Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Title Page
Copyright and Credits
Practical Network Scanning
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Fundamental Security Concepts
Why security?
Building blocks of information security
Computer security
Network security
Firewalls
Intrusion detection systems / intrusion prevention systems
Multitier topology
Internet security
Password
System upgrade and updates
Phishing
Beware of phishing phone calls
Phishing protection
Security issues, threats, and attacks
IoT security risk
Computer security risk
Security Risk-Border Gateway Protocol
Security and threats
Natural disasters
Human threats
Security vulnerabilities
Technology weaknesses
Configuration weaknesses
Security policy weaknesses
Using unencrypted or weak encryption for a website
Summary
Questions
Further reading
Secure Network Design
Access control
Asset classification and physical security
Authentication, authorization, and accounting
Network management and security design
Network segmentation
Segmentation strategy steps
Network protection consideration and design
Hardening your TCP/IP stack
DoS and DDoS attacks
Volume-based attacks
Application layer attacks
Low-rate attacks
IP spoofing
Anti-spoofing using access lists
Encryption
Anti-spoofing using RPF checks
Ping sweeps and Port scans
Mitigation
DNS vulnerabilities
How does DNS work?
DNS protocol attacks
Mitigation
Two factor authentication
Summary
Questions
Further reading
Server-Level Security
Classification of data
Physical security
Disk encryption
Full-disk encryption
Bitlocker
Virtual Trusted Platform Module – vTPM
Encrypt your Hyper-V Guest VMs
Cloud VM disk encryption
What is encryption at rest?
Hardening server security
Check for open ports or services
System firewall configuration
System update
Disable USB
Hard disk encryption
BIOS protection
Check the installed packages
Password policies
Secure and encrypt remote access
Implement activity logging
Document the host information
Authentication NTLM versus Kerberos
Password policies
Server-level permissions
Server antivirus and malware protection
Local security policies
Summary
Questions
Further reading
Cloud Security Design
Cloud offerings
IaaS
PaaS
SaaS
Public versus private
Public IaaS versus private IaaS
Public PaaS versus private PaaS
Public SaaS versus private SaaS
Shared technology and shared danger
Security approach for cloud computing
Traditional enterprise network model
Hybrid data center and cloud network
Network security devices for IaaS
Firewall Virtual Appliance
Virtual TAP vTAP
Virtual Router
Virtual web application firewalls
DDoS attack protection
Data loss prevention
Exploited system vulnerabilities
Summary
Questions
Further reading
Application Security Design
GDPR
Getting consent
Access to data
Encryption
SQL Injection
Prevention of SQL Injection attack on web applications
Employing comprehensive data sanitization
Deploying a Web Application Firewall
Limit database privileges
Finding vulnerabilities
WAFs
WAF protection against common web attacks
Blacklisting and whitelisting
What is blacklisting?
Benefit and disadvantage of blacklisting
What is whitelisting?
Benefit and disadvantage of whitelisting
Which is better?
Using HTTPS for everything
HTTP versus HTTPS
Web application security
SSL/TLS deployment
SSL/TLS key size
Signing algorithm
Secure protocol
Preventing an authentication hacking attack
Use cookies securely
Vulnerabilities scan
Server security
Introduce a bug bounty program
Summary
Questions
Further reading
Threat Detection and Response
Network threat detection
Detection methods
Intrusion detection system
Types of IDSs
Network capture solution
Threat detection with Netflow/IPFIX
NetFlow vs. IPFIX
Endpoint threat detection
What’s an endpoint
Endpoint Detection and Response (EDR) system
Case Study – Why EDR system is required?
Security policy
How to choose an EDR solution ?
Security information and event management
SIEM—Event versus incident and data breach
What is an event?
What is a security incident?
What is a data breach?
How do SIEM systems work?
Event generator sensors
Event and log collection or data aggregation
Correlation
Reporting and Alerting
Dashboards
Automation
Log management
SIEM commercial products
Summary
Questions
Further reading
Vulnerability Assessment
Infrastructure concerns
What is vulnerability assessment?
Plan
Network discovery
Vulnerability scan
Report
Remediation
Why do we need vulnerability assessment?
Types of vulnerability assessment
Network-based assessment
Host-based assessment
Nessus installation, configuration, and vulnerability assessment methodology
Installation
Policies
Sample report
Summary
Questions
Further reading
Remote OS Detection
Reasons for OS detection
Network operating system inventory – trace your infrastructure
Determining vulnerability of target hosts
Tailoring exploits
OS detection technique with Nmap
Nmap tool
Operating system detection
TCP/IP fingerprinting methods supported by Nmap
TCP/UDP/IP basic
The FIN probe
TCP ISN sampling
TCP initial window
Type of service
Time-to-live (TTL)
Don't Fragment (DF) bit
Understanding an Nmap fingerprint
OS matching algorithms
Defense against port scans
Summary
Questions
Further reading
Public Key Infrastructure-SSL
Foundation of SSL
How do I know that SSL is working?
Why no PadLock?
SSL certificate
The evolution of SSL and TLS
Current Supported Standard
Why hasn't TLS 1.3 been implemented yet?
Time to say goodbye to SSL and early TLS
SSL certificate component
Root certificate
Intermediate certificate
SSL certificates classes
TLS versus SSL
Public Key Infrastructure
Symmetric encryption
Asymmetric encryption
Hash function
Attacks against PKI
Microsoft Windows and IIS
OpenSSL
SSL Management tools
Summary
Questions
Further reading
Firewall Placement and Detection Techniques
Technical requirements
Firewall and design considerations
Firewall terminology
Firewall generations
Firewall performance
Firewall placement and design network topology
Single firewall architecture
Single firewall architecture with a single IP subnet
Single firewall architecture with multiple IP subnets
Multilayer firewall architecture
Firewall sandwich design
Demilitarized Zone
DMZ to Internal Access Policy
OSI model versus TCP/IP model
Firewall performance, capabilities, and function
Firewall management
Application proxies
Detecting firewalls
Debugging tools
Summary
Questions
Further Reading
VPN and WAN Encryption
Overview
Classes of VPN
Type of VPN protocol
Point-to-Point tunneling protocol
Layer 2 Tunneling Protocol
Secure Socket Tunneling protocol
Internet Protocol Security
SSL VPN
MPLS VPN
VPN Design
IKE V1 versus IKE V2
WAN Encryption technique
IPsec Layer-3 encryption
MACsec—Layer-2 Encryption
Optical Network—Layer-1 Encryption
Summary
Questions
Further Reading
Summary and Scope of Security Technologies
DDoS protection
Remotely triggered black hole routing (RTBH)
Black hole traffic from the source of the attack
Black hole traffic to the destination of the attack
BGP FlowSpec
DDoS scrubbing
Blockchain Technology for Fighting DDoS Attacks
AI in cyber security
Next Gen SIEM
Software Defined Networking Firewall
Bring-Your-Own-Identity (BYOI)
Summary
Further reading
Assessment
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Other Books you may enjoy
Leave a review - let other readers know what you think
← Prev
Back
Next →
← Prev
Back
Next →