Index

Symbols

../ (dot-dot-slash) attack 76, 274–275

; (semicolon) 73

' (single quotation mark) 73

_ (underscore) 740

0phtCrack 44

2FA (two-factor authentication) 298

5G communications 357–358

802.1X standard 510, 553–556, 562, 664–667, 673

A

A record (Address mapping record) 796

AAA (authentication, authorization, and accounting) framework 306

AAR (after action report) 928–929

ABAC (attribute-based access control) 638–645, 678, 679

acceptable use policies (AUPs) 898, 900

acceptance of risk 919

access control. See also 802.1X standard; identity; passwords

access control entries (ACEs) 643

access control lists (ACLs) 490, 528, 535, 643, 831

attribute-based 638–645, 678, 679

best practices 680–681

centralized versus decentralized 679

centralized/decentralized 640

conditional access 678, 679

delegation of access 662

discretionary 674–676, 679

identity and access management (IAM) 605, 633

implicit deny 680

least privilege 264, 630, 681, 908

mandatory 676, 679

network 510–511

permissions 640–645

cloud computing 605, 610

inheritance 644–646

open 150

types of 646

privileged access management (PAM) 678, 679

role-based 677, 679

rule-based 677, 678, 679

summary of 679

user access recertification 645

vestibules 372–373

access control entries (ACEs) 643

access control lists (ACLs) 490, 528, 535, 643, 831

access points (APs)

rogue 99

security 562–563

accounting, AAA framework for 306

accounts 629–633. See also access control; passwords

administrator 908

auditing 635, 639

harvesting 18

permissions 640–645

cloud computing 605, 610

inheritance 644–646

open 150

types of 646

policies 633

root 908

service 908

ACEs (access control entries) 643

ACI (Application Centric Infrastructure) 243

acknowledgement (ACK) packets 84

ACLs (access control lists) 490, 528, 535, 643, 831

acquisition, forensic

artifacts 853

cache 852

checksums 857

data breach notification laws 855–856

definition of 847

device 850–851

disk 848

firmware 851

hashing 856–857

integrity 856

network 852–853

operating system 850

order of volatility 848

on-premises versus cloud 853–854

random-access memory (RAM) 848–849

regulatory and jurisdictional 855

right-to-audit clauses 854

snapshot 851–852

swap/pagefile 849–850

Active Directory (AD) 291–292

Active Directory Certificate Services (AD CS) utility 691

Active Directory Users and Computers (ADUC) 640

active reconnaissance 18, 204–205

active/active load balancing 488

active/passive load balancing 488

Activity Monitor 542

actors, threat

attack vectors 122–123

attributes of 122

types of 120–121

AD. See Active Directory (AD)

additional or associated data (AEAD) 404

Address mapping record (A record) 796

Address Resolution Protocol. See ARP (Address Resolution Protocol)

address space layout randomization (ASLR) 76, 265, 272

addresses

IPv4 443–444

IPv6 536–537

MAC (media access control) 101, 511

network address allocation 443–444

network address translation 501, 529, 562

virtual IP 488

administrator accounts 908

admissibility, evidence 843

ADSP (Author Domain Signing Practices) 110

ADUC (Active Directory Users and Computers) 640

Advanced Encryption Standard (AES). See AES (Advanced Encryption Standard)

Advanced IP scanner 721

advanced persistent threats (APTs) 35, 120–121, 451, 770

AE (authenticated encryption) 404

AEAD (additional or associated data) 404

aerospace application-embedded systems 348–350

AES (Advanced Encryption Standard) 412, 430, 475, 552

AES-GCM 498

AES-GMAC 498

AFL (American Fuzzy Lop) 269

after action report (AAR) 928–929

aggregation, log 186

aggregators 526

Agile development methodology 258–259

agreement, terms of 948

AH (Authentication Header) 437, 520

AI (artificial intelligence) 50–51

AI (Asset Identification) 885, 941–942

AICPA (American Institute of Certified Public Accountants) 883

AI/ML (artificial intelligence and machine learning) 50–51

AIR (As-if Infinitely Ranged) integer model 77

air gaps 384, 385

air traffic control (ATC) 349–350

aircraft systems 348–350

AirMagnet 99

AIS (automated indicator sharing) 125

aisles, hot/cold 386

alarms 374, 870

ALE (annualized loss expectancy) 922

alerts, SIEM 788

ALG (application-level gateway) 529

algorithms 50–51

Grover’s 402

hashing 218–219, 856–857

Digital Signature Algorithm (DSA) 396, 412

Elliptic Curve Digital Signature Algorithm (ECDSA) 551–552

Message Digest Algorithm 5 (MD5) 55, 219

Secure Hash Algorithm (SHA) 55, 551–552

key generation 395

message authentication code (MAC) 410

online resources 498

public key 411

scheduling 488

Shor’s 402

signature verifying 395

signing 395

allocation, network address 443–444

allow lists 467, 578, 583, 822

ALTER DATABASE statement 71

ALTER TABLE statement 71

Alureon rootkit 35–36

always-on VPN functionality 495

Amazon Web Services (AWS) 232–233, 244, 603, 853, 870

American Fuzzy Lop (AFL) 269

American Institute of Certified Public Accountants (AICPA) 883

amplification attacks 112

analytics logs 383

Android Auto 347

Angry IP scanner 721

annualized loss expectancy (ALE) 922

annualized rate of occurrence (ARO) 922

anomaly-based analysis 521–523

anonymization 945

anti-forensics 770

antimalware 452

antivirus software 451

anycast addresses 537

anything as a service (XaaS) 139, 232

AP isolation 562

Apache

HTTP Server 146

Mesos 240

web servers 794

APIs (application programming interfaces) 86

API-based keyloggers 42

attacks 55, 85–86, 602

definition of 240–241

infrastructure as code 241–243

inspection and integration 607, 610

micro-segmentation 240–241

security considerations 216

Shodan 203–204

APP (Australia Privacy Principles) 220

Apple

Apple Pay 462, 584

CarPlay 347

macOS Activity Monitor 542

appliances, network 513–514. See also firewalls

aggregators 526

hardware security modules (HSMs) 524

jump servers 514

network intrusion detection systems (NIDSs) 517–518

advantages/disadvantages 519–520

anomaly-based analysis 521–523

definition of 519–520

heuristic-based analysis 521

inline versus passive 523–524

promiscuous mode 517

signature-based 520–521

stateful pattern-matching recognition 521

network intrusion prevention systems (NIPSs)

advantages/disadvantages 519–520

anomaly-based analysis 521–523

definition of 518–520

false positives/false negatives 519

heuristic-based analysis 521

inline versus passive 523–524

signature-based 520–521

proxy servers 514–516

sensors 524–525

application allow lists. See allow lists

application block/deny lists. See block/deny lists

Application Centric Infrastructure (ACI) 243

application development. See also application security

application provisioning and deprovisioning 260

automation and scripting 278–279

diversity 278

elasticity 279–280

integrity measurement 261

Open Web Application Security Project (OWASP) 204, 276–277

programming testing methods

compile-time errors 266–267

fuzz testing 269–270

input validation 80, 267–268

penetration testing 266

runtime errors 266–267

static and dynamic code analysis 269

stress testing 80, 266

scalability 279–280

secure coding 261–263

software development environments 257–260

software development lifecycle (SDLC) 78, 261–262, 263–265, 468, 868

vulnerabilities and attacks 74–75

API attacks 55, 85–86, 602

backdoors 149, 271, 275

buffer overflows 75–76, 77, 149, 271–272, 275

code injection 149, 273–274, 276

cross-site request forgery (XSRF) 149, 272, 275

cross-site scripting (XSS) 54, 68–70, 110, 149, 272, 275, 601

directory traversal 75–76, 149, 274–275, 276

DLL injection 74

driver manipulation 89

error handling 79–82

LDAP injection 74

memory/buffer 77–78, 88, 149, 271–272, 275

pass the hash 89–90

pointer dereferencing 75–76

privilege escalation 67–68, 201, 770

race conditions 79

remote code execution (RCE) 78, 146, 149, 275

replay 82–85

request forgeries 85–86

resource exhaustion 87–88

SQL injection (SQLi) 54, 70–74, 273–274

SSL stripping 88–89

summary of 275–276

XML injection 74–75

zero-day attack 149, 275, 276

application logs 792–793

application management, mobile 576–578

application programming interfaces. See APIs (application programming interfaces)

application scanners 182

application security 463–464, 475–476, 612. See also application development

allow lists 467, 578, 583, 822

application shielding 471

authentication 298

block/deny lists 467–468, 822–823

code signing 466–467

disk encryption 473

dynamic code analysis 470–471

fuzzing 471

hardening 471

hardware root of trust 476–477

Hypertext Transfer Protocol (HTTP) 436–437, 465–466, 577

input validation 464

manual code review 470

mobile devices 581

open ports/services 471–472

operating system 473–474

patch management 474–475

registry 472

sandboxing 452, 478–479

secure coding practices 468

secure cookies 465

self-encrypting drives (SEDs) 475–476

static code analysis 468–469

Trusted Platform Module (TPM) 477–478

whitelisting 578, 583

application service providers (ASPs) 139, 231

application-aware devices 518

application-based segmentation 489–490

application-level gateways (ALGs) 529

approved lists 822

AppScan 204

APs (access points)

rogue 99

security 562–563

APT29 (Cozy Bear) 346

apt-get install snmp snmpwalk command 436

APTs (advanced persistent threats) 120–121, 451, 770

archive.org 147

Arduino 340

ARF (Asset Reporting Format) 885

ARO (annualized rate of occurrence) 922

ARP (Address Resolution Protocol)

poisoning 105, 722

spoofing 513

arp command 721–722

artifacts, forensic 853

artificial intelligence and machine learning (AI/ML) 50–51, 788

As-if Infinitely Ranged (AIR) integer model 77

ASLR (address space layout randomization) 76, 265, 272

ASPs (application service providers) 139, 231

assertion parties (SAML) 659

assertions 623

assessments, security. See security assessments

Asset Identification (AI) 885, 941–942

asset management 909–910

Asset Reporting Format (ARF) 885

asset values 921, 922

asymmetric encryption 411–413

ATC (air traffic control) 349–350

ATT&CK framework (MITRE) 18, 128–129, 176, 205, 223, 767–768

Attack Complexity (AC) metric 183

Attack Vector (AV) metric 183

attestation 294, 460–461

attribute-based access control (ABAC) 638–645, 678, 679

audio steganography 415–416

auditing 635, 639

audit logs 869–870

audit trails 870

cloud computing 604, 609

auditors 947

AUPs (acceptable use policies) 898, 900

Australia Privacy Principles (APP) 220

802.1X standard 510, 553–556, 562, 664–667, 673

AAA framework 304–306

attestation 294

authenticated encryption (AE) 404

authenticated modes 404

authentication applications 298

biometric systems 300, 378, 625–626, 869

crossover error rate (CER) 304

efficacy of 302

errors with 626

false acceptance rate (FAR) 303, 626

false rejection rate (FRR) 303, 626

fingerprints 300–301

gait analysis 302

iris recognition 301

retina scanning 301

vein authentication 302

voice/speech recognition 302

captive portals 559

Challenge-Handshake Authentication Protocol 673

challenge-response authentication (CRA) 571–572

by characteristic attributes 625–626

CIA (confidentiality, integrity, availability) 289

cloud versus on-premises requirements 306–307

context-aware authentication 658

definition of 289–291, 625

directory services 291–292

embedded systems 363

Extensible Authentication Protocol (EAP) 553–556, 664–667

EAP-FAST 556, 666

EAP-MD5 556, 666

EAP-TLS 556, 666

EAP-TTLS 556, 666

LEAP 666

PEAP 556, 666

federation 292–293, 556–557, 658

hardware security modules (HSMs) 656

HMAC-based one-time password (HOTP) 295–296

Kerberos 82–83, 89, 292, 553, 668–670, 673

by knowledge 625, 656–657

Lightweight Directory Access Protocol (LDAP) 291, 442, 667–670

injection attacks 74, 144

Lightweight Directory Access Protocol over SSL (LDAPS) 432

logs 789–796

multifactor 304–306, 657

mutual 668–670

OAuth 661–662

OpenID and OpenID Connect 663–664

by ownership 625

phone call 299–300

push notifications 299

remote

Challenge-Handshake Authentication Protocol (CHAP) 670–672, 673

RADIUS 556–557, 672–673

Remote Access Service (RAS) 670–672

TACACS+ 672–673

Security Assertion Markup Language (SAML) 659–661

Short Message Service (SMS) 296–297

single sign-on (SSO) 292, 373, 624, 658–659

smart card 299–300, 629

static codes 298

summary of 673

time-based one-time password (TOTP) 295

token key 297

Trusted Platform Module (TPM) 294, 655

two-factor 298

Wi-Fi Protected Setup (WPS) 558–559

authentication attacks 55, 602

Authentication Header (AH) 437, 520

authentication servers 555, 665

authenticators 555, 665

Author Domain Signing Practices (ADSP) 110

authorization 290, 306

authorized hackers 121

Auto (Android) 347

automated indicator sharing (AIS) 125

automation

application development 278–279

auto-updates 474–475

facility 345

autonomous underwater vehicles (AUVs) 353–354

Autopsy 747, 850

AUVs (autonomous underwater vehicles) 353–354

availability 289

resource exhaustion 87–88

restoration order 330–331

site resiliency and 221–222

Availability Impact (I) metric 184

avalanche effect 463

avoidance, risk 918

awareness, risk 921

AWS (Amazon Web Services) 244, 603, 853

Azure 232–233, 603, 853

B

backdoors 42–43, 149, 271, 275

background checks 899

backups 158

cloud 326

comparison of 326–327

copy 326

differential 326, 328

disk 326

full 326, 328–331

image 326

incremental 326, 328

NAS (network-attached storage) 326

offsite 327

online versus offline 326

snapshot 326

tape 326

badges 373, 382

baiting 19

balancers, load 319–320

bandwidth monitors 804

barricades 370–371

base groups 182

baseband radio 359

baselining 213, 539–542

Bash 113

Basic Encoding Rules (BER) 697

basic input/output system (BIOS) 851

BCDR (business continuity and disaster recovery) 139, 232

BCPs (business continuity plans) 773–774, 929

beamforming 560

Bell-LaPadula 677

benchmarks 885–888

BER (Basic Encoding Rules) 697

BGP (Border Gateway Protocol) hijacking 535–536

BIA (business impact analysis) 773, 926–927

Biba 677

binaries 278

binary planting 74

biometric systems 300, 378, 625–626, 869

crossover error rate (CER) 304

efficacy of 302

errors with 626

false acceptance rate (FAR) 303, 626

false rejection rate (FRR) 303, 626

fingerprints 300–301

gait analysis 302

iris recognition 301

retina scanning 301

vein authentication 302

voice/speech recognition 302

BIOS (basic input/output system) 851

birthday attacks 56

BiSL (Business Information Services Library) 882

Bitcoin-related SMS scams 12

BitTorrent 529

black hat hackers 121

black-box testing 80

blackhole DNS servers 223

Blackhole exploit kit 44, 111–112

blacklisting 578, 583

blanket purchase agreements (BPAs) 903

blind hijacking 84

blind SQL injection 73

block all. See implicit deny

block ciphers 411

blockchain 409–410

block/deny lists 467–468, 578, 583, 822–823

blocking 417

Blowfish 412

blue teams 205, 902

Bluetooth 570–571

bluejacking 100, 570–571

bluesnarfing 99–100, 570–571

bollards 370–371

Boolean technique 74

boot integrity

boot attestation 460–461

definition of 458–459

measured boot 459–460

Unified Extensible Firmware Interface (UEFI) 459

Border Gateway Protocol (BGP) hijacking 535–536

bots and botnets 37–38, 111–112, 580

BPAs. See blanket purchase agreements (BPAs); business partnership agreements (BPAs)

BPDU (Bridge Protocol Data Unit) guard 512

bring-your-own-device (BYOD) 215, 572, 574–576, 581, 588–590, 826, 898

broadcast storm prevention 512

BPDU guard 512

DHCP snooping 512–513

loop protection 512

MAC filtering 513

brute-force attacks 45, 749

buckets 605

buffer overflows 75–76, 77, 149, 271–272, 275, 522

bug bounties 202–203

BugCrowd 203

building loss 925

burning 386

Burp Suite Professional 204

buses, controller area network (CAN) 347–348

business continuity and disaster recovery (BCDR) 139, 232

business continuity plans (BCPs) 773–774, 929

business impact analysis (BIA) 773, 926–927

business partnership agreements (BPAs) 903

BYOD. See bring-your-own-device (BYOD)

C

cables

locks 379

malicious USB 48

CAC (Common Access Card) 629

cache

ARP cache poisoning 105

caching proxy 514

DNS cache poisoning 108–110

forensic acquisition 852

Cain and Abel 44

California Consumer Privacy Act (CCPA) 214, 220, 880

call management systems (CMSs) 351

Call Manager log files 799–800

CAM (content addressable memory) 106

cameras

centralized versus decentralized 375

closed-circuit television (CCTV) 376–377, 870

motion recognition 376

object detection 376

camouflage 265, 377

CAN (controller area network) bus 347–348

Canada, Personal Information Protection and Electronic Data Act (PIPEDA) 220

Canonical Encoding Rules (CER) 697

capital expenditure (CapEx) 598

captive portals 559

capture, packet. See packet capture and replay

capture the flag 902

card cloning attacks 48–49

CarPlay, Apple 347

carrier unlocking 584

CAs (certificate authorities) 466, 556, 689–691, 829

CASBs (cloud access security brokers) 142–143, 611–612, 614

cat command 734–735

CBC (Cipher Block Chaining) mode 405

CBT (computer-based training) 901

CBWFQ (class-based weighted fair queuing) 536

CCE (Common Configuration Enumeration) 886

CCleaner 51

CCPA (California Consumer Privacy Act) 214, 220, 880

CCSS (Common Configuration Scoring System) 886

CCTV (closed-circuit television) 376–377, 870

CD (continuous delivery) 279

CDP (clean desk policy) 23, 899, 900

Cellebrite 850–851

cellular connection methods and receivers 572–573

Center for Internet Security (CIS) 164, 881, 883

centralized access control 640, 679

centralized cameras 375

centralized controllers 242

CER (Canonical Encoding Rules) 697

CER (crossover error rate) 304, 626

.cer file extension 697

CERT (Community Emergency Response Team) 77

certificate authorities (CAs) 466, 556, 689–691, 829

certificate revocation lists (CRLs) 533, 689–690, 691, 829

certificate signing requests (CSRs) 689

certificates 625, 626–627

attributes 691–692

chaining 696

expiration 693

formats 697

pinning 698

Subject Alternative Name 693

types of 694–696

updating/revoking 829–830

CFB (Cipher Feedback) mode 406

chain of custody 789, 844

chain of trust 699

Challenge-Handshake Authentication Protocol (CHAP) 673

challenge-response authentication (CRA) 49–50, 102, 571–572

change management 909

CHAP (Challenge-Handshake Authentication Protocol) 82–83, 670–672, 673

characteristic attributes, authentication by 625–626

Check Point 518

checksums 857, 870

chief information officers (CIOs) 903

chief security officers (CSOs) 930

chkdsk command 157

chmod command 644–645, 736–737

choose-your-own-device (CYOD) 588–590

CI (continuous integration) 279

CIA (confidentiality, integrity, availability) 221, 263, 289

CIDR (classless interdomain routing) netblock 203–204

CIOs (chief information officers) 903

Cipher Block Chaining (CBC) mode 405

Cipher Feedback (CFB) mode 406

cipher suites 409–411

CIRT. See incident response (IR) teams

CIS (Center for Internet Security) 164, 881, 883

CISA (Cybersecurity and Infrastructure Security Agency) 353–354

Cisco

Application Centric Infrastructure (ACI) 243

Application Policy Infrastructure Controller (APIC) 243

Cisco Discovery Protocol (CDP) 107

Email Security Appliance (ESA) 111

Identity Services Engine (ISE) 590

Mutiny Fuzzing Framework 269

NetFlow 187, 525, 809–810

OpenDNS 509–510

security advisories and bulletins 179

Talos 347

Umbrella 509

Clark-Wilson 677

class-based weighted fair queuing (CBWFQ) 536

classification

asset 941–942

data 904–905

classless interdomain routing (CIDR) netblock 203–204

clean desk policy (CDP) 23, 899, 900

clean pipe 112

clickjacking 84

client-based VPNs (virtual private networks) 497

clientless VPNs (virtual private networks) 497, 507–508

clientless web access 507

clients, thin 235–236, 508

client-side execution 267

client-side validation 268

clock, secure 477

cloning

MAC (media access control) 106

SIM (subscriber identity module) cards 580, 584

closed-circuit television (CCTV) 376–377, 870

cloud access security brokers (CASBs) 142–143, 611–612, 614

cloud computing

advantages of 138

attacks and vulnerabilities 52–55, 123, 137–143, 601–603

authentication 306–307

backups 326

cloud access security brokers (CASBs) 142–143, 611–612, 614

cloud service providers (CSPs) 139, 233, 598, 853–854

community cloud 140, 233

definition of 138

fog and edge computing 234–235

forensic acquisition 853–854

hybrid cloud 140, 233

managed detection and response (MDR) 234

managed service providers (MSPs) 233–234

models 231–232

off-premises versus on-premises services 234

private cloud 140, 232–233

public cloud 140, 232

resilience 325

security assessments 598

attacks 601–603

threats 598–600

security controls 595, 598

API inspection and integration 607, 610

compute 607, 611

container security 608–609

dynamic resource allocation 607–608, 611

high availability across zones 603, 609

instance awareness 608, 611

integration and auditing 604, 609

native versus third-party 615

network 606–607, 610

resource policies 603, 609

secrets management 604, 609

security groups 607, 611

storage 605, 610

summary of 608–609

virtual private cloud endpoint 608, 611

security solutions

application security 612

cloud access security brokers (CASBs) 611–612, 614

firewalls 613–614, 615

Secure Web Gateway (SWG) 613, 614

summary of 614–615

storage

encryption 605

high availability 606

permissions 605

replication 605

thin clients 235–236

VPCs (virtual private clouds) 607, 608, 611

Cloud Controls Matrix 884

Cloud Security Alliance (CSA) 139, 603, 884

Cloud Service (Google) 603

cloud service providers (CSPs) 139, 233, 598, 853–854

Cloudflare 440

cloudlets 235

Cluster Server 488

CMSs (call management systems) 351

CMSS (Common Misuse Scoring System) 887

COBIT framework 882

code, infrastructure as 241–243

code security 261–263

code camouflage 265

code checking 79, 265

code injection 149, 273–274, 276

code reuse 179, 270

code signing 466–467, 695, 696

dynamic code analysis 470–471

manual code review 470

static code analysis 468–469

cold aisles 386

cold sites 222

collection, log 186

collisions 55–56, 463

command-and-control (C2) servers 37–38, 107

commands. See individual commands

comment delimiters 73

Common Access Card (CAC) 629

Common Configuration Enumeration (CCE) 886

Common Configuration Scoring System (CCSS) 886

Common Misuse Scoring System (CMSS) 887

common names (CNs) 692

Common Object Request Broker Architecture (CORBA) 86

Common Platform Enumeration (CPE) 886

Common Remediation Enumeration (CRE) 886

Common Security Advisory Framework (CSAF) 164

Common Vulnerabilities and Exposures (CVEs), Wi-Fi 78, 125, 146, 177, 571, 886

Common Vulnerability Reporting Framework (CVRF) 164

Common Vulnerability Scoring System (CVSS) 182–186, 886

Common Weakness Enumeration (CWE) 75, 886

Common Weakness Scoring System (CWSS) 887

communications

communication plans 771–772

embedded systems

5G 357–358

baseband radio 359

NarrowBand 358

subscriber identity module (SIM) cards 360

Zigbee 360–361

community cloud 140, 233

Community Emergency Response Team (CERT) 77

community ports 491

company policies 878–879

compensating controls 871, 872

compilers 278

compile-time errors 81–82, 266–267

compliance, software 918

computer certificates 696

computer incident response teams. See incident response (IR) teams

computer-based training (CBT) 901

Concealment 415

concentrators, VPN 495

conditional access 678, 679

confidence tricks 19

Confidential information 905, 941–942

Confidentiality Impact (C) metric 184

configuration management 164, 213

configuration reviews 182

mitigation techniques 824

certificates, updating/revoking 829–830

content filter/URL filter 828–829

data loss prevention (DLP) 825–826

firewall rules 825

mobile device management (MDM) 825–826

secure configuration guides 885–888

weak configurations 150–155

connection methods and receivers

Bluetooth 570–571

cellular 572–573

Global Positioning System (GPS) 572, 584

near-field communication (NFC) 570–571

Radio frequency identification (RFID) 571–572

satellite communications (SATCOM) 573

secure implementation best practices 573–574

containers 236–240, 608–609

containment, incident response (IR) 763–764, 830–831

content addressable memory (CAM) 106

content filters 533, 828–829

content management 576–578

context-aware authentication 658

continuity of operations plans (COOPs) 774–775, 929

continuous delivery (CD) 279

continuous deployment 279

continuous integration (CI) 279

continuous monitoring 139, 278

continuous validation 278

Control Objectives for Information and Related Technology (COBIT) 882

control systems, diversity in 332

controller area network (CAN) bus 347–348

controller-pilot data link communications (CPDLC) 349–350

controllers 562–563, 946

controls. See also physical security

compensating 871, 872

corrective 870, 872

detective 869–870, 872

deterrent 870–871, 872

managerial 868

operational 868, 869

physical 871–872

preventative 869, 872

technical 868, 869

convert command 156

cookie hijacking 465

cookies 465

cookies, secure 465

COOPs (continuity of operations plans) 774–775, 929

Coordinated Universal Time (UTC) 440, 845

COPE (corporate-owned, personally enabled) environments 572, 588

copy backups 326

CORBA (Common Object Request Broker Architecture) 86

corporate incidents 775

corporate-owned, personally enabled (COPE) environments 572, 588–590

corrective controls 870, 872

correlation, log 186

correlation, Security Information and Event Management (SIEM) 788–789

Counter (CTR) mode 404, 408–409

counterintelligence 860

Counter-mode/CBC-MAC protocol (CCMP) 552

counters, secure 477

county names, certificate 692

cover-files 416

Cozy Bear 346

CPE (Common Platform Enumeration) 886

CRA (challenge-response authentication) 49–50, 102, 571–572

cracking passwords 46

CRE (Common Remediation Enumeration) 886

CREATE DATABASE statement 70

CREATE INDEX statement 71

CREATE TABLE statement 71

credentials

credentialed vulnerability scans 182, 349–350

harvesting 18

policies 906–908

crimeware 44

criminal syndicates 120

Critical information 942

critical systems, identification of 929

CRLs (certificate revocation lists) 533, 689–690, 691, 829

crossover error rate (CER) 304, 626

cross-site request forgery (XSRF) 85–86, 149, 272, 275, 602

cross-site scripting (XSS) 54, 68–70, 110, 149, 272, 275, 464, 601

.crt file extension 697

cryptography 396. See also encryption; hashing; secure protocols

algorithms 498

blockchain 409–410

cipher suites 409–411

common use cases 417–418

cryptographic attacks

birthday 56

collision 55–56

cryptographic protocols 551

Advanced Encryption Standard (AES) 552

Counter-mode/CBC-MAC protocol (CCMP) 552

Simultaneous Authentication of Equals (SAE) 551, 552

summary of 552

Wi-Fi Protected Access 2 (WPA2) 551

Wi-Fi Protected Access 3 (WPA3) 551–552

definition of 391

digital signatures 395–396, 520

diversity in 331

elliptic-curve cryptography (ECC) 399–400

encryption 159, 362

cloud computing 605, 610

data at rest 218

data in transit/motion 218

data in use/processing 218

disk 473

entropy 419

homomorphic 417

international mobile subscriber identity (IMSI) 49, 358, 584

mobile device management (MDM) 578–580

symmetric/asymmetric 411–413

vulnerabilities 150–151

entropy 419

keys

ephemeral 403

key exchanges 399

key signing keys (KSKs) 427

length of 396

password 655

personal unblocking keys (PUKs) 360

public/private 436–437

Secure Shell (SSH) 625, 628

stretching 397

zone signing keys (ZSKs) 427

lightweight 414–415

limitations of 418–420

modes of operation 403–409

authenticated 404

Cipher Block Chaining (CBC) 405

Cipher Feedback (CFB) 406

counter 404

Counter (CTR) 408–409

Electronic Code Book (ECB) 404

Output Feedback (OFB) 407

unauthenticated 404

perfect forward secrecy 400–401

post-quantum 402

Public Key Cryptography Standards (PKCS) 412

quantum 401–402

communications 401–402

computing 402

definition of 401

salting 397–398, 462–463

steganography 415

audio 415–416

homomorphic 417

image 416–417

video 416

cryptomalware 33–34

CSA (Cloud Security Alliance) 139, 603, 884

CSAF (Common Security Advisory Framework) 164

CSF (Cybersecurity Framework) 882, 884

CSIRT. See incident response (IR) teams

CSOs (chief security officers) 930

CSPs (cloud service providers) 139, 233, 598, 853–854

CSRF (cross-site request forgery) 602

CSRs (certificate signing requests) 689

CTR (Counter) mode 404, 408–409

Cuckoo 731–732

curl command 724–725

custodians, data 946

custody, chain of 789, 844

CVE (Common Vulnerability and Exposure) 78, 125, 146, 177, 886

CVE Numbering Authorities (CNAs) 179

CVRF (Common Vulnerability Reporting Framework) 164

CVSS (Common Vulnerability Scoring System) 182–186, 886

CWE (Common Weakness Enumeration) 75, 886

CWSS (Common Weakness Scoring System) 887

cyber kill chain 770–771

Cybersecurity and Infrastructure Security Agency (CISA) 353–354

Cybersecurity Framework (CSF) 882, 884

cybersecurity insurance 918

cybersecurity resilience. See resilience

CYOD (choose-your-own-device) 588

D

DAC (discretionary access control) 674–676, 679

DAEAD (deterministic authenticated encryption with associated data) 404

DAI (Dynamic ARP Inspection) 105

dark web 124–125, 143

Darkleech 146–147

dashboards, SIEM 786–789

DAST (dynamic application security testing) 470–471

data at rest 156, 218

data blockers, USB 379–380

data breaches

data types and asset classification 941–942

fines 940

identity theft 940

impact assessment 948

information lifecycle 947–948

intellectual property theft 940

notifications of 855–856, 941

personally identifiable information (PII) 943

privacy enhancing technologies 944–945

privacy notices 949

protected health information (PHI) 944

reputation damage from 940

response and recovery controls 220–221

security roles and responsibilities 945–947

terms of agreement 948

data classification 904–905

data controllers 946

data custodians/stewards 946

data destruction, secure 386–387

Data Encryption Standard (DES) 412

data exfiltration 907–908

data exposure 267

data governance 904–905

data in transit/motion 156, 218

data in use/processing 156, 218

data input 186

data labeling 676

data loss prevention (DLP) 139, 214–215, 453, 582, 586, 699, 825–826, 871

data masking 216–218, 945

data minimization 944–945

data owners 946

data privacy. See privacy breaches

data privacy officers (DPOs) 905

data processors 946

data protection 214–215

data protection officers (DPOs) 947

data recovery 859

data retention policies 775–776, 906

data sanitization 748–749

data sources

bandwidth monitors 804

Internet Protocol Flow Information Export (IPFIX) 811–813

log files 789

application 792–793

authentication 789–796

Call Manager 799–800

Domain Name System (DNS) 795–796

dump files 797

journalctl 802

network 790

NXLog 803–804

security 793

Session Initiation Protocol (SIP) 800

syslog/rsyslog/syslog-ng 800–801

system 791–792

Voice over Internet Protocol (VoIP) 799–800

web server 794

metadata 805–806

in email 808

in files 809

on mobile devices 808

on web pages 808–809

NetFlow 809–810

protocol analyzers 813

Security Information and Event Management (SIEM)

alerts 788

correlation 788–789

dashboards 786–789

sensitivity 788

sensors 787

trends 788

sFlow 810–811

vulnerability scan output 785–786

data sovereignty 214–215

data types 941–942

databases 461–462

DC (direct current) 380

DCOM (Distributed Component Object Model) 86

DCS (distributed control systems) 343

DCT (Discrete Cosine Transforms) 417

dd utility 744–745

DDoS (distributed denial-of-service) attacks 37–38, 54, 111–113, 601

dead box forensic collection 858

dead code 270

Dead Peer Detection (DPD) 501

deauthentication attacks 101

decentralized access control 640, 679

decentralized cameras 375

decentralized trust models 698

deception and disruption techniques

fake telemetry 223

honeyfiles 223

honeypots 221–223

DeepSound 415

defense in depth 264

defrag command 158

defragmentation 158

degaussing 387

delegation of access 662

DELETE statement 70

delivery

continuous 279

malware 43–45

demilitarized zones (DMZs) 384, 491

denial-of-service (DoS) attacks 88, 122, 267, 601, 770

deny lists 467–468, 578, 583, 822–823

Department of Defense (DoD) security standards 674

deployment, continuous 279

deprovisioning, application 260

DER (Distinguished Encoding Rules) 697

dereferencing, pointer 75–76

DES (Data Encryption Standard) 412

design constraints, embedded systems 361

authentication 363

compute 361–362

cost 363

crypto 362

implied trust 363

inability to patch 362

network 362

power 361

range 363

destruction and disposal services 387

detective controls 869–870, 872

deterministic authenticated encryption with associated data (DAEAD) 404

deterrent controls 869, 870–871, 872

development environments 257–260

development lifecycle. See software development lifecycle (SDLC)

devices, forensic acquisition 850–851

devices, mobile. See mobile solutions

DevOps 259, 263–265, 278–279

DevSecOps 259, 278–279

DFIR (Digital Forensics and Incident Response) 744

DHCP (Dynamic Host Configuration Protocol) 443

snooping 512–513

starvation attack 513

diagrams, configuration 213

Diamond Model of Intrusion Analysis 768–770

dictionary attacks 45, 749

differential backups 326, 328

Diffie-Hellman 500–501

dig command 709–710

DigiCert 691

digital forensics. See forensics, digital

Digital Millennium Copyright Act 220

digital rights management (DRM) 67, 219–220

digital signal processors (DSPs) 359

Digital Signature Algorithm (DSA) 396, 412

digital signatures 395–396, 520

digital video recorders (DVRs) 376–377

direct current (DC) 380

directory services 291–292, 442

directory traversal 75–76, 149, 274–275, 276

disablement 635, 639

disassociation attacks 101

disaster analysis 924–925

disaster recovery plans (DRPs) 330–331, 772–773, 926, 928–930

disclosures, public 940

discovery of identity 623–624

discovery tools

definition of 707

dig 709–710

hping 717

ifconfig 710–711

ipconfig 710

netcat 720–721

netstat 718–720

nmap 711–714

nslookup 709–710

pathping 716–717

ping 714–716

ping6 716

tracert/traceroute 707–709

Discrete Cosine Transforms (DCT) 417

discretionary access control (DAC) 674–676, 679

Disk Cleanup 157

Disk Defragmenter 158

disks

backups 326

encryption 473

forensic acquisition of 848

hardening 157–159

redundancy

definition of 315–316

multipath 319

Redundant Array of Inexpensive Disks (RAID) 315–316

Redundant Array of Inexpensive Disks (RAID) 869

self-encrypting 475–476

Distinguished Encoding Rules (DER) 697

Distributed Component Object Model (DCOM) 86

distributed control systems (DCS) 343

distributed denial-of-service (DDoS) attacks 37–38, 54, 111–113, 601

Distributed Ledger Technology (DLT) 409

diversity 278, 331–332

DKIM (Domain Keys Identified Mail) 110, 426

DLL (dynamic link library) injection 74, 274

DLP (data loss prevention) 139, 214–215, 453, 582, 586, 699, 825–826, 871

DLT (Distributed Ledger Technology) 409

DMARC (Domain-based Message Authentication, Reporting & Conformance) 111

DMSSEC (Domain Name System Security Extensions) 796

DMZs (demilitarized zones) 384, 491

DNS (Domain Name System) 442–443

attacks 54

cloud-based 601

DDoS (distributed denial-of- service) 37–38, 54, 111–113, 601

DNS amplification attack 112

DNS poisoning 108–110, 223

domain hijacking 108

domain name kiting 109–110

domain reputation 110–111

prevalence of 107

URL redirection attacks 110

DNS Security Extensions (DNSSEC) 108, 426–427

DNS sinkholes 223

logs 795–796

OpenDNS 509–510

dnsenum 728–729, 796

DNSSEC (Domain Name System Security Extensions) 108, 426–427, 442–443

Docker 237–240

docker images command 237

docker ps command 238

docker search command 239

Document Object Model (DOM) 68–69

documentation, forensic

admissibility of 843

chain of custody 844

event logs 845–846

interviews 846–847

legal hold 842

reports 846

tagging of 845–846

timelines and sequence of events 844–845

time offset 844

timestamps 844

video 842–843

DOM (Document Object Model) 68–69

Domain Keys Identified Mail (DKIM) 110, 426

domain name kiting 109–110

domain name resolution 442–443

Domain Name System. See DNS (Domain Name System)

domain reputation 110–111

domain validation (DV) certificates 694

Domain-based Message Authentication, Reporting & Conformance (DMARC) 111

DoS (denial-of-service) attacks 88, 601, 770

DPD (Dead Peer Detection) 501

DPOs (data privacy officers) 905

Dragonfly 101, 552

driver manipulation 89

drives. See disks

DRM (digital rights management) 67, 219–220

drones 205, 353–354, 382–383

DROP INDEX statement 71

DROP TABLE statement 71

DRPs (disaster recovery plans) 772–773, 926, 928–930

DSA (Digital Signature Algorithm) 396, 412

DSPs (digital signal processors) 359

DTP (Dynamic Trunking Protocol) 106

dual parity, striping with (RAID) 316, 318

dual power supplies 321

dual supply power 321–322

due care 900

due diligence 900

due process 900

dump files 797

dumpster diving 13

duties, separation of 898, 900

DV (domain validation) certificates 694

DVRs (digital video recorders) 376–377

dynamic application security testing (DAST) 470–471

Dynamic ARP Inspection (DAI) 105

dynamic code analysis 269, 470–471

Dynamic Host Configuration Protocol. See DHCP (Dynamic Host Configuration Protocol)

dynamic link library (DLL) injection 74, 274

dynamic resource allocation 607–608, 611

Dynamic Trunking Protocol (DTP) 106

E

EAP (Extensible Authentication Protocol) 553–556, 664–667

EAP-FAST 556, 666

EAP-MD5 556, 666

EAP-TLS 556, 666

EAP-TTLS 556, 666

LEAP 666

PEAP 556, 666

Easter eggs 39–40

east-west traffic 492

ECB (Electronic Code Book) 404

ECC (elliptic-curve cryptography) 399–400

ECDSA (Elliptic Curve Digital Signature Algorithm) 551–552

edge computing 234–235

e-discovery 858–859

EDR (endpoint detection and response) 452–453

education, user 22–24, 899, 901–902

EEA (European Economic Area) 214, 220

EER (equal error rate). See crossover error rate (CER)

eEye Digital Security, Retina Web Security Scanner 204

EFS (Encrypting File System) 694

EIGamal 412

elasticity 279–280

electrical metallic tubing (EMT) 385

electromagnetic (EM) frequency band 102

Electronic Code Book (ECB) 404

electronic locks 379

electronic serial numbers (ESNs) 49, 584

eliciting information 15–16

Elliptic Curve Digital Signature Algorithm (ECDSA) 551–552

elliptic-curve cryptography (ECC) 399–400

elliptic-curve techniques 412

EM (electromagnetic) frequency band 102

email

attack vectors 122

certificates 696

email protocol port numbers 441

email servers 145

metadata in 808

Spam 13

SPIM (Spam over Internet Messaging) 13

synchronization 440

Email Security Appliance (ESA) 111

embedded systems

aircraft 348–350

Arduino 340

communication considerations

5G 357–358

baseband radio 359

NarrowBand 358

subscriber identity module (SIM) cards 360

Zigbee 360–361

constraints 361

authentication 363

compute 361–362

cost 363

crypto 362

implied trust 363

inability to patch 362

network 362

power 361

range 363

definition of 339

drones 353–354

Field-Programmable Gate Array (FPGA) 340

heating, ventilation, and air conditioning (HVAC) 352–353

industrial control systems (ICSs) 341–343

Internet of Things (IoT) 38, 98, 113, 344–346, 358, 414

medical systems 347

multifunction printers (MFPs) 354

Raspberry Pi 339

real-time operating systems (RTOSs) 355

smart meters 350

supervisory control and data acquisition (SCADA) 341–343

surveillance systems 355–356

system on a chip (SoC) 356–357

vehicles 347–348

Voice over Internet Protocol (VoIP) 350, 799–800

emergency preparedness logs 383

EMT (electrical metallic tubing) 385

Encapsulating Security Payload (ESP) 437, 503, 520

EnCase 850–851

Encrypting File System (EFS) 694

encryption 159, 362

cloud computing 605, 610

data at rest 218

data in transit/motion 218

data in use/processing 218

disk 473

entropy 419

homomorphic 417

international mobile subscriber identity (IMSI) 49, 358, 584

mobile device management (MDM) 578–580

modes of operation 403–409

authenticated 404

Cipher Block Chaining (CBC) 405

Cipher Feedback (CFB) 406

Counter (CTR) 404, 408–409

Electronic Code Book (ECB) 404

Output Feedback (OFB) 407

unauthenticated 404

symmetric/asymmetric 411–413

vulnerabilities 150–151

end of life (EOL) 904

end of service life (EOSL) 904

end users 947

endpoint detection and response (EDR) 452–453

endpoint DLP systems 214

endpoint protection 451

endpoint security solutions 822

approved lists 822

block/deny lists 467–468, 578, 583, 822–823

quarantine 823–824

end-to-end headers (HTTP) 466

energy management, SCADA control systems 342–343

engagement, rules of 200

enterprise environments

API considerations 216

configuration management 213, 215–216

data masking 216–218

data protection 214–215

data sovereignty 214–215

deception and disruption techniques

fake telemetry 223

honeyfiles 223

honeypots 221–223

digital rights management (DRM) 219–220

DNS sinkholes 223

encryption 218

hashing 218–219

response and recovery controls 220–221

site resiliency 221–222

enterprise resource planning (ERP) 883

entropy 419

enumerations 886

env command 739

environmental disaster 924

environmental groups 182

environmental variables 740

environments, software development 257–260

known 198

partially known 199

unknown 198–199

EOL (end of life) 904

EOSL (end of service life) 904

ephemeral keys 403

equal error rate. See crossover error rate (CER)

eradication phase, incident response (IR) 764

ERP (enterprise resource planning) 883

error handling 79–82

compile-time errors 81–82, 266–267

error-based technique 74

input handling 80

runtime errors 81–82, 266–267

escalation, privilege 67–68, 201, 941

escape attacks, VM (virtual machine) 248–249

escrow, key 699

ESNs (electronic serial numbers) 49, 584

ESP (Encapsulating Security Payload) 437, 503, 520

ethical hacking. See penetration testing

ETSI (European Telecommunications Standards Institute) 235

EU (European Union)

European Economic Area (EEA) 214, 220

European Telecommunications Standards Institute (ETSI) 235

General Data Protection Regulation (GDPR) 42, 214, 220, 356, 434, 453, 760, 855, 878–879, 947

Information Society Directive 220

EV (extended validation) certificates 694

event logs 845–846

Event Viewer 791–792

events, sequence of 844–845

time offset 844

timestamps 844

evidence, forensic

acquisition 847–854

artifacts 853

cache 852

checksums 857

data breach notification laws 855–856

definition of 847

device 850–851

disk 848

firmware 851

hashing 856–857

integrity 856

network 852–853

operating system 850

order of volatility 848

on-premises versus cloud 853–854

random-access memory (RAM) 848–849

regulatory and jurisdictional 855

right-to-audit clauses 854

snapshot 851–852

swap/pagefile 849–850

admissibility of 843

chain of custody 844

e-discovery 858–859

event logs 845–846

interviews 846–847

legal hold 842

preservation 858

provenance 857–858

reports 846

tagging of 845–846

timelines and sequence of events 844–845

time offset 844

timestamps 844

video 842–843

evil twin attacks 98–99

exam preparation

final review and study 953–954

hands-on activities 953

Pearson Test Prep practice test 954

test lab, building 953

exam updates 02.0004–02.0026

exchanges, key 399

executives, security roles and responsibilities 945–947

exercises

simulations 766–767

tabletop 765–766

walkthrough 766

exFAT 850

exfiltration 770, 907–908

expiration, certificates 693

explicit allow/deny 528

Exploit code maturity (E) metric 184

exploit kits 44

Exploitability metrics 183–184

exploitation frameworks 747–748, 770

Extended Detection and Response (XDR) 189

extended validation (EV) certificates 694

Extensible Authentication Protocol. See EAP (Extensible Authentication Protocol)

Extensible Configuration Checklist Description Format (XCCDF) 885

Extensible Markup Language (XML) injection 74–75, 273–274

external actors 122

external risk 917. See also risk management

extinguishers, fire 381

extranets 492–493, 899

F

f8-mode (SRTP) 430

FAA (Federal Aviation Administration) 348–349, 353, 382–383

facility automation 345

facility codes 373

fail-closed 927

fail-open 927

failure, single point of 156, 926

failure in time (FIT) 926

fake telemetry 223

false acceptance rate (FAR) 303, 626

false negatives 181, 519, 520

false positives 181, 518, 520

false rejection rate (FRR) 303, 626

Faraday cages 383, 562–563

FAST (Flexible Authentication via Secure Tunneling) 556

Fast Identity Online (FIDO) 297

FAT 850

FDE (full-disk encryption) 473, 475–476

fdisk -l command 157

FEAT command 433

Federal Aviation Administration (FAA) 348–349, 353, 382–383

Federal Information Security Management Act (FISMA) 776

Federal Risk and Authorization Management Program (FedRAMP) 599

Federal Trade Commission (FTC) 17, 221

federated identity management (FIM) 658

federation 292–293, 623–624, 658, 672

FedRAMP (Federal Risk and Authorization Management Program) 599

fencing 380–381

FFmpeg 416

FIDO (Fast Identity Online) 297

Field-Programmable Gate Array (FPGA) 340

file and code repositories 127

file integrity monitors 542

file manipulation 732–733

cat command 734–735

chmod command 736–737

grep command 735–736

head command 733

logger command 737–738

tail command 734

file servers 144

file transfer 440

File Transfer Protocol. See FTP (File Transfer Protocol)

fileless viruses 37

files

log 789

application 792–793

authentication 789–796

Call Manager 799–800

Domain Name System (DNS) 795–796

dump files 797

journalctl 802

network 790

NXLog 803–804

security 793

Session Initiation Protocol (SIP) 800

syslog/rsyslog/syslog-ng 800–801

system 791–792

Voice over Internet Protocol (VoIP) 799–800

web server 794

metadata in 809

filtering

content/URL 533, 828–829

MAC (media access control) 513

packet 528

financial information. See personally identifiable information (PII)

Financial Services Information Sharing and Analysis Center (FS-ISAC) 124

fines 940

fingerprint authentication 300–301

fire

disaster analysis for 924–925

suppression 381

firewalls 146, 198

appliance 534

application-level gateway (ALG) 529

in cloud 613–614, 615

configuration 529–533

content URL/filtering 533

hardware versus software 534

host-based 457–458, 534

multihomed connections 532

NAT gateway 529

network-based application layer 530

next-generation firewall (NGFW) 453–454, 524

packet filtering 528

personal 534

purpose of 526–528

rules 528, 825

unified threat management (UTM) 524

virtual 534–535

web application 531

wireless security 562

firmware

firmware over-the-air (OTA) updates 583

forensic acquisition of 851

FIRST (Forum of Incident Response and Security Teams) 180

FISMA (Federal Information Security Management Act) 776

FIT (failure in time) 926

flash drives, malicious 47–48

Flexible Authentication via Secure Tunneling (FAST) 556

flood, disaster analysis for 925

flooding, MAC (media access control) 106

FM200 381

fog computing 234–235

footprinting 205

Forcepoint 533

Forefront Identity Manager 658

Foremost 415

Forensic Toolkit (FTK) 747, 850–851

forensics, digital

acquisition

artifacts 853

cache 852

checksums 857

data breach notification laws 855–856

definition of 847

device 850–851

disk 848

firmware 851

hashing 856–857

integrity 856

network 852–853

operating system 850

order of volatility 848

on-premises versus cloud 853–854

random-access memory (RAM) 848–849

regulatory and jurisdictional 855

right-to-audit clauses 854

snapshot 851–852

swap/pagefile 849–850

data recovery 859

definition of 744, 837

Digital Forensics and Incident Response (DFIR) 744

documentation/evidence

admissibility of 843

chain of custody 844

event logs 846

interviews 846–847

legal hold 842

reports 846

tagging of 845–846

timelines and sequence of events 844–845

video 842–843

e-discovery 858–859

nonrepudiation 859–860

preservation 858

provenance 857–858

strategic intelligence/counterintelligence 860

tools

Autopsy 747

dd 744–745

FTK Imager 747

memdump 745

WinHex 746

forgeries, request 85–86

formats, certificate 697

Forum of Incident Response and Security Teams (FIRST) 180

forward proxy 516

forward secrecy 400–401

FPGA (Field-Programmable Gate Array) 340

frameworks

exploitation 747–748

IT security 881–884

FreeBSD 676

frequency distributions 159

FRR (false rejection rate) 303, 626

fsck command 158

FTC (Federal Trade Commission) 17, 221

FTK (Forensic Toolkit) 747, 850–851

FTP (File Transfer Protocol)

FTP servers 147–148

FTPS (File Transfer Protocol, Secure) 432–433

SFTP (Secure File Transfer Protocol) 434

full backups 326, 328–331

full tunnel mode, SSL/TLS VPN 508

full-disk encryption (FDE) 473, 475–476

functions, hash 218–219

fuzz testing 80, 269–270, 471

fuzzers 269–270

G

gait analysis 302

Galois Message Authentication Code (GMAC), AES in 498

Galois/Counter Mode (GCM) 498, 551–552

gamification 902

gapping 384

gateways

application-level 529

NAT 529

transit 246–247

GCM (Galois/Counter Mode) 498, 551–552

GDPR (General Data Protection Regulation) 42, 214, 220, 356, 434, 453, 760, 855, 878–879, 947

general-purpose I/O GPIO framework extension (GpioClx) 477

generators 321

generic accounts 629

Generic Routing Encapsulation (GRE) 520

geofencing 572–573, 578–580

geographic dispersal 315

geolocation 578–580, 639

geotagging 572–573, 584, 586, 639

GitHub repositories 8, 18, 127, 203, 258

GitLab 127, 258

Global Positioning System (GPS) 572, 584

Global Regular Expression Print (grep ) 735–736

GMAC (Galois Message Authentication Code), AES in 498

Gnutella 530

Golden SAML attacks 293

Google

Cloud 233, 603, 853

Google Pay 584

Kubernetes 239–240

OAuth 2.0 292

Secret Manager 604

governance, risk, and compliance (GRC) 880, 904–905

GpioGlx (general-purpose I/O GPIO framework extension) 477

GPOs (group policy objects) 474

GPS (Global Positioning System) 572, 584

Gramm-Leach-Bliley (GLB) Act 880

GraphQL 86

gray hat hackers 121

gray-box testing 80

GRC (governance, risk, and compliance) 880, 904–905

GRE (Generic Routing Encapsulation) 520

grep command 735–736

group policy objects (GPOs) 474

groups

base 182

environmental 182

security 607, 611

temporal 182

Grover’s algorithm 402

guards 377

guest accounts 629

Guidelines for Evidence Collection and Archiving 848

H

HA (high availability) 329–330

across zones 603, 609

cloud computing 605, 610

HackerOne 203

hackers 121. See also penetration testing

hacktivists 120, 122

hands-on activities 953

hard disks

backups 326

encryption 473

forensic acquisition of 848

hardening 157–159

redundancy

definition of 315–316

multipath 319

Redundant Array of Inexpensive Disks (RAID) 315–316

self-encrypting 475–476

hardening

applications 471

hard disks 157–159

operating systems 473–474

hardware root of trust 476–477

hardware security modules (HSMs) 478, 524, 587, 656

Hardware Shield 851

hashcat 749

HashCorp Nomad 240

Hashed Message Authentication Mode (HMAC) 295–296, 551–552

hashing 218–219, 463, 856–857

avalanche effect 463

collisions 463

definition of 398–399

Digital Signature Algorithm (DSA) 396

Elliptic Curve Digital Signature Algorithm (ECDSA) 551–552

Hashed Message Authentication Mode (HMAC) 295–296

Message Digest Algorithm 5 (MD5) 55, 219

padding 463

pass the hash 89–90

salting 47, 82

Secure Hash Algorithm (SHA) 55, 463, 551–552

SHA-256 463

HAVA (Help America Vote Act) 880

head command 733

headers, HTTP (Hypertext Transfer Protocol) 465–466

Health Insurance Portability and Accountability Act (HIPAA) 453, 880, 940, 944

heat maps 559

heating, ventilation, and air conditioning (HVAC) 352–353

Help America Vote Act (HAVA) 880

heuristic-based analysis 521

heuristic-based intrusion detection 521

HID Global 629

HIDSs (host intrusion detection systems) 215, 456, 578, 586

high availability (HA) 329–330

across zones 603, 609

cloud computing 605, 610

hijacking

BGP 535–536

blind 84

cookie 465

session 54, 83, 465, 601

TCP/IP 84

URL 44

hijacking, domain 108

HIPAA (Health Insurance Portability and Accountability Act) 453, 880, 940, 944

HIPSs (host intrusion prevention systems) 454–455, 523

Hitachi 476

HMAC (Hashed Message Authentication Mode) 295–296, 551–552

HMAC-based one-time password (HOTP) 295–296

HMI (human-machine interface) 341

hoaxes 19

holds, legal 842

HOME environment variable 740

homomorphic encryption 417

homomorphic steganography 417

honeyfiles 223

honeypots 221–223

hop-by-hop headers (HTTP) 466

horizontal privilege escalation 67–68

host command 716

host intrusion detection systems (HIDS) 215, 456, 578, 586

host intrusion prevention systems (HIPSs) 454–455, 523

host security. See also application security

antimalware 452

antivirus software 451

boot integrity

boot attestation 460–461

definition of 458–459

measured boot 459–460

Unified Extensible Firmware Interface (UEFI) 459

data loss prevention (DLP) 453

databases 461–462

endpoint 451, 452–453

hashing 463

host intrusion detection systems (HIDS) 215, 456, 578, 586

host intrusion prevention systems (HIPSs) 454–455, 523

host-based firewalls 457–458

next-generation firewall (NGFW) 453–454

salting 462–463

Host-based IPSs (HIPSs) 523

hot aisles 386

hot sites 221

hotfixes and patches 160–164, 179–180, 362, 474–475

HOTP (HMAC-based one-time password) 295–296

hotspots 585

hping command 717

Hping.org 717

HSMs (hardware security modules) 478, 524, 587, 656

HTTP (Hypertext Transfer Protocol) 465–466, 577

HTML5 505–508

HTTPS 82, 268, 436–437, 577

human resources (HR) personnel 901

human-machine interface (HMI) 341

HUMINT (human intelligence) 18

HVAC (heating, ventilation, and air conditioning) 352–353

hybrid attacks 749

hybrid cloud 140, 233

hyper-jacking 248

Hypertext Transfer Protocol. See HTTP (Hypertext Transfer Protocol)

hypervisors 325

attacks 601

hypervisor-based keyloggers 42

I

IA (information assurance). See risk management

IaaS (infrastructure as a service) 139, 231, 603, 853

IaC (infrastructure as code) 241–243, 260

IACS 342

IACS (industrial automation and control systems) 342, 343

IAM (identity and access management) 633

identity and access lifecycle 633–635

account audits 635

disablement 635

privileges provisioning 635

registration and identity validation 633–635

policy 605

IBM

AppScan 204

Data Encryption Standard (DES) 412

QRadar 526

IC (integrated circuit) cards 373

ICCIDs (unique serial numbers) 360

ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) 362

ICSs (industrial control systems) 353–354

identification phase, incident response (IR) 763

identity. See also authentication; certificates; passwords

discovery of 623–624

federation 623

identity and access management (IAM) 633–635

identity and access lifecycle 633–635

policy 605

identity fraud 17, 638

baiting 19

credential harvesting 18

hoaxes 19

identity theft 940

impersonation/pretexting 19

invoice scams 17

reconnaissance 18

typo squatting 20, 44

watering hole attacks 20, 85

identity providers (IdPs) 292, 623–624, 661

Secure Shell (SSH) keys 628

smart cards 629

tokens 627–628

Identity Services Engine (ISE) 590

IdPs (identity providers) 292, 623–624, 661

IDSs (intrusion detection systems). See HIDSs (host intrusion detection systems); network intrusion detection systems (NIDSs)

IEEE 802.1X standard 510, 553–556, 562, 664–667, 673

IETF (Internet Engineering Task Force)

IPFIX (Internet Protocol Flow Information Export) 187

RFC (request for comments) 128

ifconfig command 710–711

IIS (Internet Information Services) 146, 697, 794

IKE (Internet Key Exchange)

IKEv1 Phase 1 negotiation 498–501

IKEv1 Phase 2 negotiation 501–503

IKEv2 504–505

image backups 326

image steganography 416–417

IMAP (Internet Message Access Protocol) 438–439

IMEI (international mobile equipment identity) 49, 584

immutability 263

impact assessment 184, 920, 921, 948

impersonation 19

implicit deny 528, 680

impossible travel time 639

IMSI (international mobile subscriber identity) encryption 358, 584

in-band SQL injection 73

incident response (IR) plans

business continuity plans (BCPs) 773–774, 929

communication plans 771–772

continuity of operations plans (COOPs) 774–775, 929

cyber kill chain 770–771

data retention policies 775–776

definition of 760–761

Diamond Model of Intrusion Analysis 768–770

disaster recovery plans (DRPs) 772–773

exercises

simulations 766–767

tabletop 765–766

walkthrough 766

incident response teams 175, 760, 775–776

MITRE ATT&CK framework 18, 128–129, 176, 205, 223, 767–768

process and lifecycle

containment 763–764

eradication 764

identification 763

lessons learned 764–765

overview of 761–762

preparation 762–763

recovery 764

stakeholder management 771–772

incident response (IR) teams 175, 760, 775–776

incremental backups 326, 328

indicators of compromise (IoCs) 123, 762, 832, 853

industrial automation and control systems (IACS) 342, 343

industrial camouflage 377

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 362

industrial control systems (ICSs) 341–343, 353–354

Industry 4.0 342

influence campaigns 21

information assurance (IA). See risk management

information lifecycle 947–948

Information Sharing and Analysis Centers (ISACs) 123–125

Information Society Directive 220

information systems security officers (ISSOs) 930, 947

Information Technology Infrastructure Library (ITIL) 882

information technology operations 263

InfraGard 128

infrastructure as a service (IaaS) 139, 231, 603, 853

infrastructure as code (IaC) 241–243, 260

inherent risk 921

inheritance, of permissions 644–646

Initial Contact 501

initialization vectors (IVs) 103, 403

injection 70

code 149, 273–274, 276

DLL (dynamic link library) 74

LDAP (Lightweight Directory Access Protocol) 74, 144

SQL (Structured Query Language) 54, 70–74, 273–274, 464

XML (Extensible Markup Language) 74–75

inline prevention detection systems (IPSs) 523–524

input handling 79–82

input validation 80, 81, 267–268, 464

INSERT INTO statement 70

inspection, API 607, 610

instance awareness 608, 611

insurance, cybersecurity 918

integer overflows 77, 271

integrated circuit (IC) cards 373

integration

API 607, 610

cloud computing 604, 609

continuous 279

integrity 289

boot

boot attestation 460–461

definition of 458–459

measured boot 459–460

Unified Extensible Firmware Interface (UEFI) 459

forensic acquisition 856

integrity control 378

measurement of 184, 261, 887

Intel Hardware Shield 851

intellectual property theft 917, 940

intelligence

automated indicator sharing (AIS) 125

Information Sharing and Analysis Centers (ISACs) 123–125

intelligence fusion 177

MITRE ATT&CK framework 18, 128–129, 176, 205, 223, 767–768

research sources 127–128

strategic 860

Structured Threat Information eXpression (STIX) 125–127

Trusted Automated eXchange of Indicator Information (TAXII) 125–127

vulnerability databases 125

interconnection security agreements (ISAs) 903

intermediate certificate authorities 696

internal actors 122

internal information 905

internal risk 917. See also risk management

international mobile equipment identity (IMEI) 49, 584

international mobile subscriber identity (IMSI) 49, 358, 584

International Organization for Standardization (ISO) 881, 884, 893

Internet Engineering Task Force (IETF)

IPFIX (Internet Protocol Flow Information Export) 187

RFC (request for comments) 128

Internet Information Services (IIS) 146, 697, 794

Internet Key Exchange. See IKE (Internet Key Exchange)

Internet Message Access Protocol (IMAP) 438–439

Internet of Things (IoT) 38, 98, 113, 344–346, 358, 414

Internet Protocol. See IP (Internet Protocol)

Internet Protocol Flow Information Export (IPFIX) 187, 524, 811–813

Internet Security Association and Key Management Protocol (ISAKMP) 497

Internet service providers (ISPs) 808

interviews, forensic 846–847

Intigriti 203

intranets 492–493

intrusion detection systems. See host intrusion detection systems (HIDS)

intrusion detection systems (IDSs). See network intrusion detection systems (NIDSs)

intrusion phase, cyber kill chain 770

intrusion prevention systems. See host intrusion prevention systems (HIPSs)

intrusive scans 182

Investigate 509–510

investigations, data sources for

bandwidth monitors 804

Internet Protocol Flow Information Export (IPFIX) 811–813

log files 789

application 792–793

authentication 789–796

Call Manager 799–800

Domain Name System (DNS) 795–796

dump files 797

journalctl 802

network 790

NXLog 803–804

security 793

Session Initiation Protocol (SIP) 800

syslog/rsyslog/syslog-ng 800–801

system 791–792

Voice over Internet Protocol (VoIP) 799–800

web server 794

metadata

in email 808

in files 809

on mobile devices 808

types of 805–806

on web pages 808–809

NetFlow 809–810

protocol analyzers 813

Security Information and Event Management (SIEM)

alerts 788

correlation 788–789

dashboards 786–789

sensitivity 788

sensors 787

trends 788

sFlow 810–811

vulnerability scan output 785–786

invoice scams 17

IoCs (indicators of compromise) 123, 762, 832, 853

IoT (Internet of Things) 38, 98, 113, 344–346, 358, 414

IP (Internet Protocol). See also IPsec

addresses

IPv4 443–444

IPv6 536–537

virtual 488

configuration management 213

IP proxy 514

IP scanners

arp command 721–722

Cuckoo 731–732

curl command 724–725

definition of 721

dnsenum 728–729

Nessus 730–731

route command 723–724

scanless 727–728

sn1per 726–727

theHarvester 725–726

IP-Box 850–851

ipconfig command 710

IPFIX (Internet Protocol Flow Information Export) 187, 524, 811–813

IPsec 247, 437–438, 497. See also IKE (Internet Key Exchange)

attributes 501–502

Authentication Header (AH) 437

Encapsulating Security Payload (ESP) 437, 503

IKEv1 Phase 1 negotiation 498–501

IKEv1 Phase 2 negotiation 501–503

IKEv2 504–505

modes 438, 503

passthrough 501

IPSs (intrusion prevention systems). See HIPSs (host intrusion prevention systems); network intrusion detection systems (NIDSs)

IR. See incident response (IR) plans

iris recognition 301

ISACA COBIT framework 882

ISACs (Information Sharing and Analysis Centers) 123–125

ISAKMP (Internet Security Association and Key Management Protocol) 497

ISAs (interconnection security agreements) 903

ISE (Identity Services Engine) 590

ISO (International Organization for Standardization) 881, 884, 893

isolation 491, 562, 830

ISPs (internet service providers) 808

ISSOs (information systems security officers) 930, 947

issuers, certificate 692

IT contingency planning (ITCP) 929

IT security frameworks 881–884

ITIL (Information Technology Infrastructure Library) 882

ITU-T X.690 encoding formats 697

IVs (initialization vectors) 103, 403

J

jamming 102, 561–562

Japan’s Personal Information Protection Act (JPIPA) 220

JavaScript Object Notation (JSON) injection 273–274

JavaScript-based keyloggers 43

job rotation 898, 900

John the Ripper 44, 749

journalctl 802

jump servers 514

jurisdictional forensic intervention 855

K

Kali forensics 850

Kali Linux 415, 953

Katacoda 239

KBA (knowledge-based authentication) 625, 656–657

KDC (key distribution center) 668

KE (Key Exchange) 500

Kerberoasting TGS 292

Kerberos 82–83, 89, 292, 553, 668–670, 673

kernel-based keyloggers 42

Key Exchange (KE) 500

.key file extension 697

key recovery agents 699

key signing keys (KSKs) 427

keyloggers 42–43, 108, 113

keys 688

ephemeral 403

escrow 699

generation algorithms for 395

key distribution center (KDC) 668

key exchanges 399

key signing keys (KSKs) 427

length of 396

mobile device management (MDM) 577–578

password 655

personal unblocking keys (PUKs) 360

Public Key Cryptography Standards (PKCS) 412

public/private 436–437

Secure Shell (SSH) 625, 628

stretching 397

zone signing keys (ZSKs) 427

kiting, domain name 109–110

knowledge-based authentication (KBA) 625, 656–657

known environment/white box testing 198, 468–469

KSKs (key signing keys) 427

Kubernetes 239–240, 279–280

L

L0phtCrack 47

L2F (Layer 2 Forwarding Protocol) 508

L2TP (Layer 2 Tunneling Protocol) 494, 505–508

LANG environment variable 740

last known good configuration (LKGC) 329

lateral movement 201, 770

lateral traffic 492

laws 879–880

Layer 2 attacks

ARP cache poisoning 105

MAC cloning attacks 106

MAC flooding attacks 106

security best practices 106–107

Layer 2 Forwarding Protocol (L2F) 508

Layer 2 security 512

Bridge Protocol Data Unit (BPDU) guard 512

DHCP snooping 512–513

loop protection 512

MAC filtering 513

Layer 2 Tunneling Protocol (L2TP) 494, 505–508

LCP (Link Control Protocol) 44

LDAP (Lightweight Directory Access Protocol)

injection attacks 144, 273–274, 291, 442, 667–670

Lightweight Directory Access Protocol over SSL (LDAPS) 432

LDAPS (Lightweight Directory Access Protocol over SSL) 432

leaks, memory 78, 88

LEAP (Lightweight EAP) 666

least functionality 152

least privilege 264, 630, 681, 908

least significant bit (LSB) steganography 416–417

least-trusted zones 825

ledgers, public 409–410

legacy platforms 165

legal hold 842

lessons learned phase, incident response (IR) 764–765

libraries, third-party 265

licensing 918

lifecycle

identity and access 633–635

account audits 635

disablement 635

privileges provisioning 635

registration and identity validation 633–635

incident response (IR)

containment 763–764

eradication 764

identification 763

lessons learned 764–765

overview of 761–762

preparation 762–763

recovery 764

information 947–948

penetration testing 199–202

lighting, security 380

lightweight cryptography 414–415

Lightweight Cryptography Project 415

Lightweight Directory Access Protocol. See LDAP (Lightweight Directory Access Protocol)

Lightweight Directory Access Protocol over SSL (LDAPS) 432

Lightweight EAP (LEAP) 666

Link Control Protocol (LCP) 44

Linux

Kali Linux 415

Linux Kernel 236

System Monitor 542

lists

allow 467, 578, 583, 822

block/deny 467–468, 822–823

certificate revocation 829

live boot media 329

live box forensics 858

load balancers 319–320

load balancing

active/active 488

active/passive 488

definition of 488

scheduling 488

Virtual IP address 488

Local Security Authority Subsystem Service (LSASS) 47–48

locality attribute (certificates) 692

Lockheed Martin 770

locks and lockout programs 378–379, 579, 639

log collectors 186

log files 789

aggregation 186

analytics 383

application 792–793

audit 869–870

authentication 789–796

Call Manager 799–800

collection of 186

correlation of 186

Domain Name System (DNS) 795–796

dump files 797

emergency preparedness 383

event 845–846

journalctl 802

network 790, 852–853

normalization of 186

NXLog 803–804

review 182

risk 920

security 383, 793

Session Initiation Protocol (SIP) 800

syslog/rsyslog/syslog-ng 800–801

system 791–792

visitor 383

Voice over Internet Protocol (VoIP) 799–800

web server 794

logger command 737–738

logic bombs 39–40

logistics, SCADA control systems 343

loop protection 512

LS_COLORS environment variable 740

LsaLogonUser 90

LSASS (Local Security Authority Subsystem Service) 47–48

LSB (least significant bit) steganography 416–417

M

MaaS (monitoring as a service) 139, 232

MAC (mandatory access control) 588, 676, 679, 905

MAC (media access control) 511

addresses 511

cloning attacks 106

filtering 513

flooding attacks 106

spoofing 101

MACB (Modified, Accessed, Changed, and Birth) times 844

machine certificates 696

machine learning. See AI/ML (artificial intelligence and machine learning)

macOS Activity Monitor 542

macros 113

MACs (message authentication codes) 399, 410

MAIL environment variable 740

malicious software. See malware

Maltego 203

malware 113

antimalware 452

backdoors 42–43

bots and botnets 37–38, 111–112

cryptomalware 33–34

definition of 33

delivery mechanisms 43–45

fileless viruses 37

keyloggers 42–43

logic bombs 39–40

malvertising 40

mobile device security countermeasures 580

permanent damage from 45

potentially unwanted programs (PUPs) 40–42

ransomware 33–34, 111–112

spyware 40–42

time bombs 39

Trojans 35, 104, 113

worms 36–37

MAM (mobile application management) 585–587

managed detection and response (MDR) 234

managed power distribution units (PDUs) 322–323

managed security service providers (MSSPs) 233–234

managed service providers (MSPs) 233–234

management

managerial controls 868

roles and responsibilities 945–947

Management Information Bases (MIBs) 436

mandatory access control. See MAC (mandatory access control)

mandatory vacation policies 900

man-in-the-middle (MITM) attacks. See on-path (man-in-the-middle) attacks

manipulating files. See file manipulation

manual code review 470

manufacturing, SCADA control systems 342

mapping

many-to-one 690

one-to-one 690

masking, data 945

Mavituna Security Netsparker 204

maximum transmission unit (MTU) discovery 717

MBR (master boot record) 35–36, 851

MD5 algorithm 55, 219

MDM (mobile device management) 152, 574–576, 825–826, 908

application and content management 576–578

bring-your-own-device (BYOD) 215, 572, 574–576, 581, 588–590, 826, 898

choose-your-own-device (CYOD) 588–590

corporate-owned, personally enabled (COPE) 572, 588–590

enforcement and monitoring 581–585

metadata 808

mobile application management (MAM) 585–587

SEAndroid 588

security concerns and countermeasures 578–581

unified endpoint management (UEM) 587–588

virtual desktop infrastructure (VDI) 589

MDR (managed detection and response) 234

mean time between failures (MTBF) 926

mean time to failure (MTTF) 926

mean time to repair (MTTR) 926

measured boot 459–460

Measurement System Analysis (MSA) 904

MEC (multi-access edge computing) 235

media access control. See MAC (media access control)

medical systems 347

MEIDs (mobile equipment identifiers) 49, 584

memdump 745

memorandum of understanding (MOU) 903

memory management 265. See also buffer overflows

ARP cache poisoning 105

content addressable 106

leaks 78, 88, 271

random-access memory (RAM) 849–850

runtime 477

static random-access memory (SRAM) 340

virtual 850

vulnerabilities 77–78, 149, 271–272, 275

memory-injection-based keyloggers 43

Men & Mice Logeater 796

Mentor Nucleus RTOS 347

message authentication codes (MACs) 399, 410

Message Digest Algorithm 5 (MD5) 55, 219

metadata

in email 808

in files 809

on mobile devices 808

types of 805–806

on web pages 808–809

Meterpreter scripts 90

MFA (multifactor authentication) 304–306, 579, 656–657

MFPs (multifunction printers) 354

MicroSD hardware security modules (HSMs) 587

microsegmentation 240–241, 489–490

microservices 236–240

Microsoft

Active Directory (AD) 291–292

Azure 232–233, 603, 853

Cluster Server 488

Defender Antivirus 823–824

Disk Defragmenter 158

Exchange 145

Forefront Identity Manager 658

Internet Information Services (IIS) 146

MS-CHAP 670–671

security advisories and bulletins 179

Security Bulletins 146

SQL Server 273

Visual Basic for Applications (VBA) 113

Web Application Proxy 516

Windows Defender Firewall 457

Windows Server 144

Mimikatz 90

minimal privilege 681

minimization, data 944–945

mirroring 316, 318, 537–538

mission-essential functions 929

mitigation 919, 921. See also segmentation

configuration changes 824

certificates, updating/revoking 829–830

content filter/URL filter 828–829

data loss prevention (DLP) 828

firewall rules 825

mobile device management (MDM) 825–826

containment 763–764, 830–831

endpoint security solutions 822

application approved lists 822

application block list/deny list 822–823

approved lists 822

block/deny lists 467–468, 578, 583, 822–823

quarantine 823–824

isolation 830

Security Orchestration, Automation, and Response (SOAR) 188–189, 832

playbooks 834

runbooks 833

MITRE Corporation 18, 458

ATT&CK framework 18, 128–129, 176, 205, 223, 767–768

Common Vulnerabilities and Exposures (CVE) 125, 146, 177

Common Weakness Enumeration 75

PRE-ATT&CK framework 18

MMS (Multimedia Messaging Service) 583, 585

mobile equipment identifiers (MEIDs) 49, 584

mobile solutions

Common Vulnerabilities and Exposures (CVEs) 571

connection methods and receivers 570

Bluetooth 570–571

cellular 572–573

Global Positioning System (GPS) 572, 584

near-field communication (NFC) 570–571

radio frequency identification (RFID) 571–572

satellite communications (SATCOM) 573

secure implementation best practices 573–574

mobile application management (MAM) 585–587

mobile device management (MDM) 215, 574–576

application and content management 576–578

bring-your-own-device (BYOD) 572, 574–576, 581, 588–590, 826, 898

choose-your-own-device (CYOD) 588–590

corporate-owned, personally enabled (COPE) 572, 588–590

enforcement and monitoring 581–585