book

Making Sense of Cybersecurity

by Thomas Kranz

October 2022

Intermediate to advanced

288 pages

8h 37m

English

Manning Publications

Read now

Unlock full access

forewordprefaceacknowledgmentsabout this bookWho should read this bookHow this book is organized: A roadmapliveBook discussion forumabout the authorabout the cover illustration
1.1 Cybersecurity: How it has evolved1.2 Why should you care about cybersecurity?1.3 Who is the ideal reader for this book?1.4 How does hacking—and defending—work?1.5 What will you learn in this book?1.6 What we won’t cover1.6.1 Denial-of-service attacks1.6.2 Encryption1.7 What tools do you need to get started?Summary
2.1 Keeping it simple2.2 Impacts of a security breach2.3 Objectives of a cybersecurity strategy2.3.1 Applying what we’ve learned so far2.4 Supporting our strategy: Building a patching policy2.4.1 CVEs are used to coordinate all information around a specific bug, and a CVSS score is used to rate how serious it is2.4.2 Building a patching policy2.5 A culture of security2.6 How ready are you?Summary
3.1 Who are the hackers?3.1.1 Black hat3.1.2 Grey hat3.1.3 White hat3.2 Where do they come from?3.2.1 Black hat hacker: Alberto Gonzalez3.2.2 Grey hat hacker: Sabu and the Anonymous collective3.2.3 White hat hacker: Mudge3.2.4 The hacker mindset3.3 What are hackers capable of?3.3.1 The bad guys: Black hats3.3.2 The middle ground: Grey hats3.3.3 The good guys: White hats3.4 Working through a real-life problem: How do hackers think?3.4.1 Breaking a financial services website3.4.2 Combining the hacker mindset with the OODA loopSummary

4.1 How do hackers get in?4.1.1 Home setup4.1.2 Corporate network4.2 Data injection attacks4.2.1 SQLi4.2.2 Cross-site scripting4.3 Malware: Viruses, Trojans, and ransomware4.3.1 Viruses4.3.2 Trojans4.3.3 Ransomware4.3.4 Protection4.4 Dodgy Wi-Fi4.4.1 Defenses4.5 Mobile phones, SMS, and 5G4.5.1 Malware4.5.2 IMEI cloning4.5.3 SMS spoofing4.5.4 Problems with 5G4.5.5 Keeping safeSummary
5.1 The weakest link: People5.2 Malicious USB5.2.1 USB devices with malware5.2.2 BadUSB: USB devices that attack your laptop and phone5.2.3 Evil maid attacks5.3 Targeted attacks: Phishing5.4 Credential theft and passwords5.4.1 Store passwords more securely5.4.2 Make it easier to use unique, complex passwords5.4.3 Stop relying on just a password to protect your accounts5.5 Building access cardsSummary
6.1 What happens after they get in?6.2 Gaining more control: Privilege escalation6.3 Data theft6.3.1 Advanced persistent threat6.3.2 Making money from stolen financial details6.3.3 Making money from ID theft6.4 Insider threats6.5 “Blast radius”: Limiting the damage6.5.1 AI, machine learning, behavioral analysis, and snake oil6.6 Building your castle: Defense in depth6.6.1 Perimeter security: Build a wall6.6.2 Zero trust: The attackers are everywhereSummary
7.1 What is the Dark Web?7.1.1 TOR7.1.2 I2P7.1.3 Freenet7.2 How to access the Dark Web7.2.1 Precautions7.3 How is the Dark Web used?7.3.1 Illegal weapons7.3.2 Illegal drugs7.3.3 Hackers for hire7.3.4 Hacktivism7.3.5 Evading censorship7.3.6 Making money from stolen data7.3.7 BitcoinSummary
8.1 Issues vs. vulnerabilities vs. threats vs. risks8.2 How likely is a hack?8.3 How bad will it be?8.3.1 Common Vulnerability Scoring System8.3.2 CVE Vector8.3.3 Making things personal8.4 A simple model to measure risk8.5 How do I measure and communicate this?8.5.1 Page 1: Our security matrix8.5.2 Page 2: Our vulnerabilities8.5.3 Page 3: Our security roadmap8.5.4 Page 4: Information and actionsSummary
9.1 How are vulnerabilities discovered?9.1.1 An attacker has exploited a vulnerability9.1.2 A stranger has found what they think is a vulnerability9.1.3 A vendor has released a security advisory9.2 Vulnerability management9.2.1 Vulnerability life cycle management9.2.2 Vulnerability scanning workflow9.3 Break your own stuff: Penetration testing9.3.1 Defining the scope9.3.2 Carrying out the test9.3.3 The report9.4 Getting expert help: Bug bounties9.5 Breaking in: Physical penetration testing9.5.1 Why is physical penetration testing not carried out?9.5.2 Why does physical penetration testing matter?9.5.3 What should a physical penetration test cover?9.6 Red teams and blue teams9.6.1 Red team9.6.2 Blue team9.6.3 Other “colors of the rainbow” teams9.6.4 Keeping your staffSummary
10.1 Know what’s happening: Logging and monitoring10.1.1 Logging10.1.2 Monitoring10.2 Dealing with attacks: Incident response10.3 Keeping track of everything: Security and Information Event Management10.4 Gaining intelligence: Data feedsSummary
11.1 Don’t play the blame game11.2 MFA11.3 Protecting from ransomware11.3.1 Make sure everyone has antimalware software installed11.3.2 Make it easy to install legitimate software11.3.3 Backups11.4 Education and support11.4.1 Regular email newsletters11.4.2 Lunchtime talks11.4.3 Security concierge or security champion11.4.4 Live exercisesSummary
12.1 Responding to a breach12.1.1 Asset ownership12.1.2 Business continuity process12.1.3 Data/system restore12.1.4 PR/media communications12.1.5 Internal notification/communication groups12.1.6 Customer communications policy12.1.7 Cyber insurance policies12.1.8 Legal team involvement/advice12.1.9 Law enforcement engagement policy12.1.10 Country-specific data controller communications12.2 Where to get help?12.2.1 Cyber insurance providers12.2.2 Legal teams12.2.3 Law enforcement agencies12.2.4 Country-specific data controller organizations12.2.5 Hosting providers12.3 What to do next?12.4 Lessons learnedSummary

Content preview from Making Sense of Cybersecurity

Part 2

Part 2 of this book deals with the flip side of part 1: how we can build out relevant, proportional, and sustainable defenses against the attacks and attackers we met in part 1.

Each chapter looks at important elements that contribute to a successful cybersecurity operations capability. Chapter 8 dives into a commonly misunderstood but important area of cybersecurity: risk management. Chapter 9 then shows how to test your own systems and discover vulnerabilities and covers penetration testing, bug bounty programs, and dedicated hacking teams. Chapter 10 builds on chapters 8 and 9 by describing how security operations work and covers the key areas of monitoring, alerting, and incident response.

Finally, chapter 11 describes how to protect ...