Network Security Strategies

Network Security Strategies

by Aditya Mukherjee
Released November 2020
Publisher(s): Packt Publishing
ISBN: 9781789806298

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Build a resilient network and prevent advanced cyber attacks and breaches

Key Features

  • Explore modern cybersecurity techniques to protect your networks from ever-evolving cyber threats
  • Prevent cyber attacks by using robust cybersecurity strategies
  • Unlock the secrets of network security

Book Description

With advanced cyber attacks severely impacting industry giants and the constantly evolving threat landscape, organizations are adopting complex systems to maintain robust and secure environments. Network Security Strategies will help you get well-versed with the tools and techniques required to protect any network environment against modern cyber threats.

You'll understand how to identify security vulnerabilities across the network and how to effectively use a variety of network security techniques and platforms. Next, the book will show you how to design a robust network that provides top-notch security to protect against traditional and new evolving attacks. With the help of detailed solutions and explanations, you'll be able to monitor networks skillfully and identify potential risks. Finally, the book will cover topics relating to thought leadership and the management aspects of network security.

By the end of this network security book, you'll be well-versed in defending your network from threats and be able to consistently maintain operational efficiency, security, and privacy in your environment.

What you will learn

  • Understand network security essentials, including concepts, mechanisms, and solutions to implement secure networks
  • Get to grips with setting up and threat monitoring cloud and wireless networks
  • Defend your network against emerging cyber threats in 2020
  • Discover tools, frameworks, and best practices for network penetration testing
  • Understand digital forensics to enhance your network security skills
  • Adopt a proactive approach to stay ahead in network security

Who this book is for

This book is for anyone looking to explore information security, privacy, malware, and cyber threats. Security experts who want to enhance their skill set will also find this book useful. A prior understanding of cyber threats and information security will help you understand the key concepts covered in the book more effectively.

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Network Security Strategies
  3. About Packt
    1. Why subscribe?
  4. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Get in touch
      1. Reviews
  6. Section 1: Network Security Concepts, Threats, and Vulnerabilities
  7. Network Security Concepts
    1. Technical requirements
    2. An overview of network security
      1. Network security concepts
      2. Network security components
        1. Network and system hardening
        2. Network segmentation
        3. Network choke-points
        4. Defense-in-Depth
        5. Due diligence and cyber resilience
        6. Soft targets
        7. Continuous monitoring and improvement
        8. Post-deployment review
    3. Network security architecture approach
      1. Planning and analysis
      2. Designing
      3. Building
      4. Testing
      5. Deployment
      6. Post-deployment
    4. Network security best practices and guidelines
      1. Network Operations Center overview
        1. Proper incident management
        2. Functional ticketing system and knowledge base
        3. Monitoring policy
        4. A well-defined investigation process
        5. Reporting and dashboards
        6. Escalation
        7. High availability and failover
      2. Assessing network security effectiveness
        1. Key attributes to be considered
        2. The action priority matrix
        3. Threat modeling
      3. Assessing the nature of threats
        1. STRIDE
        2. PASTA
        3. Trike
        4. VAST
        5. OCTAVE
    5. Summary
    6. Questions
    7. Further reading
  8. Security for Cloud and Wireless Networks
    1. Technical requirements
    2. An introduction to secure cloud computing
      1. AWS' shared responsibility model
      2. Major cybersecurity challenges with the cloud
    3. Amazon Web Services (AWS)
      1. AWS security features
        1. Well-defined identity capabilities
        2. Traceability
        3. Defense in depth
        4. Automation of security best practices
        5. Continuous data protection
        6. Security event response
    4. Microsoft Azure security technologies
      1. The Zero Trust model
      2. Security layers
      3. Identity management using Azure
      4. Infrastructure protection using Azure
        1. Criticality of infrastructure
      5. Encryption
        1. Identifying and classifying data
        2. Encryption on Azure
      6. Network security
        1. Internet protection
        2. Virtual networks
        3. Network integrations
    5. CipherCloud
    6. Securing cloud computing
      1. Security threats
      2. Countermeasures
    7. Wireless network security
      1. Wi-Fi attack surface analysis and exploitation techniques
        1. Wi-Fi data collection and analysis
        2. Wi-Fi attack and exploitation techniques 
      2. Best practices
    8. Security assessment approach
    9. Software-defined radio attacks
      1. Types of radio attacks
        1. Replay attacks
        2. Cryptanalysis attacks
        3. Reconnaissance attacks
      2. Mitigation techniques
    10. Summary
    11. Questions
    12. Further reading
  9. Mitigating the Top Network Threats of 2020
    1. Technical requirements
    2. The top 10 network attacks and how to fix them
      1. Phishing – the familiar foe
        1. How to fix phishing threats
      2. Rogue applications and fake security alerts – intimidation and imitation
        1. How to fix rogue applications and software threats
      3. Insider threats – the enemy inside the gates
        1. How to fix insider threats
      4. Viruses and worms – a prevailing peril 
        1. How to fix viruses and worms threats
      5. Botnets – an adversarial army at disposal
        1. How to fix botnet threats
      6. Trojan horse – covert entry 
        1. How to fix trojan threats
      7. Rootkit – clandestine malicious applications
        1. How to fix rootkit threats
      8. Malvertising – ads of chaos
        1. How to fix malvertising threats 
      9. DDoS – defending against one too many
        1. How to fix DDoS threats
      10. Ransomware – cyber extortions 
        1. How to fix ransomware threats
      11. Notable mentions
        1. Drive-by download
        2. Exploit kits and AI-ML-driven attacks
        3. Third-party and supply chain attacks
      12. Creating an integrated threat defense architecture
    3. Keeping up with vulnerabilities and threats
      1. Understanding various defense mechanisms 
        1. Safeguarding confidential information from third parties
        2. Implementing strong password policies
        3. Enhancing email security
        4. Vulnerability management policies
      2. Vulnerability management life cycle
    4. Network vulnerability assessments
      1. Utilizing scanning tools in vulnerability assessment
    5. Exercising continuous monitoring
      1. The NIST Risk Management Framework
      2. The NIST Release Special Publication 800-37
    6. Summary
    7. Questions
    8. Further reading
  10. Section 2: Network Security Testing and Auditing
  11. Network Penetration Testing and Best Practices
    1. Technical requirements
    2. Approach to network penetration testing
      1. Pre-engagement
      2. Reconnaissance
      3. Threat modeling
      4. Exploitation
      5. Post-exploitation
      6. Reporting
      7. Retesting
    3. Top penetration testing platforms
      1. Setting up our network
      2. Performing automated exploitation
        1. OpenVas
        2. Sparta 
        3. Armitage
      3. Performing manual exploitation
        1. Kali Linux
        2. Nmap
        3. Nikto
        4. Dirb
        5. Metasploit
        6. Browser Exploitation Framework (BeEF)
        7. Burp Suite
    4. Penetration testing best practices
      1. Case study
        1. Information gathering
        2. Scanning the servers
        3. Identifying and exploiting vulnerabilities
        4. Reporting
        5. Presentation
      2. A few other practices
    5. The concept of teaming
      1. Red team
      2. Blue team
      3. Purple team
      4. Capture the flag
    6. Engagement models and methodologies
      1. Black box
      2. Gray box
      3. White box
    7. Summary
    8. Questions
    9. Further reading
  12. Advanced Network Attacks
    1. Technical requirements
    2. Critical infrastructure and prominent exploitation 
      1. Attack frameworks toward ICS industries
        1. The cyber kill chain
        2. Information sharing and analysis centers
        3. Understanding the threat landscape
      2. Top threats and vulnerable points in ICS industries
      3. Well-known critical infrastructure exploitation examples
    3. Penetration testing IoT networks and reverse engineering firmware
      1. Introduction to IoT network security
      2. Security challenges for IoT
      3. Penetration testing for IoT networks
        1. Reconnaissance 
        2. Evaluation
        3. Exploitation
        4. Reporting
      4. Setting up an IoT pen testing lab
        1. Software tool requirements
          1. Firmware software tools
          2. Web application software tools
      5. Platforms and tools for advanced testing
      6. UART communication
      7. Firmware reverse engineering and exploitation
    4. Exploiting VoIP networks and defense mechanisms
      1. VoIP threat landscape
        1. VoIP phone classifications
        2. Pros and cons of VoIP
      2. Analyzing VoIP security issues
        1. Vishing
        2. Denial of Service (DoS)
        3. Eavesdropping
      3. Countermeasures and defense vectors
        1. Top platforms for VoIP monitoring and security
    5. Summary
    6. Questions
    7. Further reading
  13. Network Digital Forensics
    1. Technical requirements
    2. Concepts of network forensics
      1. Fundamentals of network forensics
      2. Technical capabilities for responding to forensic incidents
      3. Network protocols and communication layers
      4. Damballa network threat analysis 
    3. Forensics tools – network analysis and response
      1. Wireshark
      2. The NIKSUN Suite
      3. Security Onion
      4. Xplico
      5. NetworkMiner
      6. Hakabana
      7. NetWitness NextGen
      8. Solera Networks DS
      9. DSHELL
      10. LogRhythm Network Monitor
    4. Key approaches to network forensics
      1. Industry best practices and standards
      2. The four steps to dealing with digital evidence
    5. Advances in network forensics practices
      1. Big data analytics-based forensics
      2. Conducting a tabletop forensics exercise
        1. Familiarizing yourself with the stakeholders
        2. Creating the ideal scenario
        3. Gamification
        4. Document lessons learned
    6. Summary
    7. Questions
    8. Further reading
  14. Performing Network Auditing
    1. Technical requirements
    2. Getting started with your audit
      1. What is a network audit?
      2. Why do we need a network audit?
      3. Key concepts of network auditing
    3. Understanding the fundamentals of an audit
      1. Understanding the types of audits
      2. Foundational pillars for network audits
        1. Policy
        2. Procedures
        3. Standards
        4. Controls
      3. Risk management in a network audit
        1. Risk assessment
        2. Risk management strategies
      4. Industry standards and governance framework
      5. Understanding the auditor's role
      6. Understanding the auditing process
    4. Performing a network security audit
      1. Planning and research phase
      2. Data gathering and data analysis phase
      3. Audit report and follow-up phase
    5. Exploring network audit tools
      1. Network assessment and auditing tools
        1. SolarWinds
        2. Open-AudIT
        3. Nmap
        4. NetformX
      2. Security assessment tools 
        1. Nessus
        2. Nipper
        3. Wireshark
    6. Network audit checklist
      1. Comprehensive checklist
        1. Planning phase
        2. Design and architecture review
        3. Physical inventory
        4. Network infrastructure security
        5. Infrastructure for monitoring and management
        6. Configuration management
        7. Performance monitoring and analysis
        8. Documentation
      2. Case study
        1. Network monitoring checklist
        2. NOC audit checklist
        3. Audit report (sampling)
    7. Auditing best practices and latest trends 
      1. Best practices
      2. Latest trends
        1. SolarWinds Network Automation Manager 
        2. SolarWinds NCM
        3. TrueSight Network Automation
    8. Summary
    9. Questions
    10. Further reading
  15. Section 3: Threat Management and Proactive Security Operations
  16. Continuous and Effective Threat Management
    1. Technical requirements
    2. Cyber threat management concepts
      1. BCP/DR
      2. Cyber risk assessment
      3. Strategic governance framework
      4. Cyber resilience
      5. Governance, risk, and compliance (GRC)
      6. Cyber perimeter establishment
      7. Threat intelligence gathering
      8. Continuous threat monitoring 
    3. Actively managing risks and threats
      1. Unified threat management (UTM)
      2. Advanced persistent threats (APT)
        1. The essential eight
      3. Malware analysis
        1. Malware analysis process
        2. Malware analysis lab – overview
        3. Setting up a malware analysis lab
        4. Proposed malware analysis lab architecture
          1. Creating an isolated virtual network
          2. Creating and restoring snapshots
      4. Endpoint detection and response (EDR)
      5. Vulnerability and patch management
    4. Threat management best practices
    5. Addressing security leadership concerns 
      1. Conveying risk and threat management to leadership
    6. Strategies for boardroom discussions
      1. Cybersecurity and business outcomes
    7. Summary
    8. Questions
    9. Further reading
  17. Proactive Security Strategies
    1. Technical requirements
    2. Advancing to proactive security
      1. Key considerations
      2. Evolving security challenges
      3. Steps to building a proactive security system
    3. Understanding how threat intelligence works
      1. Threat intelligence platforms
        1. FireEye iSIGHT
        2. IBM's X-Force Exchange
        3. IntSights's Enterprise Threat Intelligence and Mitigation Platform
        4. Digital Shadows SearchLight
    4. Understanding how threat hunting works
      1. Stages of threat hunting
      2. Components of threat hunting
      3. Developing a threat hunting plan
      4. Threat hunting maturity model
      5. Threat hunting platforms 
        1. MITRE Framework
        2. Endgame threat hunting
        3. Cybereason
    5. Understanding deception technology
      1. Need for deception technology
      2. Deception technology vendors and platforms 
        1. Illusive Networks
        2. Attivo Networks
        3. Smokescreen IllusionBLACK Deception
        4. TrapX Security
    6. Security Information and Event Management (SIEM)
      1. Capabilities of SIEM
      2. SIEM platforms
        1. Splunk
        2. ArcSight Enterprise Security Manager
        3. IBM QRadar
        4. ELK SIEM
        5. AlienVault OSSIM
    7. Summary
    8. Questions
    9. Further reading
  18. Assessments
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Chapter 8
    9. Chapter 9
  19. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Network Security Strategies
  • Author(s): Aditya Mukherjee
  • Release date: November 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781789806298