Secured by Design

This book has been written as a collection of best practices, implementation techniques, monitoring methods, data collection, reporting, and governance for defense of computer systems against hacking from the inside and outside. Too many companies have experienced hacking when they didn't have to. Many breeches started out as innocent looking emails that have resulted in systems being seized and held for ransom rendering businesses unable to do anything until untraceable payments were...
More Description

This book has been written as a collection of best practices, implementation techniques, monitoring methods, data collection, reporting, and governance for defense of computer systems against hacking from the inside and outside. Too many companies have experienced hacking when they didn't have to. Many breeches started out as innocent looking emails that have resulted in systems being seized and held for ransom rendering businesses unable to do anything until untraceable payments were received. Examples have been provided for adding security in the form of encryption and redaction for servers, databases, and the network. Encryption examples have been provided for server hard drives aimed at obfuscating contents on the disk should a hard disk be lost or stolen. Network encryption examples are provided to show how data "on the wire" can be protected from tools created specifically to monitor wired or wireless networks. Database encryption and redaction examples have been provided showing available encryption algorithms and how they can be configured in new or existing databases. Examples of other technologies like compression were included as a means of making it harder to decipher data by anyone other than the appropriate audience. Additional overhead related to technologies like encryption and compression have always been a question mark for system operators. To address those questions, performance benchmarks and their results have been provided for large database operations against tables with the same columns but with or without encryption. All tables use compression. My performance numbers are to be used as a starting point with the caveat that it should be expected that differences in structure and configuration will result in different numbers. Redaction and securing data from privileged users has also been demonstrated because these users have absolute power to do anything against a database and cover their tracks along the way. Businesses are risk adverse and for that reason, they want to make small changes to running systems. This book provides proven methods for shoring up existing environments while they are online actively servicing the business. Asking two technical professionals the same question often results in three unique answers. Ultimately "It Depends".