INDEX
Please note that index links point to page beginnings from the print edition. Locations are approximate in e-readers, and you may need to page down one or more times after clicking a link to get to the indexed material.
32-bit operating system, 64
64-bit operating system, 64
A
access
broken access control, 8
cloud, 155
Commando VM and, 88
database, 194
dead-box, 194
DirectAccess, 111
IAM role, 198–200, 211, 263–264, 287
Internet, 161
remote. See remote access
server, 201
web-based, 165
ACK message, 221
Active Directory (AD), 229
ACU (Azure Compute Unit), 235, 236
AD (Active Directory), 229
address exhaustion, 30
Address Resolution Protocol. See ARP
Advanced Package Tool (APT), 91
Advanced Research Projects Agency Network (ARPANET), 22
Advanced Technology Attachment (ATA), 55
Agile methodology, 281
air gaps, 43
Amazon Machine Image (AMI), 197–198
Amazon Web Services. See AWS
AMI (Amazon Machine Image), 197–198
AND operator, 32
Ansible software, 292–293
Antergos Linux, 95
anycasting, 204
Apache Spark, 247
Apache web server, 265
API calls, 162–163
Apple iCloud, 160–161
application servers
Amazon Web Services, 196–202
Google Cloud Engine, 251, 258–261, 267, 271
Microsoft Azure, 234–238
applications
broken access control, 8
containers and, 73–75
failures of, 11–12
Java, 197–198
logging and, 10
stress testing, 10–12
web. See web applications
APT (Advanced Package Tool), 91
Arch-based Linux distributions, 94–97
ArchStrike, 95–97
ARP (Address Resolution Protocol), 23
ARP messages, 133
ARP request/response, 23–25
ARPANET (Advanced Research Projects Agency Network), 22
arrays, 26
AS (autonomous system), 146
asymmetric cryptography, 118
ATA (Advanced Technology Attachment), 55
AT&T Bell Labs, 90
attackers
command and control, 87–88
containers and, 73
“living off the land,” 85–86
logging and, 10
penetration testing and, 12–13
red teaming and, 1, 7, 14–15, 87
threats from, 1
attacks
LAND attacks, 11
“living off the land” attack, 85–86
red teaming and, 1, 7, 14–15, 87
SYN floods, 221
Teardrop attacks, 11
on web servers, 11–12
XML External Entity attack, 8
authentication
AWS, 211
broken, 7–8
OpenVPN, 116
passwords, 7–8
remote access and, 107–108
shell access and, 119–120
Windows Active Directory, 199
Windows VPN, 112
automation, 279–295
command line access, 279–280, 284–291
DevOps, 280–283
infrastructure as code, 291–294
Microsoft Azure, 225–226
overview, 279–280
autonomous system (AS), 146
availability
Amazon Web Services, 192, 193, 215
cloud services and, 165–166
Google Cloud Drive, 277
overview, 5
availability set, 227–228
AWS (Amazon Web Services), 189–217
administration, 199–202
application server, 196–202
cloud services, 208–216
command line interface, 287–288
data storage, 192–196
load balancer, 204–208
message queuing services, 212, 213
microservices, 209–211
overview, 189–191
relational databases, 192, 212, 213, 217
security groups, 192, 200–201, 204
traditional web architecture, 191–208
web server, 202–204
AWS Lambda functions, 207, 209–211, 217
Azure, 219–248
administration, 228
App Service, 234–235
application servers, 234–238
automation and, 225–226
cloud-native designs, 241–247
command line interface, 288–289
considerations, 295
containers, 244–246
load balancers, 221–226
overview, 219–220
PowerShell, 78, 105–106, 127, 288–289
security groups, 237
serverless computing, 242–244
traditional web architecture, 220–241
web servers, 226–233
Azure Compute Unit (ACU), 235, 236
Azure Cosmos DB service, 246–247
Azure Functions, 242–244
Azure Monitor, 237
Azure Pipelines Agent for Linux, 231–232
Azure Portal, 247
Azure SQL database, 239–240
B
BackTrack, 91
baseline, 6
bash (Bourne-again shell), 104
.bat extension, 105
batch files, 105
batch processing, 105
Bell Labs, 104
BGP (Border Gateway Protocol), 39, 145, 146
Bitbucket, 272
black box testing, 12
BlackArch, 95
block rules, 45
blue team testing, 15–16
Bluetooth devices, 73
Border Gateway Protocol (BGP), 39, 145, 146
Bourne shell, 104
Bourne, Stephen, 104
Bourne-again shell (bash), 104
breadboard, 66
bridge, 136
bridged networking, 149
Bring Your Own License (BYOL), 268
build process, 283
bus topology, 40
BYOL (Bring Your Own License), 268
C
C2 networks, 88
CA (certificate authority), 116–117
California Consumer Privacy Act (CCPA), 4
CAM (content addressable memory), 26, 132
CAM tables, 132–133
Canonical, 169
canonical name (CNAME) record, 225
cases, computer, 58–59
C&C (command and control), 87–88
CCPA (California Consumer Privacy Act), 4
central processing unit (CPU), 60, 62
certificate authority (CA), 116–117
certificates, 115–118
Chef software, 294
Chocolatey package manager, 79–82
CIA (confidentiality, integrity, and availability), 2, 4
CIDR (Classless Interdomain Routing), 33
CirrOS, 173–178
CISC (complex instruction set computing) processors, 65
Classless Interdomain Routing (CIDR), 33
cloud computing, 155–187. See also cloud services
advantages of, 164–166
cloud services, 156–164
considerations, 155
delivery, 165
downtime and, 165
elements of, 164–167
maintenance and, 166
multitenancy, 164–165
OpenStack, 167–186
overview, 155–156
private cloud, 167
security and, 166
self-service, 165
virtual private cloud, 203–204, 215
cloud providers
benefits of, 156–157
storage services, 160–161
cloud services, 156–164. See also cloud computing
Amazon Web Services, 208–216
considerations, 155–156
Google Cloud Engine, 271–277
infrastructure as a service, 157–159
Microsoft Azure, 241–247
overview, 156–157
platform as a service, 157, 159–160
software as a service, 157, 161–164
storage as a service, 157, 160–161
cloud-init, 230
cloud-native, 189
CLR (Common Language Runtime), 234
clusters, 215
CNAME (canonical name) record, 225
code. See also development
automation and, 283
forking, 192
infrastructure as, 291–294
Visual Studio Code, 89–90
code editors, 243
COM (Component Object Model), 79
command and control (C&C), 87–88
command line
Commando VM, 83–90
Common Language Runtime (CLR), 234
complex instruction set computing (CISC) processors, 65
compliance, 2–4
Component Object Model (COM), 79
component vulnerabilities, 9–10
Compute Stick, 66
computer cases, 58
Computer Fraud and Abuse Act, 13, 42
computers
considerations, 10
general-purpose, 10–11
recycling, 64
single-board computer, 64–65, 98–100
stress testing, 10–12
confidentiality, 4–5
confidentiality, integrity, and availability (CIA), 2, 4
container namespaces, 73–74
containers, 73–75
Amazon, 192
Docker Containers, 74–75
Google Cloud Engine, 271, 272–276
Microsoft Azure, 244–246
MongoDB, 73–75
overview, 73–74
Tomcat, 73–75
virtual systems, 73–75
control units, 11
CPU (central processing unit), 60
CPU fan, 62
CRM (customer relationship management), 162–163
cross-site scripting, 9
customer relationship management (CRM), 162–163
D
Damn Vulnerable Web Application (DVWA), 102, 103
data
breaches, 7
confidentiality of, 4–5
integrity, 5
storage of. See data storage
data access layer, 22
data definition language (DDL), 291
Data Security Standards (DSS), 3, 14
data storage
Amazon Web Services, 192–196
variable-length, 271–272
data tuple, 251–252
database servers
Google Cloud Engine, 251–254, 257, 260, 265
Microsoft Azure, 239–240
databases
Amazon Web Services, 192–196, 212–216
considerations, 250–251
development, 192
document-based, 213–214
Google Cloud Engine, 251–258, 276–277
databases (cont.)
graph, 215
Microsoft Azure, 239–241, 246–247
MongoDB. See MongoDB database
Neptune, 215–217
production, 192
relational. See relational databases
testing, 192
DDL (data definition language), 291
default gateway, 35, 44, 140, 141
DEI (drop eligible indicated), 137
delivery, 165
Deployment Center, 243
deserialization, 9
desktop, 52
development. See also code
Agile methodology, 281
automation. See automation
code reuse, 272
command line access, 279–280, 284–291
continuous integration, 283
deployment process, 283
DevOps, 280–283
Extreme Programming, 281
overview, 280–281
security and, 283–284
traditional methods for, 281–282
waterfall methodology, 280–281
development databases, 192
development operations (DevOps), 237
development servers, 192
devices
Bluetooth, 73
failure of, 11
rogue, 151
special-purpose, 11
stress testing, 10–12
USB, 73
DevOps, 280–283
DevOps (development operations), 237
DevStack, 169–172, 178–179. See also OpenStack
DHCP (dynamic host configuration protocol), 44, 113, 149, 225
DHCP servers, 149–150
diagramming software, 163–164
diagrams, 162–163
dial-up connections, 112
digital subscriber line (DSL), 112
Dijkstra’s algorithm, 37–38
direct object references, 8
Disk Operating System (DOS), 68, 105
disks, 52–55
cost of, 54
latency, 53–54
logical representation of, 53
types of, 55
distance vector routing, 38–39, 145
DNS (domain name system), 225, 286
Docker Containers, 74–75
documentation, 42
document-based databases, 213–214
domain name system. See DNS
DOS (Disk Operating System), 68, 105
DOS command processor, 105
downtime, 165
DRAM (Dynamic RAM), 53
draw.io site, 163–164
drives. See disks
drop eligible indicated (DEI), 137
DSL (digital subscriber line), 112
DSS (Data Security Standards), 3, 14
duplex connections, 134
DVWA (Damn Vulnerable Web Application), 102, 103
dynamic host configuration protocol. See DHCP
dynamic IP addresses, 225
Dynamic RAM (DRAM), 53
dynamic routing, 144–148
E
Easy-RSA, 116–117
EBGP (Exterior Border Gateway Protocol), 39
EC2 (Elastic Compute Cloud), 189, 202, 292
Elastic Compute Cloud (EC2), 189, 202, 292
elastic pool, 240
encryption
considerations, 123
load balancing and, 271
privacy and, 209
QUIC, 271
telnet and, 119
ESXi servers, 70, 128–129, 150, 152
Ethernet, 25
ethical issues, 18
Experian hack, 9
eXtensible Markup Language. See XML
Exterior Border Gateway Protocol (EBGP), 39
Extreme Programming, 281
F
Facebook, 215
fans, 62
Federal Risk and Authorization Management Program (FedRAMP), 14
FedRAMP (Federal Risk and Authorization Management Program), 14
files
batch, 105
configuration, 118
containers and, 74
DevStack, 170
OpenStack, 170
sharing, 161–162
FireEye, 1
Firejail sandbox, 94
firewalls
Fortinet, 268
Google Cloud Engine, 260–271
host-based, 45
Microsoft Azure, 237, 238, 247
rules, 182–185
WAF, 267–268
firmware, 10
floating point operations, 56
floating point operations per second (FLOPS), 56
forking, 192
Fortinet firewall, 268
front-side bus (FSB), 60
FSB (front-side bus), 60
full-duplex connections, 134
G
GCP (Google Cloud Platform), 254–272
application servers, 258–261
cloud-native offerings, 271–277
command line interface, 290
databases, 276–277
firewalls, 260–261
load balancer, 269–271
overview, 254–258
web servers, 261–268
GCP console, 254
GDPR (General Data Protection Regulation), 4
General Data Protection Regulation (GDPR), 4
general routing encapsulation (GRE), 108–109, 112
Github, 272
GLBA (Gramm-Leach-Bliley Act), 4
GNU Privacy Guard (GPG), 290
goals, 16–17
Google Cloud Engine, 249–278
application servers, 251, 258–261, 267, 271
cloud-native offerings, 271–277
firewalls, 260–271
Marketplace, 258, 263–265, 272
monitoring, 261
overview, 249–250
relational databases, 251–253
templates, 261–263
traditional web architecture, 250–271
users/roles, 251, 263–266, 272
web servers, 251, 260, 261–268
Google Cloud Platform. See GCP
GPG (GNU Privacy Guard), 290
GPU (graphics processing unit), 56, 57, 62–63
Gramm-Leach-Bliley Act (GLBA), 4
graph databases, 215
graphical user interfaces (GUIs), 78, 120–126
graphics processing unit (GPU), 56, 57, 62–63
GRE (general routing encapsulation), 108–109, 112
GUIs (graphical user interfaces), 78, 120–126
gunzip, 186
H
hackers. See attackers
handshake, 226
hashes, 7–8
HDMI (High-Definition Multimedia Interface), 55
Health Insurance Portability and Accountability Act (HIPAA), 3
heating, ventilation, air conditioning (HVAC) system, 68
High-Definition Multimedia Interface (HDMI), 55
HIPAA (Health Insurance Portability and Accountability Act), 3
hostname, 225
host-only networking, 149, 150
HTML (Hypertext Markup Language), 234
HTTP (Hypertext Transport Protocol), 205–207
HTTP communication, 222
HTTP daemon (httpd), 265
HTTP header injection attacks, 267
HTTP listener, 271
HTTP load balancer, 269
httpd (HTTP daemon), 265
HTTPS, 205–207
HTTPS listener, 207
HTTPTrigger, 243
HVAC (heating, ventilation, air conditioning) system, 68
Hypertext Markup Language (HTML), 234
Hypertext Transport Protocol. See HTTP
hypervisor servers, 168–169
hypervisors
desktop-based, 131
KVM hypervisor, 168–169
OpenStack and, 168–169
overview, 69–70
type 1, 69–71
type 2, 71–73
VM networking and, 149
I
IaaS (infrastructure as a service), 157–159
IAM (Identity and Access Management) role, 198–200, 211, 263–264, 287
IANA (Internet Assigned Numbers Authority), 31
IBGP (Interior Border Gateway Protocol), 146
ICANN (Internet Corporation for Assigned Names and Numbers), 31
iCloud, 160–161
ICMP (Internet Control Message Protocol), 28
Identity and Access Management (IAM) role, 198–200, 211, 263–264, 287
IEEE (Institute of Electrical and Electronics Engineers), 136
IIS (Internet Information Server), 234
IKEv2 (Internet Key Exchange), 112, 113–114
information. See data
infrastructure as a service (IaaS), 157–159
infrastructure as code, 291–294
injection vulnerabilities, 7
input/output (I/O), 62
instances
Amazon Web Services, 158, 195, 202, 290
considerations, 165
Google Cloud Engine, 253–268, 275–277
instantiation, OpenStack, 174–178
Institute of Electrical and Electronics Engineers (IEEE), 136
integrity, 5
Intel processors, 63, 64, 65, 66, 71
Inter-Switch Link (ISL), 137
Interior Border Gateway Protocol (IBGP), 146
Intermediate System to Intermediate System (IS-IS), 37–38
International Standards Organization. See ISO
Internet Assigned Numbers Authority (IANA), 31
Internet Control Message Protocol (ICMP), 28
Internet Corporation for Assigned Names and Numbers (ICANN), 31
Internet Information Server (IIS), 234
Internet Key Exchange (IKEv2), 112, 113–114
Internet of Things (IoT), 11, 99–100
Internet Protocol. See IP
Internet Service Provider (ISP), 112
internetworking layer, 27–39
interprocess communication (IPC), 254
intrusion protection system, 21
Invoke-CradleCrafter, 86–87
I/O (input/output), 62
IoT (Internet of Things), 11, 99–100
IP (Internet Protocol), 27
IP addresses
address exhaustion, 30
described, 29
dynamic, 225
load balancing and, 204–205, 207
vs. MAC addresses, 29
overview, 23–25
private, 31
IP addressing, 29–32
IPv4, 29–31
IPv6, 31–32
IP header, 28
IP messages, 28
IP networks, 29–32
IP Security. See IPSec
IPC (interprocess communication), 254
IPSec (IP Security), 112
IPSec VPNs, 115
IPv4, 29–31
IPv6, 31–32
IS-IS (Intermediate System to Intermediate System), 37–38
ISL (Inter-Switch Link), 137
ISO (International Standards Organization), 3
ISO 2700, 3
ISO 27001, 3
isolation
air gaps, 43
importance of, 42–46
memory, 73
overview, 17–18
routing, 43–44
ISP (Internet Service Provider), 112
J
Java applications, 197–198
Java programs, 234
Java virtual machine (JVM), 234
JavaScript Object Notation (JSON), 213–214, 225, 291–292
JBoss, 197–198
Joy, Bill, 104
JSON (JavaScript Object Notation), 213–214, 225, 291–292
JVM (Java virtual machine), 234
K
Kali Linux distribution, 90, 91–94, 98
Kernel-based Virtual Machine (KVM), 70–71, 168
Kubernetes, 272
KVM (Kernel-based Virtual Machine), 70–71, 168
L
Lamda functions, 207, 209–211, 217
LAMP stack, 265
LAND attacks, 11
LANs (local area networks), 135
latency, 53–54
layer 3 boundary, 134, 135, 137, 140
legal issues, 18
lift-and-shift, 189
link local address, 35
link state routing, 36–38, 144–145
Linux systems, 90–97
Arch-based distributions, 94–97
automation and, 105–106
Azure Pipelines Agent, 231–232
CirrOS, 173–178
considerations, 77
features, 104
Kali distribution, 90, 91–94, 98
KVM hypervisor, 168–169
managing via command line, 103–104
Metasploitable, 100–102
NOOBS distribution, 98
overview, 90–91
Parrot distribution, 91–94
Raspberry Pi and, 98
Raspbian distribution, 98
remote desktop access, 123–124
Ubuntu distribution, 91–94, 169, 170, 186
VPNs, 115–118
Windows Subsystem for Linux, 90
“living off the land” attack, 85–86
load balancers
Amazon Web Services, 204–208
Google Cloud Engine, 266, 269–271
Microsoft Azure, 221–226
local area networks (LANs), 135
M
MAC addresses, 22–27
considerations, 151
vs. IP addresses, 29
overview, 22–23
switching and, 132–134
macOS systems
automation and, 105–106
remote desktop access, 122, 124, 125
Virtual Box, 73
maintenance, 165, 166, 257, 281
maximum transmission unit (MTU), 27
media access control. See MAC
memory, 50–52
overview, 50–52
physical, 52
testing and, 51–52
memory isolation, 73
memory speed, 50–51
message queuing services, 212, 213
Metasploit framework, 85
microservices, 209–211, 271, 272
Microsoft Azure. See Azure
Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP), 112
Microsoft OneDrive, 160–161, 162, 219
Microsoft SkyDrive, 219
Minix operating system, 90
mobile devices, 160–161
model-view-controller (MVC), 250
MongoDB containers, 73–75
MongoDB database
Google Cloud Engine, 276–277
Microsoft Azure, 246–247
monitoring, 10, 55–56, 237, 261
Morris, Robert T., 42
MS-CHAP (Microsoft Challenge-Handshake Authentication Protocol), 112
MTU (maximum transmission unit), 27
multicore processors, 64
Multics operating system, 90
multitenancy, 164–165
MVC (model-view-controller), 250
N
namespace identifier, 272
NAND flash, 53
NAND (NOT AND) gate, 53
NAT (network address translation), 30, 149
National Institute of Standards and Technologies. See NIST
NDP (neighbor discovery protocol), 35
neighbor discovery protocol (NDP), 35
Neptune database, 215–217
.NET platform, 219
.NET servers, 234
network access layer, 22–25
network address, 33
network address translation (NAT), 30, 149
network design, 21–48
design requirements, 41–42
documentation, 42
gathering requirements, 21
isolation and, 42–46
network topologies, 39–41
routing, 34–39
network firewalls. See also firewalls
network interface card (NIC), 22
network topologies, 39–41
networking, 131–154
basics, 22–39
bridged, 149
internetworking layer, 27–39
network access layer, 22–25
OpenStack/DevStack, 178–182
physical connections, 22
routing. See routing
software defined networking, 153
switches/switching, 25–26, 132–135
virtual machine networking, 148–153
networks
C2 networks, 88
considerations, 29
IP networks, 29–32
isolating, 17–18
LANs, 135
virtual networks, 17–18
VLANs, 135–140
VPNs. See VPNs
New Out Of Box Software (NOOBS), 98
Nginx AMI, 202
NIC (network interface card), 22
Ninite package manager, 82
NIST (National Institute of Standards and Technologies), 3, 14
NIST 800-53, 3
NOOBS (New Out Of Box Software), 98
northbridge chip, 60
NoSQL databases, 213, 276, 278
NOT AND (NAND) gate, 53
not so stubby area (NSSA), 147
Notepad++, 89
NSSA (not so stubby area), 147
O
Office 365, 219
Office Online, 219
OmniGraffle, 163
Open Shortest Path First (OSPF), 37, 145–147
open source projects, 14
Open Source Security Testing Methodology (OSSTM), 14
Open Web Application Security Project (OWASP), 7–10, 14, 102
OpenStack, 167–186
administration, 172–174
finding images, 185–186
instantiation, 174–178
networking, 178–182
overview, 167–169
security groups, 182–185
operating systems, 77–106
32-bit, 64
64-bit, 64
command line considerations, 103–106
defined, 52
DOS, 68
guest OS, 70
GUIs, 120–126
Linux. See Linux systems
logging and, 10
macOS. See macOS systems
Minix, 90
Multics, 90
overview, 77–78
remote management, 126–127
shell access, 118–120
single-board computer, 98–100
systems under test, 100–103
types of, 78–100
Unics, 90
Unix. See Unix systems
virtual machine access, 127–129
Windows. See Windows systems
operations testing, 15–16
organizationally unique identifier (OUI), 22
OSPF (Open Shortest Path First), 37, 145–147
OSSTM (Open Source Security Testing Methodology), 14
OUI (organizationally unique identifier), 22
OWASP (Open Web Application Security Project), 7–10, 14, 102
P
Packer software, 291–292
pages, 51–52
parallel ATA (PATA) drives, 55
Parrot OS, 91–94
password hashes, 112
passwords
red teaming and, 15
VNC and, 124
vulnerabilities, 7–8
PATA (parallel ATA) drives, 55
Payment Card Industry (PCI), 3, 14
Payment Card Industry Data Security Standards (PCI DSS), 3
PCI (Payment Card Industry), 3, 14
PCI DSS (Payment Card Industry Data Security Standards), 3
PDU (protocol data unit), 23, 132
Penetration Testing Execution Standard (PTES), 13–14
permissions, 8, 17, 71, 199, 210
PHPMyAdmin, 102–103
physical systems, 50–68
building your own, 58–63
buying new, 57–58
considerations, 49
disks, 52–55
memory. See memory
new systems, 57–63
overview, 50
racking/stacking, 66–68
recycle/reuse of, 64
specifications, 50–57
video, 55–57
PKI (public key infrastructure), 116–117
platform as a service, 157, 159–160
Point-to-Point Protocol (PPP), 112
Point-to-Point Tunneling Protocol (PPTP), 112
ports, 136
PostgreSQL, 254–256
power supplies, 59–60
PowerShell, 79, 83–86, 105, 288–289
PowerShell language, 219
PPP (Point-to-Point Protocol), 112
PPP over Ethernet (PPPoE), 112
PPPoE (PPP over Ethernet), 112
PPTP (Point-to-Point Tunneling Protocol), 112
pre-shared key, 118
priority code point, 137
privacy laws, 4
private cloud, 167
private VLANs, 139–140
Process Hacker, 84
processors, 60–62
CISC, 65
considerations, 11, 65, 71, 241
lower-capacity, 11
multicore, 64
older, 64
overview, 60–61
RISC, 65
production databases, 192
production servers, 192
programming languages, 89, 104, 105, 160, 234
promiscuous mode, 151
protocol data unit (PDU), 23, 132
proxy servers, 266–267
PTES (Penetration Testing Execution Standard), 13–14
public key infrastructure (PKI), 116–117
Puppet software, 294
Python, 89
Q
qcow2 format, 186
QEMU (quick emulator), 186
QEMU images, 173
Quagga software, 147
queries, 253
QUIC (Quick UDP Internet Connections), 271
quick emulator. See QEMU
Quick UDP Internet Connections (QUIC), 271
R
r-commands, 126
RAM (random access memory), 50, 53
random access memory (RAM), 50, 53
Raspbian distribution, 98
RDP (Remote Desktop Protocol), 88, 122–124
red team testing, 1, 7, 14–15, 87
reduced instruction set computing (RISC) processor, 65
regional Internet registries (RIRs), 31
regulations, 2–4
relational databases
Amazon Web Services, 192, 212, 213, 217
Google Cloud Engine, 251–253
Microsoft Azure, 248
remote access, 107–130
GUIs, 120–126
overview, 107–108
RDP, 122–124
remote commands, 126–127
shell access, 118–120
virtual machine access, 127–129
virtual private networks. See VPNs
VPNs. See VPNs
Remote Access Server, 112–115
Remote Desktop Protocol (RDP), 88, 122–124
remote host, 126
remote management (no interface), 126–127
Request for Comments (RFC), 30
reverse proxy, 266–267
RFC (Request for Comments), 30
.rhosts file, 126
ring security model, 71
ring topology, 41
RIP (Routing Information Protocol), 39, 147
RIRs (regional Internet registries), 31
RISC (reduced instruction set computing) processor, 65
rogue devices, 151
routed daemon, 147
routing, 140–148
Classless Interdomain Routing, 39
distance vector routing, 38–39
dynamic routing, 144–148
isolation and, 43–44
link state routing, 36–38
network design and, 34–39
static routing, 35, 36, 141–144
Routing Information Protocol (RIP), 39, 147
routing tables, 34–37, 140, 142–143
RSA algorithm, 116–117
S
S3 (Simple Storage Service), 189, 192, 210, 212
Salesforce, 162–163
sandboxes, 94
SATA (serial ATA), 55
SBC (single-board computer), 64–65, 98–100
scalability, 166
SCSI (Small Computer System Interface), 55
SDN (software defined networking), 153
Secure Shell. See SSH
Secure Socket Layer (SSL), 112
Secure Socket Tunneling Protocol (SSTP), 112
security
cloud computing and, 166
vs. compliance, 2–3
considerations, 5
development and, 283–284
encryption. See encryption
insecure deserialization, 9
passwords. See passwords
vulnerabilities. See vulnerabilities
security groups
Amazon Web Services, 192, 200–201, 204
Microsoft Azure, 237
OpenStack, 182–185
overview, 182
security testing
basic concepts, 4–6
black box testing, 12
blue team testing, 15–16
command line considerations, 103–106
compliance, 2–4
goals of, 16–17
legal/ethical issues, 18
memory and, 51–52
operating systems. See operating systems
overview, 1–2
permissions for, 17
reasons for, 1–20
red team testing, 1, 7, 14–15, 87
software security testing, 6–10
stress testing, 10–12
system isolation and, 17–18
systems under test, 100–103
testing databases, 192
third-party testing, 12
white box testing, 12–13
workflow, 78
self-service, 165
serial ATA (SATA), 55
server key, 117
serverless computing, 242–244
servers
application. See application servers
database. See database servers
development, 192
DHCP servers, 149–150
ESXi servers, 70, 128–129, 150, 152
hypervisor servers, 168–169
.NET servers, 234
production servers, 192
proxy servers, 266–267
Remote Access Server, 112–115
SSH servers, 119–121, 126, 127, 201
telnet servers, 119
VM servers, 128–129
VNC servers, 124
VPN servers, 113
web. See web servers
service level agreements, 164–165
session identifiers, 8
Simple Queue Service (SQS), 189
Simple Storage Service (S3), 189, 192, 210, 212
simplex connections, 134
single-board computer (SBC), 64–65, 98–100
SkyDrive, 219
slow HTTP stress testing, 11, 12
slowhttptest program, 11–12
Small Computer System Interface (SCSI), 55
software
bugs, 6–7
diagramming, 163
out-of-date, 10
stress testing, 10–12
software as a service, 157, 161–164
software defined networking (SDN), 153
software development. See development
software security testing, 6–10
solid-state drive (SSD), 53, 54
SONET (Synchronous Optical Network) devices, 41
source code. See code
spanning tree protocol (STP), 27
SQL (Structured Query Language), 253–258
SQLite, 253
SQS (Simple Queue Service), 189
SSD (solid-state drive), 53, 54
SSH (Secure Shell), 119–120, 126–127, 268
SSH key, 228
SSH servers, 119–121, 126, 127, 201
SSL (Secure Socket Layer), 112
SSTP (Secure Socket Tunneling Protocol), 112
Stackdriver, 261
star topology, 39–40
static routing, 35, 36, 141–144
storage as a service, 157, 160–161
STP (spanning tree protocol), 27
stress testing, 10–12
Structured Query Language. See SQL
subnet mask, 32–33
SUT (system under test), 100
switches/switching
considerations, 43–44
example of, 39
vSwitches, 150–151
SYN floods, 221
SYN message, 221
Synchronous Optical Network (SONET) devices, 41
system configuration diagram, 60, 61
system under test (SUT), 100
systems
availability of, 5
cross-site scripting, 9
firmware, 10
isolating. See isolation
known vulnerabilities, 9–10
logging and, 10
out-of-date software, 10
physical. See physical systems
security misconfiguration, 8–9
virtual. See virtual systems
systems under test, 100–103
T
Tanenbaum, Andrew, 90
TCP (Transmission Control Protocol), 79
TCP/IP, 22
Teardrop attacks, 11
telnet client, 119
telnet servers, 119
telnetd, 119
TENEX C shell, 104–105
test plans, 16–17
testing. See security testing
third-party testing, 12
TLS (Transport Layer Security), 112, 115, 118, 207, 271
Tomcat containers, 73–75
Torvalds, Linus, 90–91
Transmission Control Protocol (TCP), 79
Transport Layer Security (TLS), 112, 115, 118, 207, 271
trunk port, 137
tunnels/tunneling, 108–109, 112, 115, 120
tuple, 251–252
type 1 hypervisors, 69–71
type 2 hypervisors, 71–73
typographical errors, 8–9
U
Ubuntu Linux, 91–94, 169, 170, 186
UNetbootin software, 98
Unics operating system, 90
uniform resource identifier (URI), 267
uniform resource locator (URL), 267
Universal Serial Bus (USB) ports, 58
Unix systems
considerations, 104–105
overview, 90–91
r-commands, 126
Unix-based shell languages, 105
URI (uniform resource identifier), 267
URL (uniform resource locator), 267
USB devices, 73
USB (Universal Serial Bus) ports, 58
user interface, 52
useradd program, 170
V
Vagrant software, 294
VBoxManage, 285
video, 55–57
virtual local area networks (VLANs), 135–140
virtual machine networking, 148–153
virtual machines
access to, 127–129
local, 284–285
system isolation and, 17–18
working with, 285–291
Virtual Network Computing. See VNC
virtual networks, 17–18
virtual private cloud (VPC), 203–204, 215
virtual private networks. See VPNs
virtual switches (vSwitches), 150–151
virtual systems, 68–75
considerations, 49
containers, 73–75
overview, 68–69
type 1 hypervisors, 69–71
type 2 hypervisors, 71–73
virtualization, 68–75
containers, 73–75
described, 68–69
hypervisors, 69–73
Visio, 163
Visual Studio Code, 89–90
VLANs (virtual local area networks), 135–140
overview, 135–136
private, 139–140
SDN and, 153
working with, 151–152
VM servers, 128–129
VMware, 138, 149, 150–151, 152
VMware ESXi servers, 70, 128–129, 150, 152
VMware Fusion, 73
VMware Player, 73
VNC (Virtual Network Computing), 88, 124–126
VNC servers, 124
Voice over IP (VoIP), 139
VoIP (Voice over IP), 139
Von Neumann architecture, 11, 241
VPC (virtual private cloud), 203–204, 215
VPN servers, 113
VPNs (virtual private networks), 108–118
IPSec, 115
Linux, 115–118
overview, 108–111
Windows, 111–115
vSwitches (virtual switches), 150–151
vulnerabilities
broken access control, 8
bugs and, 6–7
components, 9–10
development and, 283–284
injection, 7
listed, 7–10
passwords, 7–8
security misconfiguration, 8–9
sensitive data exposure, 8
W
WAF (web application firewall), 267–268
waterfall methodology, 280–281
web application firewall (WAF), 267–268
web applications, 101–103, 160
web pages, 9
web servers
Amazon Web Services, 202–204
Apache, 265
attacks on, 11–12
Google Cloud Engine, 251, 260, 261–268
Microsoft Azure, 226–233
web-based access, 165
WebGoat, 102
white box testing, 12–13
Windows 10 systems, 51
Windows Defender Firewall, 45, 46
Windows IoT Core, 99–100
Windows Management Instrumentation (WMI) interface, 79, 127
Windows remote management (winrm) tool, 127
Windows Subsystem for Linux (WSL), 90
Windows systems, 78–90
Commando VM, 83–90
overview, 78
package management, 79–83
PowerShell, 79
remote commands, 127
remote desktop access, 122–124
testing and, 79
versions, 79
VPNs and, 114–115
Windows VPNs, 111–115
winrm (Windows remote management) tool, 127
WMI (Windows Management Instrumentation) interface, 79, 127
Wordpress, 197
workflow, 78
WSL (Windows Subsystem for Linux), 90
X
X forwarding, 121
X11 forwarding, 121–122
X.509 certificate, 176
Xdmcp, 124
XML (eXtensible Markup Language), 8, 213
XML external entities, 8
XML External Entity attack, 8
Xrdp software, 123
Y
YAML (Yet Another Markup Language), 230, 275, 291–292
Yet Another Markup Language (YAML), 230, 275, 291–292
Z
Z-shell, 105
Zebra software, 147