Book Image

Mastering Defensive Security

By : Cesar Bravo

Book Image

Mastering Defensive Security

By: Cesar Bravo

Overview of this book

Every organization has its own data and digital assets that need to be protected against an ever-growing threat landscape that compromises the availability, integrity, and confidentiality of crucial data. Therefore, it is important to train professionals in the latest defensive security skills and tools to secure them. Mastering Defensive Security provides you with in-depth knowledge of the latest cybersecurity threats along with the best tools and techniques needed to keep your infrastructure secure. The book begins by establishing a strong foundation of cybersecurity concepts and advances to explore the latest security technologies such as Wireshark, Damn Vulnerable Web App (DVWA), Burp Suite, OpenVAS, and Nmap, hardware threats such as a weaponized Raspberry Pi, and hardening techniques for Unix, Windows, web applications, and cloud infrastructures. As you make progress through the chapters, you'll get to grips with several advanced techniques such as malware analysis, security automation, computer forensics, and vulnerability assessment, which will help you to leverage pentesting for security. By the end of this book, you'll have become familiar with creating your own defensive security tools using IoT devices and developed advanced defensive security skills.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Share Your Thoughts

Section 1: Mastering Defensive Security Concepts

Section 1: Mastering Defensive Security Concepts

Free Chapter

Chapter 1: A Refresher on Defensive Security Concepts

Chapter 1: A Refresher on Defensive Security Concepts

Technical requirements

Deep dive into the core of cybersecurity

Managing cybersecurity's legendary pain point: Passwords

Mastering defense in depth

Comparing the blue and red teams

Further reading

Chapter 2: Managing Threats, Vulnerabilities, and Risks

Chapter 2: Managing Threats, Vulnerabilities, and Risks

Technical requirements

Understanding cybersecurity vulnerabilities and threats

Managing cybersecurity risks

The NIST Cybersecurity Framework

Creating an effective Business Continuity Plan (BCP)

Implementing a best-in-class DRP

Further reading

Chapter 3: Comprehending Policies, Procedures, Compliance, and Audits

Chapter 3: Comprehending Policies, Procedures, Compliance, and Audits

Creating world-class cybersecurity policies and procedures

Understanding and achieving compliance

Exploring, creating, and managing audits

Further reading

Chapter 4: Patching Layer 8

Chapter 4: Patching Layer 8

Understanding layer 8 – the insider threat

Mastering the art of social engineering

Defending against social engineering attacks (patching layer 8)

Further reading

Chapter 5: Cybersecurity Technologies and Tools

Chapter 5: Cybersecurity Technologies and Tools

Technical requirements

Advanced wireless tools for cybersecurity

Pentesting tools and methods

Applying forensics tools and methods

Dealing with APTs

Leveraging security threat intelligence

Converting a threat into a solution

Further reading

Section 2: Applying Defensive Security

Section 2: Applying Defensive Security

Chapter 6: Securing Windows Infrastructures

Chapter 6: Securing Windows Infrastructures

Technical requirements

Applying Windows hardening

Creating a patching strategy

Applying security to AD

Mastering endpoint security

Leveraging encryption

Chapter 7: Hardening a Unix Server

Chapter 7: Hardening a Unix Server

Technical requirements

Securing Unix services

Applying secure file permissions

Enhancing the protection of the server by improving your access controls

Configuring host-based firewalls

Advanced management of logs

Further reading

Chapter 8: Enhancing Your Network Defensive Skills

Chapter 8: Enhancing Your Network Defensive Skills

Technical requirements

Using the master tool of network mapping – Nmap

Improving the protection of wireless networks

Introducing Wireshark

Working with IPS/IDS

Chapter 9: Deep Diving into Physical Security

Chapter 9: Deep Diving into Physical Security

Technical requirements

Understanding physical security and associated threats

Physical security mechanisms

Mastering physical security

Further reading

Chapter 10: Applying IoT Security

Chapter 10: Applying IoT Security

Technical requirements

Understanding the Internet of Things

Understanding IoT networking technologies

Improving IoT security

Creating cybersecurity hardware using IoT-enabled devices

Bonus track – Understanding the danger of unauthorized IoT devices

Further reading

Chapter 11: Secure Development and Deployment on the Cloud

Chapter 11: Secure Development and Deployment on the Cloud

Technical requirements

Secure deployment and implementation of cloud applications

Securing Kubernetes and APIs

Hardening database services

Testing your cloud security

Further reading

Chapter 12: Mastering Web App Security

Chapter 12: Mastering Web App Security

Technical requirements

Gathering intelligence about your site/web application

Leveraging DVWA

Overviewing the most common attacks on web applications

Using Burp Suite

SQL injection attack on DVWA

Brute forcing web applications' passwords

Further reading

Section 3: Deep Dive into Defensive Security

Section 3: Deep Dive into Defensive Security

Chapter 13: Vulnerability Assessment Tools

Chapter 13: Vulnerability Assessment Tools

Technical requirements

Dealing with vulnerabilities

Using a vulnerability assessment scanner (OpenVAS)

Overview of Nexpose Community

Further reading

Chapter 14: Malware Analysis

Chapter 14: Malware Analysis

Technical requirements

Why should I analyze malware?

Types and categories of malware analysis

Best malware analysis tools

Performing malware analysis

Further reading

Chapter 15: Leveraging Pentesting for Defensive Security

Chapter 15: Leveraging Pentesting for Defensive Security

Technical requirements

Understanding the importance of logs

Knowing your enemy's best friend – Metasploit

Other offensive hacking tools

Further reading

Chapter 16: Practicing Forensics

Chapter 16: Practicing Forensics

Introduction to digital forensics

Digital forensics on defensive security

Forensics platforms

Finding evidence

Mobile forensics

Managing the evidence (from a legal perspective)

Further reading

Chapter 17: Achieving Automation of Security Tools

Chapter 17: Achieving Automation of Security Tools

Why bother with automation?

Types of automated attacks

Automation of cybersecurity tools using Python

Cybersecurity automation with the Raspberry Pi

Further reading

Chapter 18: The Master's Compilation of Useful Resources

Chapter 18: The Master's Compilation of Useful Resources

Free cybersecurity templates

Must-have web resources

Industry-leading best practices

Further reading

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Finding evidence

As soon as you discover an attack, there are a lot of things that need to be done with the utmost priority, including restoring the systems and services that have been impacted. However, another critical task is to find and secure all the evidence related to the attack. This task is critical as it allows you to do the following:

Determine whether the attack was executed by an insider or outsider.
Determine whether the insider was a malicious insider or an inadvertent user.
Determine the vulnerability exploited by the attacker.
Determine the impact on business data in terms of the confidentiality, integrity, and availability (CIA) triad.
Determine the systems or services impacted by the attack.
Collect evidence to execute legal or corrective actions (from HR).

Now that you know about the importance of collecting evidence, let's look at some best practices regarding the collection process itself.

Sources of data

As you may...