Building secure and reliable systems: best practices for designing, implementing, and maintaining systems

Authors:Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield

eBook, English, 2020

Edition:View all formats and editions

Publisher: O'Reilly Media, Incorporated, Sebastopol, 2020

Physical Description:1 online resource (558 p.)

ISBN:

9781492083078, 9781492083092, 1492083097, 1492083070

OCLC Number / Unique Identifier:1155320619

Subjects:

Computer networks Security measures

Computer science

Data protection

Electronic Data Processing

Génie logiciel

Information Systems

Information storage and retrieval systems

Information technology

Informatique

Protection de l'information (Informatique)

Réseaux d'ordinateurs Sécurité Mesures

Software engineering

Systèmes d'information

Technologie de l'information

information technology

Additional Physical Form Entry:

Print version:

Building Secure and Reliable Systems : Best Practices for Designing, Implementing, and Maintaining Systems

Adkins, Heather

Contents:

Intro

Foreword by Royal Hansen

Foreword by Michael Wildpaner

Preface

Why We Wrote This Book

Who This Book Is For

A Note About Culture

How to Read This Book

Conventions Used in This Book

O'Reilly Online Learning

How to Contact Us

Acknowledgments

I. Introductory Material

1. The Intersection of Security and Reliability

On Passwords and Power Drills

Reliability Versus Security: Design Considerations

Confidentiality, Integrity, Availability

Confidentiality

Integrity

Availability

Reliability and Security: Commonalities

Invisibility Assessment

Simplicity

Evolution

Resilience

From Design to Production

Investigating Systems and Logging

Crisis Response

Recovery

Conclusion

2. Understanding Adversaries

Attacker Motivations

Attacker Profiles

Hobbyists

Vulnerability Researchers

Governments and Law Enforcement

Intelligence gathering

Military purposes

Policing domestic activity

Protecting your systems from nation-state actors

Activists

Protecting your systems from hacktivists

Criminal Actors

Protecting your systems from criminal actors Automation and Artificial Intelligence

Protecting your systems from automated attacks

Insiders

First-party insiders

Third-party insiders

Related insiders

Threat modeling insider risk

Designing for insider risk

Attacker Methods

Threat Intelligence

Cyber Kill Chains™

Tactics, Techniques, and Procedures

Risk Assessment Considerations

Conclusion

II. Designing Systems

3. Case Study: Safe Proxies

Safe Proxies in Production Environments

Google Tool Proxy

Conclusion

4. Design Tradeoffs

Design Objectives and Requirements

Feature Requirements Nonfunctional Requirements

Features Versus Emergent Properties

Example: Google Design Document

Balancing Requirements

Example: Payment Processing

Security and reliability considerations

Using a third-party service provider to handle sensitive data

Benefits

Costs and nontechnical risks

Reliability risks

Security risks

Managing Tensions and Aligning Goals

Example: Microservices and the Google Web Application Framework

Aligning Emergent-Property Requirements

Initial Velocity Versus Sustained Velocity

Conclusion

5. Design for Least Privilege Concepts and Terminology

Least Privilege

Zero Trust Networking

Zero Touch

Classifying Access Based on Risk

Best Practices

Small Functional APIs

Breakglass

Auditing

Collecting good audit logs

Choosing an auditor

Testing and Least Privilege

Testing of least privilege

Testing with least privilege

Diagnosing Access Denials

Graceful Failure and Breakglass Mechanisms

Worked Example: Configuration Distribution

POSIX API via OpenSSH

Software Update API

Custom OpenSSH ForceCommand

Custom HTTP Receiver (Sidecar)

Notes:

Description based upon print version of record

More Information: