À propos de cet ebook
One of the biggest buzzwords in the IT industry for the past few years, virtualization has matured into a practical requirement for many best-practice business scenarios, becoming an invaluable tool for security professionals at companies of every size. In addition to saving time and other resources, virtualization affords unprecedented means for intrusion and malware detection, prevention, recovery, and analysis. Taking a practical approach in a growing market underserved by books, this hands-on title is the first to combine in one place the most important and sought-after uses of virtualization for enhanced security, including sandboxing, disaster recovery and high availability, forensic analysis, and honeypotting.Already gaining buzz and traction in actual usage at an impressive rate, Gartner research indicates that virtualization will be the most significant trend in IT infrastructure and operations over the next four years. A recent report by IT research firm IDC predicts the virtualization services market will grow from $5.5 billion in 2006 to $11.7 billion in 2011. With this growth in adoption, becoming increasingly common even for small and midsize businesses, security is becoming a much more serious concern, both in terms of how to secure virtualization and how virtualization can serve critical security objectives. Titles exist and are on the way to fill the need for securing virtualization, but security professionals do not yet have a book outlining the many security applications of virtualization that will become increasingly important in their job requirements. This book is the first to fill that need, covering tactics such as isolating a virtual environment on the desktop for application testing, creating virtualized storage solutions for immediate disaster recovery and high availability across a network, migrating physical systems to virtual systems for analysis, and creating complete virtual systems to entice hackers and expose potential threats to actual production systems.About the TechnologiesA sandbox is an isolated environment created to run and test applications that might be a security risk. Recovering a compromised system is as easy as restarting the virtual machine to revert to the point before failure. Employing virtualization on actual production systems, rather than just test environments, yields similar benefits for disaster recovery and high availability. While traditional disaster recovery methods require time-consuming reinstallation of the operating system and applications before restoring data, backing up to a virtual machine makes the recovery process much easier, faster, and efficient. The virtual machine can be restored to same physical machine or an entirely different machine if the original machine has experienced irreparable hardware failure. Decreased downtime translates into higher availability of the system and increased productivity in the enterprise.Virtualization has been used for years in the field of forensic analysis, but new tools, techniques, and automation capabilities are making it an increasingly important tool. By means of virtualization, an investigator can create an exact working copy of a physical computer on another machine, including hidden or encrypted partitions, without altering any data, allowing complete access for analysis. The investigator can also take a live ?snapshot? to review or freeze the target computer at any point in time, before an attacker has a chance to cover his tracks or inflict further damage.
Notes et avis
3,7
3 avis
Quelques mots sur l'auteur
John Hoopes, Senior Consultant for Verisign, is a graduate of the University of Utah. John's professional background includes an operational/support role on many diverse platforms, including IBM AS/400, IBM Mainframe (OS/390 and Z-Series), AIX, Solaris, Windows, and Linux. John's security expertise focuses on application testing with an emphasis in reverse engineering and protocol analysis. Before becoming a consultant, John was an application security testing lead for IBM, with responsibilities including secure service deployment, external service delivery, and tool development. John has also been responsible for the training and mentoring of team members in network penetration testing and vulnerability assessment. As a consultant, John has lead the delivery of security engagements for clients in the retail, transportation, telecommunication, and banking sectors.
Attribuez une note à ce ebook
Faites-nous part de votre avis.
Informations sur la lecture
Téléphones intelligents et tablettes
Installez l'appli Google Play Livres pour Android et iPad ou iPhone. Elle se synchronise automatiquement avec votre compte et vous permet de lire des livres en ligne ou hors connexion, où que vous soyez.
Ordinateurs portables et de bureau
Vous pouvez écouter les livres audio achetés sur Google Play en utilisant le navigateur Web de votre ordinateur.
Liseuses et autres appareils
Pour pouvoir lire des ouvrages sur des appareils utilisant la technologie e-Ink, comme les liseuses électroniques Kobo, vous devez télécharger un fichier et le transférer sur l'appareil en question. Suivez les instructions détaillées du centre d'aide pour transférer les fichiers sur les liseuses électroniques compatibles.
