DEFINING AND EXECUTING AUDIT RULES 10.7. DEFINING PERSISTENT AUDIT RULES 10.8. USING PRE-CONFIGURED RULES FILES 10.9. USING AUGENRULES TO DEFINE PERSISTENT RULES 10.10. DISABLING AUGENRULES 10.11. RELATED INFORMATION CHAPTER 11. CONFIGURING AND MANAGING APPLICATION WHITELISTS 11.1. APPLICATION WHITELISTING IN RHEL 11.2. DEPLOYING APPLICATION WHITELISTING 11.3. ADDING CUSTOM RULES FOR APPLICATION WHITELISTING 11.4. TROUBLESHOOTING RHEL APPLICATION WHITELISTING 11.5. ADDITIONAL RESOURCES CHAPTER 12. PROTECTING SYSTEMS AGAINST INTRUSIVE USB DEVICES 12.1. USBGUARD 12.2. INSTALLING USBGUARD 12.3. BLOCKING AND AUTHORIZING A USB DEVICE USING CLI 12.4. CREATING A CUSTOM POLICY FOR USB DEVICES 12.5. AUTHORIZING USERS AND GROUPS TO USE THE USBGUARD IPC INTERFACE 12.6. LOGGING USBGUARD AUTHORIZATION EVENTS TO THE LINUX AUDIT LOG 12.7. ADDITIONAL RESOURCES

قیمت نهایی

۴۴٬۰۰۰ تومان