Index

Symbols

2FA (see two-factor authentication)
6in4 tunneling protocol, IPv6: A Cautionary Note
6rd tunneling protocol, IPv6: A Cautionary Note
6to4 tunneling protocol, IPv6: A Cautionary Note
802.1X standard, Switches, NACs

A

AAA (authentication, authorization, and accounting) architecture, TACACS+
accepting risk, Mitigate
access control lists (ACLs), Routers, Logical
- network ACL, ACLs
access restrictions (physical access), Restrict Access
- circumventing, Include Physical Security Training
accounting, TACACS+
actions on objectives (in Intrusion Kill Chain), Use Cases, Tabletops, and Drills
Active Directory Domain Services (AD DS), Active Directory Domain Services-Group Policy Objects
- accounts, Accounts
- domain admin group changes, Authentication Systems
- domain controllers, Domain Controllers
- domains, Domain
- forest, Forest
- groups in, Groups
- Organizational Units (OUs), OUs
Active DirectoryModule, Information Gathering
administrator accounts, Roles and Responsibilities
- domain admin group changes, Authentication Systems
- in Active Directory Domain Services, Accounts
- SA (system administrator) on SQL Server, SA User Security
AES3 algorithm, Salting
alerts
- creating from log analysis, Logging and Alerting Examples-Proxy and Firewall Logs
- IDS and IPS, IDS and IPS
  - reducing unnecessary alerts, Cutting Out the Noise
- on unapproved devices, Monitoring and Reporting
alternate system, using for disaster recovery, Alternate System
Ansible, Unix Desktops
antimalware software, Endpoint Protection Tools
antivirus software, Endpoint Protection Tools
AP Twitter hack, Why 2FA?
Apache web servers, Application
application logs, Application Logs
application segmentation, Application
application servers, Unix Application Servers
- (see also Unix application servers)
- security considerations, Unix Application Servers
applications, documenting, Applications
apt-get update command (Debian Linux), Third-Party Software Updates
ARIN (American Registry for Internet Numbers), Websites
ARP (Address Resolution Protocol) cache, Information Gathering
Assembly language, 0xAssembly
assessment of risks, Assess
asset management, Asset Management and Documentation-Conclusion
- documentation, Documentation-Conclusion
  - consistency and organization of information, Other
- guidelines for, Asset Management Guidelines-Define Assets
  - automating the process, Automation
  - defining assets, Define Assets
  - executive champions, Executive Champions
  - one source of truth regarding assets, One Source of Truth
  - organizing a company-wide team, Organize a Company-Wide Team
  - software licensing, Software Licensing
- hiding assets, Security through Obscurity
- implementation steps, Asset Management Implementation Steps-Monitoring and Reporting
  - change tracking, Change Tracking
  - defining the lifecycle of assets, Defining the Lifecycle
  - information gathering, Information Gathering
  - monitoring and reporting, Monitoring and Reporting
- information classification, Information Classification
attacks
- levels of, Designing the SIEM
- preventing or safeguarding against on DNS servers, DNS Servers
auditing team, Establish Teams
authentication
- authenticated vulnerability scans, Authenticated versus Unauthenticated Scans
- authentication system logs and alerts from, Authentication Systems
- between domains or forests in Active Directory, Forest
- centralized, benefits of, Password Storage Locations and Methods
- in AAA architecture, TACACS+
- multifactor or two-factor, Multifactor Authentication-Where It Should Be Implemented
- port-level, 802.1X standard, Switches, NACs
- settings in Windows Group Policy, Password Storage Locations and Methods
- SQL Server, MS SQL Authentication
  - best practices, SA User Security
authorization, TACACS+
automated dynamic testing, Automated Dynamic Testing
automated static testing, Automated Static Testing
Autopsy, Disk and File Analysis
avoidance of risk, Mitigate
awk command (Unix), Log Analysis

B

backups, Backups
- configuration on network devices, Firmware/Software Patching
- security considerations for backup data, Security Considerations
badges (physical access control), Restrict Access
- augmenting with camera surveillance, Video Surveillance
- badge cloning, Include Physical Security Training
- issuing to visitors and contractors, Badges
Baseboard Management Controllers (BMCs), Password Storage Locations and Methods
baselines, establishing for user security awareness, Establish Baselines, Important Metrics
bastion hosts, Management Network
batches of remediation work, Program Initialization
BCP (see business continuity planning)
Bcrypt hashing algorithm, Salting
binary updates (operating system), Core Operating System Updates
biometric readings, 2FA Methods
BitLocker Drive Encryption (Windows), Full-Disk Encryption
blue team (defensive) techniques, Purple Teaming
- (see also purple teaming)
BMC/ILOs, security vulnerabilities, Password Storage Locations and Methods
bring your own device (BYOD) policies, NACs
Bro tool
- Bro Security Monitor, PCAP Analysis
- using for NIDS, Network-Based IDS
brute force attacks, Use Case Analysis
- cracking passwords, Basic Password Practices
- on hashed passwords, Hashing
builtwith module, running on recon-ng, recon-ng
builtwith.com, Technology
business continuity planning, Disaster Recovery

C

C and C++, /* C and C++ */
C2 (see command and control)
CAINE free/open source IR tools, All in One
cameras (surveillance), placement of, Video Surveillance
Capture the Flags (CTFs), Expanding Your Team and Skillsets
cardholder data, regulation by PCI DSS, Payment Card Industry Data Security Standard (PCI DSS)
CCTV (closed-circuit television) cameras, Video Surveillance
Center for Internet Security (CIS), Center for Internet Security
centralized infrastructure, Centralization
centralized log aggregation, Where to Log
certificates, documenting, Other
change tracking (assets), Change Tracking
chroot utility (Unix), chroot
CIA (confidentiality, integrity, and availability), Disaster Recovery
client-side attacks, protecting against with EMET, Custom Configuration
Cloud Control Matrix (CCM), Cloud Control Matrix
Cloud Security Alliance (CSA), Identify, Cloud Control Matrix
COBIT (Control Objectives for Information and Related Technologies), Control Objectives for Information and Related Technologies
code review, Peer Review
collisions (in hashing), Hashing
command and control (C2), Use Cases, Tabletops, and Drills
Committee of Sponsoring Organizations of the Treadway Commission (COSO), The Committee of Sponsoring Organizations of the Treadway Commission
Common Vulnerability Scoring System (CVSS), Remediation Prioritization
communications
- external, defining in incident response, Incident Processes
- internal, defining in incident response, Incident Processes
company assets, OSINT information and access to, Company assets
compliance frameworks (see industry compliance frameworks)
compliance standards (see industry compliance standards)
confidentiality, integrity, and availability (CIA), Disaster Recovery
configurations
- backing up for network devices, Firmware/Software Patching
- basic configuration, EMET, Basic Configuration
- configuration management tools, Managing file integrity
- custom configuration, EMET, Custom Configuration
- email servers, Email Servers
- for iOS and macOS devices, macOS
- misconfigurations in Windows OS and software, Microsoft Windows Infrastructure
- organized, Logical
context, adding to vendor-supplied severity ratings, Remediation Prioritization
contractors, physical security measures for, Contractor Actions
Control Panel (Windows)
- BitLocker Drive Encryption, Full-Disk Encryption
- listing, stopping, and starting services, Disable Services
- Windows Firewall, Desktop Firewalls
critical security controls, Identify
Cross Domain and Forest Trusts, Forest
cryptography (see encryption)
CTFs (Capture the Flags), Expanding Your Team and Skillsets
curl utility, Log Analysis
customer data, breaches of, Personal assets
customization, network design, Logical
Cyber Kill Chain, Use Cases, Tabletops, and Drills

D

data at rest (backup data), security considerations, Security Considerations
data exfiltration, Use Cases, Tabletops, and Drills, Egress Filtering, Documents, Use Case Analysis
data in transit, security considerations, Security Considerations
data mining, Personal assets
database administrators (DBAs), Roles and Responsibilities
datacenters
- loss of, Scenarios
- physical security, Datacenters
DCs (see domain controllers)
ddfldd tool, Disk and File Analysis
DDoS amplification, SNMP
decommissioning assets, Defining the Lifecycle
default accounts, Authentication Systems
default deny/whitelisting, Logical
defensive security, Purple Teaming
degaussing, Defining the Lifecycle
delivery (weaponized payload), Use Cases, Tabletops, and Drills
demilitarized zone (DMZ), Physical
denial of service (DoS) attacks, Network Infrastructure
- DDoS amplification, SNMP
dependencies
- handling by package management system, Third-Party Software Updates
- importance in disaster recovery planning, Dependencies
deployment of assets, Defining the Lifecycle
DES/3DES, upgrade for, Salting
desktops
- documenting, Desktops
- firewalls, Desktop Firewalls
- keeping Unix desktops up to date, Unix Desktops
- operating system market share, Upgrade
development, Development-Conclusion
- language selection, Language Selection-<? PHP ?>
  - Assembly, 0xAssembly
  - C and C++, /* C and C++ */
  - GO, GO func()
  - PHP, <? PHP ?>
  - Python, Ruby, or Perl, #!/Python/Ruby/Perl
- secure coding guidelines, Secure Coding Guidelines
- system development lifecycle, System Development Lifecycle
- testing, Testing-Peer Review
  - automated dynamic testing, Automated Dynamic Testing
  - automated static testing, Automated Static Testing
  - peer review, Peer Review
development or test networks, Physical
DHCP (Dynamic Host Configuration Protocol), Information Gathering, Automation
directory information, Family Educational Rights and Privacy Act (FERPA), Family Educational Rights and Privacy Act
disaster recovery, Disaster Recovery-Conclusion
- dependencies and, Dependencies
- security considerations, Security Considerations
- setting objectives, Setting Objectives-Recovery Strategies
- strategies for recovery, Recovery Strategies-System Function Reassignment
  - backups, Backups
  - high-availability systems, High Availability
  - system function reassignment, System Function Reassignment
  - using an alternate system, Alternate System
  - warm standby, Warm Standby
- switching to a fail over and back again, Invoking a Fail Over...and Back
- testing, Testing
- using scenarios to test planning, Scenarios
disk and file analysis in IR, Disk and File Analysis
- in virtual environments, Disk and File Analysis
disk forensics, full-disk encryption and, Full-Disk Encryption
disposal of assets
- physical disposal, Defining the Lifecycle
- staging for, Defining the Lifecycle
DNS
- getting hostnames and IP addresses, Automation
- mail reverse DNS, Email Servers
- repointing entries to warm standby, Warm Standby
DNS servers, DNS Servers-DNS Servers
- preventing and safeguarding against attacks on, DNS Servers
DNSSEC (DNS Security Extensions), DNS Servers
documentation (in asset management), Documentation-Conclusion
- documenting applications, Applications
- documenting certificates and domains, Other
- documenting desktops, Desktops
- documenting networking equipment, Networking Equipment
- documenting servers, Servers
- documenting the network, Network
- documenting users, Users
documents, sensitive information included in, Documents
Domain Admin–level access (AD DS), Accounts
domain controllers (in AD DS), Domain Controllers
- FSMO roles and, Domain Controllers
- security precautions for, Domain Controllers
Domain Naming Master, Domain Controllers
domains
- documenting, Other
- in Active Directory Domain Services, Domain
- Windows Server 2008 Native Mode, Setting a Fine-Grained Password Policy
DR (see disaster recovery)
dumpster diving, Physical assets
Duo Security, 2FA Methods
dynamic testing, Automated Dynamic Testing

E

Ebbinghaus forgetting curve, Broken Processes
education versus training, Broken Processes
educational records, Family Educational Rights and Privacy Act
egress filtering, Egress Filtering
- for tunneling of IPv6 over IPv4 networks, IPv6: A Cautionary Note
email addresses, Company assets
- finding with recon-ng, recon-ng
- gathering using Maltego, Maltego
- matching a domain name, finding with The Harvester, theharvester.py
email aliases and group nesting, Email Servers
email servers, Email Servers
encryption
- encrypted protocols, Encrypted Protocols, Encrypted Protocols
- full-disk encryption, Defining the Lifecycle, Full-Disk Encryption
- of passwords, Encryption
endpoints, Endpoints-Conclusion
- centralization of, Centralization
- endpoint-to-endpoint communication, Logical
- hardening, Hardening Endpoints-Endpoint Protection Tools
  - desktop firewalls, Desktop Firewalls
  - disabling services, Disable Services
  - using endpoint protection tools, Endpoint Protection Tools
  - using full-disk encryption, Full-Disk Encryption
- keeping up to date, Keeping Up-to-Date-Hardening Endpoints
  - macOS, macOS
  - Microsoft Windows, Microsoft Windows
  - third-party updates, Third-Party Updates
  - Unix desktops, Unix Desktops
- mobile device management (MDM), Mobile Device Management
- on VLANs, VLANs
- other devices such as printers and HVAC systems, Endpoint Visibility
- visibility, Endpoint Visibility
Enhanced Interior Gateway Routing Protocol (EIGRP), Routers
Enhanced Mitigation Experience Toolkit (EMET), EMET-Enterprise Deployment Strategies
- basic configuration, Basic Configuration
- bypassing, EMET
- custom configuration, Custom Configuration
- enterprise deployment strategies, Enterprise Deployment Strategies
- support by Microsoft, EMET
ePHI (Electronic Protected Health Information), Health Insurance Portability & Accountability Act
Ethernet tap (Ethertap), Network-Based IDS
evaluator (tabletop exercises), Use Cases, Tabletops, and Drills
exchangeable image file format (EXIF), Technology
executive champions (for asset management), Executive Champions
executive team (security), Establish Teams
Exploit Database, exploits running on Windows platform, Microsoft Windows Infrastructure
exploitation (in Intrusion Kill Chain), Use Cases, Tabletops, and Drills

F

fail over, invoking, Invoking a Fail Over...and Back
FakeAV malware, Third-Party Updates
Family Educational Rights and Privacy Act (FERPA), Family Educational Rights and Privacy Act
Federal Trade Commission (FTC), Health Insurance Portability & Accountability Act
FEMA (Federal Emergency Management Agency), tabletop templates, Use Cases, Tabletops, and Drills
file permissions (Unix systems), File permissions
file shares, Open Shares
files
- disk and file analysis in IR, Disk and File Analysis
- managing file integrity on Unix application servers, Managing file integrity
- PCAP (packet capture), analysis in IR, PCAP Analysis
FileVault (OS X), Full-Disk Encryption
financial industry, Financial
fine-grained password policies, Password Security Objects-Multifactor Authentication
- prerequisites and restrictions to setting, Setting a Fine-Grained Password Policy
firewalls
- at network ingress/egress points, Physical
- default deny/whitelisting, Logical
- host-based, on Unix systems, Host-based firewalls
- logs from, Proxy and Firewall Logs
- using a desktop firewall, Desktop Firewalls
firmware/software patching, Firmware/Software Patching
Flexible Single Master Operation (FSMO) roles, Domain Controllers
forest (Active Directory), Forest
fragmented packets, Routers
FreeBSD platforms, Unix Application Servers
- (see also Unix application servers)
- macOS, Disable Services
- procedure documentation on, Language
FTC (Federal Trade Commission), Health Insurance Portability & Accountability Act
full-disk encryption, Defining the Lifecycle, Full-Disk Encryption
- disk forensics and, Full-Disk Encryption
- locked screens, sleeping, and hibernating, Full-Disk Encryption

G

gamification, Gamification
Global Catalogs (GCs), FSMO roles and, Domain Controllers
GO language, GO func()
goals (key), determining for disaster recovery, Incident Processes
Google Authenticator, 2FA Methods
Google Dorking, Documents
government data, regulations on, Government
Gramm-Leach Bliley Act (GLBA), Gramm-Leach Bliley Act
grep command (Unix), Log Analysis
group nesting, Email Servers
Group Policy Objects (GPOs), Group Policy Objects
- authentication settings, Password Storage Locations and Methods
groups (Active Directory), Groups
guest captive portals, NACs
guest network access, Physical

H

hardening endpoints, Hardening Endpoints-Endpoint Protection Tools
- building a management network, Management Network
- disabling services, Disable Services
- full-disk encryption, Full-Disk Encryption
- using desktop firewalls, Desktop Firewalls
- using endpoint protection tools, Endpoint Protection Tools
hardening network devices, Device Hardening-Routers
- encrypted protocols, Encrypted Protocols
- SNMP, SNMP
hardening Unix application servers, Hardening a Unix Application Server-Mandatory Access Controls
- chroot utility, chroot
- disabling services, Disable services
- file permissions, File permissions
- host-based firewalls, Host-based firewalls
- managing file integrity, Managing file integrity
- mandatory access controls, Mandatory Access Controls
- separate disk partitions, Separate disk partitions
hardware failure of mission-critical platform, Scenarios
The Harvester, theharvester.py
hash-based one time passwords (HOTP), How It Works
hashing, Hashing
Health Insurance Portability & Accountability Act (HIPAA), Information Classification, Health Insurance Portability & Accountability Act
- penalties for failure to follow guidelines, Healthcare
healthcare industry, regulations on, Healthcare
hello (mail server), Email Servers
HHS (US Department of Health and Human Services), Health Insurance Portability & Accountability Act, Healthcare
high availability, High Availability
high-level technology processes in IR, Incident Processes
homebrew, distributing third-party software to macOS hosts, macOS
host-based firewalls (Unix systems), Host-based firewalls
host-based IDS (HIDS), Host-Based IDS
HOTP (hash-based one time passwords), How It Works
HTTP, Services
HTTPS, Services

I

Identify, Protect, Detect, Respond, Recover (NIST Framework), Lay the Groundwork
identifying threats and risks, Identify
IDS and IPS, IDS and IPS-Conclusion
- cutting down on excess alerts, Cutting Out the Noise
  - false positives, Cutting Out the Noise
  - frequently occurring alerts, Cutting Out the Noise
- encrypted protocols, Encrypted Protocols
- IPS, IPS
- network monitoring devices, PCAP Analysis
- NIDS and IPS locations, NIDS and IPS Locations
- types of, Types of IDS and IPS-IPS
  - host-based IDS (HIDS), Host-Based IDS
  - network-based IDS (NIDS), Network-Based IDS
- writing your own signatures, Writing Your Own Signatures, Writing Your Own Signatures
IEEE 802.1 protocol specifications, NACs
images, software and firmware, Firmware/Software Patching
- verifying signature of, Firmware/Software Patching
incident manager, choosing, Incident Processes
incident response (IR), Positive Reinforcement, Incident Response-Conclusion
- defining IR processes, Define Incident Response Processes
- outsourcing, Post-Incident Processes
- processes, Processes-Tools and Technology
  - incident processes, Incident Processes
  - post-incident processes, Post-Incident Processes
  - pre-incident processes, Pre-Incident Processes
- tools and technology, Tools and Technology-Conclusion
  - CAINE collection of tools, All in One
  - disk and file analysis, Disk and File Analysis
  - log analysis, Log Analysis
  - memory analysis, Memory Analysis
  - PCAP analysis, PCAP Analysis
incident, defining, Pre-Incident Processes
industry compliance frameworks, Frameworks-NIST CyberSecurity Framework
- Center for Internet Security (CIS), Center for Internet Security
- Cloud Control Matrix (CCM), Cloud Control Matrix
- Committee of Sponsoring Organizations of the Treadway Commission (COSO), The Committee of Sponsoring Organizations of the Treadway Commission
- Control Objectives for Information and Related Technologies, Control Objectives for Information and Related Technologies
- ISO-27000 series, ISO-27000 Series
- NIST CyberSecurity Framework, NIST CyberSecurity Framework
industry compliance standards, Lay the Groundwork, Information Classification, Industry Compliance Standards and Frameworks-Sarbanes-Oxley Act
- Family Educational Rights and Privacy Act (FERPA), Family Educational Rights and Privacy Act
- Gramm-Leach Bliley Act (GLBA), Gramm-Leach Bliley Act
- Health Insurance Portability & Accountability Act (HIPAA), Health Insurance Portability & Accountability Act
- Payment Card Industry Data Security Standard (PCI DSS), Payment Card Industry Data Security Standard (PCI DSS)
- Sarbanes-Oxley Act (SOX), Sarbanes-Oxley Act
- segmentation as required by regulatory standards, Logical
industry conferences or meetups, Expanding Your Team and Skillsets
inetd and xinetd utilities (Unix), Disable services, Disable Services
information classification, Information Classification
information gathering (in asset management), Information Gathering
information security
- Gramm-Leach Bliley Act (GLBA) requirements, Gramm-Leach Bliley Act
- network segmentation required by regulations, Physical
- Sarbanes-Oxley Act (SOX), Sarbanes-Oxley Act
Information Security program (see security program, creating)
Information Sharing and Analysis Centers (ISACs), Identify
Infrastructure Master, Domain Controllers
Initiative for Open Authentication (OAUTH), How It Works
installation, remote access trojan or backdoor on victim system, Use Cases, Tabletops, and Drills
Integrated Lights Out (ILO) cards, Password Storage Locations and Methods
Interior Gateway Protocol (IGP), Routers
International Organization for Standardization (see ISO)
internet access, blocking when not required, Logical
internet-connected devices, Shodan search engine for, Websites
intrusion detection systems (see IDS and IPS)
Intrusion Kill Chain, Use Cases, Tabletops, and Drills, Designing the SIEM
intrusion prevention systems (see IDS and IPS)
iOS, configurations for devices, macOS
IP addresses
- connected to the network, obtaining, Information Gathering
- finding for domains and subdomains with recon-ng, recon-ng
- getting information on with Shodan, Websites
- mail reverse DNS, Email Servers
- network blocks, finding on ARIN.net, Websites
IPSec VPNs
- advantages of, VPNs
- security considerations, VPNs
IPv6, security considerations, IPv6: A Cautionary Note
ISACs (Information Sharing and Analysis Centers), Identify
ISO (International Organization for Standardization), ISO-27000 Series
ISO-27000 series, ISO-27000 Series

J

J.P. Morgan breach, Why 2FA?
jacks (in public areas), precautions with, Restrict Access
John the Ripper, Basic Password Practices
jump boxes, Management Network

K

kill chains, Use Cases, Tabletops, and Drills
- for ransomware attack, example of, Use Cases, Tabletops, and Drills
kill command (Unix), Disable services, Disable Services

L

LAMP (Linux, Apache, MySQL, and PHP) stack, Application
launchctl command (macOS), Disable Services
least privilege design, Logical
lifecycle, defining for assets, Defining the Lifecycle
Linux, Unix Application Servers
- (see also Unix application servers)
- commands to manage services, Disable services, Disable Services
- firewalls on desktops, Desktop Firewalls
- full-disk encryption, Full-Disk Encryption
- in LAMP stacks, Application
- procedure documentaion on, Language
- Security Onion, NIDS tools, Network-Based IDS
- using systemd to manage services, Disable services, Disable Services
- vulnerability of Grand Unified Bootloader to password bypass, Password Storage Locations and Methods
Local Administrator Password Solution (LAPS), Accounts
Lockheed Martin, Intrusion Kill Chain, Use Cases, Tabletops, and Drills
locking server racks, Datacenters
logging, Logging and Monitoring-Conclusion
- creating alerts based on logs, Logging and Alerting Examples-Proxy and Firewall Logs
  - application logs, Application Logs
  - authentication systems, Authentication Systems
  - proxy and firewall logs, Proxy and Firewall Logs
- determining what to log, What to Log
- log aggregation, Log Aggregation
- log analysis, Log Analysis
- log analysis in incident response, Log Analysis
- security information and event management (SIEM) platforms, Security Information and Event Management
  - designing, Designing the SIEM
- use case analysis, Use Case Analysis
- using logs in delegation of user permissions, Accounts
- where to log, Where to Log
logical network segmentation, Logical
- access control lists (ACLs), ACLs
- example, Physical and Logical Network Example
- network access controls (NACs), NACs
- VLANs, VLANs
- VPNs (virtual private networks), VPNs
long haul, planning for in incident response, Incident Processes
long term (milestones), Create Milestones

M

MAC addresses, Automation
- obtaining for network devices, Information Gathering
macOS
- application firewall, Desktop Firewalls
- disabling services, Disable Services
- keeping endpoints up to date, macOS
mail servers, vulnerability scans of, Authenticated versus Unauthenticated Scans
malicious media, Include Physical Security Training
Maltego, Maltego-Maltego
malware, Identify
- circumventing by egress filtering, Egress Filtering
man-in-the-middle attacks on SSL, VPNs
managed layer-2 switches, Switches
management (in asset lifecycle), Defining the Lifecycle
management network, creating, Management Network
mandatory access controls (MAC) on Unix, Mandatory Access Controls
MD5 hashing algorithm, Hashing
- recommended upgrades for, Salting
MDM (mobile device management), Mobile Device Management
media
- malicious, Include Physical Security Training
- securing, Secure Media
memory analysis in incident response, Memory Analysis
mentoring, Expanding Your Team and Skillsets
metadata, Technology
Metasploit, recon-ng
- network scanning for vulnerable ILOs, Password Storage Locations and Methods
metrics from security awareness program, Gaining Meaningful Metrics-Important Metrics
- important metrics, Important Metrics
- measurements to take, Measurements
- tracking success rate and progress, Tracking Success Rate and Progress
Microsoft SQL Server (see SQL Server)
Microsoft SysInternals Suite, Accounts, Disable Services
Microsoft Windows (see Windows infrastructure; Windows systems)
milestones, creating for security programs, Create Milestones
mitigation of risks, Mitigate
Mixed Authentication mode (SQL Server), MS SQL Authentication
- changes by malicous persons, SA User Security
mobile device management (MDM), Mobile Device Management
moderator or facilitator (tabletop exercises), Use Cases, Tabletops, and Drills
monitoring, Logging and Monitoring
- (see also logging)
- keeping track of risks and threats, Monitor
- of assets, Monitoring and Reporting
- security information and event management (SIEM) platforms, Security Information and Event Management
mount and umount commands (Unix systems), Separate disk partitions
mount point options on Unix systems, Separate disk partitions
MS-08-067 (remote code execution bug), Upgrade
MS-SQL Server (see SQL Server)
multi-layered design, Logical
multifactor authentication (MFA), Multifactor Authentication-Where It Should Be Implemented
MXToolbox, Email Servers
MySQL, Application

N

NACs (see network access controls)
National Council of ISACs, Identify
National Institute of Standards and Technology (see NIST)
Netdisco, Networking Equipment
network access controls (NACs), Logical, NACs
- advantages and examples of, NACs
network infrastructure, Network Infrastructure
- egress filtering, Egress Filtering
- firmware/software patching, Firmware/Software Patching
- hardening devices, Device Hardening-Routers
  - building a management network, Management Network
  - services, Services
  - SNMP, SNMP
  - using encrypted protocols, Encrypted Protocols
- routers, Routers
- switches, Switches
- TACACS+, TACACS+
network segmentation, Network Segmentation-Software-Defined Networking
- logical, Logical
  - access control lists (ACLs), ACLs
  - network access controls (NACs), NACs
  - VLANs, VLANs
  - VPNs (virtual private networks), VPNs
- physical, Physical
- physical and logical network example, Physical and Logical Network Example-Software-Defined Networking
- software-defined networking, Software-Defined Networking
network-based IDS (NIDS), Network-Based IDS
- locations, NIDS and IPS Locations
networks
- documenting, Network
- documenting networking equipment, Networking Equipment
next year (milestones), Create Milestones
NIST (National Institute of Standards and Technology), Center for Internet Security
- CyberSecurity Framework, NIST CyberSecurity Framework
- risk-based cybersecurity framework, Lay the Groundwork
- secure base set of GPOs, Group Policy Objects
- SMS deprecated as secure standard, 2FA Methods
- upgrades for insecure encryption and hashing algorithms, Salting
nmap utility, Information Gathering
- command to check on new open shares, Open Shares
- scanning TCP and UDP ports, Services

O

OAUTH (Initiative for Open Authentication), How It Works
objectives
- establishing for user education program, Establish Objectives
- setting for disaster recovery, Setting Objectives-Recovery Time Objective
OCTAVE risk framework, Establish Teams
offensive security, Red Teaming
- (see also red teaming)
online forums, security concerns, Personal assets
open mail relay, Email Servers
open shares, Open Shares
Open Shortest Path First (OSPF), Routers
open-source intelligence (OSINT), Open Source Intelligence
- tools, OSINT Tools-Websites
  - The Harvester, theharvester.py
  - Maltego, Maltego-Maltego
  - recon-ng, recon-ng-recon-ng
  - websites, Websites-Websites
- types of information and access, Types of Information and Access
  - company assets, Company assets
  - personal assets, Personal assets
  - physical assets, Physical assets
  - technologies, Technology
operating systems
- desktop OS market share, Q1 of 2016, Upgrade
- full-disk encryption, Full-Disk Encryption
- log repositories, Where to Log
- updates on Unix systems, Core Operating System Updates
operational aspects (physical security), Operational-Include Physical Security Training
- badges for visitors and contractors, Badges
- identifying visitors and contractors, Identify Visitors and Contractors
- physical security training, Include Physical Security Training
Organizational Units (OUs), OUs
- Group Policy Objects (GPOs) and, Group Policy Objects
OS Query, Endpoint Visibility
OS X, full-disk encryption with FileVault, Full-Disk Encryption
OSSEC, Managing file integrity, Host-Based IDS
out of band authentication (OOBA), How It Works
outsourcing
- incident response (IR), Post-Incident Processes
- of email server, Email Servers
- security risks in, Company assets

P

package management (Unix-based platforms), Third-Party Software Updates
- keeping desktop endpoints up to date, Unix Desktops
packet filters, Host-based firewalls
pandemic scenario for disaster planning, Scenarios
participants (tabletop exercises), Use Cases, Tabletops, and Drills
partitioning, disk partitions in Unix, Separate disk partitions
passive DNS server, implementing, DNS Servers
password management, Password Management and Multifactor Authentication-Multifactor Authentication
- complex passwords and passphrases, Basic Password Practices
- cracking passwords, Basic Password Practices
- encryption, hashing, and salting, Encryption, Hashing, and Salting-Salting
  - upgrades for insecure algorithms, Salting
- multifactor authentication (MFA), Multifactor Authentication-Where It Should Be Implemented
- password security objects, Password Security Objects
- password storage locations and methods, Password Storage Locations and Methods
- pasword breaches, Password Breaches
- resetting passwords, Password Resets
- software for, Password Management Software
patches (third-party) for Windows infrastructure, Third-Party Patches
patching and configuration management for backup systems, Security Considerations
Payment Card Industry Data Security Standard (PCI DSS), Information Classification, Payment Card Industry Data Security Standard (PCI DSS)
PCAP (packet capture) files, analysis of, PCAP Analysis
PDC Emulator, Domain Controllers
peer review, Peer Review
penetration testing versus vulnerability assessment, Vulnerability Management
Perl, #!/Python/Ruby/Perl
personal assets, OSINT intelligence on, Personal assets
- using recon-ng whois-pocs module, recon-ng
personally identifiable information (PII)
- for cardholders, regulation by PCI DSS, Payment Card Industry Data Security Standard (PCI DSS)
- protection of, Family Educational Rights and Privacy Act (FERPA), Family Educational Rights and Privacy Act
PGP email address search (recon-ng), recon-ng
PHI (Protected Health Information) breaches, Healthcare
phishing, Identify, User Education, Email Servers
PhotoRec, Disk and File Analysis
PHP, Application, <? PHP ?>
physical assets, OSINT intelligence about, Physical assets
physical disposal of assets, Defining the Lifecycle
physical network segmentation, Physical
- example, Physical and Logical Network Example
physical security, Physical Security-Conclusion, Company assets
- for datacenters, Datacenters
- for secondary sites, Security Considerations
- operational aspects, Operational-Include Physical Security Training
  - badges for visitors and contractors, Badges
  - identifying visitors and contractors, Identify Visitors and Contractors
  - physical security training, Include Physical Security Training
- precautions to take at user desks, Restrict Access
- restricting access, Restrict Access
- securing media, Secure Media
- video surveillance, Video Surveillance
platform-specific documentation for procedures, Language
policies, Policies-Conclusion
- contents of policy documents, Document Contents
- enforcement using mobile device management, Mobile Device Management
- importance of, reasons for, Policies
- language in, Language
- standards and, Standards
- storing and communication, Storage and Communication
- topics covered in, Topics
port-level authentication, Switches, NACs
positive reinforcement in user security education program, Positive Reinforcement
post-incident processes, Post-Incident Processes
PowerShell (Windows), Information Gathering
- assigning OU to all computers in a domain, Group Policy Objects
- checking on open shares, Open Shares
- Get-WmiObject cmdlet, Information Gathering
pre-incident processes, Pre-Incident Processes
- defining an incident, Pre-Incident Processes
- leveraging exiting processes for dealing with events, Pre-Incident Processes
pretexts to gain access to restricted areas, Include Physical Security Training
printers
- and printer discard boxes, security precautions with, Restrict Access
- as endpoints, Endpoint Visibility
prioritization, risk and threat remediation, Prioritize
privilege escalation vulnerability, Authenticated versus Unauthenticated Scans
procedures, Procedures
- (see also standards and procedures)
- advantages of, Standards and Procedures
- document contents, Document Contents
- hiding, Security through Obscurity
- language in, Language
Process Explorer and Process Monitor, Disable Services
processes (incident response), Processes-Tools and Technology
procurement of assets, Defining the Lifecycle
Profile Manager tool (Apple), macOS
programming language, choosing, Language Selection-<? PHP ?>
- Assembly, 0xAssembly
- C and C++, /* C and C++ */
- GO, GO func()
- PHP, <? PHP ?>
- Python, Ruby, or Perl, #!/Python/Ruby/Perl
protections for information, Information Classification
proxy logs, Proxy and Firewall Logs
ps command (Unix), Disable services, Disable Services
Puppet, Unix Desktops
purple teaming, Purple Teaming-Conclusion
- open-source intelligence (OSINT), Open Source Intelligence
  - tools for OSINT, OSINT Tools-Websites
  - types of information and access, Types of Information and Access-Personal assets
- red teaming, Red Teaming-Conclusion
Python, #!/Python/Ruby/Perl

Q

questions for password resets, Password Resets
quick wins (milestones), Create Milestones

R

rainbow tables, Basic Password Practices, Hashing
RAM, analyzing in incident response, Memory Analysis
ransomware attacks, Identify, Use Case Analysis
- kill chain use case example for, Use Cases, Tabletops, and Drills
Rapid Assessment of Web Resources (see Rawr)
Rawr, Rawr-Conclusion
rc or init scripts on Unix systems, Disable services, Disable Services
recon-ng, recon-ng-recon-ng
- adding an API and running builtwith module, recon-ng
- interesting_files module, recon-ng
- other helpful commands, recon-ng
- PGP email address search, recon-ng
- resolve module, recon-ng
- showing all available modules, recon-ng
- using netcraft module to search for subdomains, recon-ng
- whois-pocs module, recon-ng
reconnaissance
- in Intrusion Kill Chain, Use Cases, Tabletops, and Drills
- in ransomware kill chain example, Use Cases, Tabletops, and Drills
recovery point objective, Recovery Point Objective
- and backups as recovery strategy, Backups
- and high availability as recovery strategy, High Availability
- and use of an alternate system for recovery, Alternate System
- and warm standby as recovery strategy, Warm Standby
recovery strategies, Recovery Strategies-System Function Reassignment
- high availability, High Availability
- system function reassignment, System Function Reassignment
- using an alternate system, Alternate System
- warm standby, Warm Standby
recovery time objective, Recovery Time Objective
- and backups as recovery strategy, Backups
- and high availability as recovery strategy, High Availability
- and use of an alternate system for recovery, Alternate System
- and warm standby as recovery strategy, Warm Standby
- dependencies and, Dependencies
recursive queries, restricting on DNS servers, DNS Servers
red teaming, Purple Teaming, Red Teaming-Conclusion
- using Rawr, Rawr-Conclusion
- using Responder, Responder-Rawr
regulated industries, Regulated Industries-Conclusion
- financial, Financial
- government, Government
- healthcare, Healthcare
regulatory compliance, Industry Compliance Standards and Frameworks
- (see also industry compliance standards)
- on personal information, Information Classification
remediation (risk), Mitigate
remediation prioritization, Remediation Prioritization
remote code execution, protecting against with EMET, Custom Configuration
remote offices, securing equipment in, Datacenters
repetition based on active recall, Broken Processes
reporting on assets, Monitoring and Reporting
resources, Useful Resources
Responder, Responder-Rawr
Response Policy Zone (RPZ) DNS records, DNS Servers
responsibilities and roles, segmenting, Roles and Responsibilities
reverse DNS (rDNS), Email Servers
RID Master, Domain Controllers
risk acceptance, Risk Acceptance
risk assessment, Assess
- for HIPAA data, Health Insurance Portability & Accountability Act
risk management, Assess Threats and Risks-Monitor
risk team, Establish Teams
roles
- FSMO, in Active Directory, Domain Controllers
- segmenting roles and responsibilities, Roles and Responsibilities
root directory, changing for running processes on Unix, chroot
routers, security considerations, Routers
routing
- changing to use warm standby, Warm Standby
- routing protocols, Routers
Routing Information Protocol version 2 (RIPv2), Routers
RPO (see recovery point objective)
RSA tokens, 2FA Methods
RTO (see recovery time objective)
Ruby, #!/Python/Ruby/Perl
rules, establishing for user security education program, Scope and Create Program Rules and Guidelines

S

SA (system administrator) user security (SQL Server), SA User Security
salting, Salting
Samhain, Managing file integrity, Host-Based IDS
SANS
- template policies, Topics
- top 20 critical security controls, Identify
Sarbanes-Oxley Act (SOX), Sarbanes-Oxley Act
SCADA systems, Endpoint Visibility
scenarios, using to test disaster planning, Scenarios
Schema Master, Domain Controllers
scripting languages, #!/Python/Ruby/Perl
secure coding guidelines, Secure Coding Guidelines
- (see also development)
security awareness, User Education
- (see also user education)
security considerations
- for IPSec VPNs, VPNs
- for SSL/TLS VPNs, VPNs
- in disaster recovery planning, Disaster Recovery, Security Considerations
- programming language selection, Language Selection
- vendor-specific, for SQL Server, When Third-Party Vendors Have Access
security IDs (SIDs)
- filtering and selective authentication, Forest
- unresolved, preventing, Groups
security information and event management (SIEM) platforms, Log Analysis, Security Information and Event Management
- designing, Designing the SIEM
- generating alerts, Log Analysis
security program, creating, Creating a Security Program-Conclusion
- assessing threats and risks, Assess Threats and Risks-Monitor
- baseline security posture, Baseline Security Posture
- establishing teams, Establish Teams
- expanding your team's skillsets, Expanding Your Team and Skillsets
- milestones, Create Milestones
- prioritizing remediation, Prioritize
- use cases, tabletops, and drills, Use Cases, Tabletops, and Drills-Use Cases, Tabletops, and Drills
security team, Establish Teams
security through obscurity, Security through Obscurity
security, resources on, Useful Resources
sed command (Unix), Log Analysis
segmentation, Segmentation-Conclusion
- application, Application
- network, Network Segmentation-Software-Defined Networking
  - logical segmentation, Logical
  - physical and logical network example, Physical and Logical Network Example
  - physical segmentation, Physical
  - software-defined networking, Software-Defined Networking
- roles and responsibilities, Roles and Responsibilities
server/service attacks, protecting against with EMET, Custom Configuration
servers
- documenting, Servers
- implementing one primary function per server (PCI DSS), Payment Card Industry Data Security Standard (PCI DSS)
- isolation of server roles, Roles and Responsibilities
- security levels on, and transmission of PCI DSS data, Payment Card Industry Data Security Standard (PCI DSS)
- using locking server racks, Datacenters
service accounts, Accounts
services
- application logs, Application Logs
- disabling on endpoints, Disable Services
- disabling on Unix application servers, Disable services
- hardening on network infrastructure, Services
- hiding, Security through Obscurity
- managing on older Unix systems with inetd or xinetd, Disable services
SETUID permission (Unix systems), File permissions
severity ratings (vulnerabilities), Remediation Prioritization
SHA1 algorithm, upgrades for, Salting
shared user accounts, avoiding, Accounts
Shodan, Websites
- not blocking, Security through Obscurity
shoulder surfing, Physical assets
shredding (data disposal), Defining the Lifecycle
SIEMs (see security information and event management platforms)
sign-in/sign-out for visitors, Visitor Actions
signatures, writing for IDS/IPS, Writing Your Own Signatures-Writing Your Own Signatures
sinkhole server (DNS), DNS Servers
skillsets, expanding for your team, Expanding Your Team and Skillsets
Sleuth Kit, Disk and File Analysis
SMS, deprecation as secure standard, 2FA Methods
SMTP servers
- HELO command, Email Servers
- unauthenticated vulnerability scan of, Authenticated versus Unauthenticated Scans
SNMP (Simple Network Management Protocol), Information Gathering, SNMP
- changing default community strings, SNMP
- community strings, SNMP
- use as amplifier for DoS attacks, SNMP
Snort tool, Network-Based IDS, IPS
- PCAP analysis, PCAP Analysis
- signature language, Writing Your Own Signatures
social engineering attacks, Bridging the Gap
- effectiveness in accessing the inside of a network, Physical Security
- in breaches of physical security, Include Physical Security Training
- through fake third-party updates, Third-Party Updates
social media posts, security concerns, Personal assets
software
- licensing, management of, Software Licensing
- on Windows platforms, third-party patches for, Third-Party Patches
- patching in network infrastructure, Firmware/Software Patching
- software development lifecycle, System Development Lifecycle
- used on Windows platforms, protecting with EMET, EMET
Software Update Service (macOS Server), macOS
software-defined networking, Software-Defined Networking
Solaris, Unix Application Servers
- (see also Unix application servers)
source code, updating from, Core Operating System Updates
SOX (see Sarbanes-Oxley Act)
spam, Email Servers
split-tunneling, VPNs
SQL Server, MS-SQL Server-SA User Security
- authentication, MS SQL Authentication
- third-party vendors having access to, security considerations, When Third-Party Vendors Have Access
sshd service
- managing with systemd, Disable services, Disable Services
- stopping/starting on Linux with service command, Disable services, Disable Services
SSL/TLS VPNs
- advantages of, VPNs
- security considerations, VPNs
staff members, physical security and, Authentication Maintenance
standards and procedures, Standards and Procedures-Conclusion
- advantages of, Standards and Procedures
- document contents, Document Contents
- procedures, Procedures
  - language in, Language
- standards, Standards
  - and policies in separate documents, Standards
  - language in, Language
startup scripts (rc or init) on Unix systems, Disable services, Disable Services
stateful firewalls (on hosts), Host-based firewalls
static testing, Automated Static Testing
success rate and progress, tracking from security awareness program, Tracking Success Rate and Progress
Suricata (NIDS tool), Network-Based IDS
switches, Switches
system administrator (SA) user security, SQL Server, SA User Security
System Center Configuration Manager (SCCM), Third-Party Patches, Enterprise Deployment Strategies
system development lifecycle, System Development Lifecycle
system function reassignment, System Function Reassignment
systemd, Disable services, Disable Services
- using to manage services, Disable services, Disable Services

T

tabletop exercises
- items to include in, Use Cases, Tabletops, and Drills
- key groups or members in, Use Cases, Tabletops, and Drills
- post-exercise actions and questions, Use Cases, Tabletops, and Drills
- templates for, Use Cases, Tabletops, and Drills
TACACS+, TACACS+
tailgating, Include Physical Security Training, Company assets
TCP ports, scanning with nmap, Services
tcpdump, PCAP analysis with, PCAP Analysis
teams
- asset management, Organize a Company-Wide Team
- establishing for security program, Establish Teams
- expanding your team and skillsets, Expanding Your Team and Skillsets
technologies
- gathering OSINT intelligence on, Technology
- high-level technology processes in IR, Incident Processes
- information on, using builtwith and recon-ng, recon-ng
telnet, Services
template policies, Topics
Teredo, IPv6: A Cautionary Note
Terminal Access Controller Access-Control System Plus, TACACS+
testing, Testing-Peer Review
- automated dynamic testing, Automated Dynamic Testing
- automated static testing, Automated Static Testing
- of disaster recovery plans, Testing
- peer review, Peer Review
third-party applications
- in Unix-based environments, updates to, Third-Party Software Updates
- updates to, Third-Party Updates
third-party patches for Windows infrastructure, Third-Party Patches
this year (milestones), Create Milestones
threats
- assessing, Assess Threats and Risks-Monitor
- defining priority of, Designing the SIEM
- establishing threat scenarios with SIEMs, Designing the SIEM
- in two-factor authentication (2FA), Threats
- use case analysis, Use Case Analysis
time-based one time passwords (TOTP), How It Works
tools and technology (IR), Tools and Technology-All in One
- CAINE collection of free/open source tools, All in One
- disk and file analysis, Disk and File Analysis
- log analysis, Log Analysis
- memory analysis, Memory Analysis
- PCAP analysis, PCAP Analysis
training versus education, Broken Processes
transferring risk, Mitigate
trusts (Forest Trusts in AD), Forest
tshark (command-line Wireshark), PCAP Analysis
tunneling protocols, devices prebuilt to use, IPv6: A Cautionary Note
Twitter, AP Twitter hack, Why 2FA?
two-factor authentication (2FA), Multifactor Authentication-Where It Should Be Implemented
- how it works, How It Works
- implementation recommendations, Where It Should Be Implemented
- methods of authentication, 2FA Methods
- reasons for using, Why 2FA?
- security threats to, Threats

U

U2F (Universal 2nd factor), How It Works
UDP ports, scanning with nmap, Services
umask settings (Unix systems), File permissions
unauthenticated vulnerability scans, Authenticated versus Unauthenticated Scans
- reasons for conducting, Authenticated versus Unauthenticated Scans
Unix application servers, Unix Application Servers-Conclusion
- keeping up to date, Keeping Up-to-Date-Conclusion
  - core operating system updates, Core Operating System Updates
  - hardening servers, Hardening a Unix Application Server-Conclusion
  - third-party software updates, Third-Party Software Updates
Unix command-line tools, Log Analysis
Unix-based operating systems
- disabling services, Disable Services
- firewalls, Desktop Firewalls
- keeping desktop endpoints up to date, Unix Desktops
- log repositories, Where to Log
updates
- core operating sytem updates in Unix systems, Core Operating System Updates
- for network infrastructure, Firmware/Software Patching
- to third-party applications in Unix-based platforms, Third-Party Software Updates
upgrades
- of network infrastructure, Firmware/Software Patching
- of Windows operating systems, Upgrade
- to applications in Unix-based platforms, Third-Party Software Updates
US Department of Health and Human Services (HHS), Health Insurance Portability & Accountability Act, Healthcare
use cases
- developing for a security program, Use Cases, Tabletops, and Drills
- developing in SIEM design, Designing the SIEM
- or threat models, analysis of, Use Case Analysis
user access to data in disaster recovery, Security Considerations
user accounts
- in Active Directory Domain Services, Accounts
- shared accounts, avoiding, Accounts
user desks, physical security precautions, Restrict Access
user education, User Education-Conclusion
- building your own program, Building Your Own Program-Define Incident Response Processes
  - defining incident response processes, Define Incident Response Processes
  - establishing baselines, Establish Baselines
  - establishing objectives, Establish Objectives
  - implementing and documenting program infrastructure, Implement and Document Program Infrastructure
  - positive reinforcement, Positive Reinforcement
  - scoping and creating rules and guidelines, Scope and Create Program Rules and Guidelines
  - using gamification, Gamification
- getting useful metrics from security awareness program, Gaining Meaningful Metrics-Important Metrics
- problems with methods, Broken Processes
- reinforcing CBTs with comprehensive program, Bridging the Gap
- templates for, Live Phishing Education Slides-Phishing Program Rules
users
- documenting, Users
- impossible or unlikely user movements, Use Case Analysis

V

validation of user input, Secure Coding Guidelines
vendor-supplied ratings for vulnerabilities, Remediation Prioritization
video surveillance, Video Surveillance
virtual environments
- disk and file analysis in, Disk and File Analysis
- memory analysis in, Memory Analysis
visibility (endpoint), Endpoint Visibility
visitors, physical security measures for, Identify Visitors and Contractors
VLAN hopping attacks, Switches
VLANs (Virtual Local Area Networks), Switches, Logical
- benefits of, VLANs
- planning, approaches to, VLANs
- separation of devices by NACs, NACs
voice signature, 2FA Methods
Volatility Framework, Memory Analysis
VPNs (virtual private networks), VPNs
- IPSec
  - advantages of, VPNs
  - security considerations, VPNs
- secure setup, VPNs
- SSL/TLS
  - advantages of, VPNs
  - security considerations, VPNs
vulnerabilities
- breaches of government data, Government
- financial industry, Financial
- healthcare industry, Healthcare
- in older Windows infrastructure, Upgrade
- in password storage, Password Storage Locations and Methods
- in two-factor authentication (2FA), Threats
- managment software for, Information Gathering
- mapping an anonymous connection to hidden share IPC$ in Windows, Password Storage Locations and Methods
- VLANs, VLANs
vulnerability management, Vulnerability Management-Conclusion
- authenticated versus unauthenticated scans, Authenticated versus Unauthenticated Scans
- remediation prioritization, Remediation Prioritization
- risk acceptance, Risk Acceptance
- vulnerability assessment tools, Vulnerability Assessment Tools
- vulnerability assessment versus penetration testing, Vulnerability Management
- vulnerability management program, Vulnerability Management Program-Remediation Prioritization
  - initialization of, Program Initialization
  - operating as business as usual, Business as Usual
- vulnerability scanning, How Vulnerability Scanning Works

W

warm standby, Warm Standby
- security considerations for duplicate data, Security Considerations
weaponization (in Intrusion Kill Chain), Use Cases, Tabletops, and Drills
web applications, segmentation, Application
web browsers
- browser-based access in SSL/TLS VPNs, VPNs
- passwords stored in, Basic Password Practices
web servers, Payment Card Industry Data Security Standard (PCI DSS)
- (see also servers)
- running on Unix systems, user ID for, File permissions
websites for OSINT gathering, Websites-Websites
Windows Authentication mode (SQL Server), MS SQL Authentication
- disabling SA account with, SA User Security
Windows infrastructure, Microsoft Windows Infrastructure-Conclusion
- Active Directory Domain Services (AD DS), Active Directory Domain Services-Group Policy Objects
- Enhanced Mitigation Experience Toolkit (EMET), EMET-Enterprise Deployment Strategies
- Group Policy Objects (GPOs), Group Policy Objects
- MS-SQL Server, MS-SQL Server-SA User Security
- quick wins, Quick Wins-Active Directory Domain Services
  - checking on open shares, Open Shares
  - third-party patches, Third-Party Patches
  - upgrades, Upgrade
- setting fine-grained password policies, Password Security Objects-Multifactor Authentication
- setting proper authentication settings in Group Policy, Password Storage Locations and Methods
Windows Server 2008 Native Mode, Setting a Fine-Grained Password Policy
Windows Server Update Services (WSUS), Third-Party Patches
Windows systems
- built-in firewall, Desktop Firewalls
- disabling services, Disable Services
- Event Viewer, Where to Log
- full-drive encryption, using BitLocker, Full-Disk Encryption
- keeping endpoints up to date, Microsoft Windows
- PowerShell, Information Gathering
- security vulnerability, mapping anonymous session to hidden share IPC$, Password Storage Locations and Methods
- Windows Management Interface (WMI), Information Gathering
Windows Update for Business, Microsoft Windows
Windows Update service, Microsoft Windows
wiping data from drives, Defining the Lifecycle
wireless protocols, transmission of PCI DSS data over, Payment Card Industry Data Security Standard (PCI DSS)
Wireshark
- PCAP analysis with, PCAP Analysis
- user permissions for Windows infrastructture, Accounts
WMI (Windows Management Interface), Information Gathering
workspaces (recon-ng), recon-ng

X

xinetd utility (Unix), Disable services, Disable Services

Y

yubikeys, 2FA Methods

Z

zone transfers (DNS), restricting, DNS Servers

Previous Chapter

A. User Education Templates

Next Chapter

About the Authors

Table of Contents for Defensive Security Handbook, 1st Edition

Index

Symbols

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z

Table of Contents for
Defensive Security Handbook, 1st Edition