Mastering Defensive Security: Effective techniques to secure your Windows, Linux, IoT, and cloud infrastructure

Length: 528 pages
Edition: 1
Language: English
Publisher: Packt Publishing
Publication Date: 2022-01-06
ISBN-10: 1800208162
ISBN-13: 9781800208162
Sales Rank: #572667 (See Top 100 Books)

An immersive learning experience enhanced with technical, hands-on labs to understand the concepts, methods, tools, platforms, and systems required to master the art of cybersecurity

Key Features

Get hold of the best defensive security strategies and tools
Develop a defensive security strategy at an enterprise level
Get hands-on with advanced cybersecurity threat detection, including XSS, SQL injections, brute forcing web applications, and more

Book Description

Every organization has its own data and digital assets that need to be protected against an ever-growing threat landscape that compromises the availability, integrity, and confidentiality of crucial data. Therefore, it is important to train professionals in the latest defensive security skills and tools to secure them. Mastering Defensive Security provides you with in-depth knowledge of the latest cybersecurity threats along with the best tools and techniques needed to keep your infrastructure secure.

The book begins by establishing a strong foundation of cybersecurity concepts and advances to explore the latest security technologies such as Wireshark, Damn Vulnerable Web App (DVWA), Burp Suite, OpenVAS, and Nmap, hardware threats such as a weaponized Raspberry Pi, and hardening techniques for Unix, Windows, web applications, and cloud infrastructures. As you make progress through the chapters, you’ll get to grips with several advanced techniques such as malware analysis, security automation, computer forensics, and vulnerability assessment, which will help you to leverage pentesting for security.

By the end of this book, you’ll have become familiar with creating your own defensive security tools using IoT devices and developed advanced defensive security skills.

What you will learn

Become well versed with concepts related to defensive security
Discover strategies and tools to secure the most vulnerable factor – the user
Get hands-on experience using and configuring the best security tools
Understand how to apply hardening techniques in Windows and Unix environments
Leverage malware analysis and forensics to enhance your security strategy
Secure Internet of Things (IoT) implementations
Enhance the security of web applications and cloud deployments

Who this book is for

This book is for IT professionals, including systems administrators, programmers, IT architects, solution engineers, system analysts, data scientists, DBAs, and any IT expert looking to explore the fascinating world of cybersecurity.

Cybersecurity professionals who want to broaden their knowledge of security topics to effectively create and design a defensive security strategy for a large organization will find this book useful. A basic understanding of concepts such as networking, IT, servers, virtualization, and cloud is required.

Mastering Defensive Security
Foreword
Contributors
About the author
About the reviewers
Preface
    Who this book is for
    What this book covers
    To get the most out of this book
    Download the color images
    Conventions used
    Get in touch
    Share Your Thoughts
Section 1:  Mastering Defensive Security Concepts
Chapter 1: A Refresher on Defensive Security Concepts 
    Technical requirements
    Deep dive into the core of cybersecurity
        The cybersecurity triad 
        Types of attacks
    Managing cybersecurity's legendary pain point: Passwords
        Password breaches
        Social engineering attacks using compromised passwords
        Brute-force attacks
        Dictionary attacks
        Creating a secure password
        Managing passwords at the enterprise level
        Bonus track
    Mastering defense in depth 
        Factors to consider when creating DiD models
        Asset identification
        Defense by layers
        Bonus track
    Comparing the blue and red teams
    Summary
    Further reading
Chapter 2: Managing Threats, Vulnerabilities, and Risks 
    Technical requirements 
    Understanding cybersecurity vulnerabilities and threats
        Performing a vulnerability assessment 
        The vulnerability assessment process
        When should you check for vulnerabilities? 
        Types of vulnerabilities
        USB HID vulnerabilities 
        Types of USB HID attacks
        A false sense of security
        Protecting against USB HID attacks
    Managing cybersecurity risks
        Risk identification
        Risk assessment
        Risk response
        Risk monitoring
    The NIST Cybersecurity Framework
        Identify
        Protect
        Detect
        Respond
        Recover
    Creating an effective Business Continuity Plan (BCP)
        Creating a Business Impact Analysis (BIA)
        Business Continuity Planning (BCP)
    Implementing a best-in-class DRP
        Creating a DRP
        Implementing the DRP
    Summary
    Further reading
Chapter 3: Comprehending Policies, Procedures, Compliance, and Audits
    Creating world-class cybersecurity policies and procedures
        Cybersecurity policies
        Cybersecurity procedures
        The CUDSE method
    Understanding and achieving compliance
        Types of regulations
        Achieving compliance
    Exploring, creating, and managing audits
        Internal cybersecurity audits
        External cybersecurity audits
        Data management during audits
        Types of cybersecurity audit
        What triggers an audit?
    Applying a CMM
        The goals of a CMM
        Characteristics of a good CMM
        The structure of a good CMM
        Analyzing the results
        Advantages of a CMM
    Summary
    Further reading
Chapter 4: Patching Layer 8
    Understanding layer 8 – the insider threat 
        The inadvertent user
        The malicious insider
        How do you spot a malicious insider?
        Protecting your infrastructure against malicious insiders
    Mastering the art of social engineering
        The social engineering cycle
        Social engineering techniques
        Types of social engineering attacks
    Defending against social engineering attacks (patching layer 8)
        Creating your training strategy
        Admin rights
        Implementing a strong BYOD policy
        Performing random social engineering campaigns
    Summary
    Further reading
Chapter 5: Cybersecurity Technologies and Tools
    Technical requirements 
    Advanced wireless tools for cybersecurity
        Defending from wireless attacks
    Pentesting tools and methods
        Metasploit framework
        Social engineering toolkit
        exe2hex
    Applying forensics tools and methods
        Dealing with evidence
        Forensic tools
        Recovering deleted files
    Dealing with APTs
        Defensive techniques
    Leveraging security threat intelligence 
        Threat intelligence 101
        Implementing threat intelligence
    Converting a threat into a solution
        The problem
        The solution
    Summary
    Further reading
Section 2: Applying Defensive Security
Chapter 6: Securing Windows Infrastructures
    Technical requirements 
    Applying Windows hardening
        Hardening by the infrastructure team
        Creating a hardening checklist
    Creating a patching strategy
        The complexity of patching
        Distribution of tasks (patching roles and assignments)
        Distribution and deployment of patches
        Types of patches
    Applying security to AD 
        Secure administrative hosts
        Windows Server Security documentation
    Mastering endpoint security 
        Windows updates
        Why move to Windows 10?
        Physical security
        Antivirus solutions
        Windows Defender Firewall
        Application control
        URL filtering
        Spam filtering
        Client-facing systems
        Backups
        Users
        Securing the data
    Leveraging encryption 
        Configuring BitLocker
    Summary
Chapter 7: Hardening a Unix Server 
    Technical requirements 
    Securing Unix services
        Defining the purpose of the server
        Secure startup configuration
        Managing services
    Applying secure file permissions 
        Understanding ownership and permissions
        Default permissions
        Permissions in directories (folders)
        Changing default permissions with umask
        Permissions hierarchy
        Comparing directory permissions
        Changing permissions and ownership of a single file
        Useful commands to search for unwanted permissions
    Enhancing the protection of the server by improving your access controls
        Viewing ACLs
        Managing ACLs
        Default ACL on directories
        Removing ACLs 
        Enhanced access controls
    Configuring host-based firewalls
        Understanding iptables
        Configuring iptables
        SSH brute-force protection with iptables
        Protecting from port scanning with iptables
    Advanced management of logs
        Leveraging the logs
    Summary
    Further reading
Chapter 8: Enhancing Your Network Defensive Skills
    Technical requirements
    Using the master tool of network mapping – Nmap
        Phases of a cyber attack
        Nmap
        Nmap scripts
    Improving the protection of wireless networks
        Wireless network vulnerabilities
        User's safety guide for wireless networks
    Introducing Wireshark
        Finding users using insecure protocols
        FTP, HTTP, and other unencrypted traffic
        Wireshark for defensive security
    Working with IPS/IDS
        What is an IDS?
        What is an IPS?
        Free IDS/IPS
        IPS versus IDS
    Summary
Chapter 9: Deep Diving into Physical Security
    Technical requirements 
    Understanding physical security and associated threats
        The powerful LAN Turtle
        The stealthy Plunder Bug LAN Tap
        The dangerous Packet Squirrel
        The portable Shark Jack
        The amazing Screen Crab
        The advanced Key Croc
        USB threats
        Equipment theft
        Environmental risks
    Physical security mechanisms
    Mastering physical security
        Clean desk policy
        Physical security audits
    Summary
    Further reading
Chapter 10: Applying IoT Security
    Technical requirements
    Understanding the Internet of Things
        The risks
        The vulnerabilities
    Understanding IoT networking technologies
        LoRaWAN
        Zigbee
        Sigfox
        Bluetooth
        Security considerations
    Improving IoT security
    Creating cybersecurity hardware using IoT-enabled devices
        Raspberry Pi firewall and intrusion detection system
        Defensive security systems for industrial control systems (SCADA) 
        Secure USB-to-USB copy machine
        Creating a $10 honeypot
        Advanced monitoring of web apps and networks
        Creating an internet ad blocker
        Access control and physical security systems
    Bonus track – Understanding the danger of unauthorized IoT devices
        Detecting unauthorized IoT devices
        Detecting a Raspberry Pi
        Disabling rogue Raspberry Pi devices
    Summary
    Further reading
Chapter 11: Secure Development and Deployment on the Cloud
    Technical requirements 
    Secure deployment and implementation of cloud applications 
        Security by cloud models
        Data security in the cloud
    Securing Kubernetes and APIs
        Cloud-native security
        Controlling access to the Kubernetes API
        Controlling access to kubelet
        Preventing containers from loading unwanted kernel modules
        Restricting access to etcd
        Avoiding the use of alpha or beta features in production
        Third-party integrations
    Hardening database services
    Testing your cloud security
        Azure Security Center
        Amazon CloudWatch
        AppDynamics
        Nessus vulnerability scanner
        InsightVM
        Intruder
    Summary
    Further reading
Chapter 12: Mastering Web App Security
    Technical requirements 
    Gathering intelligence about your site/web application
        Importance of public data gathering
        Open Source Intelligence
        Hosting information
        Checking data exposure with Google hacking (dorks)
    Leveraging DVWA
        Installing DVWA on Kali Linux
    Overviewing the most common attacks on web applications
        Exploring XSS attacks
    Using Burp Suite
        Burp Suite versions
        Setting up Burp Suite on Kali
    SQL injection attack on DVWA
        Fixing a common error 
    Brute forcing web applications' passwords
        Analyzing the results
    Summary
    Further reading
Section 3: Deep Dive into Defensive Security
Chapter 13: Vulnerability Assessment Tools
    Technical requirements 
    Dealing with vulnerabilities
        Who should be looking for vulnerabilities?
        Bug bounty programs
        Internal vulnerabilities
        Vulnerability testing tools
    Using a vulnerability assessment scanner (OpenVAS)
        Authenticated tests
        Installing OpenVAS
        Using OpenVAS
        Updating your feeds
    Overview of Nexpose Community
    Summary
    Further reading
Chapter 14: Malware Analysis
    Technical requirements 
    Why should I analyze malware? 
        Malware functionality
        Malware objectives
        Malware connections
        Malware backdoors
        Affected systems
    Types and categories of malware analysis 
        Static malware analysis
        Dynamic malware analysis
        Hybrid malware analysis
        Static properties analysis
        Interactive behavior analysis
        Fully automated analysis
        Manual code reversing
    Best malware analysis tools
        Process Explorer
        Process Monitor 
        ProcDOT
        Ghidra
        PeStudio
    Performing malware analysis
        Security measurements
        Executing the analysis
    Summary
    Further reading
Chapter 15: Leveraging Pentesting for Defensive Security
    Technical requirements 
    Understanding the importance of logs
        Log files
        Log management
        The importance of logs
    Knowing your enemy's best friend – Metasploit
        Metasploit 
        Metasploit editions
        Installing Armitage
        Configuring Metasploit for the first time
        Installing Armitage (continued)
        Exploring Armitage
        Launching an attack with Armitage
        Executing Metasploit
    Other offensive hacking tools
        Searchsploit
        sqlmap
        Weevely
    Summary
    Further reading
Chapter 16: Practicing Forensics
    Introduction to digital forensics
        Forensics to recover deleted or missing data
    Digital forensics on defensive security
        Who should be in charge of digital forensics?
        The digital forensics process
    Forensics platforms
        CAINE
        SIFT Workstation
        PALADIN
    Finding evidence
        Sources of data
    Mobile forensics
        Deviceless forensics
        Important data sources on mobile devices
        Transporting mobile devices
    Managing the evidence (from a legal perspective)
        ISO 27037
        Digital Evidence Policies and Procedures Manual
        FBI's Digital Evidence Policy Guide
        Regional Computer Forensics Laboratory
        US Cybersecurity & Infrastructure Security Agency
    Summary
    Further reading
Chapter 17: Achieving Automation of Security Tools
    Why bother with automation? 
        Benefits of automation
        The risks of ignoring automation
    Types of automated attacks
        Account aggregation
        Account creation
        Ad fraud
        CAPTCHA defeat
        Card cracking
        Carding
        Cashing out
        Credential cracking
        Credential stuffing
        Denial of inventory
        DoS
        Expediting
        Fingerprinting
        Footprinting
        Scalping
        Sniping
        Scraping
        Skewing
        Spamming
        Token cracking
        Vulnerability scanning
    Automation of cybersecurity tools using Python
        Local file search
        Basic forensics
        Web scraping
        Network security automation
    Cybersecurity automation with the Raspberry Pi
        Automating threat intelligence gathering with a Fail2ban honeypot on a Raspberry Pi
        Automated internet monitoring system with the Raspberry Pi
    Summary
    Further reading
Chapter 18: The Master's Compilation of Useful Resources 
    Free cybersecurity templates
        Business continuity plan and disaster recovery plan templates
        Risk management
        Design and management of cybersecurity policies and procedures
    Must-have web resources
        Cyber threat or digital attack maps
        Cybersecurity certifications
        Cybersecurity news and blogs
        Cybersecurity tools
        Password-related tools
    Industry-leading best practices
        Regulations and standards
        Cybersecurity frameworks, standards, and more
    Summary
    Further reading
    Why subscribe?
Other Books You May Enjoy
    Packt is searching for authors like you
    Share Your Thoughts

Linux Linux & UNIX Administration Network Administration Networking & System Administration Operating Systems Viruses

Donate to keep this site alive

To access the Link, solve the captcha.

How to download source code?

1. Go to: https://github.com/PacktPublishing

2. In the Find a repository… box, search the book title: Mastering Defensive Security: Effective techniques to secure your Windows, Linux, IoT, and cloud infrastructure, sometime you may not get the results, please search the main title.