With Red Hat Ansible, Red Hat OpenShift, and Red Hat Security Auditing

Table of Contents
About the Author
About the Technical Reviewer
Acknowledgments
Introduction
Chapter 1: Introduction to IT Security
	Basics of Networking
		Firewalls
		Virtual Private Network
		Virtual Private Cloud
		DHCP
		Domain Name System
		TCP
		UDP
		Simple Network Management Protocol
		SSH
		HTTP
		SSL/TLS
		Network Address Translation
		Port Forwarding
	IT Infrastructure Elements
		Switching vs. Routing
		Domain Controller
		Database Server
		Application Server
		Load Balancing Server
	Linux System Administration Essential Concepts
		Directory Services
		LDAP
		File Systems in Linux
		Block Storage
	Security Basics in Linux
		Access Control Lists (ACLs)
		SELinux
		Firewall Daemon (Firewalld)
	Standardizing Security in Network and System Administration
		Confidentiality
		Integrity
		Availability
Chapter 2: Red Hat Hybrid Cloud Infrastructure
	Basics of Cloud Infrastructure
		What Is Cloud Computing?
		Cloud Computing Services
			Infrastructure as a Service (IaaS)
			Platform as a Service (PaaS)
			Software as a Service (SaaS)
		Cloud Bursting
		Security in Cloud Infrastructure
	Introduction to Hybrid Cloud Architecture
		Operating Hybrid Clouds
		Cloud First
		Migration
			Lift and Shift
			Improve and Move
			Rip and Replace
		Flexibility
		Tiered Hybrid Strategy
		Benefits of Tiered Hybrid Implementation
		Analytical Hybrid Infrastructure
		Hybrid Edge Cloud Computing
		Modern Hybrid Cloud Architecture
		Security in Hybrid Clouds
	Red Hat Cloud Suite
		Red Hat CloudForms
		Red Hat Virtualization
		Red Hat OpenStack Platform
		Red Hat OpenShift Container Platform
		Advantages of CloudSuite
	Orchestration with Red Hat OpenShift
		OpenShift Container Platform (Red Hat OCP)
		Compatibility with Hybrid Cloud
		OpenShift Security
		Distinctive Features
		Kubernetes
		OCP Life Cycle
		OCP Installation
		Installation Procedure
Chapter 3: Security in DevOps and Automation
	Categories of DevOps
		Automation
		Continuous Integration (CI)
		Continuous Testing (CT)
	Agile Development
	Enterprise Systems Management (ESM)
	Continuous Delivery vs. Continuous Deployment
		Continuous Delivery (CD)
		Continuous Deployment (CD)
	Continuous Monitoring
	Benefits of DevOps
		Scalability
		Speed
		Innovation
		Agility
		Qualitative Growth
		Reliability
		Cost-Effective
	Evolution of DevSecOps
		DevSecOps in Environment and Data Security
		DevSecOps in CI/CD Pipeline
	Infrastructure as Code and Security as Code
		Infrastructure as Code (IaC)
		Security as Code (SaC)
			Buffer Overflow
			Code Injection Attacks
	Automation with Red Hat Ansible Automation Platform
		Ansible Components
			Control Node
			Managed Nodes
			Inventory
			Modules
			Tasks
			Playbooks
		Using Ansible
		Building an Inventory
		Default Groups
		Ansible Playbook
	DevSecOps in OpenShift
	Red Hat Consulting
Chapter 4: Red Hat Hyperconverged Infrastructure
	Obsolescence of Legacy Infrastructure
	What Is Hyperconverged Infrastructure?
	HCI Architecture
		Databases
		Analytics and Logging
		Data Security
		Data Storage
		Edge Computing
		Desktop as a Service (DaaS)
		Programming
		General Uses
	Red Hat Hyperconverged Infrastructure for Virtualization
		Core Operations
		Key Features
	Red Hat Virtualization
		Elements of Red Hat Virtualization
			Cluster
			Data center
			Event
			HA Services
			Host
			Storage Pool Manager (SPM)
			Host Storage Manager (HSM)
			Networking
			Self-Hosted Engine Node
			Template
			Data Warehouse
			Metrics Store
		Security in Red Hat Virtualization
		Configuration of sVirt
		Flexibility with Red Hat Gluster Storage
		Red Hat Hyperconverged Infrastructure for Cloud
		Cloud Computing with Red Hat OpenStack Platform (RHOSP)
			Core Elements of OpenStack
			Dashboard (Code: Horizon)
			Identity (Code: Keystone)
			OpenStack Networking (Code: Neutron)
			Load-Balancing Service (Code: Octavia)
			OpenStack Block Storage (Code: Cinder)
			OpenStack Compute (Code: Nova)
			OpenStack Image Service (Code: Glance)
			OpenStack Object Storage (Code: Swift)
			OpenStack Telemetry (Code: Ceilometer)
			OpenStack Orchestration (Code: Heat)
			Red Hat OpenStack Platform Director
		Scalability with Red Hat Ceph Storage
			Ceph OSD Daemon
			Ceph Monitor
			Ceph Manager
	Hyperconverged Infrastructure Security Best Practices
		Secure Individual Components
		Security Centralization
		Accessibility
		Security Policies Implementation
Chapter 5: Red Hat Smart Management and Red Hat Insights
	Red Hat Satellite Architecture
	Core System Elements
		Organizations
		Locations
		Life-Cycle Environments
		Provisioning
		Kickstart
		PXE Booting
			Single Location
			Single Location with Separate Subnets
			Multiple Locations
			Disconnected Satellite
				Disconnected Satellite with Content ISO
				Disconnected Satellite with Inter-Satellite Synchronization
			Capsule with External Services
	Infrastructure Controlling with Red Hat Smart Management
	Predictive Analytics Using Red Hat Insights
		Advisor Service
		Vulnerability Service
		Security Rules
		Compliance Service
		System Comparison / Drift Analysis
		System Baselines
		Reference Point
		System Facts
		Insights Policies
		Webhooks
		System Patching Using Ansible Playbooks
Chapter 6: Red Hat Security Auditing
	IT System Auditing
	General Controls vs. Application Controls
	Risk Analysis
	System Security
	Control Objectives and Environment
	Finding
	Best Practices for Red Hat System Audit
		RHEL Audit Use Cases
		Audit Configuration
		Evaluate Vulnerabilities and Verify Compliance
			Unprompted Active Role Partaking
			Identifying the Key Business Processes
			Zero In on Critical Applications Underneath the Processes
			Identify the Hardware Powering the Applications and Processes
			Mapping Network Architecture
			Analyze the Security and Control Measures
			Perform Vulnerability Scans
			Consolidate the Scan Results with Technological and Business Context
			Perform Penetration Testing
	Conclusion
Chapter 7: Case Studies
	Case Study 1: Anonymous
		Context
		Policies and Controls That Could Have Helped
			BYOD (Bring Your Own Device) Policy
			Limit Network Port Access
			Safeguarding FTP Server
			Defense Mechanisms
			Data Security
			Wireless Access Security
	Case Study 2: Sony Pictures Entertainment (2014)
		Context
		Policies and Controls That Could Have Helped
			Encryption
			Network Security
			Data Scanning
			Malware Defense Mechanisms
			Data Recovery
			Administrative Privileges
			Security Logging
			Network Segmentation
			Penetration Testing and Red Team Assessments
			Incident Response
	Case Study 3: Capital One (2019)
		Context
		Policies and Controls That Could Have Helped
			Firewall Configurations
			Access Controls
			Encryption
			Monitoring
	Additional Case Studies
		Bangladesh Bank Cyber Heist (2016)
		Facebook–Cambridge Analytica Data Scandal (2018)
		Twitter Hack (2020)
References
Index