Introduction xxv
Assessment Test xxxvi
Chapter 1 Today's Security Professional 1
Cybersecurity Objectives 2
Data Breach Risks 3
The DAD Triad 3
Breach Impact 5
Implementing Security Controls 7
Security Control Categories 7
Security Control Types 8
Data Protection 9
Summary 12
Exam Essentials 12
Review Questions 14
Chapter 2 Cybersecurity Threat Landscape 19
Exploring Cybersecurity Threats 20
Classifying Cybersecurity Threats 20
Threat Actors 22
Threat Vectors 28
Threat Data and Intelligence 30
Open Source Intelligence 31
Proprietary and Closed-Source Intelligence 33
Assessing Threat Intelligence 35
Threat Indicator Management and Exchange 36
Public and Private Information Sharing Centers 37
Conducting Your Own Research 38
Summary 38
Exam Essentials 39
Review Questions 40
Chapter 3 Malicious Code 45
Malware 46
Ransomware 47
Trojans 47
Worms 48
Rootkits 48
Backdoors 49
Bots 50
Keyloggers 52
Logic Bombs 53
Viruses 53
Fileless Viruses 53
Spyware 54
Potentially Unwanted Programs (PUPs) 55
Malicious Code 55
Adversarial Artificial Intelligence 57
Summary 58
Exam Essentials 59
Review Questions 61
Chapter 4 Social Engineering, Physical, and Password Attacks 65
Social Engineering 66
Social Engineering Techniques 67
Influence Campaigns 72
Password Attacks 72
Physical Attacks 74
Summary 76
Exam Essentials 76
Review Questions 78
Chapter 5 Security Assessment and Testing 83
Vulnerability Management 84
Identifying Scan Targets 84
Determining Scan Frequency 86
Configuring Vulnerability Scans 87
Scanner Maintenance 92
Vulnerability Scanning Tools 95
Reviewing and Interpreting Scan Reports 96
Validating Scan Results 106
Security Vulnerabilities 107
Patch Management 107
Legacy Platforms 108
Weak Configurations 109
Error Messages 110
Insecure Protocols 111
Weak Encryption 112
Penetration Testing 113
Adopting the Hacker Mindset 114
Reasons for Penetration Testing 115
Benefits of Penetration Testing 115
Penetration Test Types 116
Rules of Engagement 118
Reconnaissance 119
Running the Test 120
Cleaning Up 120
Training and Exercises 120
Summary 122
Exam Essentials 122
Review Questions 124
Chapter 6 Secure Coding 129
Software Assurance Best Practices 130
The Software Development Life Cycle 130
Software Development Phases 131
Software Development Models 133
DevSecOps and DevOps 136
Designing and Coding for Security 138
Secure Coding Practices 138
API Security 139
Code Review Models 139
Software Security Testing 143
Analyzing and Testing Code 143
Injection Vulnerabilities 144
SQL Injection Attacks 145
Code Injection Attacks 148
Command Injection Attacks 149
Exploiting Authentication Vulnerabilities 150
Password Authentication 150
Session Attacks 151
Exploiting Authorization Vulnerabilities 154
Insecure Direct Object References 154
Directory Traversal 155
File Inclusion 156
Privilege Escalation 157
Exploiting Web Application Vulnerabilities 157
Cross-Site Scripting (XSS) 158
Request Forgery 160
Application Security Controls 161
Input Validation 162
Web Application Firewalls 163
Database Security 163
Code Security 166
Secure Coding Practices 168
Source Code Comments 168
Error Handling 168
Hard-Coded Credentials 170
Memory Management 170
Race Conditions 171
Unprotected APIs 172
Driver Manipulation 172
Summary 173
Exam Essentials 173
Review Questions 175
Chapter 7 Cryptography and the Public Key Infrastructure 179
An Overview of Cryptography 180
Historical Cryptography 181
Goals of Cryptography 186
Confidentiality 187
Integrity 188
Authentication 188
Nonrepudiation 189
Cryptographic Concepts 189
Cryptographic Keys 189
Ciphers 190
Modern Cryptography 191
Cryptographic Secrecy 191
Symmetric Key Algorithms 192
Asymmetric Key Algorithms 193
Hashing Algorithms 196
Symmetric Cryptography 197
Data Encryption Standard 197
Triple DES 199
Advanced Encryption Standard 200
Symmetric Key Management 200
Asymmetric Cryptography 203
RSA 203
Elliptic Curve 204
Hash Functions 205
SHA 206
MD 5 207
Digital Signatures 207
HMAC 208
Digital Signature Standard 209
Public Key Infrastructure 209
Certificates 209
Certificate Authorities 211
Certificate Generation and Destruction 212
Certificate Formats 215
Asymmetric Key Management 216
Cryptographic Attacks 217
Emerging Issues in Cryptography 220
Tor and the Dark Web 220
Blockchain 220
Lightweight Cryptography 221
Homomorphic Encryption 221
Quantum Computing 222
Summary 222
Exam Essentials 222
Review Questions 224
Chapter 8 Identity and Access Management 229
Identity 230
Authentication and Authorization 231
Authentication and Authorization Technologies 232
Directory Services 236
Authentication Methods 237
Multifactor Authentication 237
One-Time Passwords 239
Biometrics 241
Knowledge-Based Authentication 243
Managing Authentication 244
Accounts 245
Account Types 245
Account Policies and Controls 245
Access Control Schemes 248
Filesystem Permissions 249
Summary 251
Exam Essentials 252
Review Questions 253
Chapter 9 Resilience and Physical Security 257
Building Cybersecurity Resilience 258
Storage Resiliency: Backups and Replication 260
Response and Recovery Controls 266
Physical Security Controls 269
Site Security 269
Summary 278
Exam Essentials 279
Review Questions 281
Chapter 10 Cloud and Virtualization Security 285
Exploring the Cloud 286
Benefits of the Cloud 287
Cloud Roles 289
Cloud Service Models 289
Cloud Deployment Models 293
Shared Responsibility Model 295
Cloud Standards and Guidelines 298
Virtualization 300
Hypervisors 300
Cloud Infrastructure Components 302
Cloud Compute Resources 302
Cloud Storage Resources 304
Cloud Networking 307
Cloud Security Issues 311
Availability 311
Data Sovereignty 311
Virtualization Security 312
Application Security 312
Governance and Auditing 313
Cloud Security Controls 313
Cloud Access Security Brokers 314
Resource Policies 314
Secrets Management 316
Summary 316
Exam Essentials 316
Review Questions 318
Chapter 11 Endpoint Security 323
Protecting Endpoints 324
Preserving Boot Integrity 325
Endpoint Security Tools 326
Hardening Endpoints and Systems 332
Service Hardening 333
Operating System Hardening 335
Hardening the Windows Registry 336
Configuration, Standards, and Schemas 336
Disk Security and Sanitization 338
File Manipulation and Other Useful Command-Line Tools 341
Scripting, Secure Transport, and Shells 343
Securing Embedded and Specialized Systems 344
Embedded Systems 345
SCADA and ICS 346
Securing the Internet of Things 348
Specialized Systems 349
Communication Considerations 350
Security Constraints of Embedded Systems 351
Summary 352
Exam Essentials 354
Review Questions 356
Chapter 12 Network Security 361
Designing Secure Networks 363
Network Segmentation 365
Network Access Control 366
Port Security and Port-Level Protections 367
Port Spanning/Port Mirroring 369
Virtual Private Network 370
Network Appliances and Security Tools 371
Network Security, Services, and Management 377
Deception and Disruption 382
Secure Protocols 383
Using Secure Protocols 383
Secure Protocols 384
Attacking and Assessing Networks 389
On-Path Attacks 389
Domain Name System Attacks 391
Layer 2 Attacks 393
Distributed Denial-of-Service Attacks 394
Network Reconnaissance and Discovery Tools and Techniques 398
Summary 411
Exam Essentials 412
Review Questions 414
Chapter 13 Wireless and Mobile Security 419
Building Secure Wireless Networks 420
Connectivity Methods 421
Wireless Network Models 425
Attacks Against Wireless Networks 426
Designing a Network 430
Controller and Access Point Security 432
Wi-Fi Security Standards 433
Wireless Authentication 434
Managing Secure Mobile Devices 436
Mobile Device Deployment Methods 436
Mobile Device Management 438
Specialized Mobile Device Security Tools 442
Summary 442
Exam Essentials 443
Review Questions 445
Chapter 14 Incident Response 449
Incident Response 450
The Incident Response Process 451
Attack Frameworks and Identifying Attacks 457
Incident Response Data and Tools 461
Security Information and Event Management Systems 462
Alerts and Alarms 464
Correlation and Analysis 465
Rules 465
Mitigation and Recovery 473
Summary 477
Exam Essentials 478
Review Questions 480
Chapter 15 Digital Forensics 485
Digital Forensic Concepts 486
Legal Holds and e-Discovery 487
Conducting Digital Forensics 488
Acquiring Forensic Data 489
Acquisition Tools 493
Validating Forensic Data Integrity 496
Data Recovery 499
Forensic Suites and a Forensic Case Example 499
Reporting 504
Digital Forensics and Intelligence 504
Summary 505
Exam Essentials 505
Review Questions 507
Chapter 16 Security Policies, Standards, and Compliance 511
Understanding Policy Documents 512
Policies 512
Standards 515
Procedures 517
Guidelines 518
Exceptions and Compensating Controls 519
Personnel Management 520
Least Privilege 520
Separation of Duties 521
Job Rotation and Mandatory Vacations 521
Clean Desk Space 522
Onboarding and Offboarding 522
Nondisclosure Agreements 522
Social Media 522
User Training 522
Third-Party Risk Management 523
Winding Down Vendor Relationships 524
Complying with Laws and Regulations 524
Adopting Standard Frameworks 525
NIST Cybersecurity Framework 525
NIST Risk Management Framework 528
ISO Standards 529
Benchmarks and Secure Configuration Guides 531
Security Control Verification and Quality Control 531
Summary 533
Exam Essentials 534
Review Questions 535
Chapter 17 Risk Management and Privacy 539
Analyzing Risk 540
Risk Identification 541
Risk Calculation 542
Risk Assessment 543
Managing Risk 547
Risk Mitigation 547
Risk Avoidance 549
Risk Transference 549
Risk Acceptance 549
Risk Analysis 550
Disaster Recovery Planning 552
Disaster Types 552
Business Impact Analysis 553
Privacy 553
Sensitive Information Inventory 554
Information Classification 554
Data Roles and Responsibilities 556
Information Lifecycle 557
Privacy Enhancing Technologies 557
Privacy and Data Breach Notification 558
Summary 559
Exam Essentials 559
Review Questions 560
Appendix Answers to Review Questions 565
Chapter 1: Today's Security Professional 566
Chapter 2: Cybersecurity Threat Landscape 567
Chapter 3: Malicious Code 569
Chapter 4: Social Engineering, Physical, and Password Attacks 572
Chapter 5: Security Assessment and Testing 574
Chapter 6: Secure Coding 576
Chapter 7: Cryptography and the Public Key Infrastructure 578
Chapter 8: Identity and Access Management 579
Chapter 9: Resilience and Physical Security 582
Chapter 10: Cloud and Virtualization Security 584
Chapter 11: Endpoint Security 586
Chapter 12: Network Security 589
Chapter 13: Wireless and Mobile Security 591
Chapter 14: Incident Response 594
Chapter 15: Digital Forensics 596
Chapter 16: Security Policies, Standards, and Compliance 598
Chapter 17: Risk Management and Privacy 600
Index 603
