Example: dental hygienist

Building Secure and Reliable Systems

Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea & Adam Stubblefi eldBuilding Secure & Reliable SystemsBest Practices for designing , Implementing and Maintaining SystemsCompliments ofPraise for Building Secure and Reliable SystemsIt is very hard to get practical advice on how to build and operate trustworthyinfrastructure at the scale of billions of users. This book is the first to really capture theknowledge of some of the best security and reliability teams in the world, and while veryfew companies will need to operate at Google s scale many engineers and operators canbenefit from some of the hard-earned lessons on securing wide-flung distributed book is full of useful insights from cover to cover, and each example and anecdote isheavy with authenticity and the wisdom that comes from experimenting, failing andmeasuring real outcomes at scale.

Best Practices for Designing, Implementing and Maintaining Systems Compliments of. Praise for ... This book is a rare treat for industry veterans and novices alike: instead of teaching information security as a discipline of its own, the authors offer hard-wrought and richly

Tags:

  Designing, Veterans, Reliable

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Advertisement

Transcription of Building Secure and Reliable Systems

1 Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea & Adam Stubblefi eldBuilding Secure & Reliable SystemsBest Practices for designing , Implementing and Maintaining SystemsCompliments ofPraise for Building Secure and Reliable SystemsIt is very hard to get practical advice on how to build and operate trustworthyinfrastructure at the scale of billions of users. This book is the first to really capture theknowledge of some of the best security and reliability teams in the world, and while veryfew companies will need to operate at Google s scale many engineers and operators canbenefit from some of the hard-earned lessons on securing wide-flung distributed book is full of useful insights from cover to cover, and each example and anecdote isheavy with authenticity and the wisdom that comes from experimenting, failing andmeasuring real outcomes at scale.

2 It is a must for anybody looking to build their systemsthe correct way from day one. Alex Stamos, Director of the Stanford Internet Observatoryand former CISO of Facebook and YahooThis book is a rare treat for industry veterans and novices alike: instead of teachinginformation security as a discipline of its own, the authors offer hard-wrought and richlyillustrated advice for Building software and operations that actually stood the test of doing so, they make a compelling case for reliability, usability, and security goinghand-in-hand as the entirely inseparable underpinnings of good system design. Micha Zalewski, VP of Security Engineering at Snap, author of The Tangled Web and Silence on the WireThis is the real world that researchers talk about in their papers.

3 JP Aumasson, CEO at Teserakt andauthor of Serious CryptographyGoogle faces some of the toughest security challenges of any company, and they rerevealing their guiding security principles in this book. If you re in SRE or securityand curious as to how a hyperscaler builds security into their Systems from designthrough operation, this book is worth studying. Kelly Shortridge, VP of Product Strategy at Capsule8If you re responsible for operating or securing an internet service: caution! Google andothers have made it look too easy. It s not. I had the privilege of working with thesebook authors for many years and was constantly amazed at what they uncovered andtheir extreme measures to protect our users data. If you have such responsibilitiesyourself, or if you re just trying to understand what it takes to protect services at scalein the modern world, study this book.

4 Nothing is covered in detail there are otherreferences for that but I don t know anywhere else that you ll find the breadth ofpragmatic tips and frank discussion of tradeoffs. Eric Grosse, former VP of Security Engineering at GoogleHeather Adkins, Betsy Beyer, Paul Blankinship,Piotr Lewandowski, Ana Oprea, and Adam StubblefieldBuilding Secure andReliable SystemsBest Practices for designing , Implementing,and Maintaining SystemsBostonFarnhamSebastopolTokyoBeiji ngBostonFarnhamSebastopolTokyoBeijing978 -1-492-08313-9[LSI] Building Secure and Reliable Systemsby Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, and Adam StubblefieldCopyright 2020 Google LLC. All rights in the United States of by O Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA Reilly books may be purchased for educational, business, or sales promotional use.

5 Online editions arealso available for most titles ( ). For more information, contact our corporate/institu tional sales department: 800-998-9938 or Editor: John DevinsIndexer: WordCo, Editor: Virginia WilsonInterior Designer: David FutatoProduction Editor: Kristen BrownCover Designer: Karen MontgomeryCopyeditor: Rachel HeadIllustrators: Jenny Bergman and Rebecca DemarestProofreader: Sharon WilkeyMarch 2020: First EditionRevision History for the First Edition2020-03-11: First ReleaseSee for release O Reilly logo is a registered trademark of O Reilly Media, Inc. Building Secure and Reliable Systems ,the cover image, and related trade dress are trademarks of O Reilly Media, views expressed in this work are those of the authors, and do not represent the publisher s views orthe views of the authors employer (Google).

6 While the publisher and the authors have used good faithefforts to ensure that the information and instructions contained in this work are accurate, the publisher,the authors, and Google disclaim all responsibility for errors or omissions, including without limitationresponsibility for damages resulting from the use of or reliance on this work. Use of the information andinstructions contained in this work is at your own risk. If any code samples or other technology this workcontains or describes is subject to open source licenses or the intellectual property rights of others, it isyour responsibility to ensure that your use thereof complies with such licenses and/or work is part of a collaboration between O Reilly and Google.

7 See our statement of editorial inde Susanne, whose strategic project management and passion for reliability andsecurity kept this book on track!Table of ContentsForeword by Royal Hansen.. xixForeword by Michael Wildpaner.. xxiiiPreface.. xxvPart I. Introductory Intersection of Security and Reliability.. 3On Passwords and Power Drills 3 Reliability Versus Security: Design Considerations 4 Confidentiality, Integrity, Availability 5 Confidentiality 6 Integrity 6 Availability 6 Reliability and Security.

8 Commonalities 7 Invisibility 7 Assessment 8 Simplicity 8 Evolution 9 Resilience 9 From Design to Production 10 Investigating Systems and Logging 11 Crisis Response 11 Recovery 12 Conclusion Adversaries.

9 15 Attacker Motivations 16 Attacker Profiles 18 Hobbyists 18 Vulnerability Researchers 18 Governments and Law Enforcement 19 Activists 21 Criminal

10 Actors 22 Automation and Artificial Intelligence 24 Insiders 24 Attacker Methods 30 Threat Intelligence 30 Cyber Kill Chains 31 Tactics, Techniques, and Procedures 32 Risk Assessment Considerations 32 Conclusion 34 Part II.


Related search queries