Book Image

Cybersecurity - Attack and Defense Strategies

By : Yuri Diogenes, Dr. Erdal Ozkaya
Book Image

Cybersecurity - Attack and Defense Strategies

By: Yuri Diogenes, Dr. Erdal Ozkaya

Overview of this book

The book will start talking about the security posture before moving to Red Team tactics, where you will learn the basic syntax for the Windows and Linux tools that are commonly used to perform the necessary operations. You will also gain hands-on experience of using new Red Team techniques with powerful tools such as python and PowerShell, which will enable you to discover vulnerabilities in your system and how to exploit them. Moving on, you will learn how a system is usually compromised by adversaries, and how they hack user's identity, and the various tools used by the Red Team to find vulnerabilities in a system. In the next section, you will learn about the defense strategies followed by the Blue Team to enhance the overall security of a system. You will also learn about an in-depth strategy to ensure that there are security controls in each network layer, and how you can carry out the recovery process of a compromised system. Finally, you will learn how to create a vulnerability management strategy and the different techniques for manual log analysis.

Related Content you might be interested in

Current Title:

Small book image
Cybersecurity - Attack and Defense Strategies
Yuri Diogenes | Dr. Erdal Ozkaya
Jan, 2018 | 384 pages
Small book image
Hands-On Cybersecurity for Finance
Erdal Ozkaya | Milad Aslaner
Jan, 2019 | 308 pages
Small book image
Incident Response in the Age of Cloud
Erdal Ozkaya
Feb, 2021 | 622 pages
Small book image
Cybersecurity Blue Team Strategies
Nikolaos Thymianis | Kunal Sehgal
Feb, 2023 | 208 pages
Table of Contents (22 chapters)
Title Page
Title Page
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
Security Posture
Security Posture
The current threat landscape
Cybersecurity challenges
Enhancing your security posture
The Red and Blue Team
References
Summary
2
Incident Response Process
Incident Response Process
Incident response process
Handling an incident
Post-incident activity
Incident response in the cloud
References
Summary
3
Understanding the Cybersecurity Kill Chain
Understanding the Cybersecurity Kill Chain
External reconnaissance
Access and privilege escalation
Exfiltration
Sustainment
Assault
Obfuscation
Threat life cycle management
References
Summary
4
Reconnaissance
Reconnaissance
External reconnaissance
Internal reconnaissance
Conclusion of the reconnaissance chapter
References
Summary
5
Compromising the System
Compromising the System
Analyzing current trends
Phishing
Exploiting a vulnerability
Zero-day
Performing the steps to compromise a system
References
Summary
6
Chasing a User's Identity
Chasing a User's Identity
Identity is the new perimeter
Strategies for compromising a user's identity
Hacking a user's identity
References
Summary
7
Lateral Movement
Lateral Movement
Infiltration
Performing lateral movement
References
Summary
8
Privilege Escalation
Privilege Escalation
Infiltration
Avoiding alerts
Performing privilege escalation
Conclusion and lessons learned
References
Summary
9
Security Policy
Security Policy
Reviewing your security policy
Educating the end user
Policy enforcement
Monitoring for compliance
References
Summary
10
Network Segmentation
Network Segmentation
Defense in depth approach
Physical network segmentation
Securing remote access to the network
Virtual network segmentation
Hybrid cloud network security
References
Summary
11
Active Sensors
Active Sensors
Detection capabilities
Intrusion detection systems
Intrusion prevention system
Behavior analytics on-premises
Behavior analytics in a hybrid cloud
References
Summary
12
Threat Intelligence
Threat Intelligence
Introduction to threat intelligence
Open source tools for threat intelligence
Microsoft threat intelligence
Leveraging threat intelligence to investigate suspicious activity
References
Summary
13
Investigating an Incident
Investigating an Incident
Scoping the issue
Investigating a compromised system on-premises
Investigating a compromised system in a hybrid cloud
Lessons learned
References
Summary
14
Recovery Process
Recovery Process
Disaster recovery plan
Live recovery
Contingency planning
Best practices for recovery
References
Summary
15
Vulnerability Management
Vulnerability Management
Creating a vulnerability management strategy
Implementation of vulnerability management
Best practices for vulnerability management
Implementing vulnerability management with Nessus
Flexera (Secunia) Personal Software Inspector
Conclusion
References
Summary
16
Log Analysis
Log Analysis
Data correlation
Operating system logs
Firewall logs
Web server logs
References
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Enhancing your security posture

If you carefully read this entire chapter, it should be very clear that you can't use the old approach to security facing today's challenges and threats. For this reason, it is important to ensure that your security posture is prepared to deal with these challenges. To accomplish this, you must solidify your current protection system across different devices regardless of the form factor.

It is also important to enable IT and security operations to quickly identify an attack, by enhancing the detection system. Last but certainly not least, it is necessary to reduce the time between infection and containment by rapidly responding to an attack by enhancing the effectiveness of the response process.

Based on this, we can safely say that the security posture is composed of three foundational pillars as shown in the following diagram:

These pillars must be solidified and if in the past, the majority of the budget was put into protection, now it's even more imperative to spread that investment and level of effort across the other pillars. These investments are not exclusively in technical security controls, they must also be done in the other spheres of the business, which includes administrative controls.

It is recommended to perform a self-assessment to identify the gaps within each pillar from the tool perspective. Many companies evolved over time and never really updated their security tools to accommodate the new threat landscape and how attackers are exploiting vulnerabilities.

A company with an enhanced security posture shouldn't be part of the statistics that were previously mentioned (229 days between the infiltration and detection). This gap should be drastically reduced and the response should be immediate. To accomplish this, a better incident response process must be in place, with modern tools that can help security engineers to investigate security-related issues. Chapter 2, Incident Response Process will cover incident response in more detail and Chapter 13, Investigating an Incident, will cover some case studies related to actual security investigations.

Previous Section
End of Section 4
Next Section