book

Defensive Security Handbook, 2nd Edition

by Lee Brotherston, Amanda Berlin, William F. Reyor

June 2024

Intermediate to advanced

362 pages

10h 52m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Foreword to the First Edition
Preface
Our GoalWho This Book Is ForNavigating the BookConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgmentsAmandaLeeBill
1. Creating a Security Program
Laying the GroundworkEstablishing TeamsDetermining Your Baseline Security PostureAssessing Threats and RisksIdentify Scope, Assets, and ThreatsAssess Risk and ImpactMitigateMonitorGovernPrioritizingCreating MilestonesUse Cases, Tabletops, and DrillsExpanding Your Team and SkillsetsConclusion
2. Asset Management and Documentation
What Is Asset Management?DocumentationEstablishing the SchemaData Storage OptionsData ClassificationUnderstanding Your Inventory SchemaAsset Management Implementation StepsDefining the LifecycleInformation GatheringChange TrackingMonitoring and ReportingAsset Management GuidelinesAutomateEstablish a Single Source of TruthOrganize a Company-wide TeamFind Executive ChampionsKeep on Top of Software LicensingConclusion
3. Policies
LanguageDocument ContentsTopicsStorage and CommunicationConclusion
4. Standards and Procedures
StandardsProceduresDocument ContentsConclusion
5. User Education
Broken ProcessesBridging the GapBuilding Your Own ProgramEstablish ObjectivesEstablish BaselinesScope and Create Program Rules and GuidelinesProvide Positive ReinforcementDefine Incident Response ProcessesObtaining Meaningful MetricsMeasurementsTracking Success Rate and ProgressImportant MetricsConclusion
6. Incident Response
ProcessesPre-Incident ProcessesIncident ProcessesPost-Incident ProcessesTools and TechnologyLog AnalysisEDR/XDR/MDR/All the “Rs”Disk and File AnalysisMemory AnalysisPCAP AnalysisAll-in-One ToolsConclusion
7. Disaster Recovery
Setting ObjectivesRecovery Point ObjectiveRecovery Time ObjectiveRecovery StrategiesTraditional Physical BackupsWarm StandbyHigh AvailabilityAlternate SystemSystem Function ReassignmentCloud Native Disaster RecoveryDependenciesScenariosInvoking a Failover...and BackTestingSecurity ConsiderationsConclusion
8. Industry Compliance Standards and Frameworks
Industry Compliance StandardsFamily Educational Rights and Privacy Act (FERPA)Gramm-Leach-Bliley Act (GLBA)Health Insurance Portability and Accountability Act (HIPAA)Payment Card Industry Data Security Standard (PCI DSS)Sarbanes-Oxley (SOX) ActFrameworksCenter for Internet Security (CIS)Cloud Control Matrix (CCM)The Committee of Sponsoring Organizations of the Treadway Commission (COSO)Control Objectives for Information and Related Technologies (COBIT)ISO-27000 SeriesMITRE ATT&CKNIST Cybersecurity Framework (CSF)Regulated IndustriesFinancialGovernmentHealthcareConclusion

9. Physical Security
PhysicalRestrict AccessVideo SurveillanceAuthentication MaintenanceSecure MediaDatacentersOperational AspectsIdentifying Visitors and ContractorsPhysical Security TrainingConclusion
10. Microsoft Windows Infrastructure
Quick WinsUpgradeThird-Party PatchesOpen SharesActive Directory Domain ServicesForestsDomainsDomain ControllersOrganizational UnitsGroupsAccountsGroup Policy Objects (GPOs)Conclusion
11. Unix Application Servers
Keeping Up-to-DateThird-Party Software UpdatesCore Operating System UpdatesHardening a Unix Application ServerDisable ServicesSet File PermissionsUse Host-Based FirewallsManage File IntegrityConfigure Separate Disk PartitionsUse chrootSet Up Mandatory Access ControlConclusion
12. Endpoints
Keeping Up-to-DateMicrosoft WindowsmacOSUnix DesktopsThird-Party UpdatesHardening EndpointsDisable ServicesUse Desktop FirewallsImplement Full-Disk EncryptionUse Endpoint Protection ToolsMobile Device ManagementEndpoint VisibilityCentralizationConclusion
13. Databases
Introduction to Databases and Their Importance in Information SecurityDatabase ImplementationsCommon Database Management SystemsA Real-World Case Study: The Marriott BreachDatabase Security Threats and VulnerabilitiesUnauthorized AccessSQL InjectionData LeakageInsider ThreatsDefense EvasionDatabase Security Best PracticesData EncryptionAuthentication and Authorization MechanismsSecure Database Configuration and HardeningDatabase Management in the CloudHands-on Exercise: Implementing Encryption in a MySQL Database (Operation Lockdown)Conclusion
14. Cloud Infrastructure
Types of Cloud Services and Their Security ImplicationsSoftware as a Service (SaaS)Platform as a Service (PaaS)Infrastructure as a Service (IaaS)The Shared Responsibility ModelCommon Cloud Security Mistakes and How to Avoid ThemMisconfigurationsInadequate Credential and Secrets ManagementOverpermissioned Cloud ResourcesPoor Security HygieneFailing to Understand the Shared Responsibility ModelCloud Security Best PracticesStart with Secure Architectural PatternsProperly Manage SecretsEmbrace Well-Architected FrameworksContinue Following Security Best PracticesExercise: Gaining Security Visibility into an AWS EnvironmentConfigure an SNS Email NotificationEnable GuardDutySet Up EventBridge to Route Alerts to EmailTestingConclusion
15. Authentication
Identity and Access ManagementPasswordsPassword BasicsEncryption, Hashing, and SaltingPassword ManagementAdditional Password SecurityCommon Authentication ProtocolsNTLMKerberosLDAPRADIUSDifferences Between ProtocolsProtocol SecurityChoosing the Best Protocol for Your OrganizationMulti-Factor AuthenticationMFA WeaknessesWhere It Should Be ImplementedConclusion
16. Secure Network Infrastructure
Device HardeningFirmware/Software PatchingServicesSNMPEncrypted ProtocolsManagement NetworkHardware DevicesBastion HostsRoutersSwitchesWireless DevicesDesignEgress FilteringIPv6: A Cautionary NoteTACACS+Networking AttacksARP Cache Poisoning and MAC SpoofingDDoS AmplificationVPN AttacksWirelessConclusion
17. Segmentation
Network SegmentationPhysicalLogicalPhysical and Logical Network ExampleSoftware-Defined NetworkingApplication SegmentationSegmentation of Roles and ResponsibilitiesConclusion
18. Vulnerability Management
Authenticated Versus Unauthenticated ScansVulnerability Assessment ToolsOpen Source ToolsVulnerability Management ProgramProgram InitializationBusiness as UsualRemediation PrioritizationRisk AcceptanceConclusion
19. Development
Language SelectionAssemblyC and C++GoRustPython/Ruby/PerlPHPSecure Coding GuidelinesTestingAutomated Static TestingAutomated Dynamic TestingPeer ReviewSoftware Development LifecycleConclusion
20. OSINT and Purple Teaming
Open Source IntelligenceTypes of Information and AccessModern OSINT ToolsPurple TeamingA Purple Teaming ExampleConclusion
21. Understanding IDSs and IPSs
Role in Information SecurityExploring IDS and IPS TypesNetwork-Based IDSsHost-Based IDSsIPSsNGFWsIDSs and IPSs in the CloudAWSAzureGCPWorking with IDSs and IPSsManaging False PositivesWriting Your Own SignaturesIDS/IPS PositioningEncrypted ProtocolsConclusion
22. Logging and Monitoring
Security Information and Event ManagementWhy Use a SIEMScope of CoverageDesigning the SIEMLog Analysis and EnrichmentSysmonGroup PolicyAlert Examples and Log Sources to Focus OnAuthentication SystemsApplication LogsCloud ServicesDatabasesDNSEndpoint Protection SolutionsIDSs/IPSsOperating SystemsProxy and Firewall LogsUser Accounts, Groups, and PermissionsTesting and Continuing ConfigurationAligning with Detection Frameworks, Compliance Mandates, and Use CasesMITRE ATT&CKSigmaComplianceUse Case AnalysisConclusion
23. The Extra Mile
Email ServersDNS ServersSecurity Through ObscurityUseful ResourcesBooksBlogsPodcastsWebsites
Appendix. User Education Templates
Live Phishing Education SlidesYou’ve Been Hacked!What Just Happened, and Why?Social Engineering 101(0101)So It’s OK That You Were Exploited (This Time)No Blame, No Shames, Just...A Few Strategies for Next TimeBecause There Will Be a Next TimeIf Something Feels FunnyIf Something Looks FunnyIf Something Sounds FunnyFeels, Looks, or Sounds Funny—Call the IT Help DeskWhat If I Already Clicked the Link or Opened the Attachment?What If I Didn’t Click the Link or Attachment?Your IT Team Is Here for You!Phishing Program Rules
Index
About the Authors

Overview

Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don't have the budget for an information security (InfoSec) program. If you're forced to protect yourself by improvising on the job, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost.

Each chapter in this book provides step-by-step instructions for dealing with issues such as breaches and disasters, compliance, network infrastructure, password management, vulnerability scanning, penetration testing, and more. Network engineers, system administrators, and security professionals will learn how to use frameworks, tools, and techniques to build and improve their cybersecurity programs.

This book will help you:

Plan and design incident response, disaster recovery, compliance, and physical security
Learn and apply basic penetration-testing concepts through purple teaming
Conduct vulnerability management using automated processes and tools
Use IDS, IPS, SOC, logging, and monitoring
Bolster Microsoft and Unix systems, network infrastructure, and password management
Use segmentation practices and designs to compartmentalize your network
Reduce exploitable errors by developing code securely

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098127237Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills