Details
| Title | Mastering Defensive Security: Effective Techniques to Secure Your Windows, Linux, IoT, and Cloud Infrastructure. |
|---|---|
| Creators | Bravo Cesar. ; Kitchen Darren. |
| Collection | Электронные книги зарубежных издательств ; Общая коллекция |
| Subjects | Computer security. ; Information technology — Security measures. ; Computer Security ; Sécurité informatique. ; Technologie de l'information — Sécurité — Mesures. ; EBSCO eBooks |
| Document type | Other |
| File type | |
| Language | English |
| Rights | Доступ по паролю из сети Интернет (чтение, печать, копирование) |
| Record key | on1283849360 |
| Record create date | 11/6/2021 |
Allowed Actions
| pdf/3072391.pdf | – |
Action 'Read' will be available if you login or access site from another network
Action 'Download' will be available if you login or access site from another network
|
|---|---|---|
| epub/3072391.epub | – |
Action 'Download' will be available if you login or access site from another network
|
| Group | Anonymous |
|---|---|
| Network | Internet |
| Network | User group | Action |
|---|---|---|
| ILC SPbPU Local Network | All |
|
| Internet | Authorized users SPbPU |
|
| Internet | Anonymous |
|
- Cover
- Title page
- Copyright and Credits
- Dedication
- Foreword
- Contributors
- Table of Contents
- Preface
- Section 1: Mastering Defensive Security Concepts
- Chapter 1: A Refresher
on Defensive Security Concepts
- Technical requirements
- Deep dive into the core of cybersecurity
- The cybersecurity triad
- Types of attacks
- Managing cybersecurity's legendary pain point: Passwords
- Password breaches
- Social engineering attacks using compromised passwords
- Brute-force attacks
- Dictionary attacks
- Creating a secure password
- Managing passwords at the enterprise level
- Bonus track
- Mastering defense in depth
- Factors to consider when creating DiD models
- Asset identification
- Defense by layers
- Bonus track
- Comparing the blue and red teams
- Summary
- Further reading
- Chapter 2: Managing Threats, Vulnerabilities,
and Risks
- Technical requirements
- Understanding cybersecurity vulnerabilities and threats
- Performing a vulnerability assessment
- The vulnerability assessment process
- When should you check for vulnerabilities?
- Types of vulnerabilities
- USB HID vulnerabilities
- Types of USB HID attacks
- A false sense of security
- Protecting against USB HID attacks
- Managing cybersecurity risks
- Risk identification
- Risk assessment
- Risk response
- Risk monitoring
- The NIST Cybersecurity Framework
- Identify
- Protect
- Detect
- Respond
- Recover
- Creating an effective Business Continuity
Plan (BCP)
- Creating a Business Impact Analysis (BIA)
- Business Continuity Planning (BCP)
- Implementing a best-in-class DRP
- Creating a DRP
- Implementing the DRP
- Summary
- Further reading
- Chapter 3: Comprehending Policies, Procedures, Compliance,
and Audits
- Creating world-class cybersecurity policies and procedures
- Cybersecurity policies
- Cybersecurity procedures
- The CUDSE method
- Understanding and achieving compliance
- Types of regulations
- Achieving compliance
- Exploring, creating, and managing audits
- Internal cybersecurity audits
- External cybersecurity audits
- Data management during audits
- Types of cybersecurity audit
- What triggers an audit?
- Applying a CMM
- The goals of a CMM
- Characteristics of a good CMM
- The structure of a good CMM
- Analyzing the results
- Advantages of a CMM
- Summary
- Further reading
- Creating world-class cybersecurity policies and procedures
- Chapter 4: Patching Layer 8
- Understanding layer 8 – the insider threat
- The inadvertent user
- The malicious insider
- How do you spot a malicious insider?
- Protecting your infrastructure against malicious insiders
- Mastering the art of social engineering
- The social engineering cycle
- Social engineering techniques
- Types of social engineering attacks
- Defending against social engineering attacks (patching layer 8)
- Creating your training strategy
- Admin rights
- Implementing a strong BYOD policy
- Performing random social engineering campaigns
- Summary
- Further reading
- Understanding layer 8 – the insider threat
- Chapter 5: Cybersecurity Technologies and Tools
- Technical requirements
- Advanced wireless tools for cybersecurity
- Defending from wireless attacks
- Pentesting tools and methods
- Metasploit framework
- Social engineering toolkit
- exe2hex
- Applying forensics tools and methods
- Dealing with evidence
- Forensic tools
- Recovering deleted files
- Dealing with APTs
- Defensive techniques
- Leveraging security threat intelligence
- Threat intelligence 101
- Implementing threat intelligence
- Converting a threat into a solution
- The problem
- The solution
- Summary
- Further reading
- Section 2: Applying Defensive Security
- Chapter 6: Securing Windows Infrastructures
- Technical requirements
- Applying Windows hardening
- Hardening by the infrastructure team
- Creating a hardening checklist
- Creating a patching strategy
- The complexity of patching
- Distribution of tasks (patching roles and assignments)
- Distribution and deployment of patches
- Types of patches
- Applying security to AD
- Secure administrative hosts
- Windows Server Security documentation
- Mastering endpoint security
- Windows updates
- Why move to Windows 10?
- Physical security
- Antivirus solutions
- Windows Defender Firewall
- Application control
- URL filtering
- Spam filtering
- Client-facing systems
- Backups
- Users
- Securing the data
- Leveraging encryption
- Configuring BitLocker
- Summary
- Chapter 7: Hardening
a Unix Server
- Technical requirements
- Securing Unix services
- Defining the purpose of the server
- Secure startup configuration
- Managing services
- Applying secure file permissions
- Understanding ownership and permissions
- Default permissions
- Permissions in directories (folders)
- Changing default permissions with umask
- Permissions hierarchy
- Comparing directory permissions
- Changing permissions and ownership of a single file
- Useful commands to search for unwanted permissions
- Enhancing the protection of the server by improving your access controls
- Viewing ACLs
- Managing ACLs
- Default ACL on directories
- Removing ACLs
- Enhanced access controls
- Configuring host-based firewalls
- Understanding iptables
- Configuring iptables
- SSH brute-force protection with iptables
- Protecting from port scanning with iptables
- Advanced management of logs
- Leveraging the logs
- Summary
- Further reading
- Chapter 8: Enhancing
Your Network Defensive Skills
- Technical requirements
- Using the master tool of network
mapping – Nmap
- Phases of a cyber attack
- Nmap
- Nmap scripts
- Improving the protection of wireless networks
- Wireless network vulnerabilities
- User's safety guide for wireless networks
- Introducing Wireshark
- Finding users using insecure protocols
- FTP, HTTP, and other unencrypted traffic
- Wireshark for defensive security
- Working with IPS/IDS
- What is an IDS?
- What is an IPS?
- Free IDS/IPS
- IPS versus IDS
- Summary
- Chapter 9: Deep Diving into Physical Security
- Technical requirements
- Understanding physical security and associated threats
- The powerful LAN Turtle
- The stealthy Plunder Bug LAN Tap
- The dangerous Packet Squirrel
- The portable Shark Jack
- The amazing Screen Crab
- The advanced Key Croc
- USB threats
- Equipment theft
- Environmental risks
- Physical security mechanisms
- Mastering physical security
- Clean desk policy
- Physical security audits
- Summary
- Further reading
- Chapter 10: Applying IoT Security
- Understanding the Internet of Things
- The risks
- The vulnerabilities
- Understanding IoT networking technologies
- LoRaWAN
- Zigbee
- Sigfox
- Bluetooth
- Security considerations
- Improving IoT security
- Creating cybersecurity hardware using IoT-enabled devices
- Raspberry Pi firewall and intrusion detection system
- Defensive security systems for industrial control systems (SCADA)
- Secure USB-to-USB copy machine
- Creating a $10 honeypot
- Advanced monitoring of web apps and networks
- Creating an internet ad blocker
- Access control and physical security systems
- Bonus track – Understanding the danger of unauthorized IoT devices
- Detecting unauthorized IoT devices
- Detecting a Raspberry Pi
- Disabling rogue Raspberry Pi devices
- Summary
- Further reading
- Understanding the Internet of Things
- Chapter 11: Secure Development and Deployment
on the Cloud
- Technical requirements
- Secure deployment and implementation of cloud applications
- Security by cloud models
- Data security in the cloud
- Securing Kubernetes and APIs
- Cloud-native security
- Controlling access to the Kubernetes API
- Controlling access to kubelet
- Preventing containers from loading unwanted kernel modules
- Restricting access to etcd
- Avoiding the use of alpha or beta features in production
- Third-party integrations
- Hardening database services
- Testing your cloud security
- Azure Security Center
- Amazon CloudWatch
- AppDynamics
- Nessus vulnerability scanner
- InsightVM
- Intruder
- Summary
- Further reading
- Chapter 12: Mastering Web
App Security
- Technical requirements
- Gathering intelligence about your site/web application
- Importance of public data gathering
- Open Source Intelligence
- Hosting information
- Checking data exposure with Google hacking (dorks)
- Leveraging DVWA
- Installing DVWA on Kali Linux
- Overviewing the most common attacks on web applications
- Exploring XSS attacks
- Using Burp Suite
- Burp Suite versions
- Setting up Burp Suite on Kali
- SQL injection attack on DVWA
- Fixing a common error
- Brute forcing web applications' passwords
- Analyzing the results
- Summary
- Further reading
- Section 3: Deep Dive into Defensive Security
- Chapter 13: Vulnerability Assessment Tools
- Technical requirements
- Dealing with vulnerabilities
- Who should be looking for vulnerabilities?
- Bug bounty programs
- Internal vulnerabilities
- Vulnerability testing tools
- Using a vulnerability assessment scanner (OpenVAS)
- Authenticated tests
- Installing OpenVAS
- Using OpenVAS
- Updating your feeds
- Overview of Nexpose Community
- Summary
- Further reading
- Chapter 14: Malware Analysis
- Technical requirements
- Why should I analyze malware?
- Malware functionality
- Malware objectives
- Malware connections
- Malware backdoors
- Affected systems
- Types and categories of malware analysis
- Static malware analysis
- Dynamic malware analysis
- Hybrid malware analysis
- Static properties analysis
- Interactive behavior analysis
- Fully automated analysis
- Manual code reversing
- Best malware analysis tools
- Process Explorer
- Process Monitor
- ProcDOT
- Ghidra
- PeStudio
- Performing malware analysis
- Security measurements
- Executing the analysis
- Summary
- Further reading
- Chapter 15: Leveraging Pentesting for Defensive Security
- Technical requirements
- Understanding the importance of logs
- Log files
- Log management
- The importance of logs
- Knowing your enemy's best friend – Metasploit
- Metasploit
- Metasploit editions
- Installing Armitage
- Configuring Metasploit for the first time
- Installing Armitage (continued)
- Exploring Armitage
- Launching an attack with Armitage
- Executing Metasploit
- Other offensive hacking tools
- Searchsploit
- sqlmap
- Weevely
- Summary
- Further reading
- Chapter 16: Practicing Forensics
- Introduction to digital forensics
- Forensics to recover deleted or missing data
- Digital forensics on defensive security
- Who should be in charge of digital forensics?
- The digital forensics process
- Forensics platforms
- CAINE
- SIFT Workstation
- PALADIN
- Finding evidence
- Sources of data
- Mobile forensics
- Deviceless forensics
- Important data sources on mobile devices
- Transporting mobile devices
- Managing the evidence (from a legal perspective)
- ISO 27037
- Digital Evidence Policies and Procedures Manual
- FBI's Digital Evidence Policy Guide
- Regional Computer Forensics Laboratory
- US Cybersecurity & Infrastructure Security Agency
- Summary
- Further reading
- Introduction to digital forensics
- Chapter 17: Achieving Automation of Security Tools
- Why bother with automation?
- Benefits of automation
- The risks of ignoring automation
- Types of automated attacks
- Account aggregation
- Account creation
- Ad fraud
- CAPTCHA defeat
- Card cracking
- Carding
- Cashing out
- Credential cracking
- Credential stuffing
- Denial of inventory
- DoS
- Expediting
- Fingerprinting
- Footprinting
- Scalping
- Sniping
- Scraping
- Skewing
- Spamming
- Token cracking
- Vulnerability scanning
- Automation of cybersecurity tools using Python
- Local file search
- Basic forensics
- Web scraping
- Network security automation
- Cybersecurity automation with the
Raspberry Pi
- Automating threat intelligence gathering with a Fail2ban honeypot on a Raspberry Pi
- Automated internet monitoring system with the Raspberry Pi
- Summary
- Further reading
- Why bother with automation?
- Chapter 18: The Master's Compilation of Useful Resources
- Free cybersecurity templates
- Business continuity plan and disaster recovery plan templates
- Risk management
- Design and management of cybersecurity policies and procedures
- Must-have web resources
- Cyber threat or digital attack maps
- Cybersecurity certifications
- Cybersecurity news and blogs
- Cybersecurity tools
- Password-related tools
- Industry-leading best practices
- Regulations and standards
- Cybersecurity frameworks, standards, and more
- Summary
- Further reading
- Free cybersecurity templates
- About Packt
- Other Books You May Enjoy
- Index
