Index
A
- ABAC (attribute-based access control), 401
- acceptance testing, 181–182
- access control, 400–401
- access logs, 78
- ACE (Authorized Cybersecurity Exports), 204
- ACLs (access control lists), 81–82, 84
- active vulnerability scan, 100
- AD (Active Directory), 321
- advisory documents, 110–111
- AES (Advanced Encryption Standard), 127, 229, 232
- after-action reviews, 30–31
- agent-based scanning, 101
- Agile, 379
- agreements. See contracts and agreements
- AH (Authentication Header), 250
- AI (artificial intelligence), 472
- airplane mode, mobile devices, 485
- Ajax (Asynchronous JavaScript and XML), 142–143
- ALE (annualized loss expectancy), 12–13, 26
- allow lists, 157
- analysis tools, digital forensics
- anomalies, unusual process activity, 78
- anonymization, 390
- antivirus, 56, 80, 332–333
- API (application programming interface), gateway, 328
- application controls, 56, 156–157
- application integration
- Agile, 379
- API management, 366
- baselines and templates, 362–365
- benchmarks, 362
- best practices, 380–384
- CASE (computer-aided software engineering), 370–372
- CI/CD, 380
- container APIs, 365
- development life cycle, 373–378
- directory services, 372
- DNS (Domain Name System), 372
- ESB (enterprise service bus), 372
- FQDNs (fully qualified domain names), 372
- hard changeover, 370
- middleware, 366–367
- parallel operation, 370–371
- phased changeover, 371
- SecDevOps, 378–379
- secure coding standards, 365–366
- SOA (service-oriented architecture), 372
- software assurance, 368–370
- spiral model, 379
- versioning, 379–380
- waterfall model, 379
- application sharing, 454–455
- application virtualization, 422
- APTs (advanced persistent threats), 69
- AR (abandon rate), analysis, 32
- AR (augmented reality), 475–476
- ARF (Asset reporting Format), 104
- ASIC (application-specific integrated circuit), 496
- ASLR (address space layout randomization), 47–48
- assets, 4, 97
- ATT&CK (Adversarial Tactics, Techniques and Common Knowledge), 74, 75
- attacks
- clickjacking, 150–151
- cryptographic, 254–256
- CSRF (cross-site request forgery), 146–147
- DDoS (distributed denial-of-service), 5–6
- error handling, 149
- geotagging, 149–150
- hackers, 5
- hijacking, 150
- injections, 147–148
- input validation, 152
- interception, 150
- malware, 221
- pod slurping, 221
- sandbox escape, 148–149
- session management, 151
- targeted, 67
- VLAN hopping, 152
- VM escape, 152
- VM hopping, 152
- XSS (cross-site scripting), 145–146
- attestation, 406
- audio conferencing, 453
- audits, 29, 34
- AUP (acceptable use policies), 18
- authentication, 218
- 2FA (two-factor authentication), 404
- broken, 139–140
- cryptography, 217, 218
- in-band authentication, 404
- MFA (multifactor authentication), 403–404
- OOB (out-of-band), 404
- passwordless, 476–477
- protocols, 251–252
- TGS (ticket-granting service), 405
- TGTs (ticket-granting tickets), 405
- two-step verification, 404
- authentication attacks, cloud computing, 438
- authorized scans, 100
- AWS (Amazon Web Services), 168
B
- backup and recovery, 449–450
- BCDR (business continuity and disaster recovery) plan, 436, 449–450
- BCP (business continuity planning), 27–28
- Bcrypt algorithm, 255
- best practices, 203
- BIA (business impact analysis), 27, 200–201
- big data, 475
- binary analysis tools, 284–286
- biometrics, 477–478
- BIS (Bureau of Industry and Security), 204
- bit splitting, 443, 461
- bitcoin, 252
- block lists, 157
- blockchain, 473–474
- Blowfish, 229
- boot loader protections, 45–46
- botnets, 488
- BPAs (business partnership agreements), 199
- broken authentication, 139–140
- browser extensions, 142
- buffer overflow, 134–135
- bulletins, 111
- BYOD (bring your own device), 487
- BYOK (bring your own key), 448
C
- CA (certificate authority), 240
- Caesar's Cipher, 217
- CAM (content addressable memory), 357
- CAN (Controller Area Network), 498
- capability, analysis, 33
- CAST (Carlisle Adams/Stafford Tavares), 229
- CCE (Common Configuration Enumeration), 104
- CDN (content delivery network), infrastructure design, 361
- certification, 182
- chain of custody, cloud computing and, 172
- change management, 180–181
- CHAP (Challenge Handshake Authentication Protocol), 251, 321
- checklists, 33
- CI/CD (continuous integration/continuous delivery), 380
- CIA (confidentiality, integrity, and availability) triad, 7–8, 176–182, 218
- CIP (Common Industrial Protocol), 499
- ciphers, 217
- CIS (Center for Internet Security), 97, 219
- CISv8 controls, 219
- clickjacking, 489
- client-side processing, 141
- cloud computing, 522–524
- authentication attacks, 438
- automation, 445
- backup and recovery, 449–450
- benefits, 171–174
- chain of custody and, 172
- community clouds, 426
- CSP (cloud service provider), 168, 433
- data aggregation, 438
- data isolation, 438
- data remanence, 438
- DDoS attacks, 438
- deperimeterization/zero trust, 345
- deployment models, 425–429
- DoS attacks, 438
- encryption configuration, 445–446
- hybrid architecture, 425
- hybrid clouds, 426
- key life-cycle management, 448–449
- key ownership, 448
- logs, 446–447
- misconfiguration, 451
- monitoring configurations, 447–448
- multitenancy, 426
- on-premises controls, 433–439
- orchestration, 445
- private clouds, 426
- private use services, 425
- public clouds, 426
- public use services, 425
- risk management, 182–185
- risk mitigation, 182–185
- serverless computing, 450
- single tenancy, 426
- storage models, 439–444
- cloud services, 429
- anti-malware, 430
- antispam services, 430
- antivirus applications, 430
- benefits, 171–174
- cloud security broker, 430
- content filtering, 430
- hash matching, 430
- hybrid architecture, 169
- IaaS, 169, 170, 429, 450
- MaaS, 429
- MSSPs, 431
- PaaS, 169, 170, 430
- provisioning, 171
- public use services, 169, 170
- SaaS, 169, 170, 429
- sandboxing, 431
- SECaaS (security as a service), 430
- storage infrastructure and, 432
- vulnerability scanning, 431
- CMDB (configuration management database), 372
- CMMI (Capability Maturity Model Integration), 193–194
- CMS (configuration management system), 372
- COBIT (Control Objectives for Information and Related Technology), 219
- COBO (corporate-owned, business only), 486
- code reuse, 138
- code signing, 224
- collaboration tools, 451–452
- application sharing, 454–455
- audio conferencing, 453
- bit splitting, 461
- data dispersion, 461
- desktop sharing software, 454–455
- domain bridging, 456
- email, 456–457
- IM (instant messaging), 453–454
- Presence, 456
- remote assistance, 455–456
- telephony, 457–458
- videoconferencing, 452–453
- VoIP, 458–461
- web conferencing, 452
- collisions, 223
- command shell restrictions, 50–52
- commercial classification system, 388
- communication, incident response, 274–277
- compensating controls, 55–57
- compliance, 513–514
- computer forensics, 124
- confidentiality requirements, 219–220
- configuration file vulnerabilities, 102
- configuration monitoring, 447–448
- containerization, infrastructure design, 360–361
- context-aware management, 347
- continuous monitoring, 22–23
- contracting, deperimeterization/zero trust, 348–350
- contracts and agreements
- BIA (business impact analysis), 200–201
- BPAs (business partnership agreements), 199
- COOP (Continuity of Operations), 201
- document review, 200
- IA (interoperability agreement), 201
- ISA (interconnection security agreement), 201
- MOU (memorandum of understanding), 199
- MSAs (master service agreements), 198
- NDA (nondisclosure agreement), 200
- OLA (operating level agreement), 201
- PLAs (privacy-level agreements), 199
- SLAs (service level agreements), 198–199
- UA (uptime agreement), 201
- controls, 16–17
- COOP (Continuity of Operations), 201
- COPE (corporate-owned, personally enabled), 486–487
- COPPA (Children's Online Privacy Protection Rule), 195–196
- cost-benefit analysis, 21
- countermeasures, 153–154
- CPE (Common Platform Enumeration), 104
- credential management, 394–396
- credentialed scans, 100
- credit cards, 187–190, 483
- crimeware kits, 489
- CRM (customer relationship management), 371
- cryptocurrency, 252
- cryptographic vulnerabilities, 138–139
- cryptography, 390, 514–516. See also encryption
- attacks, 254–256
- authentication, 217, 218
- Caesar's Cipher, 217
- confidentiality requirements, 219–220
- data in process, 222
- data in transit, 222
- data-at-rest encryption, 221–222
- digital signature, 218, 252–254
- ECC (elliptic curve cryptography), 237
- hashing, 223–224
- history, 216–217
- integrity, 217, 218
- integrity requirements, 220
- Internet layer controls, 250–251
- nonrepudiation, 217, 218, 221
- privacy, 217
- privacy requirements, 219–220
- Scytale, 216
- substitution ciphers, 217
- troubleshooting implementations, 256–258
- Vernam cipher, 217
- Vigenère cipher, 217
- CSA-STAR (Cloud Security Alliance-Security, Trust, Assurance, and Risk), 196
- CSIRT (computer security incident response team), 179, 270–271
- CSOs (computer security officers), 55
- CSP (cloud service provider), 168
- AWS (Amazon Web Services), 168
- community clouds, 170
- GCP (Google Cloud Provider), 168
- geographic location, 175
- hybrid clouds, 169
- IBM Cloud, 168
- infrastructure, 175
- limitations, 433
- Microsoft Azure, 168
- multitenancy, 170
- networking, 176–182
- private clouds, 169
- public clouds, 169
- security responsibility, 174
- single tenancy, 170
- storage, 175
- CVE (Common Vulnerabilities and Exposures), 74
- CVSS (Common Vulnerability Scoring System), 102, 397
- Cyber Kill Chain, 76
- cyberterrorism, 6, 69
- CYOD (choose your own device), 487
D
- DAC (discretionary access control), 400
- DARPA (Defense Advanced Research Projects Agency), 271
- DAST (dynamic application security testing), 370
- DAST (dynamic code analysis), 126
- data
- acquisition, 496–498
- aggregation, 438
- backup, 392–394
- classification, 388
- data in process, 222
- data in transit, 222
- data-at-rest encryption, 221–222
- dispersion, 461
- integrity management, 391–392
- interface, 52
- inventory, 391
- isolation, 438
- mapping, 391
- mirroring, 393
- ownership, 191
- pipelines, 156
- recovery, 392–394
- remnants, 138
- sovereignty, 191, 437–438
- storage, 392–394
- data breach, 271
- data life cycle, 391
- data loss
- data remanence, 179, 436, 438
- data zones, 336
- data-at-rest encryption, 48, 221–222
- DC (domain controller), 101
- DDoS (distributed denial-of-service) attack, 5–6, 322, 438, 459
- DDP (data de-duplication), 443
- DDPs (dynamic disk pools), 393
- DDS (data distribution service), 499
- deceptive technology, 154
- dedicated interfaces, 52
- deep learning, 472–473
- defense in depth, 45
- Delphi Technique of qualitative assessment, 14
- deperimeterization/zero trust, 344–352
- deployment, mobile devices, 486–487
- DES (Data Encryption Standard), 229–232
- desktop sharing software, 454–455
- DHS (U.S. Department of Homeland Security), 79
- Diameter, 402
- Diamond Model of Intrusion Analysis, 76
- Diffie-Hellman protocol, 235–236
- digital certificates, 241–245
- digital forensics, 277, 516–518
- analysis tools, 284–294
- asset identification, 280
- chain of custody, 281
- Clonezilla, 282
- computer forensics, 278
- cryptanalysis, 283
- data ownership, 280
- data recovery and storage, 280
- electronic inventory, 280
- IETF (Internet Engineering Task Force), 281
- incident response systems, 281
- legal holds, 280
- mobile devices, 491–493
- network analysis, 278
- order of volatility, 281
- practices, 278–279
- principles, 278–279
- process, 279–283
- software analysis, 278
- standards, 278–279
- digital signature, 218, 252–254
- disaster recovery, DRP (disaster recovery plan), 27–28
- DISASTIGS (Defense Information Systems Agency Security Technical Implementation Guides), 104
- distributed consensus, 475
- DLP (data loss prevention), 80, 332, 384–386
- DMZ (demilitarized zone), 335–336
- DNP3 (Distributed Network Protocol 3), 499
- DNS (Domain Name System), 372
- DNSSEC (Domain Name System Security Extensions), 323
- document retention, 276
- DoH (DNS over HTTPS), 486
- domain bridging, 456
- domains, 101
- DoS (denial-of-service) attacks, 322
- downtime minimization, 277
- DPI (deep packet inspection), 387
- DR/BCP (disaster recovery/business continuity plan), 179
- DRM (digital rights management), 387
- DRP (disaster recovery plan), 27–28
- due care, 203
- due diligence, 203
E
- e-discovery, 204, 275
- EAP (Extensible Authentication Protocol), 251, 403
- ECC (elliptic curve cryptography), 237
- EDI (Electronic Data Interchange), 238–239
- EDR (endpoint detection and response), 56
- EFS (encrypted file system), 48
- EIGamal, 238
- elastic cloud computing. See on-demand/elastic cloud computing
- email, 327–328, 456–457
- embedded technologies, 495–496
- emergency response, 277
- emerging technologies, 471–478, 524–527
- employment, 18
- employment policies, 18–21
- encryption, 390. See also cryptography
- AH (Authentication Header), 250
- application layer, 248–249
- asymmetric, 233–239
- block encryption, 247
- configuration, 445–446
- data-at-rest, 221–222
- data-at-rest encryption, 48
- disk encryption, 247
- DRM (digital rights management), 248
- EFS (encrypted file system), 48
- ESP (Encapsulated Secure Payload), 250
- file encryption, 247
- GPG (GNU Privacy Guard), 249
- HSM (Hardware Security Module), 251
- PGP, 248–249
- port encryption, 247
- public key cryptography, 233
- record encryption, 247
- S-HTTP, 248
- S/MIME (Secure/Multipurpose Internet Mail Extensions), 249
- SA (Security Association), 250
- secure remote access, 249
- SED (self-encrypting drive), 48
- SSH, 248
- symmetric, 227–235
- transport layer, 249–250
- Transport mode, 250
- Tunnel mode, 250
- VeraCrypt, 48
- end-user password storage, 395
- endpoint controls, 507–509
- enterprise security, 309
- ERP (enterprise resource planning), 371
- ESA (Enterprise Security Architecture) frameworks, 23
- ESB (enterprise service bus), 372
- ESI (electronically stored information), 204
- ESP (Encapsulated Secure Payload), 250
- ethical hacking, 30, 68
- export controls, 203
- external audits, 34, 132
F
- FCR (first call resolution), analysis, 32
- federation, 398
- FERPA (Family Educational Rights and Privacy Act), 219
- file carving tools, 284
- FIM (file integrity monitoring), 79–80, 330
- fingerprint scan systems, 478
- firewalls, 80–81
- firmware, vulnerabilities, 102
- Flash, 144
- FMEA (failure modes and effects analysis), 14
- FMECA (failure mode, effects and criticality analysis), 14
- forensics. See digital forensics
- forward proxies, 325
- FQDNs (fully qualified domain names), 372
- FRAP (Facilitated Risk Assessment Process), 14
- full interruption tests, 34
- full knowledge testing, 131
- fuzzy hash, 290
G
- gap analysis, 29
- GCP (Google Cloud Provider), 168
- GDPR (General Data Protection Regulation), 190–192, 219, 437
- geotagging, mobile devices, 484
- GLBA (Gramm-Leach-Bliley Act), 197–198, 219
- golden image, 45
- Google Cloud, status dashboard, 179
- government classification system, 388
- GPG (GNU Privacy Guard), 249
- guest operating system, hypervisor, 420
H
- hacker attacks, 5, 98
- hackers, 68
- hacking, ethical, 30
- hacktivists, 70
- hand geometry systems, 478
- hardening techniques, 45–47
- hardware
- hash values, 223
- hashes, 224, 290
- hashing, 223
- collisions, 223
- HAVAL (hash algorithm of variable length), 226
- HMAC (Hashed Message Authentication Code), 225, 226
- MAC (Message Authentication Code), 225, 226
- MD (Message Digest), 224, 225
- Poly1305, 225, 226–227
- RIPEMD (RACE Integrity Primitives Evaluation Message Direct), 225, 226
- SHA (Secure Hash Algorithm), 224, 225
- utilities, 289–290
- HAVAL (hash algorithm of variable length), 226
- HIDS (Host-Based Intrusion Detection System), 56, 78, 315
- HIPAA (Health Insurance Portability and Accountability Act), 197, 219
- HIPS (Host Intrusion Prevention System), 56, 316
- HMAC (Hash Message Authentication Code), 218, 226
- homomorphic encryption, 474
- honeyflies, 154
- honeynet, 154
- honeypot, 154
- host operating system, hypervisor, 420
- host-based firewalls, 56, 84–85
- HPKP (HTTP Public Key Pinning), 245
- HSM (Hardware Security Module), 48–52
- HSTS (HTTP Strict Transport Security), 246
- HTML5, 144–145
- HTTP (Hypertext Transfer Protocol), 383–384
- HTTP interceptors, 121–122
- HTTPS, DoH (DNS over HTTPS), 486
- HUMINT (human intelligence), 73
- hunt teaming, 153, 276
- hybrid architecture, cloud computing, 169
- hybrid clouds, 169
- HYOK (hold your own key), 448
- hypervisor, 419–422
I
- IA (interoperability agreement), 201
- IaaS (infrastructure as a service), 169, 170, 429, 450
- IAST (interactive application security testing), 370
- IBM Cloud, 168
- ICSs (industrial control systems), 75, 182, 496–498
- IDEA (International Data Encryption Algorithm), 229, 232–233
- identify proofing, 406
- IDP (intrusion detection and prevention), 78
- IDPSs (intrustion detection and prevention systems), 78
- IDS (intrusion detection system), 56
- IDS/IPS (intrusion detection system/intrusion prevention system), 56
- IEEE (Institute of Electrical and Electronics Engineers Standards Association), 350
- IM (instant messaging), 453–454
- imaging tools
- IMAP (Internet Message Access Protocol), 328
- IME (inline media encryptor), 315
- impact/effort matrix, countermeasures and, 154
- in-band authentication, 404
- incident response, 153, 516–518
- INE (inline network encryption), 315
- information classification, CIA triad, 7–8
- infrastructure design, 358–361
- infrastructure, CSP (cloud service provider), 175
- insider threats, 69
- integer overflow, 135
- intelligence
- interfaces, dedicated, 52
- internal audits, 34, 131
- Internet layer controls, 250–251
- intrusion, Diamond Model of Intrusion Analysis, 76
- IoCs (indicators of compromise)
- IPS (intrusion prevention system), 56
- iptables, configuring, 317–318
- iris recognition, 478
- ISA (interconnection security agreement), 201
- ISACs (Information Sharing and Analysis Centers), 111
- ISAM (INFOSEC Assessment Methodology), 14
- ISO (International Organization for Standardization), 192–193
- ISO 27002, 382
- issuance to entities, 242
J
K
L
- L2TP (Layer 2 Tunneling Protocol), 252
- ladder logic, 498
- Land, 137
- LANs (local area networks), 335
- latency, analysis, 32
- LDAP (Lightweight Directory Access Protocol), 321, 402
- LDAPS (LDAP over SSL), 140
- legal considerations, 203–204
- legal hold, 204
- lessons learned, 30–31
- libraries, third-party, 138
- Linux, logs, 77
- litigation hold, 204
- location redundancy, 442
- logs, 77–78, 446–447
- long-term viability, 178
- lsof command, 292
M
- MaaS (monitoring as a service), 429
- MAC (mandatory access control), 400
- MAC (Message Authentication Code), 226
- macro virus, 141
- maintainability, analysis, 33
- malicious code, 5, 98
- malware, 221
- management interface, 52
- masking, 390
- MD (Message Digest), 224, 225
- memory leaks, 136
- merging networks
- metadata, 389
- metrics, 31
- MFA (multifactor authentication), 395, 403–404
- Microsoft Azure, 168
- misconfiguration, 451
- mitigating controls, 57. See also compensating controls
- MITRE ATT&CK Matrix for Enterprise, 74–75
- ML (machine learning), 472
- mobile devices, 478–479, 524–527
- activation/deactivation, remote, 489
- airplane mode, 485
- application wrapping, 479
- certificates, 481
- containerization, 493–494
- deperimeterization/zero trust, 345–347
- deployment, protocols, 486–487
- digital forensics, 491–493
- DoH (DNS over HTTPS), 486
- eFuse, 494–495
- encryption, 489
- FDE (full device encryption), 484
- geotagging, 484
- health privacy, 490
- jailbreaking, 493
- location services, 485–486
- MAM (mobile application management), 479
- management, 481
- NFC (near-field communication), 482–483
- OEM (original equipment manufacturer), 494
- OTA (over-the-air) updates, 480
- passwords, 479–480
- patch repository, 480
- peripherals, 483
- personal data theft, 490
- physical reconnaissance, 489
- PMFs (protected management frames), 480
- profiles, 481–482
- protocols
- Modbus, 498–499
- monitoring, continuous monitoring, 22–23
- motivation, 5, 98
- MOU (memorandum of understanding), 199
- MPC (secure multiparty computation), 474
- MSAs (master service agreements), 198
- MTBF (mean time between failure), 28, 33
- MTTR (mean time to recovery), 28, 33
N
- NAC (network access control), 318–319
- nano technology, 477
- NAS (network-attached storage), 441
- NAT (network address translation), 324
- nation-state hackers and cyberterrorists, 69
- natural disasters, 5, 98
- NBAR (Network-Based Application Recognition), 387
- nbtstat, 290
- NDA (nondisclosure agreement), 18, 200
- Netcat, 292
- NetFlow, 78, 331
- netstat, 290–292
- network tap, 329
- networking
- change management, 180–181
- CIA (confidentiality, integrity, and availability) triad, 176–182
- CSIRT (computer security incident response team), 179
- data remanence, 179
- DR/BCP (disaster recovery/business continuity plan), 179
- Google Cloud status dashboard, 179
- long-term viability, 178
- right to audit, 178
- SDN (software-defined networking), 357–358
- segmentation, 185
- SLA (service level agreement), terms, 178
- vendor lock-in, 178
- vendor lock-out, 178
- networks
- NFC (near-field communication), 482–483
- NGFW (next-generation firewalls), 324
- NGW (NAT gateway), 324
- NIDS (network intrusion detection system), 78, 315
- NIPS (network intrusion prevention system), 316
- NIST (National Institute of Standards and Technology), 102, 194–195
- no knowledge testing, 131
- nonrepudiation, cryptography, 217, 218, 220–221
- NTA (network traffic analysis), 387
- NVD (National Vulnerability Database), 102
- NX (No-eXecute), 47
O
- OAuth (Open Authorization), 402–403
- obfuscation, 390
- OCSP (Online Certificate Status Protocol), 245
- OISF (Open Information Security Foundation), 78
- OLA (operating level agreement), 201
- on-demand/elastic cloud computing, 174–175
- OOB (out-of-band) authentication, 404
- OpenFlow, 450
- OpenID, 398
- operational controls, 17
- operational intelligence, 66
- operational risk, 97, 511–512
- organized crime, 69
- OS (operating system), logs, 77
- OSINT (open-source intelligence), 71–72
- OTP (one-time passwords), 404
- out-of-band management, 52, 227
- out-of-band push-based authentication, 400
- outsourcing, deperimeterization/zero trust, 348–350
- OVAL (Open Vulnerability and Assessment Language), 103–104
- OWASP (Open Web Application Security Project), 382–383
P
- PaaS (platform as a service), 169, 170, 430
- packet capture, 79, 100–101
- palm scan systems, 478
- PAP (Password Authentication Protocol), 251, 321
- parallel tests, 34
- passive vulnerability, 100
- password cracking, 122–123
- password repositories, 395
- passwords
- patch management, 108–110
- PBKDF2 (password-based key derivation 2), 254–255
- PCI DSS (Payment Card Industry Data Security Standard), 187–190, 219
- penetration testing, 129–132
- performance, analysis, 32
- peripherals, mobile devices, 483
- PFE (private function evaluation), 474
- PFS (perfect forward secrecy), 238
- PGP (Pretty Good Privacy), 248–249
- physical controls, 17
- physical security, 158–159
- PIA (privacy impact assessment), 190
- PII (personally identifiable information), 188–190
- Ping of Death, 137
- PIR (private information retrieval), 474
- pivoting, 128
- PKI (public key infrastructure), 228, 239, 514–516
- PLAs (privacy-level agreements), 199
- PLC (programmable logic controller), 497
- pod slurping, 221
- Poly1305, 226–227
- POP3 (Post Office Protocol), 328
- port mirroring, 329
- PPP (Point-to-Point Protocol), 319
- PPTP (Point-to-Point Tunneling Protocol), 251, 319
- pre-employment policies, 18
- Presence, 456
- principle of least privilege, 19
- privacy requirements, 219–220
- private clouds, 169
- privileged access management, 395–396
- problem solving, judgement and, 35
- programming languages, 140–141
- promiscuous mode, 118
- provisioning, 171
- proxies
- prudent person rule, training and, 24
- PS (Process Status), 292
- public clouds, 169
- public key cryptography, 233
Q
R
- RA (registration authority), 241
- race conditions
- RADIUS (Remote Authentication Dial-In User Service), 320
- RAID (Redundant Array of Inexpensive/Independent Disks), 392
- RAS (Remote Access Services), 401
- RBAC (role-based access control), 400–401
- RC4 (Rivest Cipher 4), 229, 233
- RC5 (Rivest Cipher 5), 229, 233
- RDP (Remote Desktop Protocol), 424
- recoverability, analysis, 33
- redundant hardware, 57
- regular expressions, IoCs, 80
- regulations
- reliability, KPIs and, 31
- remote assistance, 455–456
- remote work, deperimeterization/zero trust, 345
- replication, 52
- residual risk, 16
- resiliency, infrastructure design, 359
- resource exhaustion, 137
- response, firewalls, 80–85
- response playbooks, 273–274
- REST (Representational State Transfer), 142
- restricted interfaces, 51–52
- retina pattern systems, 478
- right to audit, 178
- RIPEMD (RACE Integrity Primitives Evaluation Message Direct), 226
- risk, 4, 97
- risk assessment
- areas of concern, 106–107
- asset identification, 6–8
- best practices, 25–27
- information classification, 8–9
- mitigate, 15
- qualitative risk, 13–14
- quantitative risk, 10–11
- reporting, 16–17
- risk appetite, 15
- risk management team, 9–10
- self-assessment, 105–108
- third-party vendor assessment, 105–108, 513–514
- transfer, 15
- risk management, 506–507
- risk mitigation, cloud computing, 182–185
- risk register, 23
- risk source, 98
- RMFs (risk management frameworks), 24
- ROI (return on investment), 16–17, 21–22
- routers, 325–327
- RPO (recovery point objective), 27
- RSA algorithm, 236–237
- RSL (recovery service level), 27
- RTO (recovery time objective), 27
- RuBAC (rule-based access control), 401
S
- S-HTTP (Secure Hypertext Transfer Protocol), 248
- S/MIME (Secure/Multipurpose Internet Mail Extensions), 249
- SA (Security Association), 250
- SaaS (software as a service), 169, 170, 429
- SABSA (Sherwood Applied Business Security Architecture), 23
- SAFER (Secure and Fast Encryption Routine), 229
- SAML (Security Assertion Markup Language), 399
- SAN (Storage Area Network), 442
- sandbox detonation, 112
- SAST (static application security testing), 369
- SAW (secure admin workstation), 335
- SCADA (Supervisory Control and Data Acquisition), 182, 497
- scalability
- scareware, 488
- SCEP (Simple Certificate Enrollment Protocol), 347
- screened subnet, 335–336
- script kiddies, 70
- scripting, 52
- scripts, IoCs, 80
- scrubbing, 390
- Scytale cryptography system, 216
- SDN (software-defined networking), 357, 450–451
- search engine poisoning, 489
- SECaaS (security as a service), 430
- SecDevOps, 378–379
- secure protocols
- 802.1X, 403
- Diameter, 402
- EAP (Extensible Authentication Protocol), 403
- Kerberos, 402
- LDAP (Lightweight Directory Access Protocol), 402
- OAuth (Open Authorization), 402–403
- RAS (Remote Access Services), 401
- TACACS (Terminal Access Controller Access Control System), 401–402
- XTACACS (Extended Terminal Access Controller Access Control System), 401–402
- secure storage management and replication systems, 442
- security
- security controls
- SED (self-encrypting drive), 48
- segmentation, 185
- ACLs (access control lists), 341–344
- air-gap, 344
- availability zones, 338
- data zones, 336
- DMZ (demilitarized zone), 335–336
- guest environments, 337
- jump boxes, 335
- LANs, 335
- microsegmentation, 334
- NAC (network access control), 341
- peer-to-peer networks, 344
- policies, 338–340
- regions, 340
- SAW (secure admin workstation), 335
- screened subnet, 335–336
- security groups, 338–340
- staging environments, 337
- VLANs, 335
- VNET (virtual network), 337
- VPCs (virtual private clouds), 337
- self-assessment, risk, 105–108
- self-encrypting drives, 57
- self-healing hardware, 57
- sensors
- server-based scanning, 101
- server-side processing, 141
- serverless computing, 450
- services, security, 310
- API gateway, 328
- DNS (domain name system), extensions, 322–323
- firewalls, 324
- IDS (intrusion detection systems), 311–313
- IGW (Internet gateway), 324
- load balancers, 311
- mail, 327–328
- NAC (network access control), 318–319
- NGW (NAT gateway), 324
- proxies, 325
- routers, 325–327
- traffic monitoring, 329
- VPNs (virtual private networks), 319–321
- WAFs (web application firewalls), 316–318
- XML gateway, 328
- SFE (secure function evaluation), 474
- SHA (Secure Hash Algorithm), 225
- shell restrictions, 50
- Shibboleth, 399
- side-channel analysis, 127
- sideloading, 347
- SIEM (security information and event management), 330
- signature, unusual process activity, 78
- simulation, detection and, 155
- simulation tests, 34
- Skipjack, 229
- SLAs (service level agreements), 178, 198–199
- smartphone attacks, 487–488
- smishing, 488
- SMTP (Simple Mail Transfer Protocol), 327
- Smurf attacks, 137
- sniffing, WinDump, 79
- SNMP (Simple Network Management Protocol), 117, 330–331
- SOA (service-oriented architecture), 372
- SOAP (Simple Object Access Protocol), 145
- SOAR (security, orchestration, automation, and response), 228
- social engineering, intelligence collection, 73
- source, 5
- source route attack, 185
- SOX (Sarbanes-Oxley Act), 185, 197, 219
- SPAN (Switched Port Analyzer), 118, 329
- SPAWAR (U.S. Space and Warfare Command), 79
- SPIR (strong private information retrieval), 474
- spiral model, 379
- SPIT (Span over Internet Telephony), 460
- SSH (Secure Shell), 124, 248
- SSL (Secure Sockets Layer), 140, 249
- SSO (single sign-on), 405
- stakeholders, incident response and, 274–277
- STAR (Security, Trust, Assurance, and Risk), 196
- steganography, 387
- storage
- bit splitting, 443
- cloud computing, 175
- configuration, 443
- DDP (data de-duplication), 443
- location redundancy, 442
- NAS (network-attached storage), 441
- SAN (Storage Area Network), 442
- SAN snapshot software, 443
- secure storage management and replication systems, 442
- security and, 443–444
- virtual, 440
- VSAN (virtual SAN), 442
- strategic intelligence, 67
- supply chain access, threats, 71
- switches, 450
- symmetric encryption, 227
- AES (Advanced Encryption Standard), 229, 232
- Blowfish, 229
- CAST (Carlisle Adams/Stafford Tavares), 229
- CTR (counter mode), 233
- DES (Data Encryption Standard), 229, 230–232
- GCM (Galois/Counter) mode, 233
- IDEA (International Data Encryption Algorithm), 229, 232–233
- RC4 (Rivest Cipher 4), 229, 233
- RC5 (Rivest Cipher 5), 229, 233
- SAFER (Secure and Fast Encryption Routine), 229
- Skipjack, 229
- Twofish, 229
- SYN Floods, 137
T
- TACACS (Terminal Access Controller Access Control System), 401–402
- tactical intelligence, 66–67
- targeted attacks, 67
- TCO (total cost of ownership), 17, 22
- Teardrop, 137
- technical controls, 17
- telephony, 132, 457–458
- Telnet, 83, 124
- testing
- testing plans, 33–34
- tethering, mobile devices, 485
- TGS (ticket-granting service), 405
- TGTs (ticket-granting tickets), 405
- third-party attestation of compliance, 202–203
- third-party dependencies, 184–185
- third-party libraries, 138
- third-party vendor assessment, risk, 105–108, 513–514
- threat actors, 67–71
- threat management, 66–67
- threat modeling, 124
- threats, 4–6, 98
- mobile devices, 487–489
- TKIP (Temporal Key Integrity Protocol), 127
- TLS (Transport Layer Security), 249–250
- TOC (time of check), 136
- tokenization, 390
- TOU (time of use), 136
- TPM (Trusted Platform Module), 48–52
- TPoX (Transaction Processing over XML), 238
- traffic monitoring, 329
- training, 24
- transitive trust theory, 398
- transparent proxies, 325
- Transport mode, 250
- trend data, 32
- Trinoo, 137
- trusted OS, 53–54
- TSF (time service factor), analysis, 32
- Tunnel mode, 250
- two-step verification, 404
- Twofish, 229
U
- UA (uptime agreement), 201
- UAs (uptime agreements), analysis, 32
- UEBA (user and entity behavior analytics), 57
- unauthorized scans, 100
- uncredentialed scans, 100
- unsigned apps/system apps, 347
- unusual process activity, 78
- usability, analysis, 33
- USB key drops, 155
- UTM (unified threat management), 324
V
- validation testing, 181–182
- VDI (virtual desktop infrastructure), 424–425
- vendor lock-in, 178
- vendor lock-out, 178
- VeraCrypt, 48
- Vernam cipher, 217
- versioning, 379–380
- videoconferencing, 452–453
- Vigenère cipher, 217
- virtual memory, 421
- virtual servers, 419
- virtual storage, 440
- virtualization, 522–524
- virtualization sprawl, 420
- VLANs (virtual LANs), 335
- VMaaS (vulnerability management as a service), 99
- VMM (virtual machine monitor), 421
- VMs (virtual machines), 420–422
- vmstat, 292
- VNET (virtual network), 337
- voice recognition, 478
- VoIP, 458–461
- VPC (virtual private cloud), 329, 337
- VPNs (virtual private networks), 319–322
- VR (virtual reality), 475–476
- VSAN (virtual SAN), 442
- vulnerabilities
- vulnerability, 4, 97
- software, tracking, 103
- vulnerability assessments, 29–30, 511–512
- vulnerability logs, 77
- vulnerability management, 97
- active vulnerability scan, 100
- agent-based scanning, 101
- application exploits, 132–133
- assessments, types, 131–134
- authorized scans, 100
- configuration files, 102
- covert channel analysis, 127
- credentialed scans, 100
- CVSS (Common Vulnerability Scoring System), 102
- dynamic analysis, 126
- firmware, 102
- fuzz testing, 125–126
- information sources, 110–112
- lifecycle, 99
- Linux, 119
- Microsoft Windows, 119
- NVD (National Vulnerability Database), 102
- OVAL (Open Vulnerability and Assessment Language), 103–104
- passive vulnerability, 100
- patch management, 108–110
- penetration testing, 125, 129–132
- physical testing, 134
- pivoting, 128
- regression testing, 133
- reverse engineering, 126–127
- SCAP (Security Content Automation Protocol), 103–105
- security audit, 124
- security code testing, 132–133
- security testing, 125
- server-based scanning, 101
- side-channel analysis, 127
- social engineering, 133–134
- software, 102
- software composition analysis, 128
- static analysis, 126
- tools, 112–113
- computer forensics, 124
- footprinting tools, 113–116
- HTTP interceptors, 121–122
- packet sniffers, 118
- password cracking, 122–123
- port scanners, 116–117
- protocol analyzers, 118
- SSH, 124
- Telnet utilities, 124
- threat modeling, 124
- virtualization tools, 119
- visualization tools, 120
- vulnerability scanners, 120–121
- vulnerability scanners, 120
W
- WAFs (web application firewalls), 316–318
- walk-throughs, 33
- WAP (Wireless Application Protocol), 250
- warning banners, 51
- waterfall model, 379
- watermarking, 387
- wearable devices, 490–491
- web conferencing, 452
- WEP (Wired Equivalent Privacy), 127
- WFH (work-from-home) model, 418
- WIDSs (wireless intrusion detection systems), 316
- Windows Events, logs, 77
- WinDump, 79
- wireless scanning, 127
- wireless/radio frequency networks, deperimeterization/zero trust, 350–352
- Wireshark, 293
- WPA (Wi-Fi Protected Access), 127
- WS-Security WSS (Web Services Security), 145
- WSUS (Windows Server Update Services), 109–110
- WTLS (Wireless Transport Layer Security), 250
X–Y–Z
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.