O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Defensive Security Handbook

Book Description

Get defensive best practices and a diverse range of triage advice for securing various networks in your organization’s infrastructure. This step-by-step guide demonstrates how to develop and maintain well-planned infrastructures to protect your organization’s data. If you’re a network or system administrator, this practical guide will help you design, maintain, and secure your network infrastructure, Microsoft Windows system, Unix application servers, development environment, and many other systems.

Table of Contents

  1. Introduction
    1. Our Goal
    2. Who This Book is For
    3. Navigating the Book
    4. Conventions Used in This Book
    5. Using Code Examples
    6. O’Reilly Safari
    7. How to Contact Us
    8. Acknowledgments
      1. Amanda thanks...
      2. Lee thanks..
  2. 1. Creating a Security Program
    1. Lay the Groundwork
    2. Establish Teams
    3. Baseline Security Posture
    4. Assess Threats & Risks
      1. Identify
      2. Assess
      3. Mitigate
      4. Monitor
    5. Prioritize
    6. Create Milestones
    7. Use Cases, TableTops, and Drills
    8. Expanding Your Team & Skillsets
    9. Conclusion
  3. 2. Asset Management & Documentation
    1. Information Classification
    2. Asset Management Implementation Steps
      1. Defining the Lifecycle
      2. Information Gathering
      3. Change Tracking
      4. Monitoring & Reporting
    3. Asset Management Guidelines
      1. Automation
      2. One Source of Truth
      3. Organize company-wide team
      4. Executive Champions
      5. Software Licensing
      6. Define Assets
    4. Documentation
      1. Networking Equipment
      2. Network
      3. Servers
      4. Desktops
      5. Users
      6. Applications
      7. Other
    5. Conclusion
  4. 3. Policies
    1. Language
    2. Document Contents
    3. Topics
    4. Storing & Communication
    5. Conclusion
  5. 4. Standards & Procedures
    1. Standards
    2. Language
    3. Procedures
    4. Language
    5. Document contents
    6. Conclusion
  6. 5. User Education
    1. Broken Processes
    2. Bridging the Gap
    3. Building Your Own Program
      1. Establish Objectives
      2. Establish Baselines
      3. Scope and Create Program Rules & Guidelines
      4. Implement & Document Program Infrastructure
      5. Positive Reinforcement
      6. Gamification
      7. Define Incident Response Processes
    4. Gaining Meaningful Metrics
      1. Measurements
      2. Tracking Success Rate & Progress
      3. Important Metrics
    5. Conclusion
  7. 6. Incident Response
    1. Processes
      1. Pre-Incident Processes
      2. Incident Processes
      3. Post-Incident Processes
    2. Tools & Technology
      1. Log Analysis
      2. Disk & File Analysis
      3. Memory Analysis
      4. PCAP Analysis
      5. All in one
    3. Conclusion
  8. 7. Disaster Recovery
    1. Setting Objectives
      1. Recovery Point Objective
      2. Recovery Time Objective
    2. Recovery Strategies
      1. Backups
      2. Warm Standby
      3. High Availability
      4. Alternate System
      5. System Function Reassignment
    3. Dependencies
    4. Scenarios
    5. Invoking a fail Over... and back
    6. Testing
    7. Security Considerations
    8. Conclusion
  9. 8. Industry Compliance Standards & Frameworks
    1. Industry Compliance Standards
      1. Payment Card Industry Data Security Standard (PCI DSS)
      2. Health Insurance Portability & Accountability Act
      3. Gramm-Leach Bliley Act
      4. Family Educational Rights and Privacy Act
      5. Sarbanes-Oxley Act
    2. Frameworks
      1. Cloud Control Matrix
      2. Center for Internet Security
      3. Control Objectives for Information and Related Technologies
      4. The Committee of Sponsoring Organizations of the Treadway Commission
      5. ISO-27000 Series
      6. NIST CyberSecurity Framework
    3. Regulated Industries
      1. Financial
      2. Government
      3. Healthcare
    4. Conclusion
  10. 9. Physical Security
    1. Physical
      1. Restrict Access
      2. Video Surveillance
      3. Authentication Maintenance
      4. Secure Media
      5. Data Centers
    2. Operational
      1. Identify Visitors and Contractors
      2. Visitor Actions
      3. Contractor Actions
      4. Badges
      5. Include Physical Security Training
    3. Conclusion
  11. 10. Microsoft Windows Infrastructure
    1. Quick Wins
      1. Upgrade
      2. Third Party Patches
      3. Open Shares
    2. Active Directory Domain Services
      1. Forest
      2. Domain
      3. Domain Controllers
      4. OUs
      5. Groups
      6. Accounts
    3. Group Policy Objects
    4. EMET
      1. What is the Enhanced Mitigation Experience Toolkit?
      2. Basic Configuration
      3. Custom Configuration
      4. Enterprise Deployment Strategies
    5. MS-SQL server
      1. When third party vendors have access
      2. MS SQL Authentication
    6. Conclusion
  12. 11. Unix Application Servers
    1. Keeping Up To Date
      1. Third Party Software Updates
      2. Core Operating System Updates
      3. Hardening A Unix Application Server
      4. Conclusion
  13. 12. Endpoints
    1. Keeping up to date
      1. Microsoft Windows
      2. macOS
      3. Unix Desktops
      4. Third Party Updates
    2. Hardening Endpoints
      1. Disable Services
      2. Desktop Firewalls
      3. Full Disk Encryption
      4. Endpoint Protection Tools
    3. Mobile Device Management
    4. Endpoint Visibility
    5. Centralization
    6. Conclusion
  14. 13. Password Management & Multi-Factor Authentication
    1. Basic Password Practices
    2. Password Management Software
    3. Password Resets
    4. Password Breaches
    5. Encryption, Hashing, and Salting
      1. Encryption
      2. Hashing
      3. Salting
    6. Password Storage Locations and Methods
    7. Password Security Objects
      1. Setting A Fine Grain Password Policy
    8. Multi-Factor Authentication
      1. Why 2FA?
      2. 2FA Methods
      3. How it Works
      4. Threats
      5. Where It Should Be Implemented
    9. Conclusion
  15. 14. Network Infrastructure
    1. Firmware/Software Patching
    2. Device Hardening
      1. Services
      2. SNMP
      3. Encrypted Protocols
      4. Management Network
    3. Routers
    4. Switches
    5. Egress Filtering
    6. IPv6, a cautionary note
    7. TACACS+
    8. Conclusion
  16. 15. Segmentation
    1. Network Segmentation
      1. Physical:
      2. Logical:
      3. Physical & Logical Network Example
      4. Software Defined Networking
    2. Application
    3. Roles & Responsibilities
    4. Conclusion
  17. 16. Vulnerability Management
    1. How Vulnerability Scanning Works
    2. Authenticated vs Unauthenticated Scans
    3. Vulnerability Assessment Tools
    4. Vulnerability Management Program
      1. Program Initialization
      2. Business as Usual
    5. Remediation Prioritization
    6. Risk Acceptance
    7. Conclusion
  18. 17. Development
    1. Language Selection
      1. 0xAssembly
      2. /* C and C++ */
      3. GO func()
      4. #!/Python/Ruby/Perl
      5. <? PHP ?>
    2. Secure Coding Guidelines
    3. Testing
      1. Automated Static Testing
      2. Automated Dynamic Testing
      3. Peer Review
    4. System Development Lifecycle
    5. Conclusions
  19. 18. Purple Teaming
    1. Open Source Intelligence
      1. Types of Information and Access
      2. OSINT Tools
      3. Red Teaming
      4. Conclusion
  20. 19. IDS & IPS
    1. Types of IDS & IPS
      1. Network Based IDS
      2. Host Based IDS
      3. IPS
    2. Cutting Out The Noise
    3. Writing Your Own Signatures
    4. NIDS & IPS Locations
    5. Encrypted Protocols
    6. Conclusion
  21. 20. Logging and Monitoring
    1. What to log
    2. Where to log
    3. Security Information & Event Management
    4. Designing the SIEM
    5. Log Analysis
    6. Logging and Alerting Examples
      1. Authentication Systems
      2. Application Logs
      3. Proxy & Firewall Logs
    7. Log Aggregation
    8. Use Case Analysis
    9. Conclusion
  22. 21. The Extra Mile
    1. Email Servers
    2. DNS Servers
    3. Security through Obscurity
    4. Useful Resources
      1. Books
      2. Blogs
      3. Podcasts
      4. Tools
      5. Websites
  23. A. User Education Templates
    1. Live Phishing Education Slides
    2. Phishing Program Rules
  24. Index