ReadingBusinessLibrariesStore
Sign InSign Up
BPB Online LLP
Modern Cybersecurity Practices
Pascal Ackerman
Modern Cybersecurity Practices
US$ 19.95
Buy eBook NowGift eBook
The publisher has enabled DRM protection, which means that you need to use the BookFusion iOS, Android or Web app to read this eBook. This eBook cannot be used outside of the BookFusion platform.
Description
Contents
Reviews

A practical book that will help you defend against malicious activities

Key Features
Learn how attackers infiltrate a network, exfiltrate sensitive data and destroy any evidence on their way out
Learn how to choose, design and implement a cybersecurity program that best fits your needs
Learn how to improve a cybersecurity program and accompanying cybersecurity posture by checks, balances and cyclic improvement activities
Learn to verify, monitor and validate the cybersecurity program by active and passive cybersecurity monitoring activities
Learn to detect malicious activities in your environment by implementing Threat Hunting exercises

Description
Modern Cybersecurity practices will take you on a journey through the realm of Cybersecurity. The book will have you observe and participate in the complete takeover of the network of Company-X, a widget making company that is about to release a revolutionary new widget that has the competition fearful and envious. The book will guide you through the process of the attack on Company-X’s environment, shows how an attacker could use information and tools to infiltrate the companies network, exfiltrate sensitive data and then leave the company in disarray by leaving behind a little surprise for any users to find the next time they open their computer.

After we see how an attacker pulls off their malicious goals, the next part of the book will have your pick, design, and implement a security program that best reflects your specific situation and requirements. Along the way, we will look at a variety of methodologies, concepts, and tools that are typically used during the activities that are involved with the design, implementation, and improvement of one’s cybersecurity posture.

After having implemented a fitting cybersecurity program and kickstarted the improvement of our cybersecurity posture improvement activities we then go and look at all activities, requirements, tools, and methodologies behind keeping an eye on the state of our cybersecurity posture with active and passive cybersecurity monitoring tools and activities as well as the use of threat hunting exercises to find malicious activity in our environment that typically stays under the radar of standard detection methods like firewall, IDS’ and endpoint protection solutions.

What you will learn
Explore the different methodologies, techniques, tools, and activities an attacker uses to breach a modern company’s cybersecurity defenses
Learn how to design a cybersecurity program that best fits your unique environment
Monitor and improve one’s cybersecurity posture by using active and passive security monitoring tools and activities.

Who this book is for
This book is a must read to everyone involved with establishing, maintaining, and improving their Cybersecurity program and accompanying cybersecurity posture.

Table of Contents
1. What’s at stake
2. Define scope
3.Adhere to a security standard
4. Defining the policies
5. Conducting a gap analysis
6. Interpreting the analysis results
7. Prioritizing remediation
8. Getting to a comfortable level
9. Conducting a penetration test
10. Passive security monitoring
11. Active security monitoring
12. Threat hunting
13. Continuous battle
14. Time to reflect

About the Authors
Pascal Ackerman is a seasoned industrial security professional with a degree in electrical engineering and with 18 years of experience in industrial network design and support, information and network security, risk assessments, pentesting, threat hunting, and forensics.

Language
English
ISBN
9789389328257
cybersecurity program
firewalls
hacking
pfsense
policies
ransomware
security monitoring
siem
threat hunting
cybersecurity posture
procedures and standards
alienvault
hacking tools
data exfiltration
Cover Page
Title Page
Copyright Page
Dedication
About the Author
Acknowledgement
Preface
Errata
Table of Contents
Part I: Setting the Stage - System Pwnage
1. What’s at Stake?
Structure
Objective
Some statistics
The 5 most devastating security breaches
Common vulnerability types caused by improper input validation
Common security mistakes
Common web security mistake #1: Injection flaws
A common enemy, improper input validation
Conclusion
Questions
2. Example Attack - The Initial Breach
Structure
Objective
Company X – not that secure
The exposure
The vulnerability
So how this is being used in real life?
Conclusion
Questions
3. Example Attack - Lateral Movement
Structure
Objective
Admin in the cloud – what can go wrong…?
Adding our tools to the cloud
Exploring the local network segment
Using credential stuffing on company X
Attacking TESTSERVER-WEB1
Finding user credentials on a compromised system
Moving to the next system
Conclusion
Questions
4. Example Attack - Data Exfiltration
Structure
Objective
What are we doing here?
What’s in a database?
Exploring the sales web server for clues
Getting the goodies
Conclusion
Questions
5. Example Attack - Going Out with a Bang
Structure
Objective
Attack recap
What else can be done with a foothold in the network?
NotPetya
Executing a payload on a group of computers
Sealing company X’s fate
Conclusion
Questions
Part II: Security Program Implementation
6. Scrutinizing the Example Attack
Structure
Objective
Security issue 1: Not properly implemented network architecture design
Security issue 2: Secure system build and change management practices
Security issue 3: IDS, IPS, and endpoint protection systems
Security issue 4: Credential management
Security issue 5: User privilege management, privilege creep
Security issue 6: Security monitoring
Conclusion
Questions
7. Adhere to a Security Standard
Structure
Objectives
What is the security standard?
Common security standards
ISO/IEC 27001 and 27002
NERC
NIST
ISO 27005
IASME Governance
U.S. Banking Regulators
Standard of good practice
Security standards for Operation Technology (OT) Space
ANSI/ISA 62443 (Formerly ISA-99)
The ISA Security Compliance Institute (ISCI) Conformity Assessment Program
ISCI certification offerings
Global accreditation and recognition
How to pick a standards framework?
The control framework
The program framework
The risk framework
No one-size-fits-all in security programs
A hybrid solution
Getting started with a cybersecurity framework
A fitting standard for company X’s security program
Setting goals and expectations for the security program
Conclusion
Questions
8. Defining Security Policies, Procedures, Standards, and Guidelines
Structure
Objectives
Risk
What is the difference between security policies, standards, procedures, and guidelines?
Policies
Standards
Procedures
Guidelines
Common security policies
Information security policy
Acceptable use policy
Asset management policy
Backup and restore the policy
Bring your device (BYOD) policy
Change management policy
Cloud computing policy
Data classification policy
Digital media and hardware disposal policy
Disaster recovery policy
Endpoint security policy
Email policy
Incident response policy
Intrusion detection and prevention policy
Network security policy
Patch management policy
Password policy
Remote access policy
Security awareness and training policy
Vulnerability management policy
Web Application Security Policy
Company X – Security standards
Company X – Security procedures
Document storage and management
Conclusion
Questions
9. Kicking Off the Security Program
Structure
Objective
Risk management and risk assessments
Step 1: Asset identification and characterization
Step 2: Threat modeling – risk scenarios
Discovering vulnerabilities
Collect vulnerability details
Threat events
Risk scenarios
Step 3: Risk calculation
Risk mitigation
Security program improvement cycle
Penetration testing example
Conclusion
Questions
Part III: Security Monitoring for Continuous Improvement
10. Passive Security Monitoring
Structure
Objective
Security incidents
Event logs
Network traffic packet captures
Firewalls and IDS/IPS
Installing pfSense
Configuring pfSense
Exploring pfSense
Security Information and Event Management (SIEM)
Installing AlienVault OSSIM
Configuring AlienVault OSSIM
Schedule vulnerability scans
Configuring pfSense
Working with AlienVault OSSIM
The Microsoft Azure Sentinel SIEM
Conclusion
Questions
11. Active Security Monitoring
Structure
Objective
What isvulnerability management?
Actively looking for vulnerabilities
Manual vulnerability discovery
Automated vulnerability discovery - Vulnerability scanners
Automated vulnerability discovery–running a Qualys scan
Installing the Qualys virtual appliance
Configuring the Qualys scanner appliance
Running a vulnerability scan
Going over the scan results
Defining the vulnerability remediation plan
Only worry about the high-severity stuff
Follow the money (makers)
Situational awareness
Conclusion
Questions
12. Threat Hunting
Structure
Objective
What is threat hunting?
Information needed for the job
Network logs
Event logs
Sysmon
Install sysmonon company-X systems
Security Onion
Deploy a Security Onion VM
Security Onion in action
Security Incident and Event Management (SIEM)
Splunk
ELK stack
Install ELK for company-X environment
Install Elasticsearch
Configure Elasticsearch
Install Logstash
Configure Logstash
Install Kibana
Configure Kibana
Install Nginx as an authenticating reverse web proxy
Configure systems to report to ELK
Filebeat
Winlogbeat
Packetbeat
Setup an index pattern
Using Syslog for miscellaneous logs
Making use of the Logstash parsing capabilities - adding geo location
Geolocation in action
Areas of interest – Hunting exercises
Recognizing suspicious software
Creating a file hunting dashboard
The file hunting dashboard in action
Scripting abuse
Look at your users
Look at suspicious commands
Look at the parent process
Look at PowerShell process
Looking at your users
Network activity
Putting it all together –User discovered a suspicious file
Conclusion
Questions
13. The Continuous Battle
Structure
Objective
Recap of our efforts so far
Manage risk by defininga reoccurring security program cycle
Assessing risk
Responding to risk
Monitoring risk
What if things do go wrong? – Incident handling
Incident response is a process
Preparation
Detection and reporting
Triage and analysis
Containment and irradiation
Post-incident activity
What else can be done to improve one’s security program and posture?
Threat intelligence
Threat research
Honeypots
Work with the security community
Conclusion
Questions

Loading...

You May Also Like
Getting started with Deep Learning for Natural Language Processing
$19.95
Sunil Patel
Getting started with Deep Learning for Natural Language Processing
Practical Network Security
$19.95
Neha Saxena
Practical Network Security
DevOps and Containers Security
$19.95
Jose Manuel Ortega Candel
DevOps and Containers Security
Ethical Hacker's Certification Guide (CEHv11)
$19.95
Mohd Sohaib
Ethical Hacker's Certification Guide (CEHv11)
Cryptography and Network Security
$19.95
Bhushan Trivedi, Savita Gandhi, Dhiren Pandit
Cryptography and Network Security
Hands-on Penetration Testing for Web Applications
$19.95
Richa Gupta
Hands-on Penetration Testing for Web Applications
Fundamentals of Cyber Security
$19.95
Mayank Bhushan, Rajkumar Singh Rathore, Aatif Jamshed
Fundamentals of Cyber Security
Penetration Testing with Kali Linux
$19.95
Pranav Joshi, Deepayan Chanda
Penetration Testing with Kali Linux
Learn Penetration Testing with Python 3.x
$19.95
Yehia Elghaly
Learn Penetration Testing with Python 3.x
Carlong Economics for CSEC® With SBA, Study Guide & Exercises
$28.00
Karlene Robinson, Novelette Cooke
Carlong Economics for CSEC® With SBA, Study Guide & Exercises