Chapter 1: Introduction to practical security and performance testing
A Baseline Understanding of Security Concepts
Volumetric Attacks and Attack Frequency Across the Internet
A Baseline Understanding of Network Performance Concepts
Network Events that can Effect Hard and Soft Errors for Flows
Summary—Before We Start to Harden the Network
Chapter 2: Getting organized with initial audit of the network
Goals and Objectives of this Chapter: Positive Identification of Valid Assets
Performing Audit of Server Assets
Documenting Network Element Objects
Documenting Topology Zone Assets
Documenting Information Assets
Chapter 3: Locking down the infrastructure: Internet, Wi-Fi, wired, VPN, WAN, and the core
Locking Down and Optimizing the Core Network
Implementing 802.1x MAC Authentication
Optimizing Performance of the Network Edge and Core
Locking Down and Optimizing the WAN
Summary Putting Optimization and Security Together
Locking Down and Optimizing Organizational Wi-Fi Access
Optimizing Your External Firewall and Internet Connection
Summarizing Infrastructure Security
Chapter 4: Locking down and optimizing the windows client
Setting User Rights Correctly and Locking Down Install Rights
Local Firewalling and Mitigation
Optimizing Windows Client Performance
Installing Windows and Component Software
Better Use of Your Hardware and Infrastructure
Server Clusters Are Software Defined
Virtualized Servers Has Elastic Performance
Virtualization Provides the Best Solution for Disaster Recover
More Intelligent Use of Storage
Some Recommendations and Caveats Regarding Virtualization
Self-Hosted Cloud File Storage
Chapter 6: Testing for security flaws using penetration testing
Installing “Empty” for Automation
Chapter 7: Using Wireshark and TCP dump to visualize traffic
Understanding Valid Traffic in the Network
Using Capture and Display Filters
Example of Using Display Filters to Detect Reverse HTTP Meterpreter Shell
Using Custom HTTP Headers as a Backup Authentication
Looking for a Malware Signature Using Raw Hex
Debugging SIP Register with Display Filters
Using Built-In Wireshark Analysis Tools
Determine Packet Length Distributions
Visualizing Performance With IOGraph
Using FlowGraph to Visualize Traffic
Collecting HTTP Stats in Wireshark
Using Wireshark Command Line Tools
How to Remotely Capture Traffic on a Linux Host
Merging/Slicing PCAP Files Using Mergecap
Getting Information About a PCAP File Using CAPINFOS
Editing a Capture File with Editcap
Building and IDS Appliance with SNORT
Building and Update Script to Update the System and SNORT
Configuring Intrusion Detection Mode
Installing Snorby: SNORT Visualized
Chapter 9: Live traffic analytics using “Security Onion”
Updating Security Onion Appliance
Replaying PCAP Traffic in Security Onion
Using Snorby for Threat Visualization
Decoding an Attack Event in Snorby
Another Perspective on IDS Using Squert
Using Sguil for Monitoring Post and Real-time Events
Additional Tools in Security Onion
Final Thoughts About Security Onion
Chapter 10: Traffic performance testing in the network
Bandwidth, Packet Per Seconds and RFC 2544: Avoiding the False Positive
Testing with Streams: Ostinato
Using NTOP for Traffic Analysis
Applied Wireshark: Debugging and Characterizing TCP Connections
Emulating the Behavior of the WAN for Testing
Chapter 11: Build your own network elements
Building Your Own Open Source Switch: Open vSwitch (OVS)
Building Your Own Open Source Server Load Balancer (SLB)
Setting Up a DHCP Server in Ubuntu
Chapter 12: Request for proposal and proof of concept example usecases