Defensive security handbook: best practices for securing infrastructure
Gespeichert in:
Hauptverfasser: | , |
---|---|
Format: | Buch |
Sprache: | English |
Veröffentlicht: |
Beijing ; Boston ; Farnham ; Sebastopol ; Tokyo
O'Reilly
April 2017
|
Ausgabe: | First edition |
Schlagworte: | |
Online-Zugang: | Inhaltsverzeichnis |
Beschreibung: | xx, 261 Seiten Illustrationen, Diagramme |
ISBN: | 9781491960387 |
Internformat
MARC
LEADER | 00000nam a2200000 c 4500 | ||
---|---|---|---|
001 | BV044220366 | ||
003 | DE-604 | ||
005 | 20170714 | ||
007 | t | ||
008 | 170310s2017 a||| |||| 00||| eng d | ||
020 | |a 9781491960387 |c pbk |9 978-1-491-96038-7 | ||
035 | |a (OCoLC)978270197 | ||
035 | |a (DE-599)BVBBV044220366 | ||
040 | |a DE-604 |b ger |e rda | ||
041 | 0 | |a eng | |
049 | |a DE-29T |a DE-706 |a DE-11 |a DE-1050 | ||
084 | |a ST 277 |0 (DE-625)143643: |2 rvk | ||
100 | 1 | |a Brotherston, Lee |e Verfasser |0 (DE-588)1136790446 |4 aut | |
245 | 1 | 0 | |a Defensive security handbook |b best practices for securing infrastructure |c Lee Brotherston and Amanda Berlin |
250 | |a First edition | ||
264 | 1 | |a Beijing ; Boston ; Farnham ; Sebastopol ; Tokyo |b O'Reilly |c April 2017 | |
300 | |a xx, 261 Seiten |b Illustrationen, Diagramme | ||
336 | |b txt |2 rdacontent | ||
337 | |b n |2 rdamedia | ||
338 | |b nc |2 rdacarrier | ||
650 | 0 | 7 | |a Computersicherheit |0 (DE-588)4274324-2 |2 gnd |9 rswk-swf |
689 | 0 | 0 | |a Computersicherheit |0 (DE-588)4274324-2 |D s |
689 | 0 | |5 DE-604 | |
700 | 1 | |a Berlin, Amanda |e Verfasser |0 (DE-588)1136790578 |4 aut | |
856 | 4 | 2 | |m HEBIS Datenaustausch |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029626353&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
999 | |a oai:aleph.bib-bvb.de:BVB01-029626353 |
Datensatz im Suchindex
_version_ | 1804177367779770368 |
---|---|
adam_text | Defensive Security Handbook
Best Practices for Securing Infrastructure
Lee Brotherston and Amanda Berlin
Beijing • Boston • Farnham • Sebastopol • Tokyo
Table of Contents
Foreword xi
Introduction xiii
1 Creating a Security Program 1
Lay the Groundwork 1
Establish Teams 2
Baseline Security Posture 3
Assess Threats and Risks 3
Identify 3
Assess 4
Mitigate 4
Monitor 5
Prioritize 5
Create Milestones 5
Use Cases, Tabletops, and Drills 6
Expanding Your Team and Skillsets 10
Conclusion 11
2 Asset Management and Documentation 13
Information Classification 13
Asset Management Implementation Steps J 14
Defining the Lifecycle 15
Information Gathering 16
Change Tracking 17
Monitoring and Reporting 18
Asset Management Guidelines 18
Automation 18
iii
One Source of Truth 19
Organize a Company-Wide Team 19
Executive Champions 19
Software Licensing 19
Define Assets 20
Documentation 20
Networking Equipment 20
Network 21
Servers 21
Desktops 22
Users 22
Applications 22
Other 23
Conclusion 23
3 Policies 25
Language 26
Document Contents 27
Topics 28
Storage and Communication 29
Conclusion 29
4 Standards and Procedures 31
Standards 32
Language 32
Procedures 33
Language 33
Document Contents 34
Conclusion 35
5 User Education 37
Broken Processes 37
Bridging the Gap 38
Building Your Own Program 39
Establish Objectives 39
Establish Baselines t 40
Scope and Create Program Rules and Guidelines 40
Implement and Document Program Infrastructure 40
Positive Reinforcement 40
Gamification 41
Define Incident Response Processes 41
Gaining Meaningful Metrics 41
iv | Table of Contents
Measurements 41
Tracking Success Rate and Progress 42
Important Metrics 42
Conclusion 42
6 Incident Response 45
Processes 45
Pre-Incident Processes 45
Incident Processes 46
Post-Incident Processes 48
Tools and Technology 49
Log Analysis 49
Disk and File Analysis 49
Memory Analysis 50
PCAP Analysis 51
All in One 52
Conclusion 52
7 Disaster Recovery 53
Setting Objectives 53
Recovery Point Objective 54
Recovery Time Objective 54
Recovery Strategies 55
Backups 55
Warm Standby 55
High Availability 56
Alternate System 56
System Function Reassignment 57
Dependencies 57
Scenarios 58
Invoking a Fail Over and Back 58
Testing 59
Security Considerations 59
Conclusion 60
8 Industry Compliance Standards and Frameworks 61
Industry Compliance Standards 61
Payment Card Industry Data Security Standard (PCI DSS) 62
Health Insurance Portability 8c Accountability Act 62
Gramm-Leach Bliley Act 63
Family Educational Rights and Privacy Act 63
Sarbanes-Oxley Act 64
Table of Contents | v
Frameworks 65
Cloud Control Matrix 65
Center for Internet Security 65
Control Objectives for Information and Related Technologies 65
The Committee of Sponsoring Organizations of the Treadway Commission 65
ISO-27000 Series 66
NIST CyberSecurity Framework 66
Regulated Industries 67
Financial 67
Government 67
Healthcare 68
Conclusion 69
9 Physical Security 71
Physical 72
Restrict Access 72
1 Video Surveillance 72
Authentication Maintenance 74
Secure Media 75
Datacenters 75
Operational 76
Identify Visitors and Contractors 76
Visitor Actions 76
Contractor Actions 76
Badges 76
Include Physical Security Training 77
Conclusion 79
10 Microsoft Windows Infrastructure 81
Quick Wins 81
Upgrade 81
Third-Party Patches 82
Open Shares 83
Active Directory Domain Services 83
Forest 84
Domain ( 85
Domain Controllers 85
OUs 86
Groups 86
Accounts 87
Group Policy Objects 88
EMET 89
vi | Table of Contents
Basic Configuration 90
Custom Configuration 92
Enterprise Deployment Strategies 93
MS-SQL Server 96
When Third-Party Vendors Have Access 96
MS SQL Authentication 97
SA User Security 97
Conclusion 98
11 Unix Application Servers 101
Keeping Up-to-Date 102
Third-Party Software Updates 102
Core Operating System Updates 104
Hardening a Unix Application Server 105
Conclusion 111
12 Endpoints 113
Keeping Up-to-Date 113
Microsoft Windows 114
macOS 114
Unix Desktops 115
Third-Party Updates 115
Hardening Endpoints 116
Disable Services 116
Desktop Firewalls 118
Full-Disk Encryption 119
Endpoint Protection Tools 121
Mobile Device Management 122
Endpoint Visibility 122
Centralization 123
Conclusion 124
13 Password Management and Multifactor Authentication 125
Basic Password Practices 125
Password Management Software 127
Password Resets 128
Password Breaches 128
Encryption, Hashing, and Salting 129
Encryption 129
Hashing 129
Salting 130
Password Storage Locations and Methods 131
Table of Contents | vii
Password Security Objects 133
Setting a Fine-Grained Password Policy 133
Multifactor Authentication 137
Why 2FA? 138
2FA Methods 140
How It Works 140
Threats 141
Where It Should Be Implemented 141
Conclusion 142
14 Network Infrastructure 143
Firmware/Software Patching 143
Device Hardening 145
Services 145
SNMP 147
Encrypted Protocols 148
Management Network 148
Routers 149
Switches 150
Egress Filtering 151
IPv6: A Cautionary Note 151
TACACS+ 152
Conclusion 153
15 Segmentation 155
Network Segmentation 155
Physical 155
Logical 156
Physical and Logical Network Example 162
Software-Defined Networking 164
Application 164
Roles and Responsibilities 165
Conclusion 167
16 Vulnerability Management 169
How Vulnerability Scanning Works 170
Authenticated versus Unauthenticated Scans 170
Vulnerability Assessment Tools 172
Vulnerability Management Program 173
Program Initialization 174
Business as Usual 175
Remediation Prioritization 175
viii | Table of Contents
Risk Acceptance
Conclusion
17 Development 179
Language Selection 179
Ox Assembly 180
/* C and C++ */ 180
GO func() 180
#!/Python/Ruby/Perl 181
? PHP ? 181
Secure Coding Guidelines 182
Testing 183
Automated Static Testing 183
Automated Dynamic Testing 183
Peer Review 184
System Development Lifecycle 184
Conclusion 186
18 Purple Teaming 187
Open Source Intelligence 187
Types of Information and Access 188
OSINT Tools 191
Red Teaming 208
Conclusion 213
19 IDS and IPS 215
Types of IDS and IPS 215
Network-Based IDS 215
Host-Based IDS 217
IPS 217
Cutting Out the Noise 217
Writing Your Own Signatures 219
NIDS and IPS Locations 221
Encrypted Protocols 222
Conclusion 223
20 Logging and Monitoring 225
What to Log 225
Where to Log 226
Security Information and Event Management 226
Designing the SIEM 227
Log Analysis 228
Table of Contents | ix
Logging and Alerting Examples 228
Authentication Systems 228
Application Logs 229
Proxy and Firewall Logs 230
Log Aggregation 230
Use Case Analysis 231
Conclusion 232
21 The Extra Mile 233
Email Servers 233
DNS Servers 235
Security through Obscurity 237
Useful Resources 238
Books 238
Blogs 238
Podcasts 239
Tools 239
Websites 239
A User Education Templates 241
Index 247
x | Table of Contents
|
any_adam_object | 1 |
author | Brotherston, Lee Berlin, Amanda |
author_GND | (DE-588)1136790446 (DE-588)1136790578 |
author_facet | Brotherston, Lee Berlin, Amanda |
author_role | aut aut |
author_sort | Brotherston, Lee |
author_variant | l b lb a b ab |
building | Verbundindex |
bvnumber | BV044220366 |
classification_rvk | ST 277 |
ctrlnum | (OCoLC)978270197 (DE-599)BVBBV044220366 |
discipline | Informatik |
edition | First edition |
format | Book |
fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01409nam a2200337 c 4500</leader><controlfield tag="001">BV044220366</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20170714 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">170310s2017 a||| |||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781491960387</subfield><subfield code="c">pbk</subfield><subfield code="9">978-1-491-96038-7</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)978270197</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV044220366</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-29T</subfield><subfield code="a">DE-706</subfield><subfield code="a">DE-11</subfield><subfield code="a">DE-1050</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 277</subfield><subfield code="0">(DE-625)143643:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Brotherston, Lee</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1136790446</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Defensive security handbook</subfield><subfield code="b">best practices for securing infrastructure</subfield><subfield code="c">Lee Brotherston and Amanda Berlin</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">First edition</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Beijing ; Boston ; Farnham ; Sebastopol ; Tokyo</subfield><subfield code="b">O'Reilly</subfield><subfield code="c">April 2017</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">xx, 261 Seiten</subfield><subfield code="b">Illustrationen, Diagramme</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Berlin, Amanda</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1136790578</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HEBIS Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029626353&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-029626353</subfield></datafield></record></collection> |
id | DE-604.BV044220366 |
illustrated | Illustrated |
indexdate | 2024-07-10T07:46:57Z |
institution | BVB |
isbn | 9781491960387 |
language | English |
oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-029626353 |
oclc_num | 978270197 |
open_access_boolean | |
owner | DE-29T DE-706 DE-11 DE-1050 |
owner_facet | DE-29T DE-706 DE-11 DE-1050 |
physical | xx, 261 Seiten Illustrationen, Diagramme |
publishDate | 2017 |
publishDateSearch | 2017 |
publishDateSort | 2017 |
publisher | O'Reilly |
record_format | marc |
spelling | Brotherston, Lee Verfasser (DE-588)1136790446 aut Defensive security handbook best practices for securing infrastructure Lee Brotherston and Amanda Berlin First edition Beijing ; Boston ; Farnham ; Sebastopol ; Tokyo O'Reilly April 2017 xx, 261 Seiten Illustrationen, Diagramme txt rdacontent n rdamedia nc rdacarrier Computersicherheit (DE-588)4274324-2 gnd rswk-swf Computersicherheit (DE-588)4274324-2 s DE-604 Berlin, Amanda Verfasser (DE-588)1136790578 aut HEBIS Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029626353&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis |
spellingShingle | Brotherston, Lee Berlin, Amanda Defensive security handbook best practices for securing infrastructure Computersicherheit (DE-588)4274324-2 gnd |
subject_GND | (DE-588)4274324-2 |
title | Defensive security handbook best practices for securing infrastructure |
title_auth | Defensive security handbook best practices for securing infrastructure |
title_exact_search | Defensive security handbook best practices for securing infrastructure |
title_full | Defensive security handbook best practices for securing infrastructure Lee Brotherston and Amanda Berlin |
title_fullStr | Defensive security handbook best practices for securing infrastructure Lee Brotherston and Amanda Berlin |
title_full_unstemmed | Defensive security handbook best practices for securing infrastructure Lee Brotherston and Amanda Berlin |
title_short | Defensive security handbook |
title_sort | defensive security handbook best practices for securing infrastructure |
title_sub | best practices for securing infrastructure |
topic | Computersicherheit (DE-588)4274324-2 gnd |
topic_facet | Computersicherheit |
url | http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029626353&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
work_keys_str_mv | AT brotherstonlee defensivesecurityhandbookbestpracticesforsecuringinfrastructure AT berlinamanda defensivesecurityhandbookbestpracticesforsecuringinfrastructure |