Modern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization
- Length: 410 pages
- Edition: 1
- Language: English
- Publisher: BPB Publications
- Publication Date: 2020-04-30
- ISBN-10: 938932825X
- ISBN-13: 9789389328257
- Sales Rank: #2608940 (See Top 100 Books)
A practical book that will help you defend against malicious activities
Key Features
- Learn how attackers infiltrate a network, exfiltrate sensitive data and destroy any evidence on their way out
- Learn how to choose, design and implement a cybersecurity program that best fits your needs
- Learn how to improve a cybersecurity program and accompanying cybersecurity posture by checks, balances and cyclic improvement activities
- Learn to verify, monitor and validate the cybersecurity program by active and passive cybersecurity monitoring activities
- Learn to detect malicious activities in your environment by implementing Threat Hunting exercises
Description
Modern Cybersecurity practices will take you on a journey through the realm of Cybersecurity. The book will have you observe and participate in the complete takeover of the network of Company-X, a widget making company that is about to release a revolutionary new widget that has the competition fearful and envious. The book will guide you through the process of the attack on Company-X’s environment, shows how an attacker could use information and tools to infiltrate the companies network, exfiltrate sensitive data and then leave the company in disarray by leaving behind a little surprise for any users to find the next time they open their computer.
After we see how an attacker pulls off their malicious goals, the next part of the book will have your pick, design, and implement a security program that best reflects your specific situation and requirements. Along the way, we will look at a variety of methodologies, concepts, and tools that are typically used during the activities that are involved with the design, implementation, and improvement of one’s cybersecurity posture.
After having implemented a fitting cybersecurity program and kickstarted the improvement of our cybersecurity posture improvement activities we then go and look at all activities, requirements, tools, and methodologies behind keeping an eye on the state of our cybersecurity posture with active and passive cybersecurity monitoring tools and activities as well as the use of threat hunting exercises to find malicious activity in our environment that typically stays under the radar of standard detection methods like firewall, IDS’ and endpoint protection solutions.
What will you learn
- Explore the different methodologies, techniques, tools, and activities an attacker uses to breach a modern company’s cybersecurity defenses
- Learn how to design a cybersecurity program that best fits your unique environment
- Monitor and improve one’s cybersecurity posture by using active and passive security monitoring tools and activities.
Who this book is for
This book is a must read to everyone involved with establishing, maintaining, and improving their Cybersecurity program and accompanying cybersecurity posture.
Cover Page Title Page Copyright Page Dedication About the Author Acknowledgement Preface Errata Table of Contents Part I: Setting the Stage - System Pwnage 1. What’s at Stake? Structure Objective Some statistics The 5 most devastating security breaches Common vulnerability types caused by improper input validation Common security mistakes Common web security mistake #1: Injection flaws A common enemy, improper input validation Conclusion Questions 2. Example Attack - The Initial Breach Structure Objective Company X – not that secure The exposure The vulnerability So how this is being used in real life? Conclusion Questions 3. Example Attack - Lateral Movement Structure Objective Admin in the cloud – what can go wrong…? Adding our tools to the cloud Exploring the local network segment Using credential stuffing on company X Attacking TESTSERVER-WEB1 Finding user credentials on a compromised system Moving to the next system Conclusion Questions 4. Example Attack - Data Exfiltration Structure Objective What are we doing here? What’s in a database? Exploring the sales web server for clues Getting the goodies Conclusion Questions 5. Example Attack - Going Out with a Bang Structure Objective Attack recap What else can be done with a foothold in the network? NotPetya Executing a payload on a group of computers Sealing company X’s fate Conclusion Questions Part II: Security Program Implementation 6. Scrutinizing the Example Attack Structure Objective Security issue 1: Not properly implemented network architecture design Security issue 2: Secure system build and change management practices Security issue 3: IDS, IPS, and endpoint protection systems Security issue 4: Credential management Security issue 5: User privilege management, privilege creep Security issue 6: Security monitoring Conclusion Questions 7. Adhere to a Security Standard Structure Objectives What is the security standard? Common security standards ISO/IEC 27001 and 27002 NERC NIST ISO 27005 IASME Governance U.S. Banking Regulators Standard of good practice Security standards for Operation Technology (OT) Space ANSI/ISA 62443 (Formerly ISA-99) The ISA Security Compliance Institute (ISCI) Conformity Assessment Program ISCI certification offerings Global accreditation and recognition How to pick a standards framework? The control framework The program framework The risk framework No one-size-fits-all in security programs A hybrid solution Getting started with a cybersecurity framework A fitting standard for company X’s security program Setting goals and expectations for the security program Conclusion Questions 8. Defining Security Policies, Procedures, Standards, and Guidelines Structure Objectives Risk What is the difference between security policies, standards, procedures, and guidelines? Policies Standards Procedures Guidelines Common security policies Information security policy Acceptable use policy Asset management policy Backup and restore the policy Bring your device (BYOD) policy Change management policy Cloud computing policy Data classification policy Digital media and hardware disposal policy Disaster recovery policy Endpoint security policy Email policy Incident response policy Intrusion detection and prevention policy Network security policy Patch management policy Password policy Remote access policy Security awareness and training policy Vulnerability management policy Web Application Security Policy Company X – Security standards Company X – Security procedures Document storage and management Conclusion Questions 9. Kicking Off the Security Program Structure Objective Risk management and risk assessments Step 1: Asset identification and characterization Step 2: Threat modeling – risk scenarios Discovering vulnerabilities Collect vulnerability details Threat events Risk scenarios Step 3: Risk calculation Risk mitigation Security program improvement cycle Penetration testing example Conclusion Questions Part III: Security Monitoring for Continuous Improvement 10. Passive Security Monitoring Structure Objective Security incidents Event logs Network traffic packet captures Firewalls and IDS/IPS Installing pfSense Configuring pfSense Exploring pfSense Security Information and Event Management (SIEM) Installing AlienVault OSSIM Configuring AlienVault OSSIM Schedule vulnerability scans Configuring pfSense Working with AlienVault OSSIM The Microsoft Azure Sentinel SIEM Conclusion Questions 11. Active Security Monitoring Structure Objective What isvulnerability management? Actively looking for vulnerabilities Manual vulnerability discovery Automated vulnerability discovery - Vulnerability scanners Automated vulnerability discovery–running a Qualys scan Installing the Qualys virtual appliance Configuring the Qualys scanner appliance Running a vulnerability scan Going over the scan results Defining the vulnerability remediation plan Only worry about the high-severity stuff Follow the money (makers) Situational awareness Conclusion Questions 12. Threat Hunting Structure Objective What is threat hunting? Information needed for the job Network logs Event logs Sysmon Install sysmonon company-X systems Security Onion Deploy a Security Onion VM Security Onion in action Security Incident and Event Management (SIEM) Splunk ELK stack Install ELK for company-X environment Install Elasticsearch Configure Elasticsearch Install Logstash Configure Logstash Install Kibana Configure Kibana Install Nginx as an authenticating reverse web proxy Configure systems to report to ELK Filebeat Winlogbeat Packetbeat Setup an index pattern Using Syslog for miscellaneous logs Making use of the Logstash parsing capabilities - adding geo location Geolocation in action Areas of interest – Hunting exercises Recognizing suspicious software Creating a file hunting dashboard The file hunting dashboard in action Scripting abuse Look at your users Look at suspicious commands Look at the parent process Look at PowerShell process Looking at your users Network activity Putting it all together –User discovered a suspicious file Conclusion Questions 13. The Continuous Battle Structure Objective Recap of our efforts so far Manage risk by defininga reoccurring security program cycle Assessing risk Responding to risk Monitoring risk What if things do go wrong? – Incident handling Incident response is a process Preparation Detection and reporting Triage and analysis Containment and irradiation Post-incident activity What else can be done to improve one’s security program and posture? Threat intelligence Threat research Honeypots Work with the security community Conclusion Questions
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.