Table of Contents for
Defensive Security Handbook, 1st Edition
Close
Version ebook
/
Retour
Defensive Security Handbook, 1st Edition
by Amanda Berlin
Published by O'Reilly Media, Inc., 2017
nav
Cover
Defensive Security Handbook
Defensive Security Handbook
Foreword
Introduction
1. Creating a Security Program
2. Asset Management and Documentation
3. Policies
4. Standards and Procedures
5. User Education
6. Incident Response
7. Disaster Recovery
8. Industry Compliance Standards and Frameworks
9. Physical Security
10. Microsoft Windows Infrastructure
11. Unix Application Servers
12. Endpoints
13. Password Management and Multifactor Authentication
14. Network Infrastructure
15. Segmentation
16. Vulnerability Management
17. Development
18. Purple Teaming
19. IDS and IPS
20. Logging and Monitoring
21. The Extra Mile
A. User Education Templates
Index
About the Authors
Colophon
Foreword
Introduction
Our Goal
Who This Book Is For
Navigating the Book
Conventions Used in This Book
O’Reilly Safari
How to Contact Us
Acknowledgments
Amanda
Lee
1. Creating a Security Program
Lay the Groundwork
Establish Teams
Baseline Security Posture
Assess Threats and Risks
Identify
Assess
Mitigate
Monitor
Prioritize
Create Milestones
Use Cases, Tabletops, and Drills
Expanding Your Team and Skillsets
Conclusion
2. Asset Management and Documentation
Information Classification
Asset Management Implementation Steps
Defining the Lifecycle
Information Gathering
Change Tracking
Monitoring and Reporting
Asset Management Guidelines
Automation
One Source of Truth
Organize a Company-Wide Team
Executive Champions
Software Licensing
Define Assets
Documentation
Networking Equipment
Network
Servers
Desktops
Users
Applications
Other
Conclusion
3. Policies
Language
Document Contents
Topics
Storage and Communication
Conclusion
4. Standards and Procedures
Standards
Language
Procedures
Language
Document Contents
Conclusion
5. User Education
Broken Processes
Bridging the Gap
Building Your Own Program
Establish Objectives
Establish Baselines
Scope and Create Program Rules and Guidelines
Implement and Document Program Infrastructure
Positive Reinforcement
Gamification
Define Incident Response Processes
Gaining Meaningful Metrics
Measurements
Tracking Success Rate and Progress
Important Metrics
Conclusion
6. Incident Response
Processes
Pre-Incident Processes
Incident Processes
Post-Incident Processes
Tools and Technology
Log Analysis
Disk and File Analysis
Memory Analysis
PCAP Analysis
All in One
Conclusion
7. Disaster Recovery
Setting Objectives
Recovery Point Objective
Recovery Time Objective
Recovery Strategies
Backups
Warm Standby
High Availability
Alternate System
System Function Reassignment
Dependencies
Scenarios
Invoking a Fail Over...and Back
Testing
Security Considerations
Conclusion
8. Industry Compliance Standards and Frameworks
Industry Compliance Standards
Payment Card Industry Data Security Standard (PCI DSS)
Health Insurance Portability & Accountability Act
Gramm-Leach Bliley Act
Family Educational Rights and Privacy Act
Sarbanes-Oxley Act
Frameworks
Cloud Control Matrix
Center for Internet Security
Control Objectives for Information and Related Technologies
The Committee of Sponsoring Organizations of the Treadway Commission
ISO-27000 Series
NIST CyberSecurity Framework
Regulated Industries
Financial
Government
Healthcare
Conclusion
9. Physical Security
Physical
Restrict Access
Video Surveillance
Authentication Maintenance
Secure Media
Datacenters
Operational
Identify Visitors and Contractors
Visitor Actions
Contractor Actions
Badges
Include Physical Security Training
Conclusion
10. Microsoft Windows Infrastructure
Quick Wins
Upgrade
Third-Party Patches
Open Shares
Active Directory Domain Services
Forest
Domain
Domain Controllers
OUs
Groups
Accounts
Group Policy Objects
EMET
Basic Configuration
Custom Configuration
Enterprise Deployment Strategies
MS-SQL Server
When Third-Party Vendors Have Access
MS SQL Authentication
SA User Security
Conclusion
11. Unix Application Servers
Keeping Up-to-Date
Third-Party Software Updates
Core Operating System Updates
Hardening a Unix Application Server
Conclusion
12. Endpoints
Keeping Up-to-Date
Microsoft Windows
macOS
Unix Desktops
Third-Party Updates
Hardening Endpoints
Disable Services
Desktop Firewalls
Full-Disk Encryption
Endpoint Protection Tools
Mobile Device Management
Endpoint Visibility
Centralization
Conclusion
13. Password Management and Multifactor Authentication
Basic Password Practices
Password Management Software
Password Resets
Password Breaches
Encryption, Hashing, and Salting
Encryption
Hashing
Salting
Password Storage Locations and Methods
Password Security Objects
Setting a Fine-Grained Password Policy
Multifactor Authentication
Why 2FA?
2FA Methods
How It Works
Threats
Where It Should Be Implemented
Conclusion
14. Network Infrastructure
Firmware/Software Patching
Device Hardening
Services
SNMP
Encrypted Protocols
Management Network
Routers
Switches
Egress Filtering
IPv6: A Cautionary Note
TACACS+
Conclusion
15. Segmentation
Network Segmentation
Physical
Logical
Physical and Logical Network Example
Software-Defined Networking
Application
Roles and Responsibilities
Conclusion
16. Vulnerability Management
How Vulnerability Scanning Works
Authenticated versus Unauthenticated Scans
Vulnerability Assessment Tools
Vulnerability Management Program
Program Initialization
Business as Usual
Remediation Prioritization
Risk Acceptance
Conclusion
17. Development
Language Selection
0xAssembly
/* C and C++ */
GO func()
#!/Python/Ruby/Perl
<? PHP ?>
Secure Coding Guidelines
Testing
Automated Static Testing
Automated Dynamic Testing
Peer Review
System Development Lifecycle
Conclusion
18. Purple Teaming
Open Source Intelligence
Types of Information and Access
OSINT Tools
Red Teaming
Conclusion
19. IDS and IPS
Types of IDS and IPS
Network-Based IDS
Host-Based IDS
IPS
Cutting Out the Noise
Writing Your Own Signatures
NIDS and IPS Locations
Encrypted Protocols
Conclusion
20. Logging and Monitoring
What to Log
Where to Log
Security Information and Event Management
Designing the SIEM
Log Analysis
Logging and Alerting Examples
Authentication Systems
Application Logs
Proxy and Firewall Logs
Log Aggregation
Use Case Analysis
Conclusion
21. The Extra Mile
Email Servers
DNS Servers
Security through Obscurity
Useful Resources
Books
Blogs
Podcasts
Tools
Websites
A. User Education Templates
Live Phishing Education Slides
You’ve Been Hacked!
What Just Happened, and Why?
Social Engineering 101(0101)
So It’s OK That You Were Exploited (This Time)
No Blame, No Shames, Just...
A Few Strategies for Next Time
Because There Will Be a Next Time
If Something Feels Funny
If Something Looks Funny
If Something Sounds Funny
Feels, Looks, or Sounds Funny—Call the IS Helpdesk
What If I Already Clicked the Link, or Opened the Attachment?
What If I Didn’t Click the Link or Attachment?
Your IT Team Is Here for You!
Phishing Program Rules
Index
Defensive Security Handbook, 1st Edition
Published by
O'Reilly Media, Inc., 2017