Subject Index

A
Access control list (ACL), 6, 16, 132, 189
number, 33
Access Points (AP), 73, 76
ACCPT/DENY/IGNORE rules, 6
Acronis Cloud, 122
Active Directory (AD), 20, 85
controller, 87
domain, 22
ACTIVE-STANDBY configuration, 80
ActiveX Filtering, 101
ActiveX, JavaScript, 351
Adblock Plus, 107
ADC controller, 80
AD domain, from Linux, 58
Add Rule, 338
Add User, 275
Add virtual network interface, 331
Admin account access, improving, 131
Administrative privileges, in Windows, 90
Administrator, 86
Adobe Flash, 99
Adobe PDF Reeder, 120
Advanced Host Controller Interface (AHCI), 111
AeroFS, 150
AES 256-bit encryption, 65
AHCI (Advanced Host Controller Interface), 111
Alert ID, 289
Allowed/Disallowed Services, 296
AND operator, 208
Anti-access vectors, 189–192
Anti-malware, 8
Anti-Phishing Working Group (APWG), 110
Anti-Reconnaissance, 188
measures, 188
Anti-spoofing IN ACLs, 49
Anti-spoofing protection, 47–49
Anti-spoofing technologies, 47
Anti-virus, 8
Antivirus software, 180
Apache, 143, 334
Logging module, 149
patch/security hole, 146, 148
version/ system OS information, 145
web server, 144
installing SSL extensions, 144
APC Back-UPS Pro 1500 UPS, 228
Application Delivery Controller (ADC) virtual appliance, 141
Apply Changes, 118
hyperlink, 337
Apply Configuration, 338
AppStore, 88
ARP inspection, 40, 48
ASCII, 305
ASN databases, 205
Asset identification system, 18
Attack frequency, 5
internet, 5
Auditing
host assets, 18
classes of, 20
of network, 15
performing fixed physical site, 22–23
Authentication problem, 9
AutoCat, 287
Auxiliary module, 183, 185
B
Back Door, 129
Backup authentication, custom HTTP headers, 200
Bandwidth constriction, 11
BASH scripting, 222
BGP, 39, 45, 59
BIND, securing, 140
BIOS optimization, 112
Bit Locker (Hard Drive Encryption), 121
Bittorent, 3
BlackViper, 114
Boot image, securing, 44
BOOTP, 40
Botnet attack, 2
Boxing, 121
BREAK signals, 40
Buffers, 4
overflow attack, 4
Build network element, 319
Built-in Wireshark analysis tools, 201–205
Bundler, 255
BYOD (bring your own device), 15
C
CAPINFOS, 220
Capture Filter, 197–199
Captures keystrokes, 153
CentOS, 133, 134, 141, 143, 228, 231, 232, 237
distribution, 54
CEO account, 181, 182
Certificate authority (CA), 65
CFO organization, 181
CGI-BIN directory, 143
CHAP Authentication, 131
Checksum, 301
Chmod tool, 161
CIDR identifier, 183
CIFS file services, 70
CIFS network, 17
Cisco Catalyst configuration, 53
Cisco Catalyst 6k (IOS), 196
Cisco Catalyst switch, 61, 196
Cisco devices, 33
capturing configuration, 33
Cisco products, 39
Cisco router, 44
Class of Service (COS), 295
Client hosts, 32
CLI prompt, 25
command, 94
Cloud, 319
Cluster ID, 331
CNAME (canonical name) Sets, 139
Common off the shelf (COTS), 125
Common Vulnerability Exchange (CVE), 353
Comodo, 96
Comodo firewall, 97
Compatible, 199
Component software, 114
Configure anti-spoofing protection, 47–49
Configure Network Management, 26
Control Plane Policing (CoPP), 45
Control plane protocols, 45, 46
Conversation sequencing errors, 12
Core network, optimizing, 39–52
Core security zones, 47
CoS table, 343
Cost of Service (CoS), 343
CPE devices, 79
CPU cache, 7, 117
CPU cores, 77
speed, 111
CPU locked down, 228
CPU processing cycles, 133
CREATE USER, 193
Credit card transactions, 1
CRM system, 9, 59, 197, 348
Cross-site scripting attack (XSS attack), 3
CSV file, 36
.CSV format, 218
CTO level, 81
Customer data, 1
Custom HTTP headers, as backup authentication, 200
Cwnd, 309
Cyber security, 1
D
DAQ library, 240
Data Acquisition Library (DAQ), 233
Data object security, 17
Data Plane Development Kit (DPDK), 127
Data theft, for profit, 153
DDoS attack, 2
DDOS blocking, in hardware, 80
DDR 1333 CAS 9, 111
Default Gateway, 322
Demilitarized Zone (DMZ), 73, 74
Denial of Service attack, 148
Detect, Defend, Document, Discuss (4Ds), 279
Developer Tools technique, 352
Device Under Test (DUT), 350
Dial tone expectation, 8
DiffServ AF41, 295
DiffServ QoS plan, 71
Direct positive identification, 15
Disable unnecessary Windows client services, 97–98
Display Filters, 197–200, 208
debugging SIP register, 201
to detect reverse HTTP meterpreter shell, 197–199
Distributed Denial of Service (DDoS), 227
Distributed firewall, 6
access control, 6
access times, 7
IPS/IDS, 7
location management, 6
logging, 7
remote access/VPN, 7
traffic access policy, 6
user management, 7
workflow intelligence, 7
Distributed Resource Scheduler (DRS), 127
DMZ host, 347
DMZ network connections, 6
DMZ zones, 81
DNS IP, 138
DNS lookup recursion, 141
DNS network, 137
DNS Security Exchange (DNSSEC), 141
implementation/not implementation, 141
DNS servers, 40, 59, 134, 135, 151, 277
DNS service, 39
chain, service use case, 134–140
Documenting information assets, 34–35
A and B level documents, identifying, 35
Documenting network element objects, 32
Documenting topology zone assets, 33–34
Do Not Track option, 106
DropBox, 150
DSCP codepoint, 61
DSCP policing, 62
DSCP presentence, 64
Dshield, 293
Dumpster Diving, 188
Dumps traffic, 322
Dynamic Host Configuration Protocol (DHCP), 17, 40
configuration files, 332
environments, 48
services, 333
snooping, 48
E
e-Commerce business, 1
e-Commerce session, 4
Editcap, 221
capture file editing, 221–222
EFI virus, 4
“-E” flag display option, 218
Elastic performance, virtualized servers, 126
ELSA password, 265
email, 199
Email Setting, 21
eMIX distribution, 312
Empty-expect, 160
Encrypted storage, 132
Erase disk and install Security Onion, 261
404 Error, 8
ESCShellInteractiveTimeout, 141
ESX Admins group, 140, 334
ESX host IP, 27
ESXShellTimeOut, 141
ESX vSphere client, 26
Ethernet, 116, 201, 300
Ethernet II, 301
Ethernet port, on motherboard, 325
Eth0 IP address, 228, 246
Exploiting windows, 169–174
F
FBAR display, 210
Finite state machine (FSM), 352
FireFox, 166
Firefox, 106
Firewall rule base soak test, QoE, 345–346
Firewalls, 116, 130
external/internet connection, 77
adding your firewall, 80
configuring security policies, 80–81
DMZ, architecting, 80
interior firewalling, 81
internet connectivity planning, 78–79
IPSec and SSL-VPN configuring, 81
locking down, printers, 82
local for SSL, 145
local windows, 95
using, 96–97
Firmware virus, 4
FreeRADIUS Server, 54, 57, 58
Linux server, 55
FreeRADUS version, 54
Fresh credit cards, 153
FTP server, 122
Fuzzing, 352
G
Gateway, 151, 329
Gemfile file, 256
GeoIP Database directory, 206, 275
GeoLocation map, 282
Get-Mail command, 181
Global Statics, 312
Go/No-Go policy, 6
Goodput, 344
Google Chrome, 99, 351
Web Browser, 230
Google Drive, 150
Goto, 155
Group Policy, 88
GUI network manager, 159
H
Hacking SQL with auxiliary modules, 183–188
Hardening mail client, 110
Hardening process, 18
of windows networking, 91
Hardening servers, 125
Hardening SSL
Apache lean/updated, keeping, 146–148
disable directory listings, 146
hide Apache version/system OS information, 145
isolate Apache
separate user and group, 148
securing Apache, 148–149
Hardening web browser, 99
Hardening windows client, 116
Hard errors, 9
QoE errors, 9
Haswell-E, 319
HDDGURU, 114
HeartBleed attack, 155
HEX dump, 204, 305
High impact coefficient, 9
High, Medium, and Low Severity, 276
Hijack attack/Ransomware, 4
Hijacked, VM, 135
Host assets, classes of, 20
to audit, 20
Hosts, 116
HTML5, 120, 349, 350
video performance, 11
HTTP access, 8, 40, 41
HTTP interface, 40
HTTP meterpreter shell
display filters to detect, 197–199
HTTP protocol, 11
HTTP request, 212
HTTP server, 184
HTTPS, on TCP/443, 82, 189, 195, 204
HTTPS server, 186
HTTP Statics Load Distribution, 214
Human Resources group, 34
HWINFO, 25
Hyper-V, 126
Hypervisor host, 127
I
ICMP, 40
IDP Snort appliance, 259
IDs, patient-specific government, 1
ID tagging, 18
IE6, on Windows XP, 166
IGMP Multicast, 91
IGMPv2 multicast
on UDP port 29871, 152
ImageMagick, 255
iMIX bandwidth, 342
iMIX tests, 295, 342
Improving admin account access, 131
Industrial espionage, 154
INETRNET, 81
Information technology (IT), 1
Infrastructure security, 83
Inside the Network, 64
inSSIDer, 73
Installing SSL extensions
to Apache web server, 144
Installing windows, 114
additional TCP stack optimizations, 118–119
disable USB storage, 119–120
finishing install, 120
PCS, imaging and building client, 122
PCS, mobile security consideration, 120–121
Windows 7 client TCP/IP stack, optimizing, 116–117
Intel “K” series 6xxx processor, 228
Intel XL710 server NIC, 341
Inter Frame Gap, 270
Internet, 5, 39, 319
CPE, 319
interface, 78
volumetric attacks and attack frequency, 5
Internet Explorer, 100
Internet Print Protocol (IPP), 82
Internet Protocol version 6 (TCP/Ipv6), 91
Internet Site-to-Site IPSec, 64
Internet traffic, 59
Internet voice networks, 8
Intrusion Detection System (IDS), 7, 227, 228
attack analysis, 294
decisions, 239
device, 189, 221
functionality, 80
log, 196
service, 7
systems, 252
Intrusion pretension System (IPS), 7, 227
attack analysis, 294
device, 189, 221
functionality, 80
service, 7
IOGraph, 209
visualizing performance, 209–210
IP address, 17, 26, 31, 41, 151, 157, 284, 298, 316, 329
iPerf, 306
iPerf3 client, 308, 311
IP Header Information section, 277
IP phone, 11
IPSec solution, 7, 65, 81, 120
IP source guard, 48
IPTables, 206, 227, 258, 334, 338
Ipv4 fields, 4, 40
Ipv6 fields, 40, 205
iSCSI Target, 127
iSCSI technology, 127
.ISO file, 334
ITU P.861/862, 10
J
Java control panel, 108
JavaScript, 3, 120, 349, 350
Jitter, 12, 311
JPG, 76
JQuerry/JSON, 129
JSON, 120
Jumbo frames, 116, 300
K
Kali Linux, 155–160, 172, 222
Keyloggers, 3, 112, 178, 179
9K packet, 116
KVM, 126
L
LAMP server, 338
LAN, 81
domains, 39
traffic, 68
LDAP client, 131
L3 DiffServ, 60
Leaf analysis, 8
L2 Ethernet packets, 53
Limit Trunking, 322
Linux, 1, 32, 85, 334
firewall, 338
host, remotely capture traffic, 218–219
PC, 65
server, 25, 334
Listening port number, 145
Local Area Connection, 217
Lockdown Mode, 134
Locking down, 39–52, 64, 73
core device, log controlling, 40–41
hypervisor patches and service accounts, 130
logging core device events, 44
login banners, 42
management session, encrypting, 43
network core, 52
rights installation, 86
SNMP, configure and lockdown, 43
Log config changes
securing, 44
Logging, 7
Login banner, 42
L4 protocol, 301
M
MAC address, 17, 24, 33, 347
spoofing, 48
MacOS X, 85, 87
MAC tables, 343
Mailshell, 110
Mailshell SpamLab service, 110
Malicious code, 5
Malware, 5, 112
attacks daily, 5
signature, using raw HEX, 200–201
Man in the Middle attack, 4
MaxMind IP, 205
MD5 hash, 47
Mergecap, 219
Metasploit, 156, 160, 167, 169, 183, 188
auxiliary modules, using, 183
meterpreter shell, 199
Metasploit Framework Console, 162
Meterpreter, 167, 177
backdoor shell, 169–174
shell, 169
using, 175–177
Microsoft AD server, 140, 151
Microsoft Office, 120
Microsoft One-Drive, 150
Microsoft Windows, 85
Microsoft Windows Defender, 113
Mitigating attacks, 6
Mitigation, local windows, 95
experience toolkit, 95
Mobile assets, performing audit of, 23
Mobile devices, 23, 32
on Internet, 2
Mobile resource, 120
MOS (Mean Opinion Score), 10
Mozilla/4.0, 199
MPLS VPN, 39, 45
MS Exchange Server, 275
MSIE 6.1, 199
MSIW 6.1, 199
MS-SQL database, 183
MS-SQL server, 183
Multistage penetration attacks, 153
MySQL, 142, 143, 197, 334
database, 250, 256, 313
with factor authentication, 192–193
logging, 254
using percona-pamauthentication module, 192
MySQL 5.5.16, 192
MySQL Database Server, 337
N
NDIS (Network Intrusion Detection System), 238
nDPI, 313
Netcat, 189
NetDMA, 117
Netflow, 49
configuring, 49–50
spiceworks, setting up, 50
traffic, 50
Netmask, 151, 329
Network Address Translation (NAT), 347
Network application, 4
Network assets protection
penetration attack, 188
Network attacks, 13
Network-based security, 95
Network edge/core, optimizing performance of, 58
best effort services, 59
business critical services, 59
business standard service, 59
critical workflows, identifying, 58
network administration/management, 59
QOS, assigning service bucket priority, 60
QoS settings, configuring
distribution switch, 62–63
transit and WAN router example, 63–64
remarking/prioritization at edge, 61
Network Functions Virtualized (NFV), 17, 132
appliances, 130
architecture, 130
chain, 25
server chain case studies, 132–133
structure, 132
Network Intrusion Detection System (NDIS), 238
Network latency, 12
Network Management System (NMS)
adding the network, 35–36
database, 17
installation, 20–22
platforms, 20
Network performance
concepts, 8
defined, 8
hard errors, 9
oncepts, 8
soft errors, 9
user experience, psychology of, 8
video, quality of experience, 10, 11
web-based services, quality of experience, 10
Network Scan, 22
Network “span” port, 196
Network Time Services (NTP), 44
Network, traffic, 195
Network transports, IP version distribution of, 312
Network utilization, 118
NIC driver model, 127, 313
NIC MAC address, 24, 25
Night cleaning staff, 188
NIST 800-125 compliance, 130, 132
204 No Content, 212
Non-DHCP environments, 48
Non-PC devices, 23
NorseIP, 6
NoScript, 107
404 Not Found error, 145, 349
NPAPI plugin, 105
nProbe, 313
NTOP, 311
nTop, 313
NTP server, 219
O
Oinkcode, 234, 235
Oinkcode Pro subscription, 267
Onion skinned, 160
OpenSSH, 65, 155, 219
OpenSSL, 54, 65
OpenStack, 126, 334
Open vSwitch (OVS), 264, 324, 328
Optimization
organizational WI-FI access, 73
and security, 71
Oracle, 197
OR operator, 208
“OR” statements, 197
OSPF messaging, 39, 45, 47, 59
Ostinato, 297
OS virtual machine processes, 125
Out of Band (OOB)
hypervisor host interface, securing, 129
management, 129
management interface, 131
Output Module Configuration, 250
Own network elements building, 319
DHCP server, in UBUNTU, 332–334
LAMP server, 334–338
open source switch
Open vSwitch (OVS), 324–328
server load balancers (SLBs), 329–331
virtual NFV chain elements, 319
VyOS, routers available, 320–324
P
Packet Delay variation (PDV), 311
Packet Lengths, 208
distributions, determination, 208–209
Packet Logging mode, 238, 241
Packet, with data corruption, 70
Passwords, 22
attack, 5
strength, 22
Patching, 85
PAYLAODS, 189
PCAP files, 270, 272
getting information using CAPINFOS, 220
merging/slicing using mergecap, 219
PCAPng formats, 218
PC boot screen, 71
PC in the Lab, 15
PDV (Packet Delay variation), 311
Penetration attacks, 5, 188
network assets protection, 188
Penetration testing, security flaws, 153
application/download, snapshot of, 177
covering tracks, 155–157
creating mail spoofing with metasploit, 181–182
exploiting windows, meterpreter backdoor shell, 169–174
gaining/maintaining access to devices, 155
hacking SQL with auxiliary modules, 183–188
installing “empty” for automation, 160–162
knock down, 154
metasploit auxiliary modules, using, 183
metasploit payloads/meterpreter, understanding, 167
metasploit, to capture login credentials, 178–180
metasploit workflow, 162–166
meterpreter shell, using, 175–177
multistep/multihost, 154
PC security, defeating, 180
reconnaissance, 154
scanning, 155
SMB, exploiting a weakness, 180
workflow for exploit, 167
Perceptual user experience, 8
Performing fixed physical site audit, 22–23
PERM certificate, 68
Personal computer (PC), 2
Personal firewall, 8
PGP, 334
Phishing attack, 4
Phone Home data, 2, 14
PHP, 334
PID 260, 178
Plain Old Telephone System (POTS), 8
Plugins, 99, 110
PNG, 76
Port forwarding table, 344
POTS (Plain Old Telephone System), 8
PowerShell scrip, 182
Power User, 86
P2P networks, 3
PPPoE, 40
PRADS/PADS asset detection, 280
Preprocessor, 248
Private Cloud Server, 151
Private Server, 15
Protocol Data, 301
Protocol distribution, 312
Protocol stacks, 4
Proxy server, 7
Prune Database, 275
ps, 177
PulledPork, 268
Python Scripting Ostinato, 306
Q
Q-in-Q VLAN, 64
QoS policing, 63
QoS settings, 63
Quality of Experience (QoE), 12, 348
attack errors, 349
benchmarks, for web application
SCENARIO, 350
complexity errors, 349
consistency errors, 349
debugging web service, 350–352
direct service errors, 349
error, 350
failure, 346
firewall rule base soak test, 345–346
level, 60
subtle errors, 349
timing errors, 349
for web services, 341
Query Signature Database, 278
R
RADIUS server, 53
RAM, using DDR3, 111
Randomly create passwords, 186
Ranking, 164
Ransomware, 4
Rapid7, 180
Raw HEX, malware signature, 200–201
“-R” Display, 217
Reboot, PC, 177
Redhat distribution, 54
Remote access, 15
Remote Access IPSec, 80
Remote Hostname root password, 331
Request for Proposal (RFP), 341
final thoughts, 353
L3 switch, evaluating, 341
port forwarding capacity, 341–342
Network Address Translation (NAT) gateways testing, 347
proxy device capacity, measuring, 346
Quality of Experience (QoE), 348
attack errors, 349
benchmarks, for web application
SCENARIO, 350
complexity errors, 349
consistency errors, 349
debugging web service, 350–352
direct service errors, 349
firewall rule base soak test, 345–346
subtle errors, 349
timing errors, 349
vendor for security readiness, 352–353
verifying firewall scale, 344–345
VLAN capacity, of switch, 343
Web server, 347–348
REST command, 168
Revenge attacks, 154
Reverse HTTP meterpreter shell
display filters to detect, 197–199
RFC scenario, 343
RFC-2544 test, 342
RFID based asset tag, 19
Rootkits, 4, 112
Rouge devices, 15
Routers, 116
Ruby, 255
Rufus for Windows, 260
S
Safe Mode with Networking, 352
SafeNet CN6xxx, 65
SAMBA package, 55
SCP (Secure Copy), 79
Screengrab, 178
Scrutinizer 8, 50
Scrutinizer server’s IP address, 50
Securing BIND, 140
Securing control plane protocols, 45, 47
Securing, hypervisor host, 127
not to put, 127
traffic path planning
isolation/identification, 129
VMs, data transformation, 127
Security
concepts, baseline understanding of, 1
flaws, using penetration testing, 153
improvement, miscellaneous configuration changes, 98
and optimization, 71
Security mitigation, 1
network-based technologies, 1
Security network elements, 6
Security Onion, 259, 268, 272, 279, 294
live traffic analytics, 259
additional tools, in security onion, 294
basic SNORBY usage, 276
building security onion, 259–268
final thoughts, 294
IDS using Squert, 280–285
replaying PCAP traffic, 269–272
setting SNORBY preferences, 274–275
SGUIL for monitoring post and real-time events, 285–293
SNORBY, decoding an attack event, 276–280
updating security onion appliance, 268–269
using SNORBY for threat visualization, 272–274
password, 281
Security Onion Desktop, 286
Security policy defense, 192
Security zones, 15
Self-hosted cloud file storage, 150
firewall rules, 151
setup users, 151
Sensor ID, 289
Server assets, performing audit of, 24
documenting, 24–26
basic server metadata, 24
using NMAP, 30–31
virtual server assets
tools to document, 26–30
Server clusters/software
defined, 125
Server congestion, 13
Server IP Subnet, 59
Server Load Balancers (SLBs), 319, 329, 331
Server patterns, hardware and infrastructure, 125
Servers, 116
Server specific security, 192
SG TCP optimizer, 118
Sguil, 265, 293
Single root I/O virtualization (SR-IOV), 347
SIP functions, 11
SIP register, debugging
Display Filters, 201
SIP stacks, 12
SLA/QoS/QoE, 341
SLB (Server load Balancer) virtual appliance, 141
smb.conf file, 55
SMB, exploiting a weakness, 180
SMS, 199
SMTP, 40
Sniffer Mode, 238
Sniffing point, 196
SNMP Community String, 22
SNMP configuration, 43, 82
SNMP, for SpiceWorks server, 43
SNMP SpiceWorks server, 82
SNMP V1/V2c/V3, 40
Snorby, 253, 255, 265, 274
Snorby Search by Source, 277
SNORT, 227, 252
actions, limits, and verdicts, 243–245
basic output, 241–243
configuring and using, 237–239
configuring intrusion detection mode, 239
configuring snort.conf file, 245–252
DAQ, capturing packets, 240
installing, 233–235
SNORBY, 253–258
intrusion detection system (IDS), 228–232
rule set, 252–253
running as daemon, 245
signatures, 231
systems, 227
update script to update the system, 235–237
SOAK test, 342
Social security numbers, 35
Soft QoE errors, 9
Software approval, defined, 85
Soup, 269
Span port, setting up, 196
SpiceWorks, 20, 21, 49
config section, 35
for Netflow, 50
SpiceWorks database, 36
SpiceWorks server, 30
Spoof/evasion attack, 4
SQL database, 3, 129, 132, 197
SQL injection attack, 3
SQLite visual query editor, 36
SQL query, 183
SQL server, 195
SRVHOST, 166
SRV2.SYS driver, 180
SSD firmware, 114
SSD memory, 4
SSH default, 134
SSH environment, 59, 218
SSID traffic, 75
SSL
certificate information, 186
errors, 347
extensions, installing, 144
modify local firewall, 145
traffic, 145
virtual hosts configuration, 144–145
SSL Encryption, 144
SSL-VPN, 7, 120
Stand-alone servers, 32
Storage, intelligent use of, 126
Stored Passwords, 22
Stream Control, 304
Sub-directory, 166
Sudo service networking restart, 159
Switches, 116
Symetricom NTS-200 GPS/NTP server, 44
Syncing, 8
SYN flood attack, 200
Syslog logging, 254
Syslog server, 44
SYSLOG setup, 239
System Under Test (SUT), 269, 295
System Variables, 30
T
TCP, 40
based attacks, 7
based traffic, 70, 317
capacity, 346
connection, 41, 346
data traffic, 200
dump, to visualize traffic, 195
errors, 313
fields, 4
flags, 211
goodput testing, 76
listening port, 330
port 443, 149
port MS SQL, 183
port numbers, 6
ports, 17, 30, 151, 155, 180
proxy, 117, 346
retransmissions, 347
stack, 117, 122
timeout, 16
TCPdump, 222–225
filter captures, 225
TCPDUMP capable binary, 239
TCPDUMP utility, 272
TCP DupACK, 315
TCP Fast Retransmission, 315
TCP/IP parameters, 351
TCP/IP stack, 116
TCPREPLAY utility, 269
TCP SYN flags, 225
TCP SYN flood, 2, 199
TCP/UDP client, 7, 307
TCP/UDP/ICMP Ping, 276
TCP/ UDP source port, 347
TCP URGENT pointer packets, 225
TCP/443, virtual hosts configuration, 144–145
TCP WindowFull, 316
TCP ZeroWindow, 315, 316
TCP ZerowindowProbe, 316
Telnet, 40
Terrorism/cyber warfare, 154
The Onion Router (ToR), 7
Threat visualization, using SNORBY, 272–274
TimeMachines TM1000A GPS/NTP receiver, 44
Timeouts, TCP retransmissions of, 347
Top of Rack (TOR) switch, 127, 324, 341
ToS/DSCP calculator, 301
Traffic analysis, 313
Traffic network, 195
Traffic performance testing, in network, 295
bandwidth, packet per seconds and RFC 2544, 295
NTOP for traffic analysis, 311–313
optimal testing methodology, 296
Ostinato, testing with streams, 297–306
testing TCP with IPERF3, 306–311
WAN on quality of experience, 316–317
Wireshark, applied
TCP connection, 313–316
Transit devices, 40
Transmission Control Protocol section, 302
Trojan horse attack, 3
TurnKey, 334
U
Ubuntu, 259
Ubuntu Linux, 297, 307, 311
LTS version, 297
Ubuntu server, 332
UDP-based services, 12
UDP fields, 4, 40
UDP packets, 197
UDP performance, 310
UDP ports, 17, 30, 155
numbers, 6
Universal Plug and Play (UpnP), 91
UPS backup, 127
USB storage, on Windows 7, 119
USD drive, 122
Use espia, 178
User Account Control (UAC), 88
importance of, 88–91
User rights, 86
Users recognize patterns, 9
Use Static IP, 151
Utilities, 88
V
Valid assets, positive identification of, 16
vCenter Controller, 127
Verbose Mode, 270, 308
Video, 59
VIP address, 330
VIP (Virtual IP) port, 141
Virtual Box, 155
Virtual Customer Premise Equipment (vCPE), 130
Virtual datastore security, 131–132
Virtual host, management interface, securing, 130
Virtual IP (VIP), 329
Virtualization
for disaster recover, 126
local/outsource to cloud provider, 129
recommendations and caveats, 126–127
security and performance, 128
Virtualized Routers, 130
Virtualized servers, elastic performance, 25, 126
Virtual Machine, 150
Virtual private network (VPN), 7
access, 15
remote access, 77
site-to-site IPSec tunnels, 16
traffic, 33, 39, 120
Virtual Server, 15, 336
Virtual server assets
tools to document, 26–30
Virtual web farm, case study, 141–143
Virus attack, 2
VLAN 4095, 263
VLAN-based QoS, 300, 321
VLAN subsystem, 343
VLAN tables, 343
VLAN trunk, 196
VM communication, 130
vmnic0, 30
vMotion Migration, 127
VM profile settings, 25, 26, 133
VMs, clean and optimized linux base building for server, 133–134
VMware, 126, 134, 155
VMware 5.5, 133
VMware OVA VM images, 155
VMware tools, 131
Voice on network, 10
VoIP (SIP), 59
Volumetric attacks, 5
internet, 5
vSphere client, 27
vSwitch, 121, 130, 150, 263
VyOS routing, 320
VyOS user manual, 320, 321, 323
W
WAN, 39, 64, 319
accelerator appliance, 70, 319
domains, 39
impairments, 70
interface, 127
links, 68
encrypting, 65–68
locking down/optimizing, 64
remote sites, 40
router, 79
traffic optimizing, 68
data integrity issues, 70–71
Jitter, 69
latency, 68
Microbursts, 69
sequencing errors, 70
WanEM, 316, 317
Wanos Plus, 70
Web 2.0, 272
Web admin tools, 334
Web-based application, 10
Web-based services, 10
Web Browser, 99, 106
hardening, 99
basic points, 99
Google Chrome, 105
internet explorer, 100–101
protecting mail
anti-span/anti-phishing protection, 110
securing firefox, 106
securing Java, 108–110
WebGUI network interface, 331
Widgets, 88
WI-FI, 15, 24, 33, 39, 73
access, optimizing organizational, 73
optimizing, 75–76
security and performance, 77
security planning, 73–75
networks, 77
security, 73
Windows, 14
pathing, 85
services, 95
Windows 7, 88
Windows 8, 110
Windows 10, 110
Windows-based attacks, 163
Windows-based host, 23
Windows-based server, 32
Windows client, 116
optimize the performance, 110
hardware selection, 111–112
preparing existing installs, 112–113
SSD storage security, 114
Windows Default, 118
WindowsHostControl.sh, 162
Windows networking, hardening of, 91
IGMP, disabling consideration, 91
Ipv6, disabling consideration, 91
listening ports, disabling consideration, 94
universal plug and play (UpnP), disabling consideration, 91
Windows NT, 199
Windows 7 professional, 110
Windows 7 Pro x64, 114
Windows server platforms, 25
Windows Server 2012+ x64 based server, 20
Windows UAC(user account control)
importance of, 88–91
Windows Vista, 180
Windows x86, 173
winlogon.exe, 179
WINS service IPs, 332
wired, 39
Wireshark, 306
collecting HTTP stats, 212–214
command line tools, 214–218
into port GigE0/3, 197
using endpoints statics, 205–208
to visualize traffic, 195
using flowgraph, 211–212
Wireshark command line tools, 214–218
Wi-Spy DBx, 76, 77
WMI filtering, 86
Worm attack, 2
WPA2 Enterprise, 75, 77
X
X.509 certificate, 81
authentication, 65
XEN, 126, 334
XEON class CPU, 126
XEON grader 6-core CPU harness, 259
802.1x L2 MAC authentication, 53
802.1X MAC authentication, implementing, 53–58
Xpand.it!, 107
xrandr command, 261
XRL, 204
4xx error, 10
Z
Zen Load Balancer (ZLB), 329
web site, 330
Zero-day attack, 3
ZeroWindow condition, 315