You are previewing Network Performance and Security.
O'Reilly logo
Network Performance and Security

Book Description

Network Performance Security: Testing and Analyzing Using Open Source and Low-Cost Tools gives mid-level IT engineers the practical tips and tricks they need to use the best open source or low cost tools available to harden their IT infrastructure. The book details how to use the tools and how to interpret them. Network Performance Security: Testing and Analyzing Using Open Source and Low-Cost Tools begins with an overview of best practices for testing security and performance across devices and the network. It then shows how to document assets—such as servers, switches, hypervisor hosts, routers, and firewalls—using publicly available tools for network inventory.

 

The book explores security zoning the network, with an emphasis on isolated entry points for various classes of access. It shows how to use open source tools to test network configurations for malware attacks, DDoS, botnet, rootkit and worm attacks, and concludes with tactics on how to prepare and execute a mediation schedule of the who, what, where, when, and how, when an attack hits.

Network security is a requirement for any modern IT infrastructure. Using Network Performance Security: Testing and Analyzing Using Open Source and Low-Cost Tools makes the network stronger by using a layered approach of practical advice and good testing practices.



  • Offers coherent, consistent guidance for those tasked with securing the network within an organization and ensuring that it is appropriately tested
  • Focuses on practical, real world implementation and testing
  • Employs a vetted "security testing by example" style to demonstrate best practices and minimize false positive testing
  • Gives practical advice for securing BYOD devices on the network, how to test and defend against internal threats, and how to continuously validate a firewall device, software, and configuration
  • Provides analysis in addition to step by step methodologies

Table of Contents

  1. Cover
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Chapter 1: Introduction to practical security and performance testing
    1. Abstract
    2. A Baseline Understanding of Security Concepts
    3. Volumetric Attacks and Attack Frequency Across the Internet
    4. Security Network Elements
    5. A Baseline Understanding of Network Performance Concepts
    6. Network Events that can Effect Hard and Soft Errors for Flows
    7. Summary—Before We Start to Harden the Network
  7. Chapter 2: Getting organized with initial audit of the network
    1. Abstract
    2. Goals and Objectives of this Chapter: Positive Identification of Valid Assets
    3. Auditing Host Assets
    4. Installing an NMS: SpiceWorks
    5. Performing Audit of Server Assets
    6. Documenting Network Element Objects
    7. Documenting Topology Zone Assets
    8. Documenting Information Assets
    9. Adding the Network to the NMS
    10. Chapter Summary
  8. Chapter 3: Locking down the infrastructure: Internet, Wi-Fi, wired, VPN, WAN, and the core
    1. Abstract
    2. Locking Down and Optimizing the Core Network
    3. Implementing 802.1x MAC Authentication
    4. Optimizing Performance of the Network Edge and Core
    5. Locking Down and Optimizing the WAN
    6. Summary Putting Optimization and Security Together
    7. Locking Down and Optimizing Organizational Wi-Fi Access
    8. Optimizing Your External Firewall and Internet Connection
    9. Summarizing Infrastructure Security
  9. Chapter 4: Locking down and optimizing the windows client
    1. Abstract
    2. Keeping Windows Patched
    3. Defining Approved Software
    4. Setting User Rights Correctly and Locking Down Install Rights
    5. The Importance of Windows UAC
    6. Hardening Windows Networking
    7. Local Firewalling and Mitigation
    8. Hardening the Browser
    9. Optimizing Windows Client Performance
    10. Installing Windows and Component Software
  10. Chapter 5: Server patterns
    1. Abstract
    2. Better Use of Your Hardware and Infrastructure
    3. Server Clusters Are Software Defined
    4. Virtualized Servers Has Elastic Performance
    5. Virtualization Provides the Best Solution for Disaster Recover
    6. More Intelligent Use of Storage
    7. Some Recommendations and Caveats Regarding Virtualization
    8. Securing the Hypervisor Host
    9. NFV Server Chain Case studies
    10. Hardening SSL
    11. Self-Hosted Cloud File Storage
  11. Chapter 6: Testing for security flaws using penetration testing
    1. Abstract
    2. Data Theft for Profit
    3. Revenge Attacks
    4. Industrial Espionage
    5. Terrorism/Cyber Warfare
    6. Arbitrary Reasons
    7. Prepping Kali Linux for Use
    8. Installing “Empty” for Automation
    9. Metasploit Workflow
  12. Chapter 7: Using Wireshark and TCP dump to visualize traffic
    1. Abstract
    2. Understanding Valid Traffic in the Network
    3. Setting Up a Span Port
    4. Using Capture and Display Filters
    5. Example of Using Display Filters to Detect Reverse HTTP Meterpreter Shell
    6. Using Custom HTTP Headers as a Backup Authentication
    7. Looking for a Malware Signature Using Raw Hex
    8. Debugging SIP Register with Display Filters
    9. Using Built-In Wireshark Analysis Tools
    10. Using Endpoints Statics
    11. Determine Packet Length Distributions
    12. Visualizing Performance With IOGraph
    13. Using FlowGraph to Visualize Traffic
    14. Collecting HTTP Stats in Wireshark
    15. Using Wireshark Command Line Tools
    16. How to Remotely Capture Traffic on a Linux Host
    17. Merging/Slicing PCAP Files Using Mergecap
    18. Getting Information About a PCAP File Using CAPINFOS
    19. Editing a Capture File with Editcap
    20. Using TCPdump
    21. Filter Captures with TCPdump
  13. Chapter 8: Using SNORT
    1. Abstract
    2. Building and IDS Appliance with SNORT
    3. Installing SNORT
    4. Building and Update Script to Update the System and SNORT
    5. Configuring and Using SNORT
    6. Configuring Intrusion Detection Mode
    7. Capturing Packets with DAQ
    8. Snort Basic Output
    9. Actions, Limits, and Verdicts
    10. Running Snort as a Daemon
    11. Configuring snort.conf File
    12. Example SNORT Rules
    13. Installing Snorby: SNORT Visualized
  14. Chapter 9: Live traffic analytics using “Security Onion”
    1. Abstract
    2. Building Security Onion
    3. Updating Security Onion Appliance
    4. Replaying PCAP Traffic in Security Onion
    5. Using Snorby for Threat Visualization
    6. Setting Snorby Preferences
    7. Basic Snorby Usage
    8. Decoding an Attack Event in Snorby
    9. Another Perspective on IDS Using Squert
    10. Using Sguil for Monitoring Post and Real-time Events
    11. Additional Tools in Security Onion
    12. Final Thoughts About Security Onion
  15. Chapter 10: Traffic performance testing in the network
    1. Abstract
    2. Bandwidth, Packet Per Seconds and RFC 2544: Avoiding the False Positive
    3. Optimal Testing Methodology
    4. Testing with Streams: Ostinato
    5. Testing TCP with iPerf3
    6. Using NTOP for Traffic Analysis
    7. Applied Wireshark: Debugging and Characterizing TCP Connections
    8. Emulating the Behavior of the WAN for Testing
  16. Chapter 11: Build your own network elements
    1. Abstract
    2. Building Your Own Router—VyOS
    3. Building Your Own Open Source Switch: Open vSwitch (OVS)
    4. Building Your Own Open Source Server Load Balancer (SLB)
    5. Setting Up a DHCP Server in Ubuntu
    6. Building Your Own LAMP Server
  17. Chapter 12: Request for proposal and proof of concept example usecases
    1. Abstract
    2. Evaluating an L3 Switch
  18. Subject Index