Modern Cybersecurity Practices
eBook - ePub

Modern Cybersecurity Practices

Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Modern Cybersecurity Practices

Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization

About this book

A practical book that will help you defend against malicious activities Key Features

  • Learn how attackers infiltrate a network, exfiltrate sensitive data and destroy any evidence on their way out
  • Learn how to choose, design and implement a cybersecurity program that best fits your needs
  • Learn how to improve a cybersecurity program and accompanying cybersecurity posture by checks, balances and cyclic improvement activities
  • Learn to verify, monitor and validate the cybersecurity program by active and passive cybersecurity monitoring activities
  • Learn to detect malicious activities in your environment by implementing Threat Hunting exercises

  • Description
    Modern Cybersecurity practices will take you on a journey through the realm of Cybersecurity. The book will have you observe and participate in the complete takeover of the network of Company-X, a widget making company that is about to release a revolutionary new widget that has the competition fearful and envious. The book will guide you through the process of the attack on Company-X's environment, shows how an attacker could use information and tools to infiltrate the companies network, exfiltrate sensitive data and then leave the company in disarray by leaving behind a little surprise for any users to find the next time they open their computer.
    After we see how an attacker pulls off their malicious goals, the next part of the book will have your pick, design, and implement a security program that best reflects your specific situation and requirements. Along the way, we will look at a variety of methodologies, concepts, and tools that are typically used during the activities that are involved with the design, implementation, and improvement of one's cybersecurity posture.
    After having implemented a fitting cybersecurity program and kickstarted the improvement of our cybersecurity posture improvement activities we then go and look at all activities, requirements, tools, and methodologies behind keeping an eye on the state of our cybersecurity posture with active and passive cybersecurity monitoring tools and activities as well as the use of threat hunting exercises to find malicious activity in our environment that typically stays under the radar of standard detection methods like firewall, IDS' and endpoint protection solutions. What you will learn
  • Explore the different methodologies, techniques, tools, and activities an attacker uses to breach a modern company's cybersecurity defenses
  • Learn how to design a cybersecurity program that best fits your unique environment
  • Monitor and improve one's cybersecurity posture by using active and passive security monitoring tools and activities.

  • Who this book is for
    This book is a must read to everyone involved with establishing, maintaining, and improving their Cybersecurity program and accompanying cybersecurity posture. Table of Contents
    1. What's at stake
    2. Define scope
    3.Adhere to a security standard
    4. Defining the policies
    5. Conducting a gap analysis
    6. Interpreting the analysis results
    7. Prioritizing remediation
    8. Getting to a comfortable level
    9. Conducting a penetration test
    10. Passive security monitoring
    11. Active security monitoring
    12. Threat hunting
    13. Continuous battle
    14. Time to reflect About the Authors
    Pascal Ackerman is a seasoned industrial security professional with a degree in electrical engineering and with 18 years of experience in industrial network design and support, information and network security, risk assessments, pentesting, threat hunting, and forensics.

Trusted by 375,005 students

Access to over 1.5 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
BPB Publications
Year
2020
Topic
Computer Science
eBook ISBN
9789389328257
Subtopic
Cyber Security
Index
Computer Science

Part I

Setting the Stage - System Pwnage

CHAPTER 1

What’s at Stake?

If my 10+ years of exploration and discovery in IT and cybersecurity space have taught me anything, it is that there is always something new to learn, there are always new developments and new material to study. Every week new ways to infiltrate you’re once considered secure systems or networks are being researched and shared with friends and foe. The past decade has seen an exponential increase in security-related activities like seminars, conferences, and hackathons. Apart from that many, a book is written on the subject. As for where back in the early 2000s, you had only a handful of meaningful security-related material, nowadays dozens of books and many more articles are published every month on every imaginable security related subject. All this has caused information security to become a well-versed subject and has positively influenced the awareness of and the drive for security practices and a security-minded corporate environment. It has also fueled malicious minded individuals with new and improved armor. Any curious kid can download a script and start causing mayhem in a matter of minutes. The level of expertise required from these so-called script kiddies is very low and has made every person who can navigate a search engine a potential risk to the security of your network and information systems.
On the opposite end of the skill scale are the experts like state/nation sponsored and Advanced Persistent Threat (APT) adversaries, the type of guys that when they target your network, they will get in, it will be just a matter of time. Actors within this group have the means to brute force your complex passwords with sheer computing resources, install keyloggers via an evil maid attack (https://searchsecurity.techtarget.com/definition/evil-maid-attack) or simply backdoor the equipment that makes it into your data centers or your network closets. Stopping them is near impossible; detecting them is, however, a feasible job as this book will show you.

Structure

We will be covering the following topics throughout this chapter:
  • General cyber in security
  • Cyber-attacks and their evolvement
  • Cyber security risk

Objective

In this chapter, by examining past breaches and security incidents, we will be touching on subjects like cyber insecurity, Breach analysis, and overall risk to an organization.
The objective of this chapter is to get you familiar with the above-mentioned topics and in the right mindset for the rest of the book material.

Some statistics

Security breaches are happening all around us to companies big and small. Not a day goes by where there isn’t some new victim in the newspaper. The newest one bigger and more involved than the previous one. What follows is a summary of the 5 most devastating security compromised from recent history. The facts are taken from the quoted article; the explanation and comments are colorized and formed by myself.

The 5 most devastating security breaches

The past 15 years have seen some large scale and truly horrifying security breaches; some are so devastating that it bankrupted the victim company. Next, we will look at some of those breaches. Taken from CSO Online (https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html), here are the top 5 security breaches from that article with my thoughts around them:
  1. Yahoo
    Date: 2013-14
    Impact: 3 billion user accounts
    Details: In September 2016, the once-mighty Internet titan, while trying to sell itself to Verizon, announced it had been the victim of a security breach. As it turns out, probably the biggest data breach in history. The breach wasmost likely the result of attacks by a state-sponsored actorand started in 2014. The compromise exposed the real names, email addresses, dates of birth, and telephone numbers of 500 million Yahoo users. The company revealed that most of the passwords involved had been hashed using the robust bcrypt algorithm. Bcrypt is an algorithm that hashes passwords with a salt. A salt is a randomly chosen value, added to the hashing process, to make a hash unique even if the password that is hashed is identical. Using bcrypt makes passwords unusable unless cracked.
    As it turned out a couple of months later, Yahoo had been compromised before the 2014 breach; the company revealed that in 2013a different group of hackers had stolen the information of 1 billion accounts. Besides names, birthdates, email addresses, and passwords (these were not as well protected as those involved in 2014), security questions and answers were also compromised as well. Finally, in October of 2017, Yahoo revised its estimate, saying that all 3 billion user accounts had been compromised in this 2013 breach.
    The breaches cost Yahoo an estimated $350 million of the sale price to Verizon. Verizon ultimately paid $4.48 billion for Yahoo’s core Internet business. Thesale agreement stipulated that the two companies shared regulatory and legal liabilities from the breaches.
    Attack Vector (how they got in): Improper Input validation allowed attackers to take on any identity they choose by exploiting a weakness in the creation of user identifying and authorizing cookies. Cookies are pieces of information that get stored on the client device to overcome the inherent stateless behavior of web servers. Because a stateless web server has no direct means to remember the state or connection details about a connected client, an identifying piece of information is stored on the client (think unique ID code) in the form of a cookie. This cookie should be unique for every user or client connecting to the server, and it will allow the web application to correlate details about the user, typically stored in a database, to the client connection. This allows a normally stateless connection to remember you logged in and use that login to tie your user account to a set of authorized actions. Imagine that if the information stored in a cookie, the information that uniquely identifies a user of the system isn’t that unique, can be stolen or is guessable (as was the case with Yahoo), now an attacker can assume the identity of anyone and use the privileges that come with that account to do evil. With that kind of access, an attacker can assume the identity of every user and individually download all their personal information or find a privileged user with access to the application’s database or other supporting systems to place themselves into a position where they can mass extract data or mass destroy resources. Identifiable information should be unique and impossible to guess and should be useless if somehow stolen.
    Source: https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-of-one-billion-accounts-breached
    The hackers used “forgedcookies” – bits of code that stay in the user’s browser cache so that a website doesn’t require a login with every visit, wrote Yahoo’s chief information security officer, Bob Lord. The cookies “could allow an intruder to access users’ accounts without a password” by misidentifying anyone using them as the owner of an email account.
  2. Marriott International
    Date: 2014-2018
    Impact: 500 million customers
    Details: In November of 2018, Marriott International released a statement, detailing that cybercriminals had stolen data on approximately 500 million of their customers. The breach didn’t originate on Marriot’s systems but had occurred in 2014, on Starwood hotel brands computer systems, a company Marriott later acquired. The attackers were merged into the Marriott environment along with the rest of the Starwood Hotels systems after the acquisition and were not discovered until September 2018.
    For some of the victims, only name and contact information were compromised. For most of the customers, the attackers managed to take a combination of contact info, passport number, Starwood Preferred Guest member number, travel information, and other personal information. Marriott believes that stored credit card numbers and expiration dates of more than 100 million customers were taken from the system, although the company is uncertain if the attackers were able to decrypt the credit card nu...

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. About the Author
  6. Acknowledgement
  7. Preface
  8. Errata
  9. Table of Contents
  10. Part I: Setting the Stage - System Pwnage
  11. Part II: Security Program Implementation
  12. Part III: Security Monitoring for Continuous Improvement

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.5M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Modern Cybersecurity Practices by Pascal Ackerman in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over 1.5 million books available in our catalogue for you to explore.