You are previewing Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions.
O'Reilly logo
Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions

Book Description

A must-have, hands-on guide for working in the cybersecurity profession

Cybersecurity involves preventative methods to protect information from attacks. It requires a thorough understanding of potential threats, such as viruses and other malicious code, as well as system vulnerability and security architecture. This essential book addresses cybersecurity strategies that include identity management, risk management, and incident management, and also serves as a detailed guide for anyone looking to enter the security profession. Doubling as the text for a cybersecurity course, it is also a useful reference for cybersecurity testing, IT test/development, and system/network administration.

  • Covers everything from basic network administration security skills through advanced command line scripting, tool customization, and log analysis skills

  • Dives deeper into such intense topics as wireshark/tcpdump filtering, Google hacks, Windows/Linux scripting, Metasploit command line, and tool customizations

  • Delves into network administration for Windows, Linux, and VMware

  • Examines penetration testing, cyber investigations, firewall configuration, and security tool customization

  • Shares techniques for cybersecurity testing, planning, and reporting

Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions is a comprehensive and authoritative look at the critical topic of cybersecurity from start to finish.

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright
  4. Dedication
  5. About the Author
  6. About the Technical Editor
  7. Credits
  8. Acknowledgments
  9. Contents at a Glance
  10. Contents
  11. Introduction
    1. Who This Book Is For
    2. What This Book Covers
    3. How This Book Is Structured
    4. How This Book Came About
    5. What You Need to Use This Book
    6. Conventions
    7. Source Code
    8. Ancillary Files
    9. Errata
    10. P2P.WROX.COM
  12. Part I: Cyber Network Security Concepts
    1. Chapter 1: Executive Summary
      1. Why Start with Antipatterns?
      2. Security Architecture
      3. Antipattern: Signature-Based Malware Detection versus Polymorphic Threats
      4. Refactored Solution: Reputational-, Behavioral-, and Entropy-Based Malware Detection
      5. Antipattern: Document-Driven Certification and Accreditation
      6. Antipattern: Proliferating IA Standards with No Proven Benefits
      7. Antipattern: Policy-Driven Security Certifications Do Not Address the Threat
      8. Refactored Solution: Security Training Roadmap
      9. Summary
      10. Assignments
    2. Chapter 2: The Problems: Cyber Antipatterns
      1. Antipatterns Concept
      2. Forces in Cyber Antipatterns
      3. Cyber Antipattern Templates
      4. Cybersecurity Antipattern Catalog
      5. Summary
      6. Assignments
    3. Chapter 3: Enterprise Security Using the Zachman Framework
      1. What Is Architecture? Why Do We Need It?
      2. Enterprises Are Complex and Changing
      3. The Zachman Framework for Enterprise Architecture
      4. Primitive Models versus Composite Models
      5. How Does the Zachman Framework Help with Cybersecurity?
      6. Everyone Has Their Own Specifications
      7. The Goldmine Is in Row 2
      8. Frameworks for Row 3
      9. Architectural Problem Solving Patterns
      10. Summary
      11. Assignments
  13. Part II: Cyber Network Security Hands-On
    1. Chapter 4: Network Administration for Security Professionals
      1. Managing Administrator and Root Accounts
      2. Installing Hardware
      3. Re-Imaging Operating Systems
      4. Burning and Copying CDs and DVDs
      5. Installing System Protection / Anti-Malware
      6. Setting Up Networks
      7. Installing Applications and Archiving
      8. Customizing System Management Controls and Settings
      9. Managing Remote Login
      10. Managing User Administration
      11. Managing Services
      12. Mounting Disks
      13. Moving Data Between Systems on Networks
      14. Converting Text Files Between OSes
      15. Making Backup Disks
      16. Formatting Disks
      17. Configuring Firewalls
      18. Converting and Migrating VMs
      19. Additional Network Administration Knowledge
      20. Summary
      21. Assignments
    2. Chapter 5: Customizing BackTrack and Security Tools
      1. Creating and Running BackTrack Images
      2. Customizing BackTrack with VM
      3. Updating and Upgrading BackTrack and Pen Test Tools
      4. Adding Windows to BackTrack with VMware
      5. Licensing Challenges for Network Administrators
      6. Summary
      7. Assignments
    3. Chapter 6: Protocol Analysis and Network Programming
      1. Networking Theory and Practice
      2. Frequently Encountered Network Protocols
      3. Network Programming: Bash
      4. Network Programming: Windows Command-Line Interface (CLI)
      5. Python Programming: Accelerated Network Scanning
      6. Summary
      7. Assignments
    4. Chapter 7: Reconnaissance, Vulnerability Assessment, and Cyber Testing
      1. Types of Cybersecurity Evaluations
      2. Understanding the Cybersecurity Testing Methodology
      3. Summary
      4. Assignments
    5. Chapter 8: Penetration Testing
      1. Forms of Cyber Attacks
      2. Network Penetration
      3. Commercial Pen Testing Tools
      4. Using Netcat to Create Connections and Move Data and Binaries
      5. Using Netcat to Create Relays and Pivots
      6. Using SQL Injection and Cross-Site Techniques to Perform Web Application and Database Attacks
      7. Collecting User Identities with Enumeration and Hash Grabbing
      8. Password Cracking
      9. Privilege Escalation
      10. Final Malicious Phases
      11. Summary
      12. Assignments
    6. Chapter 9: Cyber Network Defense Using Advanced Log Analysis
      1. Introduction to Cyber Network Defense
      2. General Methods and Tools for Cyber Investigations
      3. Continuous Cyber Investigation Strategy
      4. A Summary of the Cyber Investigation Process
      5. Network Monitoring
      6. Text Log Analysis
      7. Binary Log Analysis
      8. Reporting Cyber Investigations
      9. Elimination of Cyber Threats
      10. Intrusion Discovery on Windows
      11. Summary
      12. Assignments
  14. Part III: Cyber Network Application Domains
    1. Chapter 10: Cybersecurity for End Users, Social Media, and Virtual Worlds
      1. Doing an Ego Search
      2. Protecting Laptops, PCs, and Mobile Devices
      3. Staying Current with Anti-Malware and Software Updates
      4. Managing Passwords
      5. Guarding Against Drive-By Malware
      6. Staying Safe with E-mail
      7. Securely Banking and Buying Online
      8. Understanding Scareware and Ransomware
      9. Is Your Machine p0wned?
      10. Being Careful with Social Media
      11. Staying Safe in Virtual Worlds
      12. Summary
      13. Assignments
    2. Chapter 11: Cybersecurity Essentials for Small Business
      1. Install Anti-Malware Protection
      2. Update Operating Systems
      3. Update Applications
      4. Change Default Passwords
      5. Educate Your End Users
      6. Small Enterprise System Administration
      7. Wireless Security Basics for Small Business
      8. Tips for Apple Macintosh Users
      9. Summary
      10. Assignments
    3. Chapter 12: Large Enterprise Cybersecurity: Data Centers and Clouds
      1. Critical Security Controls
      2. Cloud Security
      3. Summary
      4. Assignments
    4. Chapter 13: Healthcare Information Technology Security
      1. HIPAA
      2. Healthcare Risk Assessment
      3. Healthcare Records Management
      4. Healthcare IT and the Judicial Process
      5. Data Loss
      6. Managing Logs in Healthcare Organizations
      7. Authentication and Access Control
      8. Summary
      9. Assignments
    5. Chapter 14: Cyber Warfare: An Architecture for Deterrence
      1. Introduction to Cyber Deterrence
      2. Methodology and Assumptions
      3. Cyber Deterrence Challenges
      4. Legal and Treaty Assumptions
      5. Cyber Deterrence Strategy
      6. Reference Model
      7. Solution Architecture
      8. Architectural Prototypes
      9. Summary
      10. Assignments
  15. Glossary
  16. Bibliography
  17. Index