Defensive Security Handbook: Best Practices for Securing Infrastructure

Book Preface

Over the last decade, technology adoption has exploded worldwide and corporations have struggled to keep pace. Usability and revenue creation have been the key motivating factors, often ignoring the proactive design and security required for longterm stability. With the increase of breaking news hacks, record-breaking data leaks, and ransomware attacks, it is our job to not only scrape by with default installs but to secure our data and assets to the best of our abilities. There will always be cases where you will walk into an environment that is a metaphorical train wreck with so many fires that you don’t even know where to start. This book will give you what you need to create a solid and secure design for the majority of situations that you may encounter.

Modern attacks can occur for many different motivations and are perpetrated by people ranging from organized crime groups seeking to monetize breaches, through to hacktivists seeking to enact retribution on the organizations they deem to be immoral or counter to public interest. Whatever the motivation and whomever the attacker, a large number of attacks are organized and carried out by skilled individuals, often with funding.

This change in landscape has led to many organizations engaging in a game of Info‐ Sec catch-up, often realizing that their information security program has either not received the executive backing that it required or simply never existed in the first place. These organizations are seeking to correct this and begin along the path to initiating or maturing their information security efforts. There is, however, a problem. Information security is an industry that is currently undergoing a period of negative unemployment; that is, that there are more open positions than there are candidates to fill those positions. Hiring people is hard, and hiring good people is harder. For those seeking employment, this is can be an advantageous situation; however, it is a high risk for employers seeking to hire someone into an information security position as they would be instilling a certain amount of trust with possible high dollar assets to a new hire.