Mastering Defensive Security: Effective techniques to secure your Windows, Linux, IoT, and cloud infrastructure
An immersive learning experience enhanced with technical, hands-on labs to understand the concepts, methods, tools, platforms, and systems required to master the art of cybersecurity
- Get hold of the best defensive security strategies and tools
- Develop a defensive security strategy at an enterprise level
- Get hands-on with advanced cybersecurity threat detection, including XSS, SQL injections, brute forcing web applications, and more
Every organization has its own data and digital assets that need to be protected against an ever-growing threat landscape that compromises the availability, integrity, and confidentiality of crucial data. Therefore, it is important to train professionals in the latest defensive security skills and tools to secure them. Mastering Defensive Security provides you with in-depth knowledge of the latest cybersecurity threats along with the best tools and techniques needed to keep your infrastructure secure.
The book begins by establishing a strong foundation of cybersecurity concepts and advances to explore the latest security technologies such as Wireshark, Damn Vulnerable Web App (DVWA), Burp Suite, OpenVAS, and Nmap, hardware threats such as a weaponized Raspberry Pi, and hardening techniques for Unix, Windows, web applications, and cloud infrastructures. As you make progress through the chapters, you’ll get to grips with several advanced techniques such as malware analysis, security automation, computer forensics, and vulnerability assessment, which will help you to leverage pentesting for security.
By the end of this book, you’ll have become familiar with creating your own defensive security tools using IoT devices and developed advanced defensive security skills.
What you will learn
- Become well versed with concepts related to defensive security
- Discover strategies and tools to secure the most vulnerable factor – the user
- Get hands-on experience using and configuring the best security tools
- Understand how to apply hardening techniques in Windows and Unix environments
- Leverage malware analysis and forensics to enhance your security strategy
- Secure Internet of Things (IoT) implementations
- Enhance the security of web applications and cloud deployments
Who this book is for
This book is for IT professionals, including systems administrators, programmers, IT architects, solution engineers, system analysts, data scientists, DBAs, and any IT expert looking to explore the fascinating world of cybersecurity.
Cybersecurity professionals who want to broaden their knowledge of security topics to effectively create and design a defensive security strategy for a large organization will find this book useful. A basic understanding of concepts such as networking, IT, servers, virtualization, and cloud is required.
Mastering Defensive Security Foreword Contributors About the author About the reviewers Preface Who this book is for What this book covers To get the most out of this book Download the color images Conventions used Get in touch Share Your Thoughts Section 1: Mastering Defensive Security Concepts Chapter 1: A Refresher on Defensive Security Concepts Technical requirements Deep dive into the core of cybersecurity The cybersecurity triad Types of attacks Managing cybersecurity's legendary pain point: Passwords Password breaches Social engineering attacks using compromised passwords Brute-force attacks Dictionary attacks Creating a secure password Managing passwords at the enterprise level Bonus track Mastering defense in depth Factors to consider when creating DiD models Asset identification Defense by layers Bonus track Comparing the blue and red teams Summary Further reading Chapter 2: Managing Threats, Vulnerabilities, and Risks Technical requirements Understanding cybersecurity vulnerabilities and threats Performing a vulnerability assessment The vulnerability assessment process When should you check for vulnerabilities? Types of vulnerabilities USB HID vulnerabilities Types of USB HID attacks A false sense of security Protecting against USB HID attacks Managing cybersecurity risks Risk identification Risk assessment Risk response Risk monitoring The NIST Cybersecurity Framework Identify Protect Detect Respond Recover Creating an effective Business Continuity Plan (BCP) Creating a Business Impact Analysis (BIA) Business Continuity Planning (BCP) Implementing a best-in-class DRP Creating a DRP Implementing the DRP Summary Further reading Chapter 3: Comprehending Policies, Procedures, Compliance, and Audits Creating world-class cybersecurity policies and procedures Cybersecurity policies Cybersecurity procedures The CUDSE method Understanding and achieving compliance Types of regulations Achieving compliance Exploring, creating, and managing audits Internal cybersecurity audits External cybersecurity audits Data management during audits Types of cybersecurity audit What triggers an audit? Applying a CMM The goals of a CMM Characteristics of a good CMM The structure of a good CMM Analyzing the results Advantages of a CMM Summary Further reading Chapter 4: Patching Layer 8 Understanding layer 8 – the insider threat The inadvertent user The malicious insider How do you spot a malicious insider? Protecting your infrastructure against malicious insiders Mastering the art of social engineering The social engineering cycle Social engineering techniques Types of social engineering attacks Defending against social engineering attacks (patching layer 8) Creating your training strategy Admin rights Implementing a strong BYOD policy Performing random social engineering campaigns Summary Further reading Chapter 5: Cybersecurity Technologies and Tools Technical requirements Advanced wireless tools for cybersecurity Defending from wireless attacks Pentesting tools and methods Metasploit framework Social engineering toolkit exe2hex Applying forensics tools and methods Dealing with evidence Forensic tools Recovering deleted files Dealing with APTs Defensive techniques Leveraging security threat intelligence Threat intelligence 101 Implementing threat intelligence Converting a threat into a solution The problem The solution Summary Further reading Section 2: Applying Defensive Security Chapter 6: Securing Windows Infrastructures Technical requirements Applying Windows hardening Hardening by the infrastructure team Creating a hardening checklist Creating a patching strategy The complexity of patching Distribution of tasks (patching roles and assignments) Distribution and deployment of patches Types of patches Applying security to AD Secure administrative hosts Windows Server Security documentation Mastering endpoint security Windows updates Why move to Windows 10? Physical security Antivirus solutions Windows Defender Firewall Application control URL filtering Spam filtering Client-facing systems Backups Users Securing the data Leveraging encryption Configuring BitLocker Summary Chapter 7: Hardening a Unix Server Technical requirements Securing Unix services Defining the purpose of the server Secure startup configuration Managing services Applying secure file permissions Understanding ownership and permissions Default permissions Permissions in directories (folders) Changing default permissions with umask Permissions hierarchy Comparing directory permissions Changing permissions and ownership of a single file Useful commands to search for unwanted permissions Enhancing the protection of the server by improving your access controls Viewing ACLs Managing ACLs Default ACL on directories Removing ACLs Enhanced access controls Configuring host-based firewalls Understanding iptables Configuring iptables SSH brute-force protection with iptables Protecting from port scanning with iptables Advanced management of logs Leveraging the logs Summary Further reading Chapter 8: Enhancing Your Network Defensive Skills Technical requirements Using the master tool of network mapping – Nmap Phases of a cyber attack Nmap Nmap scripts Improving the protection of wireless networks Wireless network vulnerabilities User's safety guide for wireless networks Introducing Wireshark Finding users using insecure protocols FTP, HTTP, and other unencrypted traffic Wireshark for defensive security Working with IPS/IDS What is an IDS? What is an IPS? Free IDS/IPS IPS versus IDS Summary Chapter 9: Deep Diving into Physical Security Technical requirements Understanding physical security and associated threats The powerful LAN Turtle The stealthy Plunder Bug LAN Tap The dangerous Packet Squirrel The portable Shark Jack The amazing Screen Crab The advanced Key Croc USB threats Equipment theft Environmental risks Physical security mechanisms Mastering physical security Clean desk policy Physical security audits Summary Further reading Chapter 10: Applying IoT Security Technical requirements Understanding the Internet of Things The risks The vulnerabilities Understanding IoT networking technologies LoRaWAN Zigbee Sigfox Bluetooth Security considerations Improving IoT security Creating cybersecurity hardware using IoT-enabled devices Raspberry Pi firewall and intrusion detection system Defensive security systems for industrial control systems (SCADA) Secure USB-to-USB copy machine Creating a $10 honeypot Advanced monitoring of web apps and networks Creating an internet ad blocker Access control and physical security systems Bonus track – Understanding the danger of unauthorized IoT devices Detecting unauthorized IoT devices Detecting a Raspberry Pi Disabling rogue Raspberry Pi devices Summary Further reading Chapter 11: Secure Development and Deployment on the Cloud Technical requirements Secure deployment and implementation of cloud applications Security by cloud models Data security in the cloud Securing Kubernetes and APIs Cloud-native security Controlling access to the Kubernetes API Controlling access to kubelet Preventing containers from loading unwanted kernel modules Restricting access to etcd Avoiding the use of alpha or beta features in production Third-party integrations Hardening database services Testing your cloud security Azure Security Center Amazon CloudWatch AppDynamics Nessus vulnerability scanner InsightVM Intruder Summary Further reading Chapter 12: Mastering Web App Security Technical requirements Gathering intelligence about your site/web application Importance of public data gathering Open Source Intelligence Hosting information Checking data exposure with Google hacking (dorks) Leveraging DVWA Installing DVWA on Kali Linux Overviewing the most common attacks on web applications Exploring XSS attacks Using Burp Suite Burp Suite versions Setting up Burp Suite on Kali SQL injection attack on DVWA Fixing a common error Brute forcing web applications' passwords Analyzing the results Summary Further reading Section 3: Deep Dive into Defensive Security Chapter 13: Vulnerability Assessment Tools Technical requirements Dealing with vulnerabilities Who should be looking for vulnerabilities? Bug bounty programs Internal vulnerabilities Vulnerability testing tools Using a vulnerability assessment scanner (OpenVAS) Authenticated tests Installing OpenVAS Using OpenVAS Updating your feeds Overview of Nexpose Community Summary Further reading Chapter 14: Malware Analysis Technical requirements Why should I analyze malware? Malware functionality Malware objectives Malware connections Malware backdoors Affected systems Types and categories of malware analysis Static malware analysis Dynamic malware analysis Hybrid malware analysis Static properties analysis Interactive behavior analysis Fully automated analysis Manual code reversing Best malware analysis tools Process Explorer Process Monitor ProcDOT Ghidra PeStudio Performing malware analysis Security measurements Executing the analysis Summary Further reading Chapter 15: Leveraging Pentesting for Defensive Security Technical requirements Understanding the importance of logs Log files Log management The importance of logs Knowing your enemy's best friend – Metasploit Metasploit Metasploit editions Installing Armitage Configuring Metasploit for the first time Installing Armitage (continued) Exploring Armitage Launching an attack with Armitage Executing Metasploit Other offensive hacking tools Searchsploit sqlmap Weevely Summary Further reading Chapter 16: Practicing Forensics Introduction to digital forensics Forensics to recover deleted or missing data Digital forensics on defensive security Who should be in charge of digital forensics? The digital forensics process Forensics platforms CAINE SIFT Workstation PALADIN Finding evidence Sources of data Mobile forensics Deviceless forensics Important data sources on mobile devices Transporting mobile devices Managing the evidence (from a legal perspective) ISO 27037 Digital Evidence Policies and Procedures Manual FBI's Digital Evidence Policy Guide Regional Computer Forensics Laboratory US Cybersecurity & Infrastructure Security Agency Summary Further reading Chapter 17: Achieving Automation of Security Tools Why bother with automation? Benefits of automation The risks of ignoring automation Types of automated attacks Account aggregation Account creation Ad fraud CAPTCHA defeat Card cracking Carding Cashing out Credential cracking Credential stuffing Denial of inventory DoS Expediting Fingerprinting Footprinting Scalping Sniping Scraping Skewing Spamming Token cracking Vulnerability scanning Automation of cybersecurity tools using Python Local file search Basic forensics Web scraping Network security automation Cybersecurity automation with the Raspberry Pi Automating threat intelligence gathering with a Fail2ban honeypot on a Raspberry Pi Automated internet monitoring system with the Raspberry Pi Summary Further reading Chapter 18: The Master's Compilation of Useful Resources Free cybersecurity templates Business continuity plan and disaster recovery plan templates Risk management Design and management of cybersecurity policies and procedures Must-have web resources Cyber threat or digital attack maps Cybersecurity certifications Cybersecurity news and blogs Cybersecurity tools Password-related tools Industry-leading best practices Regulations and standards Cybersecurity frameworks, standards, and more Summary Further reading Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
How to download source code?
1. Go to:
2. In the Find a repository… box, search the book title:
Mastering Defensive Security: Effective techniques to secure your Windows, Linux, IoT, and cloud infrastructure, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.