Defensive Security Handbook

Defensive Security Handbook

by Lee Brotherston, Amanda Berlin
Released April 2017
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781491960332

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don’t have the budget to establish or outsource an information security (InfoSec) program, forcing them to learn on the job. For companies obliged to improvise, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost.

Each chapter in this book provides step-by-step instructions for dealing with a specific issue, including breaches and disasters, compliance, network infrastructure and password management, vulnerability scanning, and penetration testing, among others. Network engineers, system administrators, and security professionals will learn tools and techniques to help improve security in sensible, manageable chunks.

  • Learn fundamentals of starting or redesigning an InfoSec program
  • Create a base set of policies, standards, and procedures
  • Plan and design incident response, disaster recovery, compliance, and physical security
  • Bolster Microsoft and Unix systems, network infrastructure, and password management
  • Use segmentation practices and designs to compartmentalize your network
  • Explore automated process and tools for vulnerability management
  • Securely develop code to reduce exploitable errors
  • Understand basic penetration testing concepts through purple teaming
  • Delve into IDS, IPS, SOC, logging, and monitoring

Publisher resources

View/Submit Errata

Table of contents

  1. Foreword
  2. Introduction
    1. Our Goal
    2. Who This Book Is For
    3. Navigating the Book
    4. Conventions Used in This Book
    5. O’Reilly Safari
    6. How to Contact Us
    7. Acknowledgments
      1. Amanda
      2. Lee
  3. 1. Creating a Security Program
    1. Lay the Groundwork
    2. Establish Teams
    3. Baseline Security Posture
    4. Assess Threats and Risks
      1. Identify
      2. Assess
      3. Mitigate
      4. Monitor
    5. Prioritize
    6. Create Milestones
    7. Use Cases, Tabletops, and Drills
    8. Expanding Your Team and Skillsets
    9. Conclusion
  4. 2. Asset Management and Documentation
    1. Information Classification
    2. Asset Management Implementation Steps
      1. Defining the Lifecycle
      2. Information Gathering
      3. Change Tracking
      4. Monitoring and Reporting
    3. Asset Management Guidelines
      1. Automation
      2. One Source of Truth
      3. Organize a Company-Wide Team
      4. Executive Champions
      5. Software Licensing
      6. Define Assets
    4. Documentation
      1. Networking Equipment
      2. Network
      3. Servers
      4. Desktops
      5. Users
      6. Applications
      7. Other
    5. Conclusion
  5. 3. Policies
    1. Language
    2. Document Contents
    3. Topics
    4. Storage and Communication
    5. Conclusion
  6. 4. Standards and Procedures
    1. Standards
    2. Language
    3. Procedures
    4. Language
    5. Document Contents
    6. Conclusion
  7. 5. User Education
    1. Broken Processes
    2. Bridging the Gap
    3. Building Your Own Program
      1. Establish Objectives
      2. Establish Baselines
      3. Scope and Create Program Rules and Guidelines
      4. Implement and Document Program Infrastructure
      5. Positive Reinforcement
      6. Gamification
      7. Define Incident Response Processes
    4. Gaining Meaningful Metrics
      1. Measurements
      2. Tracking Success Rate and Progress
      3. Important Metrics
    5. Conclusion
  8. 6. Incident Response
    1. Processes
      1. Pre-Incident Processes
      2. Incident Processes
      3. Post-Incident Processes
    2. Tools and Technology
      1. Log Analysis
      2. Disk and File Analysis
      3. Memory Analysis
      4. PCAP Analysis
      5. All in One
    3. Conclusion
  9. 7. Disaster Recovery
    1. Setting Objectives
      1. Recovery Point Objective
      2. Recovery Time Objective
    2. Recovery Strategies
      1. Backups
      2. Warm Standby
      3. High Availability
      4. Alternate System
      5. System Function Reassignment
    3. Dependencies
    4. Scenarios
    5. Invoking a Fail Over...and Back
    6. Testing
    7. Security Considerations
    8. Conclusion
  10. 8. Industry Compliance Standards and Frameworks
    1. Industry Compliance Standards
      1. Payment Card Industry Data Security Standard (PCI DSS)
      2. Health Insurance Portability & Accountability Act
      3. Gramm-Leach Bliley Act
      4. Family Educational Rights and Privacy Act
      5. Sarbanes-Oxley Act
    2. Frameworks
      1. Cloud Control Matrix
      2. Center for Internet Security
      3. Control Objectives for Information and Related Technologies
      4. The Committee of Sponsoring Organizations of the Treadway Commission
      5. ISO-27000 Series
      6. NIST CyberSecurity Framework
    3. Regulated Industries
      1. Financial
      2. Government
      3. Healthcare
    4. Conclusion
  11. 9. Physical Security
    1. Physical
      1. Restrict Access
      2. Video Surveillance
      3. Authentication Maintenance
      4. Secure Media
      5. Datacenters
    2. Operational
      1. Identify Visitors and Contractors
      2. Visitor Actions
      3. Contractor Actions
      4. Badges
      5. Include Physical Security Training
    3. Conclusion
  12. 10. Microsoft Windows Infrastructure
    1. Quick Wins
      1. Upgrade
      2. Third-Party Patches
      3. Open Shares
    2. Active Directory Domain Services
      1. Forest
      2. Domain
      3. Domain Controllers
      4. OUs
      5. Groups
      6. Accounts
    3. Group Policy Objects
    4. EMET
      1. Basic Configuration
      2. Custom Configuration
      3. Enterprise Deployment Strategies
    5. MS-SQL Server
      1. When Third-Party Vendors Have Access
      2. MS SQL Authentication
      3. SA User Security
    6. Conclusion
  13. 11. Unix Application Servers
    1. Keeping Up-to-Date
      1. Third-Party Software Updates
      2. Core Operating System Updates
      3. Hardening a Unix Application Server
      4. Conclusion
  14. 12. Endpoints
    1. Keeping Up-to-Date
      1. Microsoft Windows
      2. macOS
      3. Unix Desktops
      4. Third-Party Updates
    2. Hardening Endpoints
      1. Disable Services
      2. Desktop Firewalls
      3. Full-Disk Encryption
      4. Endpoint Protection Tools
    3. Mobile Device Management
    4. Endpoint Visibility
    5. Centralization
    6. Conclusion
  15. 13. Password Management and Multifactor Authentication
    1. Basic Password Practices
    2. Password Management Software
    3. Password Resets
    4. Password Breaches
    5. Encryption, Hashing, and Salting
      1. Encryption
      2. Hashing
      3. Salting
    6. Password Storage Locations and Methods
    7. Password Security Objects
      1. Setting a Fine-Grained Password Policy
    8. Multifactor Authentication
      1. Why 2FA?
      2. 2FA Methods
      3. How It Works
      4. Threats
      5. Where It Should Be Implemented
    9. Conclusion
  16. 14. Network Infrastructure
    1. Firmware/Software Patching
    2. Device Hardening
      1. Services
      2. SNMP
      3. Encrypted Protocols
      4. Management Network
    3. Routers
    4. Switches
    5. Egress Filtering
    6. IPv6: A Cautionary Note
    7. TACACS+
    8. Conclusion
  17. 15. Segmentation
    1. Network Segmentation
      1. Physical
      2. Logical
      3. Physical and Logical Network Example
      4. Software-Defined Networking
    2. Application
    3. Roles and Responsibilities
    4. Conclusion
  18. 16. Vulnerability Management
    1. How Vulnerability Scanning Works
    2. Authenticated versus Unauthenticated Scans
    3. Vulnerability Assessment Tools
    4. Vulnerability Management Program
      1. Program Initialization
      2. Business as Usual
    5. Remediation Prioritization
    6. Risk Acceptance
    7. Conclusion
  19. 17. Development
    1. Language Selection
      1. 0xAssembly
      2. /* C and C++ */
      3. GO func()
      4. #!/Python/Ruby/Perl
      5. <? PHP ?>
    2. Secure Coding Guidelines
    3. Testing
      1. Automated Static Testing
      2. Automated Dynamic Testing
      3. Peer Review
    4. System Development Lifecycle
    5. Conclusion
  20. 18. Purple Teaming
    1. Open Source Intelligence
      1. Types of Information and Access
      2. OSINT Tools
      3. Red Teaming
      4. Conclusion
  21. 19. IDS and IPS
    1. Types of IDS and IPS
      1. Network-Based IDS
      2. Host-Based IDS
      3. IPS
    2. Cutting Out the Noise
    3. Writing Your Own Signatures
    4. NIDS and IPS Locations
    5. Encrypted Protocols
    6. Conclusion
  22. 20. Logging and Monitoring
    1. What to Log
    2. Where to Log
    3. Security Information and Event Management
    4. Designing the SIEM
    5. Log Analysis
    6. Logging and Alerting Examples
      1. Authentication Systems
      2. Application Logs
      3. Proxy and Firewall Logs
    7. Log Aggregation
    8. Use Case Analysis
    9. Conclusion
  23. 21. The Extra Mile
    1. Email Servers
    2. DNS Servers
    3. Security through Obscurity
    4. Useful Resources
      1. Books
      2. Blogs
      3. Podcasts
      4. Tools
      5. Websites
  24. A. User Education Templates
    1. Live Phishing Education Slides
      1. You’ve Been Hacked!
      2. What Just Happened, and Why?
      3. Social Engineering 101(0101)
      4. So It’s OK That You Were Exploited (This Time)
      5. No Blame, No Shames, Just...
      6. A Few Strategies for Next Time
      7. Because There Will Be a Next Time
      8. If Something Feels Funny
      9. If Something Looks Funny
      10. If Something Sounds Funny
      11. Feels, Looks, or Sounds Funny—Call the IS Helpdesk
      12. What If I Already Clicked the Link, or Opened the Attachment?
      13. What If I Didn’t Click the Link or Attachment?
      14. Your IT Team Is Here for You!
    2. Phishing Program Rules
  25. Index

Product information

  • Title: Defensive Security Handbook
  • Author(s): Lee Brotherston, Amanda Berlin
  • Release date: April 2017
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781491960332