eBook - ePub
Cybersecurity
Managing Systems, Conducting Testing, and Investigating Intrusions
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
About this book
A must-have, hands-on guide for working in the cybersecurity profession
Cybersecurity involves preventative methods to protect information from attacks. It requires a thorough understanding of potential threats, such as viruses and other malicious code, as well as system vulnerability and security architecture. This essential book addresses cybersecurity strategies that include identity management, risk management, and incident management, and also serves as a detailed guide for anyone looking to enter the security profession. Doubling as the text for a cybersecurity course, it is also a useful reference for cybersecurity testing, IT test/development, and system/network administration.
- Covers everything from basic network administration security skills through advanced command line scripting, tool customization, and log analysis skills
- Dives deeper into such intense topics as wireshark/tcpdump filtering, Google hacks, Windows/Linux scripting, Metasploit command line, and tool customizations
- Delves into network administration for Windows, Linux, and VMware
- Examines penetration testing, cyber investigations, firewall configuration, and security tool customization
- Shares techniques for cybersecurity testing, planning, and reporting
Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions is a comprehensive and authoritative look at the critical topic of cybersecurity from start to finish.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā even offline. Perfect for commutes or when youāre on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Cybersecurity by Thomas J. Mowbray in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.
Information
Part I
Cyber Network Security Concepts
In This Part
- Chapter 1: Executive Summary
- Chapter 2: The Problems: Cyber Antipatterns
- Chapter 3: Cybersecurity Architecture
Chapter 1
Executive Summary
Effective cybersecurity is a critical capability for the defense and preservation of civil society. Cyber crime is one of the worldās largest and fastest-growing categories of crime. Cyber criminals are responsible for more than $1 trillion USD in stolen funds and other assets, with crime in some segments growing 300 percent per year. Cyber espionage is epidemic and pervasive; even the worldās smartest companies and government institutions have terabytes of intellectual property and financial assets being lost annually via the Internet. Concealed malicious actors even threaten our electrical power grids, global financial systems, air traffic control systems, telecommunications systems, healthcare systems, and nuclear power plants.
Chances are good that your current organization is being attacked right now: cyber criminals, civilian/military cyber warriors, and global competitors are deeply entrenched in your network. If you have information worth stealing, it is likely that the attackers are on your internal network, exfiltrating data from your end users, and controlling key administrative nodes. If organizations donāt change the way they are defending themselves, personal identifying information, bank account and credit card numbers, and intellectual property that defines competitive advantage will continue to be stolen.
The threat is to all civil society. If cyber attackers scrambled all the data on Wall Street and Bond Street, wiping out all investments and retirement accounts based in the U.S. and U.K., the consequences are unthinkable. (And this scenario is a real possibility.) The goal of this book is to lay the foundation for solving this critical problem in earnest.
U.S. government policy experts are quite concerned about the strategic gap in cyber skills, claiming that in 2008 the U.S. had only 1,000 world-class cyber experts but would require 20,000 to 30,000 to adequately handle cyberspace offense and defense. I believe that estimate is quite low. There are 25,000,000 business establishments that need cyber defenses in the U.S. alone, according to the census bureau. Certainly, hundreds of thousands of technologists with the kinds of skills and education presented in this book will be needed to fully defend civil society.
Why Start with Antipatterns?
To successfully make a change, the first step is to admit you have a problem. The civilized world is in a dire predicament regarding cyber threats. Solving cybersecurity issues requires radical new ways of thinking, and, paradoxically, a return to first principles and common senseāin other words, ruthless pragmatism.
Antipatterns employ psychological frameworks for solving problems whose causes involve habitual mistakes. Antipatterns require a mind shift from the dispassionate mindsets of mathematics and engineering into the judgmental milieu of enterprise architecture and organizational change.
start feature NOTE Some people have criticized antipatterns as being anti-intellectual. Antipatterns are a way of thinking clearly about habitual causes, serious problems, and effective solutions.
Antipatterns have been summarized by the quip, āTechnology is not the problemā¦people are the problem.ā But, changing peopleās minds is very difficult. So, you need powerful psychology to do that.
start feature NOTE The classic paradigm of organizational change is: You send your people out on a rickety bridge toward a pot of gold and then start a fire behind them so they can never go back to old ways.
Antipatterns have ancient roots in governance, law enforcement, religion, and public administration. In a perverse sense, antipatterns are an adult form of name-calling used to control society. We invent pejorative names and make public examples of miscreants to prevent other people from misbehaving.
For the sake of clear definition, here are a few examples of modern-day social antipatterns used in general society: liberal (lily livered), racist (bigot), terrorist (violent extremist), convict (felon, violent offender), street criminal (thug, gang banger), drug addict (junkie), corrupt politician (crook), and all terms for sex criminals. Words have baggage. Even the term hacker has antipattern connotations.
Although this book does not emphasize the name-calling aspect of antipatterns, the goal is the same: to clearly articulate habitual mistakes (in IT) and then rapidly transition the discussion toward pragmatic solutions.
In this chapter, a basic form of antipattern is introduced. Basic antipatterns include two parts: (1) a description of the antipattern problem, and (2) a description of an improved solution, called a refactored solution. In some cases in this chapter, I present the antipattern without the refactored solution. Chapter 2 introduces the full antipatterns template.
Security Architecture
The cybersecurity crisis is a fundamental failure of architecture. Many of the networked technologies we depend upon daily have no effective security whatsoever. (See the "Networks Always Play by the Rules" antipattern in Chapter 2). The architecture of the Internet and the vast majority of deployed software create significant opportunities for malicious exploitation.
It is worth stating that if infrastructure and software technologies were engineered properly, they would be built to withstand known and manage unknown risks, and they would be significantly more secure than current-day technologies.
Chapter 3 introduces the Zachman Framework for Enterprise Architecture and applies it to securing enterprises. The Zachman Framework is a powerful intellectual tool that enables complex organizations to describe themselves, including their mission, business, and information technology (IT) assets. With this self-knowledge comes awareness of risks and mitigations, and ways of engineering security into solutions from inception. The Zachman Framework serves as an overarching structure that organizes the problem-solving patterns catalog in Chapter 3.
The following sections begin the discussion of cybersecurity antipatterns, including some of the most significant cybersecurity challenges, including education. Antipatterns can be construed as cynical depictions of the current state of practice. Negativity and cynicism are not the goal; there are many solutions and patterns for success.
Antipattern: Signature-Based Malware Detection versus Polymorphic Threats
The conventional wisdom is that all systems with up-to-date antivirus signatures will be safe. However, many popular antivirus solutions are nearly obsolete, with many missing the majority of new malware. Current signature-based antivirus engines miss 30 percent to 70 percent of malicious code, and nearly 100 percent of zero day infections, which, by definition, are unreported exploits.
Malicious signature growth is exploding from 5 new ones per day in 2000 to 1,500 per day in 2007 and more than 15,000 per day in 2009, according to Symantec (from a 2010 conference briefing on reputational anti-malware), which is an average of 200 percent to 300 percent cumulative growth per year. Malware variability has grown so rapidly that signature-based detection is rapidly becoming obsolete.
start feature NOTE Each security industry vendor has its own sensor network for gathering and monitoring malware. Kaspersky Labs has seen flat growth in malware signatures since 2008, while other vendors imply exponential growth. Somewhere in the middle lies the truth.
The proliferation of malware signatures is exploding primarily due to polymorphic malware techniques. For example, hash functions used by signature-based detectors yield very different values with only slight changes to a malicious file. Changing a string literal in the file is sufficient to trigger a false negative. Other polymorphic techniques include varying character encodings, encryption, and random values in the files.
One interesting online application from VirusTotal.com runs more than 30 antivirus programs on each file that any Internet user can submit. You can witness just how haphazard antivirus tests are.
Refactored Solution: Reputational-, Behavioral-, and Entropy-Based Malware Detection
Vendors are developing innovative techniques that can detect zero day and polymorphic malware. Several promising approaches for the future include:
- Symantec is harnessing a 100M+ global customer base to identify potential malware signatures. The technique, called reputation-based signatures, is able to identify 240 million new malware signatures by comparing binaries across millions of systems for anomalous variations.
- FireEye has created a behavioral intrusion detection system (IDS) that uses elements of honeypots and forensics to automatically identify malicious content as it flows across corporate networks. Behavioral IDS techniques simulate the execution of sniffed content in a virtual machine, which then observes resulting configuration changes, such as changes in registry settings, services, and the file system. There are other emerging behavioral antivirus products, for example, from ThreatFire.com.
- An emerging field of research called entropy-based malware detection looks for mathematical similarity to known malware signatures. Hash functions that are used by most antivirus programs detect subtle differences between a file and its known hash. Minor changes to a file, such as modification of strings or encodings can cause a hash match to fail. Entropy-based matching uses mathematical functions that measure similarity rather than differences. If a suspicious file nearly matches the same entropy measure as malware, there is a high likelihood that the malware is present.
Antipattern: Document-Driven Certification and Accreditation
Some of the most flagrant antipatterns involve the IT security industry itself. Assess...
Table of contents
- Cover
- Part I: Cyber Network Security Concepts
- Part II: Cyber Network Security Hands-On
- Part III: Cyber Network Application Domains
- Glossary
- Bibliography
- Introduction