Lee Brotherston is a Senior Security Advisor with Leviathan Security, providing Information Security consulting services to a range of clients.
Meer over de auteursDefensive Security Handbook
Best Practices for Securing Infrastructure
Paperback Engels 2024 9781098127244Samenvatting
Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don't have the budget for an information security (InfoSec) program. If you're forced to protect yourself by improvising on the job, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost.
Each chapter in this book provides step-by-step instructions for dealing with issues such as breaches and disasters, compliance, network infrastructure, password management, vulnerability scanning, penetration testing, and more. Network engineers, system administrators, and security professionals will learn how to use frameworks, tools, and techniques to build and improve their cybersecurity programs.
This book will help you:
- Plan and design incident response, disaster recovery, compliance, and physical security
- Learn and apply basic penetration-testing concepts through purple teaming
- Conduct vulnerability management using automated processes and tools
- Use IDS, IPS, SOC, logging, and monitoring
- Bolster Microsoft and Unix systems, network infrastructure, and password management
- Use segmentation practices and designs to compartmentalize your network
- Reduce exploitable errors by developing code securely
Specificaties
Lezersrecensies
Over Amanda Berlin
Inhoudsopgave
Preface
Our Goal
Who This Book Is For
Navigating the Book
Conventions Used in This Book
O’Reilly Online Learning
How to Contact Us
Acknowledgments
Amanda
Lee
Bill
1. Creating a Security Program
Laying the Groundwork
Establishing Teams
Determining Your Baseline Security Posture
Assessing Threats and Risks
Identify Scope, Assets, and Threats
Assess Risk and Impact
Mitigate
Monitor
Govern
Prioritizing
Creating Milestones
Use Cases, Tabletops, and Drills
Expanding Your Team and Skillsets
Conclusion
2. Asset Management and Documentation
What Is Asset Management?
Documentation
Establishing the Schema
Data Storage Options
Data Classification
Understanding Your Inventory Schema
Asset Management Implementation Steps
Defining the Lifecycle
Information Gathering
Change Tracking
Monitoring and Reporting
Asset Management Guidelines
Automate
Establish a Single Source of Truth
Organize a Company-wide Team
Find Executive Champions
Keep on Top of Software Licensing
Conclusion
3. Policies
Language
Document Contents
Topics
Storage and Communication
Conclusion
4. Standards and Procedures
Standards
Procedures
Document Contents
Conclusion
5. User Education
Broken Processes
Bridging the Gap
Building Your Own Program
Establish Objectives
Establish Baselines
Scope and Create Program Rules and Guidelines
Provide Positive Reinforcement
Define Incident Response Processes
Obtaining Meaningful Metrics
Measurements
Tracking Success Rate and Progress
Important Metrics
Conclusion
6. Incident Response
Processes
Pre-Incident Processes
Incident Processes
Post-Incident Processes
Tools and Technology
Log Analysis
EDR/XDR/MDR/All the “Rs”
Disk and File Analysis
Memory Analysis
PCAP Analysis
All-in-One Tools
Conclusion
7. Disaster Recovery
Setting Objectives
Recovery Point Objective
Recovery Time Objective
Recovery Strategies
Traditional Physical Backups
Warm Standby
High Availability
Alternate System
System Function Reassignment
Cloud Native Disaster Recovery
Dependencies
Scenarios
Invoking a Failover...and Back
Testing
Security Considerations
Conclusion
8. Industry Compliance Standards and Frameworks
Industry Compliance Standards
Family Educational Rights and Privacy Act (FERPA)
Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
Payment Card Industry Data Security Standard (PCI DSS)
Sarbanes-Oxley (SOX) Act
Frameworks
Center for Internet Security (CIS)
Cloud Control Matrix (CCM)
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Control Objectives for Information and Related Technologies (COBIT)
ISO-27000 Series
MITRE ATT&CK
NIST Cybersecurity Framework (CSF)
Regulated Industries
Financial
Government
Healthcare
Conclusion
9. Physical Security
Physical
Restrict Access
Video Surveillance
Authentication Maintenance
Secure Media
Datacenters
Operational Aspects
Identifying Visitors and Contractors
Physical Security Training
Conclusion
10. Microsoft Windows Infrastructure
Quick Wins
Upgrade
Third-Party Patches
Open Shares
Active Directory Domain Services
Forests
Domains
Domain Controllers
Organizational Units
Groups
Accounts
Group Policy Objects (GPOs)
Conclusion
11. Unix Application Servers
Keeping Up-to-Date
Third-Party Software Updates
Core Operating System Updates
Hardening a Unix Application Server
Disable Services
Set File Permissions
Use Host-Based Firewalls
Manage File Integrity
Configure Separate Disk Partitions
Use chroot
Set Up Mandatory Access Control
Conclusion
12. Endpoints
Keeping Up-to-Date
Microsoft Windows
macOS
Unix Desktops
Third-Party Updates
Hardening Endpoints
Disable Services
Use Desktop Firewalls
Implement Full-Disk Encryption
Use Endpoint Protection Tools
Mobile Device Management
Endpoint Visibility
Centralization
Conclusion
13. Databases
Introduction to Databases and Their Importance in Information Security
Database Implementations
Common Database Management Systems
A Real-World Case Study: The Marriott Breach
Database Security Threats and Vulnerabilities
Unauthorized Access
SQL Injection
Data Leakage
Insider Threats
Defense Evasion
Database Security Best Practices
Data Encryption
Authentication and Authorization Mechanisms
Secure Database Configuration and Hardening
Database Management in the Cloud
Hands-on Exercise: Implementing Encryption in a MySQL Database (Operation Lockdown)
Conclusion
14. Cloud Infrastructure
Types of Cloud Services and Their Security Implications
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
The Shared Responsibility Model
Common Cloud Security Mistakes and How to Avoid Them
Misconfigurations
Inadequate Credential and Secrets Management
Overpermissioned Cloud Resources
Poor Security Hygiene
Failing to Understand the Shared Responsibility Model
Cloud Security Best Practices
Start with Secure Architectural Patterns
Properly Manage Secrets
Embrace Well-Architected Frameworks
Continue Following Security Best Practices
Exercise: Gaining Security Visibility into an AWS Environment
Configure an SNS Email Notification
Enable GuardDuty
Set Up EventBridge to Route Alerts to Email
Testing
Conclusion
15. Authentication
Identity and Access Management
Passwords
Password Basics
Encryption, Hashing, and Salting
Password Management
Additional Password Security
Common Authentication Protocols
NTLM
Kerberos
LDAP
RADIUS
Differences Between Protocols
Protocol Security
Choosing the Best Protocol for Your Organization
Multi-Factor Authentication
MFA Weaknesses
Where It Should Be Implemented
Conclusion
16. Secure Network Infrastructure
Device Hardening
Firmware/Software Patching
Services
SNMP
Encrypted Protocols
Management Network
Hardware Devices
Bastion Hosts
Routers
Switches
Wireless Devices
Design
Egress Filtering
IPv6: A Cautionary Note
TACACS+
Networking Attacks
ARP Cache Poisoning and MAC Spoofing
DDoS Amplification
VPN Attacks
Wireless
Conclusion
17. Segmentation
Network Segmentation
Physical
Logical
Physical and Logical Network Example
Software-Defined Networking
Application Segmentation
Segmentation of Roles and Responsibilities
Conclusion
18. Vulnerability Management
Authenticated Versus Unauthenticated Scans
Vulnerability Assessment Tools
Open Source Tools
Vulnerability Management Program
Program Initialization
Business as Usual
Remediation Prioritization
Risk Acceptance
Conclusion
19. Development
Language Selection
Assembly
C and C++
Go
Rust
Python/Ruby/Perl
PHP
Secure Coding Guidelines
Testing
Automated Static Testing
Automated Dynamic Testing
Peer Review
Software Development Lifecycle
Conclusion
20. OSINT and Purple Teaming
Open Source Intelligence
Types of Information and Access
Modern OSINT Tools
Purple Teaming
A Purple Teaming Example
Conclusion
21. Understanding IDSs and IPSs
Role in Information Security
Exploring IDS and IPS Types
Network-Based IDSs
Host-Based IDSs
IPSs
NGFWs
IDSs and IPSs in the Cloud
AWS
Azure
GCP
Working with IDSs and IPSs
Managing False Positives
Writing Your Own Signatures
IDS/IPS Positioning
Encrypted Protocols
Conclusion
22. Logging and Monitoring
Security Information and Event Management
Why Use a SIEM
Scope of Coverage
Designing the SIEM
Log Analysis and Enrichment
Sysmon
Group Policy
Alert Examples and Log Sources to Focus On
Authentication Systems
Application Logs
Cloud Services
Databases
DNS
Endpoint Protection Solutions
IDSs/IPSs
Operating Systems
Proxy and Firewall Logs
User Accounts, Groups, and Permissions
Testing and Continuing Configuration
Aligning with Detection Frameworks, Compliance Mandates, and Use Cases
MITRE ATT&CK
Sigma
Compliance
Use Case Analysis
Conclusion
23. The Extra Mile
Email Servers
DNS Servers
Security Through Obscurity
Useful Resources
Books
Blogs
Podcasts
Websites
Appendix. User Education Templates
Live Phishing Education Slides
You’ve Been Hacked!
What Just Happened, and Why?
Social Engineering 101(0101)
So It’s OK That You Were Exploited (This Time)
No Blame, No Shames, Just...
A Few Strategies for Next Time
Because There Will Be a Next Time
If Something Feels Funny
If Something Looks Funny
If Something Sounds Funny
Feels, Looks, or Sounds Funny—Call the IT Help Desk
What If I Already Clicked the Link or Opened the Attachment?
What If I Didn’t Click the Link or Attachment?
Your IT Team Is Here for You!
Phishing Program Rules
Index
About the Authors
Rubrieken
- advisering
- algemeen management
- coaching en trainen
- communicatie en media
- economie
- financieel management
- inkoop en logistiek
- internet en social media
- it-management / ict
- juridisch
- leiderschap
- marketing
- mens en maatschappij
- non-profit
- ondernemen
- organisatiekunde
- personal finance
- personeelsmanagement
- persoonlijke effectiviteit
- projectmanagement
- psychologie
- reclame en verkoop
- strategisch management
- verandermanagement
- werk en loopbaan