Martin M. Weiss
CompTIA Security+ SY0-601 Exam Cram (eBook, ePUB)
21,95 €
21,95 €
inkl. MwSt.
Sofort per Download lieferbar
11 °P sammeln
21,95 €
Als Download kaufen
21,95 €
inkl. MwSt.
Sofort per Download lieferbar
11 °P sammeln
Jetzt verschenken
Alle Infos zum eBook verschenken
21,95 €
inkl. MwSt.
Sofort per Download lieferbar
Alle Infos zum eBook verschenken
11 °P sammeln
Martin M. Weiss
CompTIA Security+ SY0-601 Exam Cram (eBook, ePUB)
- Format: ePub
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
Bitte loggen Sie sich zunächst in Ihr Kundenkonto ein oder registrieren Sie sich bei
bücher.de, um das eBook-Abo tolino select nutzen zu können.
Hier können Sie sich einloggen
Hier können Sie sich einloggen
Sie sind bereits eingeloggt. Klicken Sie auf 2. tolino select Abo, um fortzufahren.
Bitte loggen Sie sich zunächst in Ihr Kundenkonto ein oder registrieren Sie sich bei bücher.de, um das eBook-Abo tolino select nutzen zu können.
Prepare for CompTIA Security+ SY0-601 exam success with this Exam Cram from Pearson IT Certification, a leader in IT certification. This is the eBook edition of the CompTIA Security+ SY0-601 Exam Cram, Sixth Edition. This eBook does not include access to the Pearson Test Prep practice exams that comes with the print edition. CompTIA Security+ SY0-601 Exam Cram, Sixth Edition, is the perfect study guide to help you pass the newly updated version of the CompTIA Security+ exam. It provides coverage and practice questions for every exam topic. Extensive prep tools include quizzes, Exam Alerts,…mehr
- Geräte: eReader
- ohne Kopierschutz
- eBook Hilfe
- Größe: 6.41MB
Andere Kunden interessierten sich auch für
![CompTIA Security+ SY0-601 Exam Cram (eBook, PDF)]( "CompTIA Security+ SY0-601 Exam Cram (eBook, PDF)")
Martin M. WeissCompTIA Security+ SY0-601 Exam Cram (eBook, PDF)21,95 €![CompTIA Security+ SY0-501 Exam Cram (eBook, ePUB)]( "CompTIA Security+ SY0-501 Exam Cram (eBook, ePUB)")
Diane BarrettCompTIA Security+ SY0-501 Exam Cram (eBook, ePUB)22,95 €![CompTIA Security+ SY0-401 Exam Cram (eBook, ePUB)]( "CompTIA Security+ SY0-401 Exam Cram (eBook, ePUB)")
Diane BarrettCompTIA Security+ SY0-401 Exam Cram (eBook, ePUB)13,95 €![CompTIA Security+ SY0-301 Practice Questions Exam Cram (eBook, ePUB)]( "CompTIA Security+ SY0-301 Practice Questions Exam Cram (eBook, ePUB)")
Diane BarrettCompTIA Security+ SY0-301 Practice Questions Exam Cram (eBook, ePUB)11,95 €![CompTIA Security+ SY0-501 Cert Guide (eBook, ePUB)]( "CompTIA Security+ SY0-501 Cert Guide (eBook, ePUB)")
Dave ProwseCompTIA Security+ SY0-501 Cert Guide (eBook, ePUB)25,95 €![CompTIA Security+ SY0-601 Cert Guide Pearson uCertify Course Access Code Card (eBook, ePUB)]( "CompTIA Security+ SY0-601 Cert Guide Pearson uCertify Course Access Code Card (eBook, ePUB)")
Omar SantosCompTIA Security+ SY0-601 Cert Guide Pearson uCertify Course Access Code Card (eBook, ePUB)23,95 €![CompTIA Network+ N10-008 Exam Cram (eBook, ePUB)]( "CompTIA Network+ N10-008 Exam Cram (eBook, ePUB)")
Emmett DulaneyCompTIA Network+ N10-008 Exam Cram (eBook, ePUB)21,95 €-
-
-
Prepare for CompTIA Security+ SY0-601 exam success with this Exam Cram from Pearson IT Certification, a leader in IT certification.
This is the eBook edition of the CompTIA Security+ SY0-601 Exam Cram, Sixth Edition. This eBook does not include access to the Pearson Test Prep practice exams that comes with the print edition.
CompTIA Security+ SY0-601 Exam Cram, Sixth Edition, is the perfect study guide to help you pass the newly updated version of the CompTIA Security+ exam. It provides coverage and practice questions for every exam topic. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet.
Covers the critical information you'll need to know to score higher on your Security+ SY0-601 exam!
- Assess the different types of threats, attacks, and vulnerabilities organizations face
- Understand security concepts across traditional, cloud, mobile, and IoT environments
- Explain and implement security controls across multiple environments
- Identify, analyze, and respond to operational needs and security incidents
- Understand and explain the relevance of concepts related to governance, risk and compliance
Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.
Produktdetails
- Produktdetails
- Verlag: Pearson ITP
- Seitenzahl: 752
- Erscheinungstermin: 30. Oktober 2020
- Englisch
- ISBN-13: 9780136798682
- Artikelnr.: 61770882
- Verlag: Pearson ITP
- Seitenzahl: 752
- Erscheinungstermin: 30. Oktober 2020
- Englisch
- ISBN-13: 9780136798682
- Artikelnr.: 61770882
Marty M. Weiss has spent most of his career in information security and risk management, helping large organizations. Marty holds a bachelor of science degree in computer studies from the University of Maryland University College and an MBA from the Isenberg School of Management at the University of Massachusetts Amherst. He holds several certifications, including CISSP, CISA, and Security+. Marty has authored and coauthored more than a half-dozen books on information technology, many that have been described as riveting and Dostoevsky-esque in reviews by his mother. A Florida native, he now lives in New England.
Introduction . . . . . . . . . . . . . . . . . . . . . . xxvii Part I:
Attacks, Threats, and Vulnerabilities 1 CHAPTER 1: Social Engineering
Techniques.. . . . . . . . . . . . . . . . 3 The Social Engineer.. . . . .
. . . . . . . . . . . . . 4 Phishing and Related Attacks.. . . . . . . . .
. . . . . . 6 Principles of Influence (Reasons for Effectiveness). . . . .
. . . 10 What Next?.. . . . . . . . . . . . . . . . . . . . . 14 CHAPTER 2:
Attack Basics.. . . . . . . . . . . . . . . . . . . . . . 15 Malware. . . .
. . . . . . . . . . . . . . . . . . . 16 Physical Attacks.. . . . . . . . .
. . . . . . . . . . . 26 Adversarial Artificial Intelligence (AI).. . . . .
. . . . . . . 27 Password Attacks. . . . . . . . . . . . . . . . . . . . 28
Downgrade Attacks.. . . . . . . . . . . . . . . . . . . 31 What Next?.. . .
. . . . . . . . . . . . . . . . . . 34 CHAPTER 3: Application Attacks.. . .
. . . . . . . . . . . . . . . . . 35 Race Conditions.. . . . . . . . . . .
. . . . . . . . . 36 Improper Software Handling.. . . . . . . . . . . . . .
. 37 Resource Exhaustion.. . . . . . . . . . . . . . . . . . 37 Overflows..
. . . . . . . . . . . . . . . . . . . . . 38 Code Injections. . . . . . . .
. . . . . . . . . . . . 39 Driver Manipulation.. . . . . . . . . . . . . .
. . . . 40 Request Forgeries.. . . . . . . . . . . . . . . . . . . 41
Directory Traversal.. . . . . . . . . . . . . . . . . . . 44 Replay
Attack.. . . . . . . . . . . . . . . . . . . . . 45 Secure Sockets Layer
(SSL) Stripping.. . . . . . . . . . . . 45 Application Programming
Interface (API) Attacks.. . . . . . . . 47 Pass-the-Hash Attack. . . . . .
. . . . . . . . . . . . 49 What Next?.. . . . . . . . . . . . . . . . . . .
. . 52 CHAPTER 4: Network Attacks.. . . . . . . . . . . . . . . . . . . . .
53 Wireless. . . . . . . . . . . . . . . . . . . . . . . 54 On-Path Attack.
. . . . . . . . . . . . . . . . . . . 58 Layer 2 Attacks. . . . . . . . . .
. . . . . . . . . . 59 Domain Name System (DNS) Attacks.. . . . . . . . . .
. . 62 Denial of Service. . . . . . . . . . . . . . . . . . . . 64
Malicious Code and Script Execution.. . . . . . . . . . . . 68 What Next?..
. . . . . . . . . . . . . . . . . . . . 71 CHAPTER 5: Threat Actors,
Vectors, and Intelligence Sources. . . . . . . . . . 73 Threat Actor
Attributes.. . . . . . . . . . . . . . . . . 74 Threat Actor Types.. . . .
. . . . . . . . . . . . . . . 75 Vectors.. . . . . . . . . . . . . . . . .
. . . . . . 80 Threat Intelligence and Research Sources.. . . . . . . . . .
. 81 What Next?.. . . . . . . . . . . . . . . . . . . . . 87 CHAPTER 6:
Vulnerabilities.. . . . . . . . . . . . . . . . . . . . . . 89 Cloud-Based
vs. On-Premises. . . . . . . . . . . . . . . 90 Zero-Day. . . . . . . . . .
. . . . . . . . . . . . 90 Weak Configurations. . . . . . . . . . . . . . .
. . . 91 Third-Party Risks.. . . . . . . . . . . . . . . . . . . 95
Impacts.. . . . . . . . . . . . . . . . . . . . . . . 96 What Next?.. . . .
. . . . . . . . . . . . . . . . . 98 CHAPTER 7: Security Assessment
Techniques.. . . . . . . . . . . . . . . 99 Vulnerability Scans.. . . . . .
. . . . . . . . . . . . . 100 Threat Assessment.. . . . . . . . . . . . . .
. . . . . 103 What Next?.. . . . . . . . . . . . . . . . . . . . . 110
CHAPTER 8: Penetration Testing Techniques.. . . . . . . . . . . . . . . .
111 Testing Methodology. . . . . . . . . . . . . . . . . . 112 Team
Exercises.. . . . . . . . . . . . . . . . . . . . 118 What Next?.. . . . .
. . . . . . . . . . . . . . . . 120 Part II: Architecture and Design 121
CHAPTER 9: Enterprise Security Concepts.. . . . . . . . . . . . . . . . .
123 Configuration Management.. . . . . . . . . . . . . . . . 124 Data
Confidentiality.. . . . . . . . . . . . . . . . . . 126 Deception and
Disruption.. . . . . . . . . . . . . . . . 139 What Next?.. . . . . . . . .
. . . . . . . . . . . . 143 CHAPTER 10: Virtualization and Cloud
Computing.. . . . . . . . . . . . . . 145 Virtualization.. . . . . . . . .
. . . . . . . . . . . . 145 On-Premises vs. Off-Premises. . . . . . . . . .
. . . . . 154 Cloud Models. . . . . . . . . . . . . . . . . . . . . 155
What Next?.. . . . . . . . . . . . . . . . . . . . . 164 CHAPTER 11: Secure
Application Development, Deployment, and Automation.. . . . 165 Application
Environment.. . . . . . . . . . . . . . . . . 166 Integrity Measurement.. .
. . . . . . . . . . . . . . . 168 Change Management and Version Control.. .
. . . . . . . . . 169 Secure Coding Techniques.. . . . . . . . . . . . . .
. . 170 Automation and Scripting.. . . . . . . . . . . . . . . . 180
Scalability and Elasticity. . . . . . . . . . . . . . . . . 184 What
Next?.. . . . . . . . . . . . . . . . . . . . . 187 CHAPTER 12:
Authentication and Authorization Design. . . . . . . . . . . . . 189
Identification and Authentication, Authorization, and Accounting (AAA).. .
. . . . . . . . . . . . . . . . . 189 Multifactor Authentication.. . . . .
. . . . . . . . . . . 190 Single Sign-on.. . . . . . . . . . . . . . . . .
. . . 192 Authentication Technologies. . . . . . . . . . . . . . . . 195
What Next?.. . . . . . . . . . . . . . . . . . . . . 204 CHAPTER 13:
Cybersecurity Resilience.. . . . . . . . . . . . . . . . . . 205
Redundancy.. . . . . . . . . . . . . . . . . . . . . 205 Backups.. . . . .
. . . . . . . . . . . . . . . . . . 214 Defense in Depth.. . . . . . . . .
. . . . . . . . . . 221 What Next?.. . . . . . . . . . . . . . . . . . . .
. 224 CHAPTER 14: Embedded and Specialized Systems. . . . . . . . . . . . .
. 225 Embedded Systems.. . . . . . . . . . . . . . . . . . . 225 SCADA and
ICS. . . . . . . . . . . . . . . . . . . . 227 Smart Devices and IoT.. . .
. . . . . . . . . . . . . . 229 What Next?.. . . . . . . . . . . . . . . .
. . . . . 238 CHAPTER 15: Physical Security Controls.. . . . . . . . . . .
. . . . . . . 239 Perimeter Security.. . . . . . . . . . . . . . . . . . .
239 Internal Security.. . . . . . . . . . . . . . . . . . . . 243 Equipment
Security. . . . . . . . . . . . . . . . . . . 246 Environmental Controls..
. . . . . . . . . . . . . . . . 249 Secure Data Destruction.. . . . . . . .
. . . . . . . . . 255 What Next?.. . . . . . . . . . . . . . . . . . . . .
259 CHAPTER 16: Cryptographic Concepts. . . . . . . . . . . . . . . . . . .
261 Cryptosystems.. . . . . . . . . . . . . . . . . . . . 262 Use of Proven
Technologies and Implementation.. . . . . . . . 272 Steganography.. . . . .
. . . . . . . . . . . . . . . 273 Cryptography Use Cases.. . . . . . . . .
. . . . . . . . 274 Cryptography Constraints.. . . . . . . . . . . . . . .
. 276 What Next?.. . . . . . . . . . . . . . . . . . . . . 277 Part III:
Implementation 279 CHAPTER 17: Secure Protocols.. . . . . . . . . . . . . .
. . . . . . . 281 Secure Web Protocols.. . . . . . . . . . . . . . . . . .
282 Secure File Transfer Protocols.. . . . . . . . . . . . . . . 286 Secure
Email Protocols.. . . . . . . . . . . . . . . . . 287 Secure Internet
Protocols. . . . . . . . . . . . . . . . . 288 Secure Protocol Use Cases..
. . . . . . . . . . . . . . . 293 What Next?.. . . . . . . . . . . . . . .
. . . . . . 305 CHAPTER 18: Host and Application Security Solutions.. . . .
. . . . . . . . . 307 Endpoint Protection.. . . . . . . . . . . . . . . . .
. 308 Firewalls and HIPS/HIDS Solutions.. . . . . . . . . . . 308
Anti-Malware and Other Host Protections. . . . . . . . . 310 Application
Security.. . . . . . . . . . . . . . . . . . 318 Hardware and Firmware
Security.. . . . . . . . . . . . . . 322 Operating System Security.. . . .
. . . . . . . . . . . . 330 What Next?.. . . . . . . . . . . . . . . . . .
. . . 338 CHAPTER 19: Secure Network Design.. . . . . . . . . . . . . . . .
. . . 339 Network Devices and Segmentation.. . . . . . . . . . . . . 340
Security Devices and Boundaries. . . . . . . . . . . . . . 347 What Next?..
. . . . . . . . . . . . . . . . . . . . 369 CHAPTER 20: Wireless Security
Settings.. . . . . . . . . . . . . . . . . . 371 Access Methods.. . . . . .
. . . . . . . . . . . . . . 372 Wireless Cryptographic Protocols.. . . . .
. . . . . . . . . 373 Authentication Protocols.. . . . . . . . . . . . . .
. . . 377 Wireless Access Installations. . . . . . . . . . . . . . . . 379
What Next?.. . . . . . . . . . . . . . . . . . . . . 387 CHAPTER 21: Secure
Mobile Solutions. . . . . . . . . . . . . . . . . . . 389 Communication
Methods. . . . . . . . . . . . . . . . . 389 Mobile Device Management
Concepts. . . . . . . . . . . . 393 Enforcement and Monitoring.. . . . . .
. . . . . . . . . 405 Deployment Models.. . . . . . . . . . . . . . . . . .
412 What Next?.. . . . . . . . . . . . . . . . . . . . . 420 CHAPTER 22:
Cloud Cybersecurity Solutions.. . . . . . . . . . . . . . . . 421 Cloud
Workloads.. . . . . . . . . . . . . . . . . . . 422 Third-Party Cloud
Security Solutions.. . . . . . . . . . . . 428 What Next?.. . . . . . . . .
. . . . . . . . . . . . 431 CHAPTER 23: Identity and Account Management
Controls.. . . . . . . . . . . 433 Account Types.. . . . . . . . . . . . .
. . . . . . . 433 Account Management.. . . . . . . . . . . . . . . . . .
435 Account Policy Enforcement.. . . . . . . . . . . . . . . 441 What
Next?.. . . . . . . . . . . . . . . . . . . . . 448 CHAPTER 24:
Authentication and Authorization Solutions.. . . . . . . . . . . . 449
Authentication.. . . . . . . . . . . . . . . . . . . . 450 Access Control..
. . . . . . . . . . . . . . . . . . . 466 What Next?.. . . . . . . . . . .
. . . . . . . . . . 472 CHAPTER 25: Public Key Infrastructure.. . . . . . .
. . . . . . . . . . . 473 What Next?.. . . . . . . . . . . . . . . . . . .
. . 489 Part IV: Operations and Incident Response 491 CHAPTER 26:
Organizational Security.. . . . . . . . . . . . . . . . . . . 493 Shell and
Script Environments.. . . . . . . . . . . . . . . 494 Network
Reconnaissance and Discovery. . . . . . . . . . . . 496 Packet Capture and
Replay. . . . . . . . . . . . . . . . 502 Password Crackers.. . . . . . . .
. . . . . . . . . . . 504 Forensics and Data Sanitization.. . . . . . . . .
. . . . . 505 What Next?.. . . . . . . . . . . . . . . . . . . . . 508
CHAPTER 27: Incident Response.. . . . . . . . . . . . . . . . . . . . . 509
Attack Frameworks.. . . . . . . . . . . . . . . . . . . 509 Incident
Response Plan.. . . . . . . . . . . . . . . . . 512 Incident Response
Process.. . . . . . . . . . . . . . . . 517 Continuity and Recovery Plans..
. . . . . . . . . . . . . . 522 What Next?.. . . . . . . . . . . . . . . .
. . . . . 528 CHAPTER 28: Incident Investigation. . . . . . . . . . . . . .
. . . . . . 529 SIEM Dashboards. . . . . . . . . . . . . . . . . . . 530
Logging. . . . . . . . . . . . . . . . . . . . . . . 531 Network Activity.
. . . . . . . . . . . . . . . . . . . 536 What Next?.. . . . . . . . . . .
. . . . . . . . . . 539 CHAPTER 29: Incident Mitigation.. . . . . . . . . .
. . . . . . . . . . . 541 Containment and Eradication.. . . . . . . . . . .
. . . . 541 What Next?.. . . . . . . . . . . . . . . . . . . . . 549
CHAPTER 30: Digital Forensics.. . . . . . . . . . . . . . . . . . . . . 551
Data Breach Notifications.. . . . . . . . . . . . . . . . 552 Strategic
Intelligence/Counterintelligence Gathering. . . . . . . 554 Track
Person-hours.. . . . . . . . . . . . . . . . . . . 555 Order of Volatility.
. . . . . . . . . . . . . . . . . . 555 Chain of Custody.. . . . . . . . .
. . . . . . . . . . 556 Data Acquisition.. . . . . . . . . . . . . . . . .
. . . 559 Capture System Images.. . . . . . . . . . . . . . . 560 Capture
Network Traffic and Logs.. . . . . . . . . . . 560 Capture Video and
Photographs.. . . . . . . . . . . . 561 Record Time Offset.. . . . . . . .
. . . . . . . . 562 Take Hashes. . . . . . . . . . . . . . . . . . . 562
Capture Screenshots.. . . . . . . . . . . . . . . . 563 Collect Witness
Interviews. . . . . . . . . . . . . . 563 What Next?.. . . . . . . . . . .
. . . . . . . . . . 565 Part V: Governance, Risk, and Compliance 567
CHAPTER 31: Control Types.. . . . . . . . . . . . . . . . . . . . . . 569
Nature of Controls.. . . . . . . . . . . . . . . . . . . 570 Functional Use
of Controls.. . . . . . . . . . . . . . . . 570 Compensating Controls.. . .
. . . . . . . . . . . . . . 572 What Next?.. . . . . . . . . . . . . . . .
. . . . . 574 CHAPTER 32: Regulations, Standards, and Frameworks.. . . . .
. . . . . . . 575 Industry-Standard Frameworks and Reference Architectures.
. . . . 575 Benchmarks and Secure Configuration Guides.. . . . . . . . .
579 What Next?.. . . . . . . . . . . . . . . . . . . . . 581 CHAPTER 33:
Organizational Security Policies.. . . . . . . . . . . . . . . . 583 Policy
Framework.. . . . . . . . . . . . . . . . . . . 583 Human Resource
Management Policies.. . . . . . . . . . . . 584 Third-Party Risk
Management.. . . . . . . . . . . . . . . 592 What Next?.. . . . . . . . . .
. . . . . . . . . . . 596 CHAPTER 34: Risk Management.. . . . . . . . . . .
. . . . . . . . . . 597 Risk Analysis. . . . . . . . . . . . . . . . . . .
. . 598 Risk Assessment.. . . . . . . . . . . . . . . . . . . . 602
Business Impact Analysis.. . . . . . . . . . . . . . . . . 606 What Next?..
. . . . . . . . . . . . . . . . . . . . 612 CHAPTER 35: Sensitive Data and
Privacy.. . . . . . . . . . . . . . . . . . 613 Sensitive Data Protection.
. . . . . . . . . . . . . . . . 613 Privacy Impact Assessment.. . . . . . .
. . . . . . . . . 621 What Next?.. . . . . . . . . . . . . . . . . . . . .
623 Glossary of Essential Terms and Components.. . . . . . . . . . . . 625
9780136798675, TOC, 10/9/2020
Attacks, Threats, and Vulnerabilities 1 CHAPTER 1: Social Engineering
Techniques.. . . . . . . . . . . . . . . . 3 The Social Engineer.. . . . .
. . . . . . . . . . . . . 4 Phishing and Related Attacks.. . . . . . . . .
. . . . . . 6 Principles of Influence (Reasons for Effectiveness). . . . .
. . . 10 What Next?.. . . . . . . . . . . . . . . . . . . . . 14 CHAPTER 2:
Attack Basics.. . . . . . . . . . . . . . . . . . . . . . 15 Malware. . . .
. . . . . . . . . . . . . . . . . . . 16 Physical Attacks.. . . . . . . . .
. . . . . . . . . . . 26 Adversarial Artificial Intelligence (AI).. . . . .
. . . . . . . 27 Password Attacks. . . . . . . . . . . . . . . . . . . . 28
Downgrade Attacks.. . . . . . . . . . . . . . . . . . . 31 What Next?.. . .
. . . . . . . . . . . . . . . . . . 34 CHAPTER 3: Application Attacks.. . .
. . . . . . . . . . . . . . . . . 35 Race Conditions.. . . . . . . . . . .
. . . . . . . . . 36 Improper Software Handling.. . . . . . . . . . . . . .
. 37 Resource Exhaustion.. . . . . . . . . . . . . . . . . . 37 Overflows..
. . . . . . . . . . . . . . . . . . . . . 38 Code Injections. . . . . . . .
. . . . . . . . . . . . 39 Driver Manipulation.. . . . . . . . . . . . . .
. . . . 40 Request Forgeries.. . . . . . . . . . . . . . . . . . . 41
Directory Traversal.. . . . . . . . . . . . . . . . . . . 44 Replay
Attack.. . . . . . . . . . . . . . . . . . . . . 45 Secure Sockets Layer
(SSL) Stripping.. . . . . . . . . . . . 45 Application Programming
Interface (API) Attacks.. . . . . . . . 47 Pass-the-Hash Attack. . . . . .
. . . . . . . . . . . . 49 What Next?.. . . . . . . . . . . . . . . . . . .
. . 52 CHAPTER 4: Network Attacks.. . . . . . . . . . . . . . . . . . . . .
53 Wireless. . . . . . . . . . . . . . . . . . . . . . . 54 On-Path Attack.
. . . . . . . . . . . . . . . . . . . 58 Layer 2 Attacks. . . . . . . . . .
. . . . . . . . . . 59 Domain Name System (DNS) Attacks.. . . . . . . . . .
. . 62 Denial of Service. . . . . . . . . . . . . . . . . . . . 64
Malicious Code and Script Execution.. . . . . . . . . . . . 68 What Next?..
. . . . . . . . . . . . . . . . . . . . 71 CHAPTER 5: Threat Actors,
Vectors, and Intelligence Sources. . . . . . . . . . 73 Threat Actor
Attributes.. . . . . . . . . . . . . . . . . 74 Threat Actor Types.. . . .
. . . . . . . . . . . . . . . 75 Vectors.. . . . . . . . . . . . . . . . .
. . . . . . 80 Threat Intelligence and Research Sources.. . . . . . . . . .
. 81 What Next?.. . . . . . . . . . . . . . . . . . . . . 87 CHAPTER 6:
Vulnerabilities.. . . . . . . . . . . . . . . . . . . . . . 89 Cloud-Based
vs. On-Premises. . . . . . . . . . . . . . . 90 Zero-Day. . . . . . . . . .
. . . . . . . . . . . . 90 Weak Configurations. . . . . . . . . . . . . . .
. . . 91 Third-Party Risks.. . . . . . . . . . . . . . . . . . . 95
Impacts.. . . . . . . . . . . . . . . . . . . . . . . 96 What Next?.. . . .
. . . . . . . . . . . . . . . . . 98 CHAPTER 7: Security Assessment
Techniques.. . . . . . . . . . . . . . . 99 Vulnerability Scans.. . . . . .
. . . . . . . . . . . . . 100 Threat Assessment.. . . . . . . . . . . . . .
. . . . . 103 What Next?.. . . . . . . . . . . . . . . . . . . . . 110
CHAPTER 8: Penetration Testing Techniques.. . . . . . . . . . . . . . . .
111 Testing Methodology. . . . . . . . . . . . . . . . . . 112 Team
Exercises.. . . . . . . . . . . . . . . . . . . . 118 What Next?.. . . . .
. . . . . . . . . . . . . . . . 120 Part II: Architecture and Design 121
CHAPTER 9: Enterprise Security Concepts.. . . . . . . . . . . . . . . . .
123 Configuration Management.. . . . . . . . . . . . . . . . 124 Data
Confidentiality.. . . . . . . . . . . . . . . . . . 126 Deception and
Disruption.. . . . . . . . . . . . . . . . 139 What Next?.. . . . . . . . .
. . . . . . . . . . . . 143 CHAPTER 10: Virtualization and Cloud
Computing.. . . . . . . . . . . . . . 145 Virtualization.. . . . . . . . .
. . . . . . . . . . . . 145 On-Premises vs. Off-Premises. . . . . . . . . .
. . . . . 154 Cloud Models. . . . . . . . . . . . . . . . . . . . . 155
What Next?.. . . . . . . . . . . . . . . . . . . . . 164 CHAPTER 11: Secure
Application Development, Deployment, and Automation.. . . . 165 Application
Environment.. . . . . . . . . . . . . . . . . 166 Integrity Measurement.. .
. . . . . . . . . . . . . . . 168 Change Management and Version Control.. .
. . . . . . . . . 169 Secure Coding Techniques.. . . . . . . . . . . . . .
. . 170 Automation and Scripting.. . . . . . . . . . . . . . . . 180
Scalability and Elasticity. . . . . . . . . . . . . . . . . 184 What
Next?.. . . . . . . . . . . . . . . . . . . . . 187 CHAPTER 12:
Authentication and Authorization Design. . . . . . . . . . . . . 189
Identification and Authentication, Authorization, and Accounting (AAA).. .
. . . . . . . . . . . . . . . . . 189 Multifactor Authentication.. . . . .
. . . . . . . . . . . 190 Single Sign-on.. . . . . . . . . . . . . . . . .
. . . 192 Authentication Technologies. . . . . . . . . . . . . . . . 195
What Next?.. . . . . . . . . . . . . . . . . . . . . 204 CHAPTER 13:
Cybersecurity Resilience.. . . . . . . . . . . . . . . . . . 205
Redundancy.. . . . . . . . . . . . . . . . . . . . . 205 Backups.. . . . .
. . . . . . . . . . . . . . . . . . 214 Defense in Depth.. . . . . . . . .
. . . . . . . . . . 221 What Next?.. . . . . . . . . . . . . . . . . . . .
. 224 CHAPTER 14: Embedded and Specialized Systems. . . . . . . . . . . . .
. 225 Embedded Systems.. . . . . . . . . . . . . . . . . . . 225 SCADA and
ICS. . . . . . . . . . . . . . . . . . . . 227 Smart Devices and IoT.. . .
. . . . . . . . . . . . . . 229 What Next?.. . . . . . . . . . . . . . . .
. . . . . 238 CHAPTER 15: Physical Security Controls.. . . . . . . . . . .
. . . . . . . 239 Perimeter Security.. . . . . . . . . . . . . . . . . . .
239 Internal Security.. . . . . . . . . . . . . . . . . . . . 243 Equipment
Security. . . . . . . . . . . . . . . . . . . 246 Environmental Controls..
. . . . . . . . . . . . . . . . 249 Secure Data Destruction.. . . . . . . .
. . . . . . . . . 255 What Next?.. . . . . . . . . . . . . . . . . . . . .
259 CHAPTER 16: Cryptographic Concepts. . . . . . . . . . . . . . . . . . .
261 Cryptosystems.. . . . . . . . . . . . . . . . . . . . 262 Use of Proven
Technologies and Implementation.. . . . . . . . 272 Steganography.. . . . .
. . . . . . . . . . . . . . . 273 Cryptography Use Cases.. . . . . . . . .
. . . . . . . . 274 Cryptography Constraints.. . . . . . . . . . . . . . .
. 276 What Next?.. . . . . . . . . . . . . . . . . . . . . 277 Part III:
Implementation 279 CHAPTER 17: Secure Protocols.. . . . . . . . . . . . . .
. . . . . . . 281 Secure Web Protocols.. . . . . . . . . . . . . . . . . .
282 Secure File Transfer Protocols.. . . . . . . . . . . . . . . 286 Secure
Email Protocols.. . . . . . . . . . . . . . . . . 287 Secure Internet
Protocols. . . . . . . . . . . . . . . . . 288 Secure Protocol Use Cases..
. . . . . . . . . . . . . . . 293 What Next?.. . . . . . . . . . . . . . .
. . . . . . 305 CHAPTER 18: Host and Application Security Solutions.. . . .
. . . . . . . . . 307 Endpoint Protection.. . . . . . . . . . . . . . . . .
. 308 Firewalls and HIPS/HIDS Solutions.. . . . . . . . . . . 308
Anti-Malware and Other Host Protections. . . . . . . . . 310 Application
Security.. . . . . . . . . . . . . . . . . . 318 Hardware and Firmware
Security.. . . . . . . . . . . . . . 322 Operating System Security.. . . .
. . . . . . . . . . . . 330 What Next?.. . . . . . . . . . . . . . . . . .
. . . 338 CHAPTER 19: Secure Network Design.. . . . . . . . . . . . . . . .
. . . 339 Network Devices and Segmentation.. . . . . . . . . . . . . 340
Security Devices and Boundaries. . . . . . . . . . . . . . 347 What Next?..
. . . . . . . . . . . . . . . . . . . . 369 CHAPTER 20: Wireless Security
Settings.. . . . . . . . . . . . . . . . . . 371 Access Methods.. . . . . .
. . . . . . . . . . . . . . 372 Wireless Cryptographic Protocols.. . . . .
. . . . . . . . . 373 Authentication Protocols.. . . . . . . . . . . . . .
. . . 377 Wireless Access Installations. . . . . . . . . . . . . . . . 379
What Next?.. . . . . . . . . . . . . . . . . . . . . 387 CHAPTER 21: Secure
Mobile Solutions. . . . . . . . . . . . . . . . . . . 389 Communication
Methods. . . . . . . . . . . . . . . . . 389 Mobile Device Management
Concepts. . . . . . . . . . . . 393 Enforcement and Monitoring.. . . . . .
. . . . . . . . . 405 Deployment Models.. . . . . . . . . . . . . . . . . .
412 What Next?.. . . . . . . . . . . . . . . . . . . . . 420 CHAPTER 22:
Cloud Cybersecurity Solutions.. . . . . . . . . . . . . . . . 421 Cloud
Workloads.. . . . . . . . . . . . . . . . . . . 422 Third-Party Cloud
Security Solutions.. . . . . . . . . . . . 428 What Next?.. . . . . . . . .
. . . . . . . . . . . . 431 CHAPTER 23: Identity and Account Management
Controls.. . . . . . . . . . . 433 Account Types.. . . . . . . . . . . . .
. . . . . . . 433 Account Management.. . . . . . . . . . . . . . . . . .
435 Account Policy Enforcement.. . . . . . . . . . . . . . . 441 What
Next?.. . . . . . . . . . . . . . . . . . . . . 448 CHAPTER 24:
Authentication and Authorization Solutions.. . . . . . . . . . . . 449
Authentication.. . . . . . . . . . . . . . . . . . . . 450 Access Control..
. . . . . . . . . . . . . . . . . . . 466 What Next?.. . . . . . . . . . .
. . . . . . . . . . 472 CHAPTER 25: Public Key Infrastructure.. . . . . . .
. . . . . . . . . . . 473 What Next?.. . . . . . . . . . . . . . . . . . .
. . 489 Part IV: Operations and Incident Response 491 CHAPTER 26:
Organizational Security.. . . . . . . . . . . . . . . . . . . 493 Shell and
Script Environments.. . . . . . . . . . . . . . . 494 Network
Reconnaissance and Discovery. . . . . . . . . . . . 496 Packet Capture and
Replay. . . . . . . . . . . . . . . . 502 Password Crackers.. . . . . . . .
. . . . . . . . . . . 504 Forensics and Data Sanitization.. . . . . . . . .
. . . . . 505 What Next?.. . . . . . . . . . . . . . . . . . . . . 508
CHAPTER 27: Incident Response.. . . . . . . . . . . . . . . . . . . . . 509
Attack Frameworks.. . . . . . . . . . . . . . . . . . . 509 Incident
Response Plan.. . . . . . . . . . . . . . . . . 512 Incident Response
Process.. . . . . . . . . . . . . . . . 517 Continuity and Recovery Plans..
. . . . . . . . . . . . . . 522 What Next?.. . . . . . . . . . . . . . . .
. . . . . 528 CHAPTER 28: Incident Investigation. . . . . . . . . . . . . .
. . . . . . 529 SIEM Dashboards. . . . . . . . . . . . . . . . . . . 530
Logging. . . . . . . . . . . . . . . . . . . . . . . 531 Network Activity.
. . . . . . . . . . . . . . . . . . . 536 What Next?.. . . . . . . . . . .
. . . . . . . . . . 539 CHAPTER 29: Incident Mitigation.. . . . . . . . . .
. . . . . . . . . . . 541 Containment and Eradication.. . . . . . . . . . .
. . . . 541 What Next?.. . . . . . . . . . . . . . . . . . . . . 549
CHAPTER 30: Digital Forensics.. . . . . . . . . . . . . . . . . . . . . 551
Data Breach Notifications.. . . . . . . . . . . . . . . . 552 Strategic
Intelligence/Counterintelligence Gathering. . . . . . . 554 Track
Person-hours.. . . . . . . . . . . . . . . . . . . 555 Order of Volatility.
. . . . . . . . . . . . . . . . . . 555 Chain of Custody.. . . . . . . . .
. . . . . . . . . . 556 Data Acquisition.. . . . . . . . . . . . . . . . .
. . . 559 Capture System Images.. . . . . . . . . . . . . . . 560 Capture
Network Traffic and Logs.. . . . . . . . . . . 560 Capture Video and
Photographs.. . . . . . . . . . . . 561 Record Time Offset.. . . . . . . .
. . . . . . . . 562 Take Hashes. . . . . . . . . . . . . . . . . . . 562
Capture Screenshots.. . . . . . . . . . . . . . . . 563 Collect Witness
Interviews. . . . . . . . . . . . . . 563 What Next?.. . . . . . . . . . .
. . . . . . . . . . 565 Part V: Governance, Risk, and Compliance 567
CHAPTER 31: Control Types.. . . . . . . . . . . . . . . . . . . . . . 569
Nature of Controls.. . . . . . . . . . . . . . . . . . . 570 Functional Use
of Controls.. . . . . . . . . . . . . . . . 570 Compensating Controls.. . .
. . . . . . . . . . . . . . 572 What Next?.. . . . . . . . . . . . . . . .
. . . . . 574 CHAPTER 32: Regulations, Standards, and Frameworks.. . . . .
. . . . . . . 575 Industry-Standard Frameworks and Reference Architectures.
. . . . 575 Benchmarks and Secure Configuration Guides.. . . . . . . . .
579 What Next?.. . . . . . . . . . . . . . . . . . . . . 581 CHAPTER 33:
Organizational Security Policies.. . . . . . . . . . . . . . . . 583 Policy
Framework.. . . . . . . . . . . . . . . . . . . 583 Human Resource
Management Policies.. . . . . . . . . . . . 584 Third-Party Risk
Management.. . . . . . . . . . . . . . . 592 What Next?.. . . . . . . . . .
. . . . . . . . . . . 596 CHAPTER 34: Risk Management.. . . . . . . . . . .
. . . . . . . . . . 597 Risk Analysis. . . . . . . . . . . . . . . . . . .
. . 598 Risk Assessment.. . . . . . . . . . . . . . . . . . . . 602
Business Impact Analysis.. . . . . . . . . . . . . . . . . 606 What Next?..
. . . . . . . . . . . . . . . . . . . . 612 CHAPTER 35: Sensitive Data and
Privacy.. . . . . . . . . . . . . . . . . . 613 Sensitive Data Protection.
. . . . . . . . . . . . . . . . 613 Privacy Impact Assessment.. . . . . . .
. . . . . . . . . 621 What Next?.. . . . . . . . . . . . . . . . . . . . .
623 Glossary of Essential Terms and Components.. . . . . . . . . . . . 625
9780136798675, TOC, 10/9/2020
Introduction . . . . . . . . . . . . . . . . . . . . . . xxvii Part I:
Attacks, Threats, and Vulnerabilities 1 CHAPTER 1: Social Engineering
Techniques.. . . . . . . . . . . . . . . . 3 The Social Engineer.. . . . .
. . . . . . . . . . . . . 4 Phishing and Related Attacks.. . . . . . . . .
. . . . . . 6 Principles of Influence (Reasons for Effectiveness). . . . .
. . . 10 What Next?.. . . . . . . . . . . . . . . . . . . . . 14 CHAPTER 2:
Attack Basics.. . . . . . . . . . . . . . . . . . . . . . 15 Malware. . . .
. . . . . . . . . . . . . . . . . . . 16 Physical Attacks.. . . . . . . . .
. . . . . . . . . . . 26 Adversarial Artificial Intelligence (AI).. . . . .
. . . . . . . 27 Password Attacks. . . . . . . . . . . . . . . . . . . . 28
Downgrade Attacks.. . . . . . . . . . . . . . . . . . . 31 What Next?.. . .
. . . . . . . . . . . . . . . . . . 34 CHAPTER 3: Application Attacks.. . .
. . . . . . . . . . . . . . . . . 35 Race Conditions.. . . . . . . . . . .
. . . . . . . . . 36 Improper Software Handling.. . . . . . . . . . . . . .
. 37 Resource Exhaustion.. . . . . . . . . . . . . . . . . . 37 Overflows..
. . . . . . . . . . . . . . . . . . . . . 38 Code Injections. . . . . . . .
. . . . . . . . . . . . 39 Driver Manipulation.. . . . . . . . . . . . . .
. . . . 40 Request Forgeries.. . . . . . . . . . . . . . . . . . . 41
Directory Traversal.. . . . . . . . . . . . . . . . . . . 44 Replay
Attack.. . . . . . . . . . . . . . . . . . . . . 45 Secure Sockets Layer
(SSL) Stripping.. . . . . . . . . . . . 45 Application Programming
Interface (API) Attacks.. . . . . . . . 47 Pass-the-Hash Attack. . . . . .
. . . . . . . . . . . . 49 What Next?.. . . . . . . . . . . . . . . . . . .
. . 52 CHAPTER 4: Network Attacks.. . . . . . . . . . . . . . . . . . . . .
53 Wireless. . . . . . . . . . . . . . . . . . . . . . . 54 On-Path Attack.
. . . . . . . . . . . . . . . . . . . 58 Layer 2 Attacks. . . . . . . . . .
. . . . . . . . . . 59 Domain Name System (DNS) Attacks.. . . . . . . . . .
. . 62 Denial of Service. . . . . . . . . . . . . . . . . . . . 64
Malicious Code and Script Execution.. . . . . . . . . . . . 68 What Next?..
. . . . . . . . . . . . . . . . . . . . 71 CHAPTER 5: Threat Actors,
Vectors, and Intelligence Sources. . . . . . . . . . 73 Threat Actor
Attributes.. . . . . . . . . . . . . . . . . 74 Threat Actor Types.. . . .
. . . . . . . . . . . . . . . 75 Vectors.. . . . . . . . . . . . . . . . .
. . . . . . 80 Threat Intelligence and Research Sources.. . . . . . . . . .
. 81 What Next?.. . . . . . . . . . . . . . . . . . . . . 87 CHAPTER 6:
Vulnerabilities.. . . . . . . . . . . . . . . . . . . . . . 89 Cloud-Based
vs. On-Premises. . . . . . . . . . . . . . . 90 Zero-Day. . . . . . . . . .
. . . . . . . . . . . . 90 Weak Configurations. . . . . . . . . . . . . . .
. . . 91 Third-Party Risks.. . . . . . . . . . . . . . . . . . . 95
Impacts.. . . . . . . . . . . . . . . . . . . . . . . 96 What Next?.. . . .
. . . . . . . . . . . . . . . . . 98 CHAPTER 7: Security Assessment
Techniques.. . . . . . . . . . . . . . . 99 Vulnerability Scans.. . . . . .
. . . . . . . . . . . . . 100 Threat Assessment.. . . . . . . . . . . . . .
. . . . . 103 What Next?.. . . . . . . . . . . . . . . . . . . . . 110
CHAPTER 8: Penetration Testing Techniques.. . . . . . . . . . . . . . . .
111 Testing Methodology. . . . . . . . . . . . . . . . . . 112 Team
Exercises.. . . . . . . . . . . . . . . . . . . . 118 What Next?.. . . . .
. . . . . . . . . . . . . . . . 120 Part II: Architecture and Design 121
CHAPTER 9: Enterprise Security Concepts.. . . . . . . . . . . . . . . . .
123 Configuration Management.. . . . . . . . . . . . . . . . 124 Data
Confidentiality.. . . . . . . . . . . . . . . . . . 126 Deception and
Disruption.. . . . . . . . . . . . . . . . 139 What Next?.. . . . . . . . .
. . . . . . . . . . . . 143 CHAPTER 10: Virtualization and Cloud
Computing.. . . . . . . . . . . . . . 145 Virtualization.. . . . . . . . .
. . . . . . . . . . . . 145 On-Premises vs. Off-Premises. . . . . . . . . .
. . . . . 154 Cloud Models. . . . . . . . . . . . . . . . . . . . . 155
What Next?.. . . . . . . . . . . . . . . . . . . . . 164 CHAPTER 11: Secure
Application Development, Deployment, and Automation.. . . . 165 Application
Environment.. . . . . . . . . . . . . . . . . 166 Integrity Measurement.. .
. . . . . . . . . . . . . . . 168 Change Management and Version Control.. .
. . . . . . . . . 169 Secure Coding Techniques.. . . . . . . . . . . . . .
. . 170 Automation and Scripting.. . . . . . . . . . . . . . . . 180
Scalability and Elasticity. . . . . . . . . . . . . . . . . 184 What
Next?.. . . . . . . . . . . . . . . . . . . . . 187 CHAPTER 12:
Authentication and Authorization Design. . . . . . . . . . . . . 189
Identification and Authentication, Authorization, and Accounting (AAA).. .
. . . . . . . . . . . . . . . . . 189 Multifactor Authentication.. . . . .
. . . . . . . . . . . 190 Single Sign-on.. . . . . . . . . . . . . . . . .
. . . 192 Authentication Technologies. . . . . . . . . . . . . . . . 195
What Next?.. . . . . . . . . . . . . . . . . . . . . 204 CHAPTER 13:
Cybersecurity Resilience.. . . . . . . . . . . . . . . . . . 205
Redundancy.. . . . . . . . . . . . . . . . . . . . . 205 Backups.. . . . .
. . . . . . . . . . . . . . . . . . 214 Defense in Depth.. . . . . . . . .
. . . . . . . . . . 221 What Next?.. . . . . . . . . . . . . . . . . . . .
. 224 CHAPTER 14: Embedded and Specialized Systems. . . . . . . . . . . . .
. 225 Embedded Systems.. . . . . . . . . . . . . . . . . . . 225 SCADA and
ICS. . . . . . . . . . . . . . . . . . . . 227 Smart Devices and IoT.. . .
. . . . . . . . . . . . . . 229 What Next?.. . . . . . . . . . . . . . . .
. . . . . 238 CHAPTER 15: Physical Security Controls.. . . . . . . . . . .
. . . . . . . 239 Perimeter Security.. . . . . . . . . . . . . . . . . . .
239 Internal Security.. . . . . . . . . . . . . . . . . . . . 243 Equipment
Security. . . . . . . . . . . . . . . . . . . 246 Environmental Controls..
. . . . . . . . . . . . . . . . 249 Secure Data Destruction.. . . . . . . .
. . . . . . . . . 255 What Next?.. . . . . . . . . . . . . . . . . . . . .
259 CHAPTER 16: Cryptographic Concepts. . . . . . . . . . . . . . . . . . .
261 Cryptosystems.. . . . . . . . . . . . . . . . . . . . 262 Use of Proven
Technologies and Implementation.. . . . . . . . 272 Steganography.. . . . .
. . . . . . . . . . . . . . . 273 Cryptography Use Cases.. . . . . . . . .
. . . . . . . . 274 Cryptography Constraints.. . . . . . . . . . . . . . .
. 276 What Next?.. . . . . . . . . . . . . . . . . . . . . 277 Part III:
Implementation 279 CHAPTER 17: Secure Protocols.. . . . . . . . . . . . . .
. . . . . . . 281 Secure Web Protocols.. . . . . . . . . . . . . . . . . .
282 Secure File Transfer Protocols.. . . . . . . . . . . . . . . 286 Secure
Email Protocols.. . . . . . . . . . . . . . . . . 287 Secure Internet
Protocols. . . . . . . . . . . . . . . . . 288 Secure Protocol Use Cases..
. . . . . . . . . . . . . . . 293 What Next?.. . . . . . . . . . . . . . .
. . . . . . 305 CHAPTER 18: Host and Application Security Solutions.. . . .
. . . . . . . . . 307 Endpoint Protection.. . . . . . . . . . . . . . . . .
. 308 Firewalls and HIPS/HIDS Solutions.. . . . . . . . . . . 308
Anti-Malware and Other Host Protections. . . . . . . . . 310 Application
Security.. . . . . . . . . . . . . . . . . . 318 Hardware and Firmware
Security.. . . . . . . . . . . . . . 322 Operating System Security.. . . .
. . . . . . . . . . . . 330 What Next?.. . . . . . . . . . . . . . . . . .
. . . 338 CHAPTER 19: Secure Network Design.. . . . . . . . . . . . . . . .
. . . 339 Network Devices and Segmentation.. . . . . . . . . . . . . 340
Security Devices and Boundaries. . . . . . . . . . . . . . 347 What Next?..
. . . . . . . . . . . . . . . . . . . . 369 CHAPTER 20: Wireless Security
Settings.. . . . . . . . . . . . . . . . . . 371 Access Methods.. . . . . .
. . . . . . . . . . . . . . 372 Wireless Cryptographic Protocols.. . . . .
. . . . . . . . . 373 Authentication Protocols.. . . . . . . . . . . . . .
. . . 377 Wireless Access Installations. . . . . . . . . . . . . . . . 379
What Next?.. . . . . . . . . . . . . . . . . . . . . 387 CHAPTER 21: Secure
Mobile Solutions. . . . . . . . . . . . . . . . . . . 389 Communication
Methods. . . . . . . . . . . . . . . . . 389 Mobile Device Management
Concepts. . . . . . . . . . . . 393 Enforcement and Monitoring.. . . . . .
. . . . . . . . . 405 Deployment Models.. . . . . . . . . . . . . . . . . .
412 What Next?.. . . . . . . . . . . . . . . . . . . . . 420 CHAPTER 22:
Cloud Cybersecurity Solutions.. . . . . . . . . . . . . . . . 421 Cloud
Workloads.. . . . . . . . . . . . . . . . . . . 422 Third-Party Cloud
Security Solutions.. . . . . . . . . . . . 428 What Next?.. . . . . . . . .
. . . . . . . . . . . . 431 CHAPTER 23: Identity and Account Management
Controls.. . . . . . . . . . . 433 Account Types.. . . . . . . . . . . . .
. . . . . . . 433 Account Management.. . . . . . . . . . . . . . . . . .
435 Account Policy Enforcement.. . . . . . . . . . . . . . . 441 What
Next?.. . . . . . . . . . . . . . . . . . . . . 448 CHAPTER 24:
Authentication and Authorization Solutions.. . . . . . . . . . . . 449
Authentication.. . . . . . . . . . . . . . . . . . . . 450 Access Control..
. . . . . . . . . . . . . . . . . . . 466 What Next?.. . . . . . . . . . .
. . . . . . . . . . 472 CHAPTER 25: Public Key Infrastructure.. . . . . . .
. . . . . . . . . . . 473 What Next?.. . . . . . . . . . . . . . . . . . .
. . 489 Part IV: Operations and Incident Response 491 CHAPTER 26:
Organizational Security.. . . . . . . . . . . . . . . . . . . 493 Shell and
Script Environments.. . . . . . . . . . . . . . . 494 Network
Reconnaissance and Discovery. . . . . . . . . . . . 496 Packet Capture and
Replay. . . . . . . . . . . . . . . . 502 Password Crackers.. . . . . . . .
. . . . . . . . . . . 504 Forensics and Data Sanitization.. . . . . . . . .
. . . . . 505 What Next?.. . . . . . . . . . . . . . . . . . . . . 508
CHAPTER 27: Incident Response.. . . . . . . . . . . . . . . . . . . . . 509
Attack Frameworks.. . . . . . . . . . . . . . . . . . . 509 Incident
Response Plan.. . . . . . . . . . . . . . . . . 512 Incident Response
Process.. . . . . . . . . . . . . . . . 517 Continuity and Recovery Plans..
. . . . . . . . . . . . . . 522 What Next?.. . . . . . . . . . . . . . . .
. . . . . 528 CHAPTER 28: Incident Investigation. . . . . . . . . . . . . .
. . . . . . 529 SIEM Dashboards. . . . . . . . . . . . . . . . . . . 530
Logging. . . . . . . . . . . . . . . . . . . . . . . 531 Network Activity.
. . . . . . . . . . . . . . . . . . . 536 What Next?.. . . . . . . . . . .
. . . . . . . . . . 539 CHAPTER 29: Incident Mitigation.. . . . . . . . . .
. . . . . . . . . . . 541 Containment and Eradication.. . . . . . . . . . .
. . . . 541 What Next?.. . . . . . . . . . . . . . . . . . . . . 549
CHAPTER 30: Digital Forensics.. . . . . . . . . . . . . . . . . . . . . 551
Data Breach Notifications.. . . . . . . . . . . . . . . . 552 Strategic
Intelligence/Counterintelligence Gathering. . . . . . . 554 Track
Person-hours.. . . . . . . . . . . . . . . . . . . 555 Order of Volatility.
. . . . . . . . . . . . . . . . . . 555 Chain of Custody.. . . . . . . . .
. . . . . . . . . . 556 Data Acquisition.. . . . . . . . . . . . . . . . .
. . . 559 Capture System Images.. . . . . . . . . . . . . . . 560 Capture
Network Traffic and Logs.. . . . . . . . . . . 560 Capture Video and
Photographs.. . . . . . . . . . . . 561 Record Time Offset.. . . . . . . .
. . . . . . . . 562 Take Hashes. . . . . . . . . . . . . . . . . . . 562
Capture Screenshots.. . . . . . . . . . . . . . . . 563 Collect Witness
Interviews. . . . . . . . . . . . . . 563 What Next?.. . . . . . . . . . .
. . . . . . . . . . 565 Part V: Governance, Risk, and Compliance 567
CHAPTER 31: Control Types.. . . . . . . . . . . . . . . . . . . . . . 569
Nature of Controls.. . . . . . . . . . . . . . . . . . . 570 Functional Use
of Controls.. . . . . . . . . . . . . . . . 570 Compensating Controls.. . .
. . . . . . . . . . . . . . 572 What Next?.. . . . . . . . . . . . . . . .
. . . . . 574 CHAPTER 32: Regulations, Standards, and Frameworks.. . . . .
. . . . . . . 575 Industry-Standard Frameworks and Reference Architectures.
. . . . 575 Benchmarks and Secure Configuration Guides.. . . . . . . . .
579 What Next?.. . . . . . . . . . . . . . . . . . . . . 581 CHAPTER 33:
Organizational Security Policies.. . . . . . . . . . . . . . . . 583 Policy
Framework.. . . . . . . . . . . . . . . . . . . 583 Human Resource
Management Policies.. . . . . . . . . . . . 584 Third-Party Risk
Management.. . . . . . . . . . . . . . . 592 What Next?.. . . . . . . . . .
. . . . . . . . . . . 596 CHAPTER 34: Risk Management.. . . . . . . . . . .
. . . . . . . . . . 597 Risk Analysis. . . . . . . . . . . . . . . . . . .
. . 598 Risk Assessment.. . . . . . . . . . . . . . . . . . . . 602
Business Impact Analysis.. . . . . . . . . . . . . . . . . 606 What Next?..
. . . . . . . . . . . . . . . . . . . . 612 CHAPTER 35: Sensitive Data and
Privacy.. . . . . . . . . . . . . . . . . . 613 Sensitive Data Protection.
. . . . . . . . . . . . . . . . 613 Privacy Impact Assessment.. . . . . . .
. . . . . . . . . 621 What Next?.. . . . . . . . . . . . . . . . . . . . .
623 Glossary of Essential Terms and Components.. . . . . . . . . . . . 625
9780136798675, TOC, 10/9/2020
Attacks, Threats, and Vulnerabilities 1 CHAPTER 1: Social Engineering
Techniques.. . . . . . . . . . . . . . . . 3 The Social Engineer.. . . . .
. . . . . . . . . . . . . 4 Phishing and Related Attacks.. . . . . . . . .
. . . . . . 6 Principles of Influence (Reasons for Effectiveness). . . . .
. . . 10 What Next?.. . . . . . . . . . . . . . . . . . . . . 14 CHAPTER 2:
Attack Basics.. . . . . . . . . . . . . . . . . . . . . . 15 Malware. . . .
. . . . . . . . . . . . . . . . . . . 16 Physical Attacks.. . . . . . . . .
. . . . . . . . . . . 26 Adversarial Artificial Intelligence (AI).. . . . .
. . . . . . . 27 Password Attacks. . . . . . . . . . . . . . . . . . . . 28
Downgrade Attacks.. . . . . . . . . . . . . . . . . . . 31 What Next?.. . .
. . . . . . . . . . . . . . . . . . 34 CHAPTER 3: Application Attacks.. . .
. . . . . . . . . . . . . . . . . 35 Race Conditions.. . . . . . . . . . .
. . . . . . . . . 36 Improper Software Handling.. . . . . . . . . . . . . .
. 37 Resource Exhaustion.. . . . . . . . . . . . . . . . . . 37 Overflows..
. . . . . . . . . . . . . . . . . . . . . 38 Code Injections. . . . . . . .
. . . . . . . . . . . . 39 Driver Manipulation.. . . . . . . . . . . . . .
. . . . 40 Request Forgeries.. . . . . . . . . . . . . . . . . . . 41
Directory Traversal.. . . . . . . . . . . . . . . . . . . 44 Replay
Attack.. . . . . . . . . . . . . . . . . . . . . 45 Secure Sockets Layer
(SSL) Stripping.. . . . . . . . . . . . 45 Application Programming
Interface (API) Attacks.. . . . . . . . 47 Pass-the-Hash Attack. . . . . .
. . . . . . . . . . . . 49 What Next?.. . . . . . . . . . . . . . . . . . .
. . 52 CHAPTER 4: Network Attacks.. . . . . . . . . . . . . . . . . . . . .
53 Wireless. . . . . . . . . . . . . . . . . . . . . . . 54 On-Path Attack.
. . . . . . . . . . . . . . . . . . . 58 Layer 2 Attacks. . . . . . . . . .
. . . . . . . . . . 59 Domain Name System (DNS) Attacks.. . . . . . . . . .
. . 62 Denial of Service. . . . . . . . . . . . . . . . . . . . 64
Malicious Code and Script Execution.. . . . . . . . . . . . 68 What Next?..
. . . . . . . . . . . . . . . . . . . . 71 CHAPTER 5: Threat Actors,
Vectors, and Intelligence Sources. . . . . . . . . . 73 Threat Actor
Attributes.. . . . . . . . . . . . . . . . . 74 Threat Actor Types.. . . .
. . . . . . . . . . . . . . . 75 Vectors.. . . . . . . . . . . . . . . . .
. . . . . . 80 Threat Intelligence and Research Sources.. . . . . . . . . .
. 81 What Next?.. . . . . . . . . . . . . . . . . . . . . 87 CHAPTER 6:
Vulnerabilities.. . . . . . . . . . . . . . . . . . . . . . 89 Cloud-Based
vs. On-Premises. . . . . . . . . . . . . . . 90 Zero-Day. . . . . . . . . .
. . . . . . . . . . . . 90 Weak Configurations. . . . . . . . . . . . . . .
. . . 91 Third-Party Risks.. . . . . . . . . . . . . . . . . . . 95
Impacts.. . . . . . . . . . . . . . . . . . . . . . . 96 What Next?.. . . .
. . . . . . . . . . . . . . . . . 98 CHAPTER 7: Security Assessment
Techniques.. . . . . . . . . . . . . . . 99 Vulnerability Scans.. . . . . .
. . . . . . . . . . . . . 100 Threat Assessment.. . . . . . . . . . . . . .
. . . . . 103 What Next?.. . . . . . . . . . . . . . . . . . . . . 110
CHAPTER 8: Penetration Testing Techniques.. . . . . . . . . . . . . . . .
111 Testing Methodology. . . . . . . . . . . . . . . . . . 112 Team
Exercises.. . . . . . . . . . . . . . . . . . . . 118 What Next?.. . . . .
. . . . . . . . . . . . . . . . 120 Part II: Architecture and Design 121
CHAPTER 9: Enterprise Security Concepts.. . . . . . . . . . . . . . . . .
123 Configuration Management.. . . . . . . . . . . . . . . . 124 Data
Confidentiality.. . . . . . . . . . . . . . . . . . 126 Deception and
Disruption.. . . . . . . . . . . . . . . . 139 What Next?.. . . . . . . . .
. . . . . . . . . . . . 143 CHAPTER 10: Virtualization and Cloud
Computing.. . . . . . . . . . . . . . 145 Virtualization.. . . . . . . . .
. . . . . . . . . . . . 145 On-Premises vs. Off-Premises. . . . . . . . . .
. . . . . 154 Cloud Models. . . . . . . . . . . . . . . . . . . . . 155
What Next?.. . . . . . . . . . . . . . . . . . . . . 164 CHAPTER 11: Secure
Application Development, Deployment, and Automation.. . . . 165 Application
Environment.. . . . . . . . . . . . . . . . . 166 Integrity Measurement.. .
. . . . . . . . . . . . . . . 168 Change Management and Version Control.. .
. . . . . . . . . 169 Secure Coding Techniques.. . . . . . . . . . . . . .
. . 170 Automation and Scripting.. . . . . . . . . . . . . . . . 180
Scalability and Elasticity. . . . . . . . . . . . . . . . . 184 What
Next?.. . . . . . . . . . . . . . . . . . . . . 187 CHAPTER 12:
Authentication and Authorization Design. . . . . . . . . . . . . 189
Identification and Authentication, Authorization, and Accounting (AAA).. .
. . . . . . . . . . . . . . . . . 189 Multifactor Authentication.. . . . .
. . . . . . . . . . . 190 Single Sign-on.. . . . . . . . . . . . . . . . .
. . . 192 Authentication Technologies. . . . . . . . . . . . . . . . 195
What Next?.. . . . . . . . . . . . . . . . . . . . . 204 CHAPTER 13:
Cybersecurity Resilience.. . . . . . . . . . . . . . . . . . 205
Redundancy.. . . . . . . . . . . . . . . . . . . . . 205 Backups.. . . . .
. . . . . . . . . . . . . . . . . . 214 Defense in Depth.. . . . . . . . .
. . . . . . . . . . 221 What Next?.. . . . . . . . . . . . . . . . . . . .
. 224 CHAPTER 14: Embedded and Specialized Systems. . . . . . . . . . . . .
. 225 Embedded Systems.. . . . . . . . . . . . . . . . . . . 225 SCADA and
ICS. . . . . . . . . . . . . . . . . . . . 227 Smart Devices and IoT.. . .
. . . . . . . . . . . . . . 229 What Next?.. . . . . . . . . . . . . . . .
. . . . . 238 CHAPTER 15: Physical Security Controls.. . . . . . . . . . .
. . . . . . . 239 Perimeter Security.. . . . . . . . . . . . . . . . . . .
239 Internal Security.. . . . . . . . . . . . . . . . . . . . 243 Equipment
Security. . . . . . . . . . . . . . . . . . . 246 Environmental Controls..
. . . . . . . . . . . . . . . . 249 Secure Data Destruction.. . . . . . . .
. . . . . . . . . 255 What Next?.. . . . . . . . . . . . . . . . . . . . .
259 CHAPTER 16: Cryptographic Concepts. . . . . . . . . . . . . . . . . . .
261 Cryptosystems.. . . . . . . . . . . . . . . . . . . . 262 Use of Proven
Technologies and Implementation.. . . . . . . . 272 Steganography.. . . . .
. . . . . . . . . . . . . . . 273 Cryptography Use Cases.. . . . . . . . .
. . . . . . . . 274 Cryptography Constraints.. . . . . . . . . . . . . . .
. 276 What Next?.. . . . . . . . . . . . . . . . . . . . . 277 Part III:
Implementation 279 CHAPTER 17: Secure Protocols.. . . . . . . . . . . . . .
. . . . . . . 281 Secure Web Protocols.. . . . . . . . . . . . . . . . . .
282 Secure File Transfer Protocols.. . . . . . . . . . . . . . . 286 Secure
Email Protocols.. . . . . . . . . . . . . . . . . 287 Secure Internet
Protocols. . . . . . . . . . . . . . . . . 288 Secure Protocol Use Cases..
. . . . . . . . . . . . . . . 293 What Next?.. . . . . . . . . . . . . . .
. . . . . . 305 CHAPTER 18: Host and Application Security Solutions.. . . .
. . . . . . . . . 307 Endpoint Protection.. . . . . . . . . . . . . . . . .
. 308 Firewalls and HIPS/HIDS Solutions.. . . . . . . . . . . 308
Anti-Malware and Other Host Protections. . . . . . . . . 310 Application
Security.. . . . . . . . . . . . . . . . . . 318 Hardware and Firmware
Security.. . . . . . . . . . . . . . 322 Operating System Security.. . . .
. . . . . . . . . . . . 330 What Next?.. . . . . . . . . . . . . . . . . .
. . . 338 CHAPTER 19: Secure Network Design.. . . . . . . . . . . . . . . .
. . . 339 Network Devices and Segmentation.. . . . . . . . . . . . . 340
Security Devices and Boundaries. . . . . . . . . . . . . . 347 What Next?..
. . . . . . . . . . . . . . . . . . . . 369 CHAPTER 20: Wireless Security
Settings.. . . . . . . . . . . . . . . . . . 371 Access Methods.. . . . . .
. . . . . . . . . . . . . . 372 Wireless Cryptographic Protocols.. . . . .
. . . . . . . . . 373 Authentication Protocols.. . . . . . . . . . . . . .
. . . 377 Wireless Access Installations. . . . . . . . . . . . . . . . 379
What Next?.. . . . . . . . . . . . . . . . . . . . . 387 CHAPTER 21: Secure
Mobile Solutions. . . . . . . . . . . . . . . . . . . 389 Communication
Methods. . . . . . . . . . . . . . . . . 389 Mobile Device Management
Concepts. . . . . . . . . . . . 393 Enforcement and Monitoring.. . . . . .
. . . . . . . . . 405 Deployment Models.. . . . . . . . . . . . . . . . . .
412 What Next?.. . . . . . . . . . . . . . . . . . . . . 420 CHAPTER 22:
Cloud Cybersecurity Solutions.. . . . . . . . . . . . . . . . 421 Cloud
Workloads.. . . . . . . . . . . . . . . . . . . 422 Third-Party Cloud
Security Solutions.. . . . . . . . . . . . 428 What Next?.. . . . . . . . .
. . . . . . . . . . . . 431 CHAPTER 23: Identity and Account Management
Controls.. . . . . . . . . . . 433 Account Types.. . . . . . . . . . . . .
. . . . . . . 433 Account Management.. . . . . . . . . . . . . . . . . .
435 Account Policy Enforcement.. . . . . . . . . . . . . . . 441 What
Next?.. . . . . . . . . . . . . . . . . . . . . 448 CHAPTER 24:
Authentication and Authorization Solutions.. . . . . . . . . . . . 449
Authentication.. . . . . . . . . . . . . . . . . . . . 450 Access Control..
. . . . . . . . . . . . . . . . . . . 466 What Next?.. . . . . . . . . . .
. . . . . . . . . . 472 CHAPTER 25: Public Key Infrastructure.. . . . . . .
. . . . . . . . . . . 473 What Next?.. . . . . . . . . . . . . . . . . . .
. . 489 Part IV: Operations and Incident Response 491 CHAPTER 26:
Organizational Security.. . . . . . . . . . . . . . . . . . . 493 Shell and
Script Environments.. . . . . . . . . . . . . . . 494 Network
Reconnaissance and Discovery. . . . . . . . . . . . 496 Packet Capture and
Replay. . . . . . . . . . . . . . . . 502 Password Crackers.. . . . . . . .
. . . . . . . . . . . 504 Forensics and Data Sanitization.. . . . . . . . .
. . . . . 505 What Next?.. . . . . . . . . . . . . . . . . . . . . 508
CHAPTER 27: Incident Response.. . . . . . . . . . . . . . . . . . . . . 509
Attack Frameworks.. . . . . . . . . . . . . . . . . . . 509 Incident
Response Plan.. . . . . . . . . . . . . . . . . 512 Incident Response
Process.. . . . . . . . . . . . . . . . 517 Continuity and Recovery Plans..
. . . . . . . . . . . . . . 522 What Next?.. . . . . . . . . . . . . . . .
. . . . . 528 CHAPTER 28: Incident Investigation. . . . . . . . . . . . . .
. . . . . . 529 SIEM Dashboards. . . . . . . . . . . . . . . . . . . 530
Logging. . . . . . . . . . . . . . . . . . . . . . . 531 Network Activity.
. . . . . . . . . . . . . . . . . . . 536 What Next?.. . . . . . . . . . .
. . . . . . . . . . 539 CHAPTER 29: Incident Mitigation.. . . . . . . . . .
. . . . . . . . . . . 541 Containment and Eradication.. . . . . . . . . . .
. . . . 541 What Next?.. . . . . . . . . . . . . . . . . . . . . 549
CHAPTER 30: Digital Forensics.. . . . . . . . . . . . . . . . . . . . . 551
Data Breach Notifications.. . . . . . . . . . . . . . . . 552 Strategic
Intelligence/Counterintelligence Gathering. . . . . . . 554 Track
Person-hours.. . . . . . . . . . . . . . . . . . . 555 Order of Volatility.
. . . . . . . . . . . . . . . . . . 555 Chain of Custody.. . . . . . . . .
. . . . . . . . . . 556 Data Acquisition.. . . . . . . . . . . . . . . . .
. . . 559 Capture System Images.. . . . . . . . . . . . . . . 560 Capture
Network Traffic and Logs.. . . . . . . . . . . 560 Capture Video and
Photographs.. . . . . . . . . . . . 561 Record Time Offset.. . . . . . . .
. . . . . . . . 562 Take Hashes. . . . . . . . . . . . . . . . . . . 562
Capture Screenshots.. . . . . . . . . . . . . . . . 563 Collect Witness
Interviews. . . . . . . . . . . . . . 563 What Next?.. . . . . . . . . . .
. . . . . . . . . . 565 Part V: Governance, Risk, and Compliance 567
CHAPTER 31: Control Types.. . . . . . . . . . . . . . . . . . . . . . 569
Nature of Controls.. . . . . . . . . . . . . . . . . . . 570 Functional Use
of Controls.. . . . . . . . . . . . . . . . 570 Compensating Controls.. . .
. . . . . . . . . . . . . . 572 What Next?.. . . . . . . . . . . . . . . .
. . . . . 574 CHAPTER 32: Regulations, Standards, and Frameworks.. . . . .
. . . . . . . 575 Industry-Standard Frameworks and Reference Architectures.
. . . . 575 Benchmarks and Secure Configuration Guides.. . . . . . . . .
579 What Next?.. . . . . . . . . . . . . . . . . . . . . 581 CHAPTER 33:
Organizational Security Policies.. . . . . . . . . . . . . . . . 583 Policy
Framework.. . . . . . . . . . . . . . . . . . . 583 Human Resource
Management Policies.. . . . . . . . . . . . 584 Third-Party Risk
Management.. . . . . . . . . . . . . . . 592 What Next?.. . . . . . . . . .
. . . . . . . . . . . 596 CHAPTER 34: Risk Management.. . . . . . . . . . .
. . . . . . . . . . 597 Risk Analysis. . . . . . . . . . . . . . . . . . .
. . 598 Risk Assessment.. . . . . . . . . . . . . . . . . . . . 602
Business Impact Analysis.. . . . . . . . . . . . . . . . . 606 What Next?..
. . . . . . . . . . . . . . . . . . . . 612 CHAPTER 35: Sensitive Data and
Privacy.. . . . . . . . . . . . . . . . . . 613 Sensitive Data Protection.
. . . . . . . . . . . . . . . . 613 Privacy Impact Assessment.. . . . . . .
. . . . . . . . . 621 What Next?.. . . . . . . . . . . . . . . . . . . . .
623 Glossary of Essential Terms and Components.. . . . . . . . . . . . 625
9780136798675, TOC, 10/9/2020