Op werkdagen voor 23:00 besteld, morgen in huis Gratis verzending vanaf €20
,

Defensive Security Handbook

Best Practices for Securing Infrastructure

Paperback Engels 2024 9781098127244
Verwachte levertijd ongeveer 16 werkdagen

Samenvatting

Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don't have the budget for an information security (InfoSec) program. If you're forced to protect yourself by improvising on the job, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost.

Each chapter in this book provides step-by-step instructions for dealing with issues such as breaches and disasters, compliance, network infrastructure, password management, vulnerability scanning, penetration testing, and more. Network engineers, system administrators, and security professionals will learn how to use frameworks, tools, and techniques to build and improve their cybersecurity programs.

This book will help you:
- Plan and design incident response, disaster recovery, compliance, and physical security
- Learn and apply basic penetration-testing concepts through purple teaming
- Conduct vulnerability management using automated processes and tools
- Use IDS, IPS, SOC, logging, and monitoring
- Bolster Microsoft and Unix systems, network infrastructure, and password management
- Use segmentation practices and designs to compartmentalize your network
- Reduce exploitable errors by developing code securely

Specificaties

ISBN13:9781098127244
Taal:Engels
Bindwijze:paperback
Aantal pagina's:285
Uitgever:O'Reilly
Druk:2
Verschijningsdatum:14-7-2024
Hoofdrubriek:IT-management / ICT
ISSN:

Lezersrecensies

Wees de eerste die een lezersrecensie schrijft!

Over Lee Brotherston

Lee Brotherston is a Senior Security Advisor with Leviathan Security, providing Information Security consulting services to a range of clients. Having spent more than a decade in Information Security, Lee has worked as an Internal Security resource across many verticals including Finance, Telecommunications, Hospitality, Entertainment, and Government in roles ranging from Engineer to IT Security Manager.

Andere boeken door Lee Brotherston

Over Amanda Berlin

Amanda Berlin is an Information Security Architect for a consulting firm in Northern Ohio. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. Amanda has been involved in implementing a secure Payment Card Industries (PCI) process and Health Insurance Portability and Accountability Act (HIPAA) compliance as well as building a comprehensive phishing and awards-based user education program. She is the author for a Blue Team best practices book called "Defensive Security Handbook: Best Practices for Securing Infrastructure" through O'Reilly Media. She is a co-host on the Brakeing Down Security podcast and writes for several blogs. On Twitter, she's @InfoSystir.

Andere boeken door Amanda Berlin

Inhoudsopgave

Foreword to the First Edition
Preface
Our Goal
Who This Book Is For
Navigating the Book
Conventions Used in This Book
O’Reilly Online Learning
How to Contact Us
Acknowledgments
Amanda
Lee
Bill

1. Creating a Security Program
Laying the Groundwork
Establishing Teams
Determining Your Baseline Security Posture
Assessing Threats and Risks
Identify Scope, Assets, and Threats
Assess Risk and Impact
Mitigate
Monitor
Govern
Prioritizing
Creating Milestones
Use Cases, Tabletops, and Drills
Expanding Your Team and Skillsets
Conclusion

2. Asset Management and Documentation
What Is Asset Management?
Documentation
Establishing the Schema
Data Storage Options
Data Classification
Understanding Your Inventory Schema
Asset Management Implementation Steps
Defining the Lifecycle
Information Gathering
Change Tracking
Monitoring and Reporting
Asset Management Guidelines
Automate
Establish a Single Source of Truth
Organize a Company-wide Team
Find Executive Champions
Keep on Top of Software Licensing
Conclusion

3. Policies
Language
Document Contents
Topics
Storage and Communication
Conclusion

4. Standards and Procedures
Standards
Procedures
Document Contents
Conclusion

5. User Education
Broken Processes
Bridging the Gap
Building Your Own Program
Establish Objectives
Establish Baselines
Scope and Create Program Rules and Guidelines
Provide Positive Reinforcement
Define Incident Response Processes
Obtaining Meaningful Metrics
Measurements
Tracking Success Rate and Progress
Important Metrics
Conclusion

6. Incident Response
Processes
Pre-Incident Processes
Incident Processes
Post-Incident Processes
Tools and Technology
Log Analysis
EDR/XDR/MDR/All the “Rs”
Disk and File Analysis
Memory Analysis
PCAP Analysis
All-in-One Tools
Conclusion

7. Disaster Recovery
Setting Objectives
Recovery Point Objective
Recovery Time Objective
Recovery Strategies
Traditional Physical Backups
Warm Standby
High Availability
Alternate System
System Function Reassignment
Cloud Native Disaster Recovery
Dependencies
Scenarios
Invoking a Failover...and Back
Testing
Security Considerations
Conclusion

8. Industry Compliance Standards and Frameworks
Industry Compliance Standards
Family Educational Rights and Privacy Act (FERPA)
Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
Payment Card Industry Data Security Standard (PCI DSS)
Sarbanes-Oxley (SOX) Act
Frameworks
Center for Internet Security (CIS)
Cloud Control Matrix (CCM)
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Control Objectives for Information and Related Technologies (COBIT)
ISO-27000 Series
MITRE ATT&CK
NIST Cybersecurity Framework (CSF)
Regulated Industries
Financial
Government
Healthcare
Conclusion

9. Physical Security
Physical
Restrict Access
Video Surveillance
Authentication Maintenance
Secure Media
Datacenters
Operational Aspects
Identifying Visitors and Contractors
Physical Security Training
Conclusion

10. Microsoft Windows Infrastructure
Quick Wins
Upgrade
Third-Party Patches
Open Shares
Active Directory Domain Services
Forests
Domains
Domain Controllers
Organizational Units
Groups
Accounts
Group Policy Objects (GPOs)
Conclusion

11. Unix Application Servers
Keeping Up-to-Date
Third-Party Software Updates
Core Operating System Updates
Hardening a Unix Application Server
Disable Services
Set File Permissions
Use Host-Based Firewalls
Manage File Integrity
Configure Separate Disk Partitions
Use chroot
Set Up Mandatory Access Control
Conclusion

12. Endpoints
Keeping Up-to-Date
Microsoft Windows
macOS
Unix Desktops
Third-Party Updates
Hardening Endpoints
Disable Services
Use Desktop Firewalls
Implement Full-Disk Encryption
Use Endpoint Protection Tools
Mobile Device Management
Endpoint Visibility
Centralization
Conclusion

13. Databases
Introduction to Databases and Their Importance in Information Security
Database Implementations
Common Database Management Systems
A Real-World Case Study: The Marriott Breach
Database Security Threats and Vulnerabilities
Unauthorized Access
SQL Injection
Data Leakage
Insider Threats
Defense Evasion
Database Security Best Practices
Data Encryption
Authentication and Authorization Mechanisms
Secure Database Configuration and Hardening
Database Management in the Cloud
Hands-on Exercise: Implementing Encryption in a MySQL Database (Operation Lockdown)
Conclusion

14. Cloud Infrastructure
Types of Cloud Services and Their Security Implications
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
The Shared Responsibility Model
Common Cloud Security Mistakes and How to Avoid Them
Misconfigurations
Inadequate Credential and Secrets Management
Overpermissioned Cloud Resources
Poor Security Hygiene
Failing to Understand the Shared Responsibility Model
Cloud Security Best Practices
Start with Secure Architectural Patterns
Properly Manage Secrets
Embrace Well-Architected Frameworks
Continue Following Security Best Practices
Exercise: Gaining Security Visibility into an AWS Environment
Configure an SNS Email Notification
Enable GuardDuty
Set Up EventBridge to Route Alerts to Email
Testing
Conclusion

15. Authentication
Identity and Access Management
Passwords
Password Basics
Encryption, Hashing, and Salting
Password Management
Additional Password Security
Common Authentication Protocols
NTLM
Kerberos
LDAP
RADIUS
Differences Between Protocols
Protocol Security
Choosing the Best Protocol for Your Organization
Multi-Factor Authentication
MFA Weaknesses
Where It Should Be Implemented
Conclusion

16. Secure Network Infrastructure
Device Hardening
Firmware/Software Patching
Services
SNMP
Encrypted Protocols
Management Network
Hardware Devices
Bastion Hosts
Routers
Switches
Wireless Devices
Design
Egress Filtering
IPv6: A Cautionary Note
TACACS+
Networking Attacks
ARP Cache Poisoning and MAC Spoofing
DDoS Amplification
VPN Attacks
Wireless
Conclusion

17. Segmentation
Network Segmentation
Physical
Logical
Physical and Logical Network Example
Software-Defined Networking
Application Segmentation
Segmentation of Roles and Responsibilities
Conclusion

18. Vulnerability Management
Authenticated Versus Unauthenticated Scans
Vulnerability Assessment Tools
Open Source Tools
Vulnerability Management Program
Program Initialization
Business as Usual
Remediation Prioritization
Risk Acceptance
Conclusion

19. Development
Language Selection
Assembly
C and C++
Go
Rust
Python/Ruby/Perl
PHP
Secure Coding Guidelines
Testing
Automated Static Testing
Automated Dynamic Testing
Peer Review
Software Development Lifecycle
Conclusion

20. OSINT and Purple Teaming
Open Source Intelligence
Types of Information and Access
Modern OSINT Tools
Purple Teaming
A Purple Teaming Example
Conclusion

21. Understanding IDSs and IPSs
Role in Information Security
Exploring IDS and IPS Types
Network-Based IDSs
Host-Based IDSs
IPSs
NGFWs
IDSs and IPSs in the Cloud
AWS
Azure
GCP
Working with IDSs and IPSs
Managing False Positives
Writing Your Own Signatures
IDS/IPS Positioning
Encrypted Protocols
Conclusion

22. Logging and Monitoring
Security Information and Event Management
Why Use a SIEM
Scope of Coverage
Designing the SIEM
Log Analysis and Enrichment
Sysmon
Group Policy
Alert Examples and Log Sources to Focus On
Authentication Systems
Application Logs
Cloud Services
Databases
DNS
Endpoint Protection Solutions
IDSs/IPSs
Operating Systems
Proxy and Firewall Logs
User Accounts, Groups, and Permissions
Testing and Continuing Configuration
Aligning with Detection Frameworks, Compliance Mandates, and Use Cases
MITRE ATT&CK
Sigma
Compliance
Use Case Analysis
Conclusion

23. The Extra Mile
Email Servers
DNS Servers
Security Through Obscurity
Useful Resources
Books
Blogs
Podcasts
Websites
Appendix. User Education Templates
Live Phishing Education Slides
You’ve Been Hacked!
What Just Happened, and Why?
Social Engineering 101(0101)
So It’s OK That You Were Exploited (This Time)
No Blame, No Shames, Just...
A Few Strategies for Next Time
Because There Will Be a Next Time
If Something Feels Funny
If Something Looks Funny
If Something Sounds Funny
Feels, Looks, or Sounds Funny—Call the IT Help Desk
What If I Already Clicked the Link or Opened the Attachment?
What If I Didn’t Click the Link or Attachment?
Your IT Team Is Here for You!
Phishing Program Rules

Index
About the Authors

Managementboek Top 100

Rubrieken

Populaire producten

    Personen

      Trefwoorden

        Defensive Security Handbook