Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions

A must-have, hands-on guide for working in the cybersecurity profession Cybersecurity involves preventative methods to protect information from attacks. It requires a thorough understanding of potential threats, such as viruses and other malicious code, as well as system vulnerability and security architecture. This essential book addresses cybersecurity strategies that include identity management, risk management, and incident management, and also serves as a detailed guide for anyone looking to enter the security profession. Doubling as the text for a cybersecurity course, it is also a useful reference for cybersecurity testing, IT test/development, and system/network administration. Covers everything from basic network administration security skills through advanced command line scripting, tool customization, and log analysis skills Dives deeper into such intense topics as wireshark/tcpdump filtering, Google hacks, Windows/Linux scripting, Metasploit command line, and tool customizations Delves into network administration for Windows, Linux, and VMware Examines penetration testing, cyber investigations, firewall configuration, and security tool customization Shares techniques for cybersecurity testing, planning, and reporting Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions is a comprehensive and authoritative look at the critical topic of cybersecurity from start to finish.

Table of Contents:
Introduction xix Part I Cyber Network Security Concepts 1 Chapter 1 Executive Summary 3 Why Start with Antipatterns? 4 Security Architecture 5 Antipattern: Signature-Based Malware Detection versus Polymorphic Threats 6 Refactored Solution: Reputational-, Behavioral-, and Entropy-Based Malware Detection 6 Antipattern: Document-Driven Certification and Accreditation 7 Antipattern: Proliferating IA Standards with No Proven Benefits 8 Antipattern: Policy-Driven Security Certifications Do Not Address the Threat 10 Refactored Solution: Security Training Roadmap 10 Summary 13 Assignments 14 Chapter 2 The Problems: Cyber Antipatterns 15 Antipatterns Concept 16 Forces in Cyber Antipatterns 16 Cyber Antipattern Templates 18 Micro-Antipattern Templates 18 Full Cyber Antipattern Template 19 Cybersecurity Antipattern Catalog 20 Can’t Patch Dumb 21 Unpatched Applications 23 Never Read the Logs 25 Networks Always Play by the Rules 26 Hard on the Outside, Gooey in the Middle 28 Webify Everything 30 No Time for Security 32 Summary 34 Assignments 35 Chapter 3 Enterprise Security Using the Zachman Framework 37 What Is Architecture? Why Do We Need It? 37 Enterprises Are Complex and Changing 38 The Zachman Framework for Enterprise Architecture 38 Primitive Models versus Composite Models 40 How Does the Zachman Framework Help with Cybersecurity? 40 Everyone Has Their Own Specifications 41 The Goldmine Is in Row 2 42 Frameworks for Row 3 42 Architectural Problem Solving Patterns 43 Business Question Analysis 44 Document Mining 45 Hierarchy Formation 46 Enterprise Workshop 52 Matrix Mining 53 Nominal Group Technique 54 Minipatterns for Problem Solving Meetings 55 Summary 56 Assignments 57 Part II Cyber Network Security Hands-On 59 Chapter 4 Network Administration for Security Professionals 61 Managing Administrator and Root Accounts 62 Windows 63 Linux and Unix 64 VMware 64 Installing Hardware 64 Re-Imaging Operating Systems 67 Windows 67 Linux 68 VMware 69 Other OSes 69 Burning and Copying CDs and DVDs 69 Windows 70 Linux 70 VMware 71 Installing System Protection/Anti-Malware 71 Windows 74 Linux 74 VMware 75 Setting Up Networks 75 Windows 76 Linux 77 VMware 78 Other OSes 79 Installing Applications and Archiving 80 Windows 80 Linux 81 VMware 82 Other OSes 82 Customizing System Management Controls and Settings 82 Windows 82 Linux 83 VMware 83 Other OSes 83 Managing Remote Login 83 Windows 84 Linux 84 VMware 84 Managing User Administration 85 Windows 85 Linux 86 VMware 86 Managing Services 87 Windows 87 Linux 88 Other OSes 88 Mounting Disks 89 Windows 89 Linux 90 VMware 90 Moving Data Between Systems on Networks 90 Windows File Sharing 91 Secure File Transfer Protocol (SFTP) 91 VMware 91 Other Techniques 92 Converting Text Files Between OSes 92 Making Backup Disks 92 Formatting Disks 93 Windows 93 Linux 94 Configuring Firewalls 94 Converting and Migrating VMs 97 Additional Network Administration Knowledge 99 Summary 99 Assignments 101 Chapter 5 Customizing BackTrack and Security Tools 103 Creating and Running BackTrack Images 104 Customizing BackTrack with VM 105 Updating and Upgrading BackTrack and Pen Test Tools 106 Adding Windows to BackTrack with VMware 106 Disk Partitioning 107 Performing Multi-Boot Disk Setup 108 Results of the New Pen Test Architecture 110 Alternative Pen Test Architectures 111 Licensing Challenges for Network Administrators 111 Perpetual License 111 Annual License 111 Time Limited per Instance License 112 Time Hold Renewal License 112 Summary 112 Assignments 113 Chapter 6 Protocol Analysis and Network Programming 115 Networking Theory and Practice 116 Frequently Encountered Network Protocols 117 ARP and Layer 2 Headers 118 IP Header 120 ICMP Header 120 UDP Header 121 TCP Header 122 Network Programming: Bash 124 Bash for Basic Network Programming 125 Bash Network Sweep: Packaging a Script 126 Bash Network Scanning Using While 127 Bash Banner Grabbing 128 Network Programming: Windows Command-Line Interface (CLI) 130 Windows Command Line: Network Programming Using For /L 131 Windows Command Line: Password Attack Using For /F 132 Python Programming: Accelerated Network Scanning 133 Summary 136 Assignments 137 Chapter 7 Reconnaissance, Vulnerability Assessment, and Cyber Testing 139 Types of Cybersecurity Evaluations 139 Body of Evidence (BOE) Review 140 Penetration Tests 141 Vulnerability Assessment 141 Security Controls Audit 141 Software Inspection 141 Iterative/Incremental Testing 142 Understanding the Cybersecurity Testing Methodology 142 Reconnaissance 144 Network and Port Scanning 150 Policy Scanning 153 Vulnerability Probes and Fingerprinting 155 Test Planning and Reporting 159 Summary 162 Assignments 163 Chapter 8 Penetration Testing 165 Forms of Cyber Attacks 166 Buffer Overflows 166 Command Injection Attacks 167 SQL Injection Attacks 167 Network Penetration 167 Commercial Pen Testing Tools 170 Using IMPACT 170 Using CANVAS 171 Using Netcat to Create Connections and Move Data and Binaries 172 Using Netcat to Create Relays and Pivots 173 Using SQL Injection and Cross-Site Techniques to Perform Web Application and Database Attacks 175 Collecting User Identities with Enumeration and Hash Grabbing 177 Enumeration and Hash Grabbing on Windows 178 Enumeration and Hash Grabbing on Linux 179 Password Cracking 179 John the Ripper 181 Rainbow Tables 181 Cain & Abel 181 Privilege Escalation 182 Final Malicious Phases 183 Backdoors 183 Entrenchment 184 Hidden Files 184 Rootkits 184 Rootkit Removal 185 Summary 185 Assignments 187 Chapter 9 Cyber Network Defense Using Advanced Log Analysis 189 Introduction to Cyber Network Defense 190 General Methods and Tools for Cyber Investigations 191 Observation 192 Hypothesis 192 Evaluation 193 Continuous Cyber Investigation Strategy 193 A Summary of the Cyber Investigation Process 195 Network Monitoring 197 The daycap script 199 The pscap Script 200 Text Log Analysis 200 The snortcap Script 201 The headcap Script 201 The statcap Script 202 The hostcap Script 202 The alteripcap Script 203 The orgcap Script 204 The iporgcap Script 205 The archcap Script 205 Binary Log Analysis 206 Advanced Wireshark Filters 206 Data Carving 207 Advanced tcpdump Filtering and Techniques 208 Analyzing Beacons 209 Reporting Cyber Investigations 210 Elimination of Cyber Threats 211 Intrusion Discovery on Windows 214 Summary 215 Assignments 216 Part III Cyber Network Application Domains 217 Chapter 10 Cybersecurity for End Users, Social Media, and Virtual Worlds 219 Doing an Ego Search 219 Protecting Laptops, PCs, and Mobile Devices 220 Staying Current with Anti-Malware and Software Updates 222 Managing Passwords 223 Guarding against Drive-By Malware 224 Staying Safe with E‐mail 225 Securely Banking and Buying Online 226 Understanding Scareware and Ransomware 227 Is Your Machine p0wned? 227 Being Careful with Social Media 228 Staying Safe in Virtual Worlds 229 Summary 230 Assignments 231 Chapter 11 Cybersecurity Essentials for Small Business 233 Install Anti-Malware Protection 234 Update Operating Systems 234 Update Applications 235 Change Default Passwords 235 Educate Your End Users 236 Small Enterprise System Administration 236 Wireless Security Basics for Small Business 237 Tips for Apple Macintosh Users 238 Summary 239 Assignments 239 Chapter 12 Large Enterprise Cybersecurity: Data Centers and Clouds 241 Critical Security Controls 242 Scanning Enterprise IP Address Range (Critical Control 1) 243 Drive-By Malware (Critical Controls 2 & 3) 244 Unpatched Applications in Large Enterprises (Critical Controls 2 & 4) 246 Internal Pivot from Compromised Machines (Critical Controls 2 & 10) 247 Weak System Configurations (Critical Controls 3 & 10) 248 Unpatched Systems (Critical Controls 4 & 5) 250 Lack of Security Improvement (Critical Controls 4, 5, 11, & 20) 250 Vulnerable Web Applications and Databases (Critical Controls 6 & 20) 251 Wireless Vulnerability (Critical Control 7) 252 Social Engineering (Critical Controls 9, 12, & 16) 253 Temporary Open Ports (Critical Controls 10 & 13) 254 Weak Network Architectures (Critical Controls 13 & 19) 255 Lack of Logging and Log Reviews (Critical Control 14) 256 Lack of Risk Assessment and Data Protection (Critical Controls 15 & 17) 257 Data Loss via Undetected Exfiltration (Critical Control 17) 259 Poor Incident Response — APT (Critical Control 18) 260 Cloud Security 261 How Do Clouds Form? How Do Clouds Work? 262 Stovepiped Widgets in the Cloud 263 Special Security Implications 264 Consolidation into Clouds Can Magnify Risks 264 Clouds Require Stronger Trust Relationships 264 Clouds Change Security Assumptions 265 Cloud Indexing Changes Security Semantics 265 Data Mashups Increase Data Sensitivity 265 Cloud Security Technology Maturity 266 New Governance and Quality Assurance for Cloud Computing 266 Summary 267 Assignments 268 Chapter 13 Healthcare Information Technology Security 269 Hipaa 270 Healthcare Risk Assessment 270 Healthcare Records Management 271 Healthcare IT and the Judicial Process 272 Data Loss 272 Managing Logs in Healthcare Organizations 273 Authentication and Access Control 274 Summary 275 Assignments 276 Chapter 14 Cyber Warfare: An Architecture for Deterrence 277 Introduction to Cyber Deterrence 278 Cyber Warfare 278 Comprehensive National Cybersecurity Initiative 279 Methodology and Assumptions 280 Cyber Deterrence Challenges 283 Legal and Treaty Assumptions 284 Cyber Deterrence Strategy 286 Reference Model 290 Solution Architecture 291 Architectural Prototypes 296 Baseline Code: Threaded Scanning 297 Botnet for Distributed Scanning 298 Performance Benchmarks 300 Deterministic Models of Performance 302 Projections for Military Botnets 303 Summary 304 Assignments 305 Glossary 307 Bibliography 317 Index 323