Thomas J. Mowbray
Cybersecurity (eBook, PDF)
Managing Systems, Conducting Testing, and Investigating Intrusions
46,99 €
46,99 €
inkl. MwSt.
Sofort per Download lieferbar
0 °P sammeln
46,99 €
Als Download kaufen
46,99 €
inkl. MwSt.
Sofort per Download lieferbar
0 °P sammeln
Jetzt verschenken
Alle Infos zum eBook verschenken
46,99 €
inkl. MwSt.
Sofort per Download lieferbar
Alle Infos zum eBook verschenken
0 °P sammeln
Thomas J. Mowbray
Cybersecurity (eBook, PDF)
Managing Systems, Conducting Testing, and Investigating Intrusions
- Format: PDF
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
Bitte loggen Sie sich zunächst in Ihr Kundenkonto ein oder registrieren Sie sich bei
bücher.de, um das eBook-Abo tolino select nutzen zu können.
Hier können Sie sich einloggen
Hier können Sie sich einloggen
Sie sind bereits eingeloggt. Klicken Sie auf 2. tolino select Abo, um fortzufahren.
Bitte loggen Sie sich zunächst in Ihr Kundenkonto ein oder registrieren Sie sich bei bücher.de, um das eBook-Abo tolino select nutzen zu können.
A must-have, hands-on guide for working in the cybersecurity profession Cybersecurity involves preventative methods to protect information from attacks. It requires a thorough understanding of potential threats, such as viruses and other malicious code, as well as system vulnerability and security architecture. This essential book addresses cybersecurity strategies that include identity management, risk management, and incident management, and also serves as a detailed guide for anyone looking to enter the security profession. Doubling as the text for a cybersecurity course, it is also a…mehr
- Geräte: PC
- mit Kopierschutz
- eBook Hilfe
- Größe: 8.03MB
Andere Kunden interessierten sich auch für
![Secrets and Lies (eBook, PDF)]( "Secrets and Lies (eBook, PDF)")
Bruce SchneierSecrets and Lies (eBook, PDF)19,99 €![Biometrics (eBook, PDF)]( "Biometrics (eBook, PDF)")
Samir NanavatiBiometrics (eBook, PDF)28,99 €![Threat Modeling (eBook, PDF)]( "Threat Modeling (eBook, PDF)")
Adam ShostackThreat Modeling (eBook, PDF)50,99 €![Computer Forensics For Dummies (eBook, PDF)]( "Computer Forensics For Dummies (eBook, PDF)")
Linda VoloninoComputer Forensics For Dummies (eBook, PDF)25,99 €![The Art of Deception (eBook, PDF)]( "The Art of Deception (eBook, PDF)")
Kevin D. MitnickThe Art of Deception (eBook, PDF)12,99 €![Information Security Governance (eBook, PDF)]( "Information Security Governance (eBook, PDF)")
Krag BrotbyInformation Security Governance (eBook, PDF)91,99 €![Computer Security Handbook, Set (eBook, PDF)]( "Computer Security Handbook, Set (eBook, PDF)")
Computer Security Handbook, Set (eBook, PDF)173,99 €-
-
-
A must-have, hands-on guide for working in the cybersecurity profession Cybersecurity involves preventative methods to protect information from attacks. It requires a thorough understanding of potential threats, such as viruses and other malicious code, as well as system vulnerability and security architecture. This essential book addresses cybersecurity strategies that include identity management, risk management, and incident management, and also serves as a detailed guide for anyone looking to enter the security profession. Doubling as the text for a cybersecurity course, it is also a useful reference for cybersecurity testing, IT test/development, and system/network administration. * Covers everything from basic network administration security skills through advanced command line scripting, tool customization, and log analysis skills * Dives deeper into such intense topics as wireshark/tcpdump filtering, Google hacks, Windows/Linux scripting, Metasploit command line, and tool customizations * Delves into network administration for Windows, Linux, and VMware * Examines penetration testing, cyber investigations, firewall configuration, and security tool customization * Shares techniques for cybersecurity testing, planning, and reporting Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions is a comprehensive and authoritative look at the critical topic of cybersecurity from start to finish.
Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.
Produktdetails
- Produktdetails
- Verlag: John Wiley & Sons
- Seitenzahl: 368
- Erscheinungstermin: 16. Oktober 2013
- Englisch
- ISBN-13: 9781118697047
- Artikelnr.: 39905782
- Verlag: John Wiley & Sons
- Seitenzahl: 368
- Erscheinungstermin: 16. Oktober 2013
- Englisch
- ISBN-13: 9781118697047
- Artikelnr.: 39905782
- Herstellerkennzeichnung Die Herstellerinformationen sind derzeit nicht verfügbar.
Thomas J. Mowbray, PhD, holds gold-level certification from the SANS Institute in network penetration and ethical hacking. Dr. Mowbray, who has earned a doctorate in computer science, has co-authored five other professional books, including Wiley's bestseller Antipatterns: Refactoring Software, Architectures, and Projects in Crisis. After founding the Northrup Grumman Cyber Warfare Community of Practice, Dr. Mowbray joined the Certification and Accreditation Team (an elite cybersecurity test group) as their network administrator, security tools customizer, and hands-on penetration tester. At the time of writing, Dr. Mowbray is the Chief Enterprise Architect of The Ohio State University.
Introduction xix
Part I Cyber Network Security Concepts 1
Chapter 1 Executive Summary 3
Why Start with Antipatterns? 4
Security Architecture 5
Antipattern: Signature-Based Malware Detection versus Polymorphic Threats 6
Refactored Solution: Reputational-, Behavioral-, and Entropy-Based Malware
Detection 6
Antipattern: Document-Driven Certification and Accreditation 7
Antipattern: Proliferating IA Standards with No Proven Benefits 8
Antipattern: Policy-Driven Security Certifications Do Not Address the
Threat 10
Refactored Solution: Security Training Roadmap 10
Summary 13
Assignments 14
Chapter 2 The Problems: Cyber Antipatterns 15
Antipatterns Concept 16
Forces in Cyber Antipatterns 16
Cyber Antipattern Templates 18
Micro-Antipattern Templates 18
Full Cyber Antipattern Template 19
Cybersecurity Antipattern Catalog 20
Can't Patch Dumb 21
Unpatched Applications 23
Never Read the Logs 25
Networks Always Play by the Rules 26
Hard on the Outside, Gooey in the Middle 28
Webify Everything 30
No Time for Security 32
Summary 34
Assignments 35
Chapter 3 Enterprise Security Using the Zachman Framework 37
What Is Architecture? Why Do We Need It? 37
Enterprises Are Complex and Changing 38
The Zachman Framework for Enterprise Architecture 38
Primitive Models versus Composite Models 40
How Does the Zachman Framework Help with Cybersecurity? 40
Everyone Has Their Own Specifications 41
The Goldmine Is in Row 2 42
Frameworks for Row 3 42
Architectural Problem Solving Patterns 43
Business Question Analysis 44
Document Mining 45
Hierarchy Formation 46
Enterprise Workshop 52
Matrix Mining 53
Nominal Group Technique 54
Minipatterns for Problem Solving Meetings 55
Summary 56
Assignments 57
Part II Cyber Network Security Hands-On 59
Chapter 4 Network Administration for Security Professionals 61
Managing Administrator and Root Accounts 62
Windows 63
Linux and Unix 64
VMware 64
Installing Hardware 64
Re-Imaging Operating Systems 67
Windows 67
Linux 68
VMware 69
Other OSes 69
Burning and Copying CDs and DVDs 69
Windows 70
Linux 70
VMware 71
Installing System Protection/Anti-Malware 71
Windows 74
Linux 74
VMware 75
Setting Up Networks 75
Windows 76
Linux 77
VMware 78
Other OSes 79
Installing Applications and Archiving 80
Windows 80
Linux 81
VMware 82
Other OSes 82
Customizing System Management Controls and Settings 82
Windows 82
Linux 83
VMware 83
Other OSes 83
Managing Remote Login 83
Windows 84
Linux 84
VMware 84
Managing User Administration 85
Windows 85
Linux 86
VMware 86
Managing Services 87
Windows 87
Linux 88
Other OSes 88
Mounting Disks 89
Windows 89
Linux 90
VMware 90
Moving Data Between Systems on Networks 90
Windows File Sharing 91
Secure File Transfer Protocol (SFTP) 91
VMware 91
Other Techniques 92
Converting Text Files Between OSes 92
Making Backup Disks 92
Formatting Disks 93
Windows 93
Linux 94
Configuring Firewalls 94
Converting and Migrating VMs 97
Additional Network Administration Knowledge 99
Summary 99
Assignments 101
Chapter 5 Customizing BackTrack and Security Tools 103
Creating and Running BackTrack Images 104
Customizing BackTrack with VM 105
Updating and Upgrading BackTrack and Pen Test Tools 106
Adding Windows to BackTrack with VMware 106
Disk Partitioning 107
Performing Multi-Boot Disk Setup 108
Results of the New Pen Test Architecture 110
Alternative Pen Test Architectures 111
Licensing Challenges for Network Administrators 111
Perpetual License 111
Annual License 111
Time Limited per Instance License 112
Time Hold Renewal License 112
Summary 112
Assignments 113
Chapter 6 Protocol Analysis and Network Programming 115
Networking Theory and Practice 116
Frequently Encountered Network Protocols 117
ARP and Layer 2 Headers 118
IP Header 120
ICMP Header 120
UDP Header 121
TCP Header 122
Network Programming: Bash 124
Bash for Basic Network Programming 125
Bash Network Sweep: Packaging a Script 126
Bash Network Scanning Using While 127
Bash Banner Grabbing 128
Network Programming: Windows Command-Line Interface (CLI) 130
Windows Command Line: Network Programming Using For /L 131
Windows Command Line: Password Attack Using For /F 132
Python Programming: Accelerated Network Scanning 133
Summary 136
Assignments 137
Chapter 7 Reconnaissance, Vulnerability Assessment, and Cyber Testing 139
Types of Cybersecurity Evaluations 139
Body of Evidence (BOE) Review 140
Penetration Tests 141
Vulnerability Assessment 141
Security Controls Audit 141
Software Inspection 141
Iterative/Incremental Testing 142
Understanding the Cybersecurity Testing Methodology 142
Reconnaissance 144
Network and Port Scanning 150
Policy Scanning 153
Vulnerability Probes and Fingerprinting 155
Test Planning and Reporting 159
Summary 162
Assignments 163
Chapter 8 Penetration Testing 165
Forms of Cyber Attacks 166
Buffer Overflows 166
Command Injection Attacks 167
SQL Injection Attacks 167
Network Penetration 167
Commercial Pen Testing Tools 170
Using IMPACT 170
Using CANVAS 171
Using Netcat to Create Connections and Move Data and Binaries 172
Using Netcat to Create Relays and Pivots 173
Using SQL Injection and Cross-Site Techniques to Perform Web Application
and Database Attacks 175
Collecting User Identities with Enumeration and Hash Grabbing 177
Enumeration and Hash Grabbing on Windows 178
Enumeration and Hash Grabbing on Linux 179
Password Cracking 179
John the Ripper 181
Rainbow Tables 181
Cain & Abel 181
Privilege Escalation 182
Final Malicious Phases 183
Backdoors 183
Entrenchment 184
Hidden Files 184
Rootkits 184
Rootkit Removal 185
Summary 185
Assignments 187
Chapter 9 Cyber Network Defense Using Advanced Log Analysis 189
Introduction to Cyber Network Defense 190
General Methods and Tools for Cyber Investigations 191
Observation 192
Hypothesis 192
Evaluation 193
Continuous Cyber Investigation Strategy 193
A Summary of the Cyber Investigation Process 195
Network Monitoring 197
The daycap script 199
The pscap Script 200
Text Log Analysis 200
The snortcap Script 201
The headcap Script 201
The statcap Script 202
The hostcap Script 202
The alteripcap Script 203
The orgcap Script 204
The iporgcap Script 205
The archcap Script 205
Binary Log Analysis 206
Advanced Wireshark Filters 206
Data Carving 207
Advanced tcpdump Filtering and Techniques 208
Analyzing Beacons 209
Reporting Cyber Investigations 210
Elimination of Cyber Threats 211
Intrusion Discovery on Windows 214
Summary 215
Assignments 216
Part III Cyber Network Application Domains 217
Chapter 10 Cybersecurity for End Users, Social Media, and Virtual Worlds
219
Doing an Ego Search 219
Protecting Laptops, PCs, and Mobile Devices 220
Staying Current with Anti-Malware and Software Updates 222
Managing Passwords 223
Guarding against Drive-By Malware 224
Staying Safe with E¿mail 225
Securely Banking and Buying Online 226
Understanding Scareware and Ransomware 227
Is Your Machine p0wned? 227
Being Careful with Social Media 228
Staying Safe in Virtual Worlds 229
Summary 230
Assignments 231
Chapter 11 Cybersecurity Essentials for Small Business 233
Install Anti-Malware Protection 234
Update Operating Systems 234
Update Applications 235
Change Default Passwords 235
Educate Your End Users 236
Small Enterprise System Administration 236
Wireless Security Basics for Small Business 237
Tips for Apple Macintosh Users 238
Summary 239
Assignments 239
Chapter 12 Large Enterprise Cybersecurity: Data Centers and Clouds 241
Critical Security Controls 242
Scanning Enterprise IP Address Range (Critical Control 1) 243
Drive-By Malware (Critical Controls 2 & 3) 244
Unpatched Applications in Large Enterprises (Critical Controls 2 & 4) 246
Internal Pivot from Compromised Machines (Critical Controls 2 & 10) 247
Weak System Configurations (Critical Controls 3 & 10) 248
Unpatched Systems (Critical Controls 4 & 5) 250
Lack of Security Improvement (Critical Controls 4, 5, 11, & 20) 250
Vulnerable Web Applications and Databases (Critical Controls 6 & 20) 251
Wireless Vulnerability (Critical Control 7) 252
Social Engineering (Critical Controls 9, 12, & 16) 253
Temporary Open Ports (Critical Controls 10 & 13) 254
Weak Network Architectures (Critical Controls 13 & 19) 255
Lack of Logging and Log Reviews (Critical Control 14) 256
Lack of Risk Assessment and Data Protection (Critical Controls 15 & 17) 257
Data Loss via Undetected Exfiltration (Critical Control 17) 259
Poor Incident Response - APT (Critical Control 18) 260
Cloud Security 261
How Do Clouds Form? How Do Clouds Work? 262
Stovepiped Widgets in the Cloud 263
Special Security Implications 264
Consolidation into Clouds Can Magnify Risks 264
Clouds Require Stronger Trust Relationships 264
Clouds Change Security Assumptions 265
Cloud Indexing Changes Security Semantics 265
Data Mashups Increase Data Sensitivity 265
Cloud Security Technology Maturity 266
New Governance and Quality Assurance for Cloud Computing 266
Summary 267
Assignments 268
Chapter 13 Healthcare Information Technology Security 269
Hipaa 270
Healthcare Risk Assessment 270
Healthcare Records Management 271
Healthcare IT and the Judicial Process 272
Data Loss 272
Managing Logs in Healthcare Organizations 273
Authentication and Access Control 274
Summary 275
Assignments 276
Chapter 14 Cyber Warfare: An Architecture for Deterrence 277
Introduction to Cyber Deterrence 278
Cyber Warfare 278
Comprehensive National Cybersecurity Initiative 279
Methodology and Assumptions 280
Cyber Deterrence Challenges 283
Legal and Treaty Assumptions 284
Cyber Deterrence Strategy 286
Reference Model 290
Solution Architecture 291
Architectural Prototypes 296
Baseline Code: Threaded Scanning 297
Botnet for Distributed Scanning 298
Performance Benchmarks 300
Deterministic Models of Performance 302
Projections for Military Botnets 303
Summary 304
Assignments 305
Glossary 307
Bibliography 317
Index 323
Part I Cyber Network Security Concepts 1
Chapter 1 Executive Summary 3
Why Start with Antipatterns? 4
Security Architecture 5
Antipattern: Signature-Based Malware Detection versus Polymorphic Threats 6
Refactored Solution: Reputational-, Behavioral-, and Entropy-Based Malware
Detection 6
Antipattern: Document-Driven Certification and Accreditation 7
Antipattern: Proliferating IA Standards with No Proven Benefits 8
Antipattern: Policy-Driven Security Certifications Do Not Address the
Threat 10
Refactored Solution: Security Training Roadmap 10
Summary 13
Assignments 14
Chapter 2 The Problems: Cyber Antipatterns 15
Antipatterns Concept 16
Forces in Cyber Antipatterns 16
Cyber Antipattern Templates 18
Micro-Antipattern Templates 18
Full Cyber Antipattern Template 19
Cybersecurity Antipattern Catalog 20
Can't Patch Dumb 21
Unpatched Applications 23
Never Read the Logs 25
Networks Always Play by the Rules 26
Hard on the Outside, Gooey in the Middle 28
Webify Everything 30
No Time for Security 32
Summary 34
Assignments 35
Chapter 3 Enterprise Security Using the Zachman Framework 37
What Is Architecture? Why Do We Need It? 37
Enterprises Are Complex and Changing 38
The Zachman Framework for Enterprise Architecture 38
Primitive Models versus Composite Models 40
How Does the Zachman Framework Help with Cybersecurity? 40
Everyone Has Their Own Specifications 41
The Goldmine Is in Row 2 42
Frameworks for Row 3 42
Architectural Problem Solving Patterns 43
Business Question Analysis 44
Document Mining 45
Hierarchy Formation 46
Enterprise Workshop 52
Matrix Mining 53
Nominal Group Technique 54
Minipatterns for Problem Solving Meetings 55
Summary 56
Assignments 57
Part II Cyber Network Security Hands-On 59
Chapter 4 Network Administration for Security Professionals 61
Managing Administrator and Root Accounts 62
Windows 63
Linux and Unix 64
VMware 64
Installing Hardware 64
Re-Imaging Operating Systems 67
Windows 67
Linux 68
VMware 69
Other OSes 69
Burning and Copying CDs and DVDs 69
Windows 70
Linux 70
VMware 71
Installing System Protection/Anti-Malware 71
Windows 74
Linux 74
VMware 75
Setting Up Networks 75
Windows 76
Linux 77
VMware 78
Other OSes 79
Installing Applications and Archiving 80
Windows 80
Linux 81
VMware 82
Other OSes 82
Customizing System Management Controls and Settings 82
Windows 82
Linux 83
VMware 83
Other OSes 83
Managing Remote Login 83
Windows 84
Linux 84
VMware 84
Managing User Administration 85
Windows 85
Linux 86
VMware 86
Managing Services 87
Windows 87
Linux 88
Other OSes 88
Mounting Disks 89
Windows 89
Linux 90
VMware 90
Moving Data Between Systems on Networks 90
Windows File Sharing 91
Secure File Transfer Protocol (SFTP) 91
VMware 91
Other Techniques 92
Converting Text Files Between OSes 92
Making Backup Disks 92
Formatting Disks 93
Windows 93
Linux 94
Configuring Firewalls 94
Converting and Migrating VMs 97
Additional Network Administration Knowledge 99
Summary 99
Assignments 101
Chapter 5 Customizing BackTrack and Security Tools 103
Creating and Running BackTrack Images 104
Customizing BackTrack with VM 105
Updating and Upgrading BackTrack and Pen Test Tools 106
Adding Windows to BackTrack with VMware 106
Disk Partitioning 107
Performing Multi-Boot Disk Setup 108
Results of the New Pen Test Architecture 110
Alternative Pen Test Architectures 111
Licensing Challenges for Network Administrators 111
Perpetual License 111
Annual License 111
Time Limited per Instance License 112
Time Hold Renewal License 112
Summary 112
Assignments 113
Chapter 6 Protocol Analysis and Network Programming 115
Networking Theory and Practice 116
Frequently Encountered Network Protocols 117
ARP and Layer 2 Headers 118
IP Header 120
ICMP Header 120
UDP Header 121
TCP Header 122
Network Programming: Bash 124
Bash for Basic Network Programming 125
Bash Network Sweep: Packaging a Script 126
Bash Network Scanning Using While 127
Bash Banner Grabbing 128
Network Programming: Windows Command-Line Interface (CLI) 130
Windows Command Line: Network Programming Using For /L 131
Windows Command Line: Password Attack Using For /F 132
Python Programming: Accelerated Network Scanning 133
Summary 136
Assignments 137
Chapter 7 Reconnaissance, Vulnerability Assessment, and Cyber Testing 139
Types of Cybersecurity Evaluations 139
Body of Evidence (BOE) Review 140
Penetration Tests 141
Vulnerability Assessment 141
Security Controls Audit 141
Software Inspection 141
Iterative/Incremental Testing 142
Understanding the Cybersecurity Testing Methodology 142
Reconnaissance 144
Network and Port Scanning 150
Policy Scanning 153
Vulnerability Probes and Fingerprinting 155
Test Planning and Reporting 159
Summary 162
Assignments 163
Chapter 8 Penetration Testing 165
Forms of Cyber Attacks 166
Buffer Overflows 166
Command Injection Attacks 167
SQL Injection Attacks 167
Network Penetration 167
Commercial Pen Testing Tools 170
Using IMPACT 170
Using CANVAS 171
Using Netcat to Create Connections and Move Data and Binaries 172
Using Netcat to Create Relays and Pivots 173
Using SQL Injection and Cross-Site Techniques to Perform Web Application
and Database Attacks 175
Collecting User Identities with Enumeration and Hash Grabbing 177
Enumeration and Hash Grabbing on Windows 178
Enumeration and Hash Grabbing on Linux 179
Password Cracking 179
John the Ripper 181
Rainbow Tables 181
Cain & Abel 181
Privilege Escalation 182
Final Malicious Phases 183
Backdoors 183
Entrenchment 184
Hidden Files 184
Rootkits 184
Rootkit Removal 185
Summary 185
Assignments 187
Chapter 9 Cyber Network Defense Using Advanced Log Analysis 189
Introduction to Cyber Network Defense 190
General Methods and Tools for Cyber Investigations 191
Observation 192
Hypothesis 192
Evaluation 193
Continuous Cyber Investigation Strategy 193
A Summary of the Cyber Investigation Process 195
Network Monitoring 197
The daycap script 199
The pscap Script 200
Text Log Analysis 200
The snortcap Script 201
The headcap Script 201
The statcap Script 202
The hostcap Script 202
The alteripcap Script 203
The orgcap Script 204
The iporgcap Script 205
The archcap Script 205
Binary Log Analysis 206
Advanced Wireshark Filters 206
Data Carving 207
Advanced tcpdump Filtering and Techniques 208
Analyzing Beacons 209
Reporting Cyber Investigations 210
Elimination of Cyber Threats 211
Intrusion Discovery on Windows 214
Summary 215
Assignments 216
Part III Cyber Network Application Domains 217
Chapter 10 Cybersecurity for End Users, Social Media, and Virtual Worlds
219
Doing an Ego Search 219
Protecting Laptops, PCs, and Mobile Devices 220
Staying Current with Anti-Malware and Software Updates 222
Managing Passwords 223
Guarding against Drive-By Malware 224
Staying Safe with E¿mail 225
Securely Banking and Buying Online 226
Understanding Scareware and Ransomware 227
Is Your Machine p0wned? 227
Being Careful with Social Media 228
Staying Safe in Virtual Worlds 229
Summary 230
Assignments 231
Chapter 11 Cybersecurity Essentials for Small Business 233
Install Anti-Malware Protection 234
Update Operating Systems 234
Update Applications 235
Change Default Passwords 235
Educate Your End Users 236
Small Enterprise System Administration 236
Wireless Security Basics for Small Business 237
Tips for Apple Macintosh Users 238
Summary 239
Assignments 239
Chapter 12 Large Enterprise Cybersecurity: Data Centers and Clouds 241
Critical Security Controls 242
Scanning Enterprise IP Address Range (Critical Control 1) 243
Drive-By Malware (Critical Controls 2 & 3) 244
Unpatched Applications in Large Enterprises (Critical Controls 2 & 4) 246
Internal Pivot from Compromised Machines (Critical Controls 2 & 10) 247
Weak System Configurations (Critical Controls 3 & 10) 248
Unpatched Systems (Critical Controls 4 & 5) 250
Lack of Security Improvement (Critical Controls 4, 5, 11, & 20) 250
Vulnerable Web Applications and Databases (Critical Controls 6 & 20) 251
Wireless Vulnerability (Critical Control 7) 252
Social Engineering (Critical Controls 9, 12, & 16) 253
Temporary Open Ports (Critical Controls 10 & 13) 254
Weak Network Architectures (Critical Controls 13 & 19) 255
Lack of Logging and Log Reviews (Critical Control 14) 256
Lack of Risk Assessment and Data Protection (Critical Controls 15 & 17) 257
Data Loss via Undetected Exfiltration (Critical Control 17) 259
Poor Incident Response - APT (Critical Control 18) 260
Cloud Security 261
How Do Clouds Form? How Do Clouds Work? 262
Stovepiped Widgets in the Cloud 263
Special Security Implications 264
Consolidation into Clouds Can Magnify Risks 264
Clouds Require Stronger Trust Relationships 264
Clouds Change Security Assumptions 265
Cloud Indexing Changes Security Semantics 265
Data Mashups Increase Data Sensitivity 265
Cloud Security Technology Maturity 266
New Governance and Quality Assurance for Cloud Computing 266
Summary 267
Assignments 268
Chapter 13 Healthcare Information Technology Security 269
Hipaa 270
Healthcare Risk Assessment 270
Healthcare Records Management 271
Healthcare IT and the Judicial Process 272
Data Loss 272
Managing Logs in Healthcare Organizations 273
Authentication and Access Control 274
Summary 275
Assignments 276
Chapter 14 Cyber Warfare: An Architecture for Deterrence 277
Introduction to Cyber Deterrence 278
Cyber Warfare 278
Comprehensive National Cybersecurity Initiative 279
Methodology and Assumptions 280
Cyber Deterrence Challenges 283
Legal and Treaty Assumptions 284
Cyber Deterrence Strategy 286
Reference Model 290
Solution Architecture 291
Architectural Prototypes 296
Baseline Code: Threaded Scanning 297
Botnet for Distributed Scanning 298
Performance Benchmarks 300
Deterministic Models of Performance 302
Projections for Military Botnets 303
Summary 304
Assignments 305
Glossary 307
Bibliography 317
Index 323
Introduction xix
Part I Cyber Network Security Concepts 1
Chapter 1 Executive Summary 3
Why Start with Antipatterns? 4
Security Architecture 5
Antipattern: Signature-Based Malware Detection versus Polymorphic Threats 6
Refactored Solution: Reputational-, Behavioral-, and Entropy-Based Malware
Detection 6
Antipattern: Document-Driven Certification and Accreditation 7
Antipattern: Proliferating IA Standards with No Proven Benefits 8
Antipattern: Policy-Driven Security Certifications Do Not Address the
Threat 10
Refactored Solution: Security Training Roadmap 10
Summary 13
Assignments 14
Chapter 2 The Problems: Cyber Antipatterns 15
Antipatterns Concept 16
Forces in Cyber Antipatterns 16
Cyber Antipattern Templates 18
Micro-Antipattern Templates 18
Full Cyber Antipattern Template 19
Cybersecurity Antipattern Catalog 20
Can't Patch Dumb 21
Unpatched Applications 23
Never Read the Logs 25
Networks Always Play by the Rules 26
Hard on the Outside, Gooey in the Middle 28
Webify Everything 30
No Time for Security 32
Summary 34
Assignments 35
Chapter 3 Enterprise Security Using the Zachman Framework 37
What Is Architecture? Why Do We Need It? 37
Enterprises Are Complex and Changing 38
The Zachman Framework for Enterprise Architecture 38
Primitive Models versus Composite Models 40
How Does the Zachman Framework Help with Cybersecurity? 40
Everyone Has Their Own Specifications 41
The Goldmine Is in Row 2 42
Frameworks for Row 3 42
Architectural Problem Solving Patterns 43
Business Question Analysis 44
Document Mining 45
Hierarchy Formation 46
Enterprise Workshop 52
Matrix Mining 53
Nominal Group Technique 54
Minipatterns for Problem Solving Meetings 55
Summary 56
Assignments 57
Part II Cyber Network Security Hands-On 59
Chapter 4 Network Administration for Security Professionals 61
Managing Administrator and Root Accounts 62
Windows 63
Linux and Unix 64
VMware 64
Installing Hardware 64
Re-Imaging Operating Systems 67
Windows 67
Linux 68
VMware 69
Other OSes 69
Burning and Copying CDs and DVDs 69
Windows 70
Linux 70
VMware 71
Installing System Protection/Anti-Malware 71
Windows 74
Linux 74
VMware 75
Setting Up Networks 75
Windows 76
Linux 77
VMware 78
Other OSes 79
Installing Applications and Archiving 80
Windows 80
Linux 81
VMware 82
Other OSes 82
Customizing System Management Controls and Settings 82
Windows 82
Linux 83
VMware 83
Other OSes 83
Managing Remote Login 83
Windows 84
Linux 84
VMware 84
Managing User Administration 85
Windows 85
Linux 86
VMware 86
Managing Services 87
Windows 87
Linux 88
Other OSes 88
Mounting Disks 89
Windows 89
Linux 90
VMware 90
Moving Data Between Systems on Networks 90
Windows File Sharing 91
Secure File Transfer Protocol (SFTP) 91
VMware 91
Other Techniques 92
Converting Text Files Between OSes 92
Making Backup Disks 92
Formatting Disks 93
Windows 93
Linux 94
Configuring Firewalls 94
Converting and Migrating VMs 97
Additional Network Administration Knowledge 99
Summary 99
Assignments 101
Chapter 5 Customizing BackTrack and Security Tools 103
Creating and Running BackTrack Images 104
Customizing BackTrack with VM 105
Updating and Upgrading BackTrack and Pen Test Tools 106
Adding Windows to BackTrack with VMware 106
Disk Partitioning 107
Performing Multi-Boot Disk Setup 108
Results of the New Pen Test Architecture 110
Alternative Pen Test Architectures 111
Licensing Challenges for Network Administrators 111
Perpetual License 111
Annual License 111
Time Limited per Instance License 112
Time Hold Renewal License 112
Summary 112
Assignments 113
Chapter 6 Protocol Analysis and Network Programming 115
Networking Theory and Practice 116
Frequently Encountered Network Protocols 117
ARP and Layer 2 Headers 118
IP Header 120
ICMP Header 120
UDP Header 121
TCP Header 122
Network Programming: Bash 124
Bash for Basic Network Programming 125
Bash Network Sweep: Packaging a Script 126
Bash Network Scanning Using While 127
Bash Banner Grabbing 128
Network Programming: Windows Command-Line Interface (CLI) 130
Windows Command Line: Network Programming Using For /L 131
Windows Command Line: Password Attack Using For /F 132
Python Programming: Accelerated Network Scanning 133
Summary 136
Assignments 137
Chapter 7 Reconnaissance, Vulnerability Assessment, and Cyber Testing 139
Types of Cybersecurity Evaluations 139
Body of Evidence (BOE) Review 140
Penetration Tests 141
Vulnerability Assessment 141
Security Controls Audit 141
Software Inspection 141
Iterative/Incremental Testing 142
Understanding the Cybersecurity Testing Methodology 142
Reconnaissance 144
Network and Port Scanning 150
Policy Scanning 153
Vulnerability Probes and Fingerprinting 155
Test Planning and Reporting 159
Summary 162
Assignments 163
Chapter 8 Penetration Testing 165
Forms of Cyber Attacks 166
Buffer Overflows 166
Command Injection Attacks 167
SQL Injection Attacks 167
Network Penetration 167
Commercial Pen Testing Tools 170
Using IMPACT 170
Using CANVAS 171
Using Netcat to Create Connections and Move Data and Binaries 172
Using Netcat to Create Relays and Pivots 173
Using SQL Injection and Cross-Site Techniques to Perform Web Application
and Database Attacks 175
Collecting User Identities with Enumeration and Hash Grabbing 177
Enumeration and Hash Grabbing on Windows 178
Enumeration and Hash Grabbing on Linux 179
Password Cracking 179
John the Ripper 181
Rainbow Tables 181
Cain & Abel 181
Privilege Escalation 182
Final Malicious Phases 183
Backdoors 183
Entrenchment 184
Hidden Files 184
Rootkits 184
Rootkit Removal 185
Summary 185
Assignments 187
Chapter 9 Cyber Network Defense Using Advanced Log Analysis 189
Introduction to Cyber Network Defense 190
General Methods and Tools for Cyber Investigations 191
Observation 192
Hypothesis 192
Evaluation 193
Continuous Cyber Investigation Strategy 193
A Summary of the Cyber Investigation Process 195
Network Monitoring 197
The daycap script 199
The pscap Script 200
Text Log Analysis 200
The snortcap Script 201
The headcap Script 201
The statcap Script 202
The hostcap Script 202
The alteripcap Script 203
The orgcap Script 204
The iporgcap Script 205
The archcap Script 205
Binary Log Analysis 206
Advanced Wireshark Filters 206
Data Carving 207
Advanced tcpdump Filtering and Techniques 208
Analyzing Beacons 209
Reporting Cyber Investigations 210
Elimination of Cyber Threats 211
Intrusion Discovery on Windows 214
Summary 215
Assignments 216
Part III Cyber Network Application Domains 217
Chapter 10 Cybersecurity for End Users, Social Media, and Virtual Worlds
219
Doing an Ego Search 219
Protecting Laptops, PCs, and Mobile Devices 220
Staying Current with Anti-Malware and Software Updates 222
Managing Passwords 223
Guarding against Drive-By Malware 224
Staying Safe with E¿mail 225
Securely Banking and Buying Online 226
Understanding Scareware and Ransomware 227
Is Your Machine p0wned? 227
Being Careful with Social Media 228
Staying Safe in Virtual Worlds 229
Summary 230
Assignments 231
Chapter 11 Cybersecurity Essentials for Small Business 233
Install Anti-Malware Protection 234
Update Operating Systems 234
Update Applications 235
Change Default Passwords 235
Educate Your End Users 236
Small Enterprise System Administration 236
Wireless Security Basics for Small Business 237
Tips for Apple Macintosh Users 238
Summary 239
Assignments 239
Chapter 12 Large Enterprise Cybersecurity: Data Centers and Clouds 241
Critical Security Controls 242
Scanning Enterprise IP Address Range (Critical Control 1) 243
Drive-By Malware (Critical Controls 2 & 3) 244
Unpatched Applications in Large Enterprises (Critical Controls 2 & 4) 246
Internal Pivot from Compromised Machines (Critical Controls 2 & 10) 247
Weak System Configurations (Critical Controls 3 & 10) 248
Unpatched Systems (Critical Controls 4 & 5) 250
Lack of Security Improvement (Critical Controls 4, 5, 11, & 20) 250
Vulnerable Web Applications and Databases (Critical Controls 6 & 20) 251
Wireless Vulnerability (Critical Control 7) 252
Social Engineering (Critical Controls 9, 12, & 16) 253
Temporary Open Ports (Critical Controls 10 & 13) 254
Weak Network Architectures (Critical Controls 13 & 19) 255
Lack of Logging and Log Reviews (Critical Control 14) 256
Lack of Risk Assessment and Data Protection (Critical Controls 15 & 17) 257
Data Loss via Undetected Exfiltration (Critical Control 17) 259
Poor Incident Response - APT (Critical Control 18) 260
Cloud Security 261
How Do Clouds Form? How Do Clouds Work? 262
Stovepiped Widgets in the Cloud 263
Special Security Implications 264
Consolidation into Clouds Can Magnify Risks 264
Clouds Require Stronger Trust Relationships 264
Clouds Change Security Assumptions 265
Cloud Indexing Changes Security Semantics 265
Data Mashups Increase Data Sensitivity 265
Cloud Security Technology Maturity 266
New Governance and Quality Assurance for Cloud Computing 266
Summary 267
Assignments 268
Chapter 13 Healthcare Information Technology Security 269
Hipaa 270
Healthcare Risk Assessment 270
Healthcare Records Management 271
Healthcare IT and the Judicial Process 272
Data Loss 272
Managing Logs in Healthcare Organizations 273
Authentication and Access Control 274
Summary 275
Assignments 276
Chapter 14 Cyber Warfare: An Architecture for Deterrence 277
Introduction to Cyber Deterrence 278
Cyber Warfare 278
Comprehensive National Cybersecurity Initiative 279
Methodology and Assumptions 280
Cyber Deterrence Challenges 283
Legal and Treaty Assumptions 284
Cyber Deterrence Strategy 286
Reference Model 290
Solution Architecture 291
Architectural Prototypes 296
Baseline Code: Threaded Scanning 297
Botnet for Distributed Scanning 298
Performance Benchmarks 300
Deterministic Models of Performance 302
Projections for Military Botnets 303
Summary 304
Assignments 305
Glossary 307
Bibliography 317
Index 323
Part I Cyber Network Security Concepts 1
Chapter 1 Executive Summary 3
Why Start with Antipatterns? 4
Security Architecture 5
Antipattern: Signature-Based Malware Detection versus Polymorphic Threats 6
Refactored Solution: Reputational-, Behavioral-, and Entropy-Based Malware
Detection 6
Antipattern: Document-Driven Certification and Accreditation 7
Antipattern: Proliferating IA Standards with No Proven Benefits 8
Antipattern: Policy-Driven Security Certifications Do Not Address the
Threat 10
Refactored Solution: Security Training Roadmap 10
Summary 13
Assignments 14
Chapter 2 The Problems: Cyber Antipatterns 15
Antipatterns Concept 16
Forces in Cyber Antipatterns 16
Cyber Antipattern Templates 18
Micro-Antipattern Templates 18
Full Cyber Antipattern Template 19
Cybersecurity Antipattern Catalog 20
Can't Patch Dumb 21
Unpatched Applications 23
Never Read the Logs 25
Networks Always Play by the Rules 26
Hard on the Outside, Gooey in the Middle 28
Webify Everything 30
No Time for Security 32
Summary 34
Assignments 35
Chapter 3 Enterprise Security Using the Zachman Framework 37
What Is Architecture? Why Do We Need It? 37
Enterprises Are Complex and Changing 38
The Zachman Framework for Enterprise Architecture 38
Primitive Models versus Composite Models 40
How Does the Zachman Framework Help with Cybersecurity? 40
Everyone Has Their Own Specifications 41
The Goldmine Is in Row 2 42
Frameworks for Row 3 42
Architectural Problem Solving Patterns 43
Business Question Analysis 44
Document Mining 45
Hierarchy Formation 46
Enterprise Workshop 52
Matrix Mining 53
Nominal Group Technique 54
Minipatterns for Problem Solving Meetings 55
Summary 56
Assignments 57
Part II Cyber Network Security Hands-On 59
Chapter 4 Network Administration for Security Professionals 61
Managing Administrator and Root Accounts 62
Windows 63
Linux and Unix 64
VMware 64
Installing Hardware 64
Re-Imaging Operating Systems 67
Windows 67
Linux 68
VMware 69
Other OSes 69
Burning and Copying CDs and DVDs 69
Windows 70
Linux 70
VMware 71
Installing System Protection/Anti-Malware 71
Windows 74
Linux 74
VMware 75
Setting Up Networks 75
Windows 76
Linux 77
VMware 78
Other OSes 79
Installing Applications and Archiving 80
Windows 80
Linux 81
VMware 82
Other OSes 82
Customizing System Management Controls and Settings 82
Windows 82
Linux 83
VMware 83
Other OSes 83
Managing Remote Login 83
Windows 84
Linux 84
VMware 84
Managing User Administration 85
Windows 85
Linux 86
VMware 86
Managing Services 87
Windows 87
Linux 88
Other OSes 88
Mounting Disks 89
Windows 89
Linux 90
VMware 90
Moving Data Between Systems on Networks 90
Windows File Sharing 91
Secure File Transfer Protocol (SFTP) 91
VMware 91
Other Techniques 92
Converting Text Files Between OSes 92
Making Backup Disks 92
Formatting Disks 93
Windows 93
Linux 94
Configuring Firewalls 94
Converting and Migrating VMs 97
Additional Network Administration Knowledge 99
Summary 99
Assignments 101
Chapter 5 Customizing BackTrack and Security Tools 103
Creating and Running BackTrack Images 104
Customizing BackTrack with VM 105
Updating and Upgrading BackTrack and Pen Test Tools 106
Adding Windows to BackTrack with VMware 106
Disk Partitioning 107
Performing Multi-Boot Disk Setup 108
Results of the New Pen Test Architecture 110
Alternative Pen Test Architectures 111
Licensing Challenges for Network Administrators 111
Perpetual License 111
Annual License 111
Time Limited per Instance License 112
Time Hold Renewal License 112
Summary 112
Assignments 113
Chapter 6 Protocol Analysis and Network Programming 115
Networking Theory and Practice 116
Frequently Encountered Network Protocols 117
ARP and Layer 2 Headers 118
IP Header 120
ICMP Header 120
UDP Header 121
TCP Header 122
Network Programming: Bash 124
Bash for Basic Network Programming 125
Bash Network Sweep: Packaging a Script 126
Bash Network Scanning Using While 127
Bash Banner Grabbing 128
Network Programming: Windows Command-Line Interface (CLI) 130
Windows Command Line: Network Programming Using For /L 131
Windows Command Line: Password Attack Using For /F 132
Python Programming: Accelerated Network Scanning 133
Summary 136
Assignments 137
Chapter 7 Reconnaissance, Vulnerability Assessment, and Cyber Testing 139
Types of Cybersecurity Evaluations 139
Body of Evidence (BOE) Review 140
Penetration Tests 141
Vulnerability Assessment 141
Security Controls Audit 141
Software Inspection 141
Iterative/Incremental Testing 142
Understanding the Cybersecurity Testing Methodology 142
Reconnaissance 144
Network and Port Scanning 150
Policy Scanning 153
Vulnerability Probes and Fingerprinting 155
Test Planning and Reporting 159
Summary 162
Assignments 163
Chapter 8 Penetration Testing 165
Forms of Cyber Attacks 166
Buffer Overflows 166
Command Injection Attacks 167
SQL Injection Attacks 167
Network Penetration 167
Commercial Pen Testing Tools 170
Using IMPACT 170
Using CANVAS 171
Using Netcat to Create Connections and Move Data and Binaries 172
Using Netcat to Create Relays and Pivots 173
Using SQL Injection and Cross-Site Techniques to Perform Web Application
and Database Attacks 175
Collecting User Identities with Enumeration and Hash Grabbing 177
Enumeration and Hash Grabbing on Windows 178
Enumeration and Hash Grabbing on Linux 179
Password Cracking 179
John the Ripper 181
Rainbow Tables 181
Cain & Abel 181
Privilege Escalation 182
Final Malicious Phases 183
Backdoors 183
Entrenchment 184
Hidden Files 184
Rootkits 184
Rootkit Removal 185
Summary 185
Assignments 187
Chapter 9 Cyber Network Defense Using Advanced Log Analysis 189
Introduction to Cyber Network Defense 190
General Methods and Tools for Cyber Investigations 191
Observation 192
Hypothesis 192
Evaluation 193
Continuous Cyber Investigation Strategy 193
A Summary of the Cyber Investigation Process 195
Network Monitoring 197
The daycap script 199
The pscap Script 200
Text Log Analysis 200
The snortcap Script 201
The headcap Script 201
The statcap Script 202
The hostcap Script 202
The alteripcap Script 203
The orgcap Script 204
The iporgcap Script 205
The archcap Script 205
Binary Log Analysis 206
Advanced Wireshark Filters 206
Data Carving 207
Advanced tcpdump Filtering and Techniques 208
Analyzing Beacons 209
Reporting Cyber Investigations 210
Elimination of Cyber Threats 211
Intrusion Discovery on Windows 214
Summary 215
Assignments 216
Part III Cyber Network Application Domains 217
Chapter 10 Cybersecurity for End Users, Social Media, and Virtual Worlds
219
Doing an Ego Search 219
Protecting Laptops, PCs, and Mobile Devices 220
Staying Current with Anti-Malware and Software Updates 222
Managing Passwords 223
Guarding against Drive-By Malware 224
Staying Safe with E¿mail 225
Securely Banking and Buying Online 226
Understanding Scareware and Ransomware 227
Is Your Machine p0wned? 227
Being Careful with Social Media 228
Staying Safe in Virtual Worlds 229
Summary 230
Assignments 231
Chapter 11 Cybersecurity Essentials for Small Business 233
Install Anti-Malware Protection 234
Update Operating Systems 234
Update Applications 235
Change Default Passwords 235
Educate Your End Users 236
Small Enterprise System Administration 236
Wireless Security Basics for Small Business 237
Tips for Apple Macintosh Users 238
Summary 239
Assignments 239
Chapter 12 Large Enterprise Cybersecurity: Data Centers and Clouds 241
Critical Security Controls 242
Scanning Enterprise IP Address Range (Critical Control 1) 243
Drive-By Malware (Critical Controls 2 & 3) 244
Unpatched Applications in Large Enterprises (Critical Controls 2 & 4) 246
Internal Pivot from Compromised Machines (Critical Controls 2 & 10) 247
Weak System Configurations (Critical Controls 3 & 10) 248
Unpatched Systems (Critical Controls 4 & 5) 250
Lack of Security Improvement (Critical Controls 4, 5, 11, & 20) 250
Vulnerable Web Applications and Databases (Critical Controls 6 & 20) 251
Wireless Vulnerability (Critical Control 7) 252
Social Engineering (Critical Controls 9, 12, & 16) 253
Temporary Open Ports (Critical Controls 10 & 13) 254
Weak Network Architectures (Critical Controls 13 & 19) 255
Lack of Logging and Log Reviews (Critical Control 14) 256
Lack of Risk Assessment and Data Protection (Critical Controls 15 & 17) 257
Data Loss via Undetected Exfiltration (Critical Control 17) 259
Poor Incident Response - APT (Critical Control 18) 260
Cloud Security 261
How Do Clouds Form? How Do Clouds Work? 262
Stovepiped Widgets in the Cloud 263
Special Security Implications 264
Consolidation into Clouds Can Magnify Risks 264
Clouds Require Stronger Trust Relationships 264
Clouds Change Security Assumptions 265
Cloud Indexing Changes Security Semantics 265
Data Mashups Increase Data Sensitivity 265
Cloud Security Technology Maturity 266
New Governance and Quality Assurance for Cloud Computing 266
Summary 267
Assignments 268
Chapter 13 Healthcare Information Technology Security 269
Hipaa 270
Healthcare Risk Assessment 270
Healthcare Records Management 271
Healthcare IT and the Judicial Process 272
Data Loss 272
Managing Logs in Healthcare Organizations 273
Authentication and Access Control 274
Summary 275
Assignments 276
Chapter 14 Cyber Warfare: An Architecture for Deterrence 277
Introduction to Cyber Deterrence 278
Cyber Warfare 278
Comprehensive National Cybersecurity Initiative 279
Methodology and Assumptions 280
Cyber Deterrence Challenges 283
Legal and Treaty Assumptions 284
Cyber Deterrence Strategy 286
Reference Model 290
Solution Architecture 291
Architectural Prototypes 296
Baseline Code: Threaded Scanning 297
Botnet for Distributed Scanning 298
Performance Benchmarks 300
Deterministic Models of Performance 302
Projections for Military Botnets 303
Summary 304
Assignments 305
Glossary 307
Bibliography 317
Index 323