Designing Secure Systems takes a theoretical approach to information security. In this book, I introduce authorization theory, a way to analyze the security of any system based on its access, authorization, authorization, and authentication components. This approach enables you to model human process, physical, and cybersecurity systems with a single approach.
Authenticating to remote services with only a password is a thing of the past. Modern attack techniques make theft and reuse of passwords simple, yet we continue to use them to secure pretty much everything. In this post, we will review the various risks associated with password authentication and discuss what can be done to improve our security posture.
Recently, the Internet has been overrun with ransomware - software designed to take advantage of users by encrypting their data and holding the keys for ransom. In this post, we will use the concepts of access and authorization to assess this malware and better understand why it was so successful.
Think Like a Hacker is designed for systems administrators interested in the cybersecurity field as well as information security professionals interested in secure systems design.
Think Like a Hacker is designed to take an IT professional with an interest in cybersecurity on a journey through how an attacker thinks about a network, while posing new theoretical models on how to analyze their network through the lens of a targeted attacker. This book is not be your typical security book that focuses … Continue reading Prologue – Think Like a Hacker