book

Defensive Security Handbook, 2nd Edition

by Lee Brotherston, Amanda Berlin, William F. Reyor

June 2024

Intermediate to advanced

362 pages

10h 52m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Our GoalWho This Book Is ForNavigating the BookConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgmentsAmandaLeeBill
Laying the GroundworkEstablishing TeamsDetermining Your Baseline Security PostureAssessing Threats and RisksIdentify Scope, Assets, and ThreatsAssess Risk and ImpactMitigateMonitorGovernPrioritizingCreating MilestonesUse Cases, Tabletops, and DrillsExpanding Your Team and SkillsetsConclusion
What Is Asset Management?DocumentationEstablishing the SchemaData Storage OptionsData ClassificationUnderstanding Your Inventory SchemaAsset Management Implementation StepsDefining the LifecycleInformation GatheringChange TrackingMonitoring and ReportingAsset Management GuidelinesAutomateEstablish a Single Source of TruthOrganize a Company-wide TeamFind Executive ChampionsKeep on Top of Software LicensingConclusion
LanguageDocument ContentsTopicsStorage and CommunicationConclusion
StandardsProceduresDocument ContentsConclusion
Broken ProcessesBridging the GapBuilding Your Own ProgramEstablish ObjectivesEstablish BaselinesScope and Create Program Rules and GuidelinesProvide Positive ReinforcementDefine Incident Response ProcessesObtaining Meaningful MetricsMeasurementsTracking Success Rate and ProgressImportant MetricsConclusion
ProcessesPre-Incident ProcessesIncident ProcessesPost-Incident ProcessesTools and TechnologyLog AnalysisEDR/XDR/MDR/All the “Rs”Disk and File AnalysisMemory AnalysisPCAP AnalysisAll-in-One ToolsConclusion
Setting ObjectivesRecovery Point ObjectiveRecovery Time ObjectiveRecovery StrategiesTraditional Physical BackupsWarm StandbyHigh AvailabilityAlternate SystemSystem Function ReassignmentCloud Native Disaster RecoveryDependenciesScenariosInvoking a Failover...and BackTestingSecurity ConsiderationsConclusion
Industry Compliance StandardsFamily Educational Rights and Privacy Act (FERPA)Gramm-Leach-Bliley Act (GLBA)Health Insurance Portability and Accountability Act (HIPAA)Payment Card Industry Data Security Standard (PCI DSS)Sarbanes-Oxley (SOX) ActFrameworksCenter for Internet Security (CIS)Cloud Control Matrix (CCM)The Committee of Sponsoring Organizations of the Treadway Commission (COSO)Control Objectives for Information and Related Technologies (COBIT)ISO-27000 SeriesMITRE ATT&CKNIST Cybersecurity Framework (CSF)Regulated IndustriesFinancialGovernmentHealthcareConclusion

PhysicalRestrict AccessVideo SurveillanceAuthentication MaintenanceSecure MediaDatacentersOperational AspectsIdentifying Visitors and ContractorsPhysical Security TrainingConclusion
Quick WinsUpgradeThird-Party PatchesOpen SharesActive Directory Domain ServicesForestsDomainsDomain ControllersOrganizational UnitsGroupsAccountsGroup Policy Objects (GPOs)Conclusion
Keeping Up-to-DateThird-Party Software UpdatesCore Operating System UpdatesHardening a Unix Application ServerDisable ServicesSet File PermissionsUse Host-Based FirewallsManage File IntegrityConfigure Separate Disk PartitionsUse chrootSet Up Mandatory Access ControlConclusion
Keeping Up-to-DateMicrosoft WindowsmacOSUnix DesktopsThird-Party UpdatesHardening EndpointsDisable ServicesUse Desktop FirewallsImplement Full-Disk EncryptionUse Endpoint Protection ToolsMobile Device ManagementEndpoint VisibilityCentralizationConclusion
Introduction to Databases and Their Importance in Information SecurityDatabase ImplementationsCommon Database Management SystemsA Real-World Case Study: The Marriott BreachDatabase Security Threats and VulnerabilitiesUnauthorized AccessSQL InjectionData LeakageInsider ThreatsDefense EvasionDatabase Security Best PracticesData EncryptionAuthentication and Authorization MechanismsSecure Database Configuration and HardeningDatabase Management in the CloudHands-on Exercise: Implementing Encryption in a MySQL Database (Operation Lockdown)Conclusion
Types of Cloud Services and Their Security ImplicationsSoftware as a Service (SaaS)Platform as a Service (PaaS)Infrastructure as a Service (IaaS)The Shared Responsibility ModelCommon Cloud Security Mistakes and How to Avoid ThemMisconfigurationsInadequate Credential and Secrets ManagementOverpermissioned Cloud ResourcesPoor Security HygieneFailing to Understand the Shared Responsibility ModelCloud Security Best PracticesStart with Secure Architectural PatternsProperly Manage SecretsEmbrace Well-Architected FrameworksContinue Following Security Best PracticesExercise: Gaining Security Visibility into an AWS EnvironmentConfigure an SNS Email NotificationEnable GuardDutySet Up EventBridge to Route Alerts to EmailTestingConclusion
Identity and Access ManagementPasswordsPassword BasicsEncryption, Hashing, and SaltingPassword ManagementAdditional Password SecurityCommon Authentication ProtocolsNTLMKerberosLDAPRADIUSDifferences Between ProtocolsProtocol SecurityChoosing the Best Protocol for Your OrganizationMulti-Factor AuthenticationMFA WeaknessesWhere It Should Be ImplementedConclusion
Device HardeningFirmware/Software PatchingServicesSNMPEncrypted ProtocolsManagement NetworkHardware DevicesBastion HostsRoutersSwitchesWireless DevicesDesignEgress FilteringIPv6: A Cautionary NoteTACACS+Networking AttacksARP Cache Poisoning and MAC SpoofingDDoS AmplificationVPN AttacksWirelessConclusion
Network SegmentationPhysicalLogicalPhysical and Logical Network ExampleSoftware-Defined NetworkingApplication SegmentationSegmentation of Roles and ResponsibilitiesConclusion
Authenticated Versus Unauthenticated ScansVulnerability Assessment ToolsOpen Source ToolsVulnerability Management ProgramProgram InitializationBusiness as UsualRemediation PrioritizationRisk AcceptanceConclusion
Language SelectionAssemblyC and C++GoRustPython/Ruby/PerlPHPSecure Coding GuidelinesTestingAutomated Static TestingAutomated Dynamic TestingPeer ReviewSoftware Development LifecycleConclusion
Open Source IntelligenceTypes of Information and AccessModern OSINT ToolsPurple TeamingA Purple Teaming ExampleConclusion
Role in Information SecurityExploring IDS and IPS TypesNetwork-Based IDSsHost-Based IDSsIPSsNGFWsIDSs and IPSs in the CloudAWSAzureGCPWorking with IDSs and IPSsManaging False PositivesWriting Your Own SignaturesIDS/IPS PositioningEncrypted ProtocolsConclusion
Security Information and Event ManagementWhy Use a SIEMScope of CoverageDesigning the SIEMLog Analysis and EnrichmentSysmonGroup PolicyAlert Examples and Log Sources to Focus OnAuthentication SystemsApplication LogsCloud ServicesDatabasesDNSEndpoint Protection SolutionsIDSs/IPSsOperating SystemsProxy and Firewall LogsUser Accounts, Groups, and PermissionsTesting and Continuing ConfigurationAligning with Detection Frameworks, Compliance Mandates, and Use CasesMITRE ATT&CKSigmaComplianceUse Case AnalysisConclusion
Email ServersDNS ServersSecurity Through ObscurityUseful ResourcesBooksBlogsPodcastsWebsites
Live Phishing Education SlidesYou’ve Been Hacked!What Just Happened, and Why?Social Engineering 101(0101)So It’s OK That You Were Exploited (This Time)No Blame, No Shames, Just...A Few Strategies for Next TimeBecause There Will Be a Next TimeIf Something Feels FunnyIf Something Looks FunnyIf Something Sounds FunnyFeels, Looks, or Sounds Funny—Call the IT Help DeskWhat If I Already Clicked the Link or Opened the Attachment?What If I Didn’t Click the Link or Attachment?Your IT Team Is Here for You!Phishing Program Rules

Content preview from Defensive Security Handbook, 2nd Edition

Chapter 16. Secure Network Infrastructure

When we talk about securing network infrastructure, we’re referring to the hardware and software that enables network connectivity, communication, operations, and management of business networks. This includes routers, switches, wireless access points (WAPs), cables, firewalls, network security devices, and management software often used for network orchestration.

When we think about securing our IT environments, it’s easy to focus our attention on application and operating system security while overlooking fundamental building blocks of an environment, such as the network infrastructure.

However, attacks against network infrastructure can have a very real business impact. The threats include denial of service (DoS) attacks, which cause unexpected outages, and man-in-the-middle attacks, where the attacker reroutes traffic on a network to a system they control, allowing them to intercept, inspect, and possibly modify it.

A solidly built network with proper segmentation, access controls, monitoring, and hardening will significantly hamper an attacker’s efforts to move laterally within a network or to exfiltrate data and help to keep them contained within a particular area of the network in the event that a breach should occur.

There are many books specializing in network security, of all shapes and sizes. In this brief chapter, we won’t dive deeply into every single aspect of how to secure a network; we’ll focus on the general concepts ...