Defensive Security Handbook: Best Practices for Securing Infrastructure

Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don’t have the budget to establish or outsource an information security (InfoSec) program, forcing them to learn on the job. For companies obliged to improvise, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost.

Each chapter in this book provides step-by-step instructions for dealing with a specific issue, including breaches and disasters, compliance, network infrastructure and password management, vulnerability scanning, and penetration testing, among others. Network engineers, system administrators, and security professionals will learn tools and techniques to help improve security in sensible, manageable chunks.

• Learn fundamentals of starting or redesigning an InfoSec program
• Create a base set of policies, standards, and procedures
• Plan and design incident response, disaster recovery, compliance, and physical security
• Bolster Microsoft and Unix systems, network infrastructure, and password management
• Use segmentation practices and designs to compartmentalize your network
• Explore automated process and tools for vulnerability management
• Securely develop code to reduce exploitable errors
• Understand basic penetration testing concepts through purple teaming
• Delve into IDS, IPS, SOC, logging, and monitoring

• Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan
• Red Team Development and Operations: A practical guide
• Intelligence-Driven Incident Response: Outwitting the Adversary
• Zero Trust Networks: Building Secure Systems in Untrusted Networks
• Blue Team Field Manual (BTFM) (RTFM)
• Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunter
• Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.
• The Hacker Playbook 3: Practical Guide To Penetration Testing
• The Practice of Network Security Monitoring: Understanding Incident Detection and Response
• Rtfm: Red Team Field Manual