COVER
ACKNOWLEDGMENTS
ABOUT THE AUTHORS
INTRODUCTION
1. Who Should Read This Book
2. What Is Covered in This Book
3. The Essentials Series
4. How to Contact the Author
PART I: Securing the Infrastructure
1. CHAPTER 1: Infrastructure Security in the Real World
  1. Security Challenges
  2. Summary
2. CHAPTER 2: Understanding Access-Control and Monitoring Systems
  1. A Quick Primer on Infrastructure Security
  2. Access Control
  3. Security Policies
  4. Physical Security Controls
  5. Access-Control Gates
  6. Authentication Systems
  7. Remote-Access Monitoring
  8. Hands-On Exercises
3. CHAPTER 3: Understanding Video Surveillance Systems
  1. Video Surveillance Systems
  2. Hands-On Exercises
4. CHAPTER 4: Understanding Intrusion-Detection and Reporting Systems
  1. Intrusion-Detection and Reporting Systems
  2. Hands-On Exercises
5. CHAPTER 5: Infrastructure Security: Review Questions and Hands-On Exercises
  1. Summary Points
  2. Security Challenge Scenarios
  3. Review Questions
  4. Exam Questions
PART II: Securing Local Hosts
1. CHAPTER 6: Local Host Security in the Real World
  1. Security Challenges
  2. Summary
2. CHAPTER 7: Securing Devices
  1. The Three Layers of Security
  2. Securing Host Devices
  3. Hands-On Exercises
3. CHAPTER 8: Protecting the Inner Perimeter
  1. The Inner Perimeter
  2. Hands-On Exercises
4. CHAPTER 9: Protecting Remote Access
  1. Protecting Local Computing Devices
  2. Implementing Local Protection Tools
  3. Using Local Intrusion-Detection Tools
  4. Configuring Browser Security Options
  5. Defending Against Malicious Software
  6. Hardening Operating Systems
  7. Overseeing Application Software Security
  8. Applying Software Updates and Patches
  9. Hands-On Exercises
5. CHAPTER 10: Local Host Security: Review Questions and Hands-On Exercises
  1. Summary Points
  2. Security Challenge Scenarios
  3. Review Questions
  4. Exam Questions
PART III: Securing Local Networks
1. CHAPTER 11: Local Network Security in the Real World
  1. Security Challenges
  2. Summary
2. CHAPTER 12: Networking Basics
  1. Understanding the Basics of Networking
  2. The OSI Networking Model
  3. Data Transmission Packets
  4. OSI Layer Security
  5. Network Topologies
  6. Logical Topologies
  7. Hands-On Exercises
3. CHAPTER 13: Understanding Networking Protocols
  1. The Basics of Networking Protocols
  2. Network Control Strategies
  3. Hands-On Exercises
4. CHAPTER 14: Understanding Network Servers
  1. The Basics of Network Servers
  2. Hands-On Exercises
5. CHAPTER 15: Understanding Network Connectivity Devices
  1. Network Switches
  2. Routers
  3. Gateways
  4. Network Bridges
  5. Wireless Network Connectivity
  6. Hands-On Exercises
6. CHAPTER 16: Understanding Network Transmission Media Security
  1. The Basics of Network Transmission MEDIA
  2. Transmission Media Vulnerabilities
  3. Hands-On Exercises
7. CHAPTER 17: Local Network Security: Review Questions
  1. Summary Points
  2. Security Challenge Scenarios
  3. Review Questions
PART IV: Securing the Perimeter
1. CHAPTER 18: Perimeter Security in the Real World
  1. Security Challenges
  2. Summary
2. CHAPTER 19: Understanding the Environment
  1. The Basics of Internet Security
  2. Understanding the Environment
  3. Hands-On Exercises
3. CHAPTER 20: Hiding the Private Network
  1. Understanding Private Networks
  2. Hands-On Exercises
4. CHAPTER 21: Protecting the Perimeter
  1. Understanding the Perimeter
  2. Firewalls
  3. Network Appliances
  4. Proxy Servers
  5. Demilitarized Zones (DMZs)
  6. Honeypots
  7. Extranets
  8. Hands-On Exercises
5. CHAPTER 22: Protecting Data Moving Through the Internet
  1. Securing Data in Motion
  2. Cryptography
  3. Hands-On Exercises
6. CHAPTER 23: Tools and Utilities
  1. Using Basic Tools
  2. Monitoring Tools and Software
  3. Hands-On Exercises
7. CHAPTER 24: Identifying and Defending Against Vulnerabilities
  1. Zero Day Vulnerabilities
  2. Software Exploits
  3. Social Engineering Exploits
  4. Network Threats and Attacks
  5. Dictionary Attacks
  6. Denial of Service (DoS) Attacks
  7. Spam
  8. Other Exploits
  9. Hands-On Exercises
8. CHAPTER 25: Perimeter Security: Review Questions and Hands-On Exercises
  1. Summary Points
  2. Security Scenario Review
  3. Review Questions
  4. Exam Questions
APPENDIX A: Glossary
APPENDIX B: Acronyms
APPENDIX C: NIST Preliminary Cybersecurity Framework
INDEX
END USER LICENSE AGREEMENT

List of Tables

Chapter 2
1. TABLE 2.1 Biometric Device Comparisons
2. TABLE 2.2 Access-Control Gates
3. TABLE 2.3 Access-Control Doors
4. TABLE 2.4 Door/Gate Actuators
5. TABLE 2.5 Security Controllers
6. TABLE 2.6 Security Keypads
7. TABLE 2.7 Door Contacts/Sensors
8. TABLE 2.8 Driveway Sensors
9. TABLE 2.9 Authentication Devices/Systems
10. TABLE 2.10 Door Locks
Chapter 3
1. TABLE 3.1 Video Cameras
2. TABLE 3.2 Digital Video Recorders
3. TABLE 3.3 Additional Video Monitoring Software
4. TABLE 3.4 Authentication/Access-Control Devices and Systems
5. TABLE 3.5 Door Contacts/Sensors
6. TABLE 3.6 Door Locks
Chapter 4
1. TABLE 4.1 Door Locks
2. TABLE 4.2 Door Contacts/Sensors
3. TABLE 4.3 Motion Detectors
Chapter 7
1. TABLE 7.1 Typical and Legacy I/O Ports
Chapter 8
1. TABLE 8.1 Operating System Security Comparisons
2. TABLE 8.2 Permissions Available in test1 ACL
3. TABLE 8.3 TestUser2 Access Levels
Chapter 9
1. TABLE 9.1 Typical I/O Ports
2. TABLE 9.2 Types of Networks
3. TABLE 9.3 Recommended Ports to Close
4. TABLE 9.4 Recommended ICMP Types and Codes to Close
Chapter 12
1. TABLE 12.1 OSI Layer Security
2. TABLE 12.2 Rule Types
Chapter 13
1. TABLE 13.1 LAN Information
Chapter 14
1. TABLE 14.1 RBAC Rights and Permissions
2. TABLE 14.2 File A
3. TABLE 14.3 Folder B
Chapter 16
1. TABLE 16.1 Bluetooth Parameters
Chapter 19
1. TABLE 19.1 A Few Common Ports and Their Uses
2. TABLE 19.2 Delete Browsing History Options
3. TABLE 19.3 Internet Explorer Security Zones
4. TABLE 19.4 Options
Chapter 23
1. TABLE 23.1 Defining Columns

List of Illustrations

Chapter 1
1. FIGURE 1.1 The Electrical Substation
2. FIGURE 1.2 Headquarters Facility Plans
Chapter 2
1. FIGURE 2.1 The Three Perimeters
2. FIGURE 2.2 Access Control
3. FIGURE 2.3 Authorization
4. FIGURE 2.4 Physical Barriers
5. FIGURE 2.5 Key-Locking Deadbolt
6. FIGURE 2.6 Electronic Deadbolt
7. FIGURE 2.7 Cipher Lock
8. FIGURE 2.8 Sliding Gate
9. FIGURE 2.9 Swinging Gate
10. FIGURE 2.10 SPST Relay Schematic
11. FIGURE 2.11 Gate Controller Relay and Associated Components
12. FIGURE 2.12 Magnetic Stripe Card System
13. FIGURE 2.13 Smart Cards
14. FIGURE 2.14 RFID System
15. FIGURE 2.15 Typical Biometric Authentication Methods
16. FIGURE 2.16 Remote-Access Communication Options
17. FIGURE 2.17 Window Sensor with Magnetic Switch Contacts
18. FIGURE 2.18 Remote-Control Operations
19. FIGURE 2.19 Remote-Monitoring Systems
20. FIGURE 2.20 The Facility
21. FIGURE 2.21 Security Perimeters
22. FIGURE 2.22 Device Locations
Chapter 3
1. FIGURE 3.1 A Basic Video Surveillance System
2. FIGURE 3.2 Video Surveillance Camera
3. FIGURE 3.3 IP Camera
4. FIGURE 3.4 Pan-Tilt-Zoom Camera
5. FIGURE 3.5 Analog and Digital Camera Resolution
6. FIGURE 3.6 IR Camera
7. FIGURE 3.7 Monitoring Passageways
8. FIGURE 3.8 Asset Monitoring
9. FIGURE 3.9 A Video Recorder
10. FIGURE 3.10 DAS Video Storage
11. FIGURE 3.11 NAS and SAN Storage Systems
12. FIGURE 3.12 Quad Camera Switcher with a Sensor and Video Recorder
13. FIGURE 3.13 The Inner Perimeter
Chapter 4
1. FIGURE 4.1 Basic Intrusion-Detection and Reporting System
2. FIGURE 4.2 Control Box with Panel and Battery
3. FIGURE 4.3 Security Panel Zone Inputs
4. FIGURE 4.4 Creating a Physical Zone
5. FIGURE 4.5 Zoning Concepts
6. FIGURE 4.6 Sensor Mounting
7. FIGURE 4.7 Glass-Breakage Sensors
8. FIGURE 4.8 A PIR Motion Detector
9. FIGURE 4.9 PIR Field of View
10. FIGURE 4.10 Photoelectric Beam System
11. FIGURE 4.11 Controller Keypad
12. FIGURE 4.12 Security Key Fob
13. FIGURE 4.13 A Typical Smoke Detector
14. FIGURE 4.14 Electronic Siren
15. FIGURE 4.15 Strobe Light
16. FIGURE 4.16 Automatic Voice/Pager Dialer Console
17. FIGURE 4.17 The Warehouse Area and Offices
18. FIGURE 4.18 The Interior Security Zone
Chapter 5
1. FIGURE 5.1 Threat-Informed Pyramid
Chapter 6
1. FIGURE 6.1 Corporate Desktop PC
2. FIGURE 6.2 Notebook PC
Chapter 7
1. FIGURE 7.1 The Three Layers
2. FIGURE 7.2 PC Security Cable
3. FIGURE 7.3 A Docking Station
4. FIGURE 7.4 Typical PCs
5. FIGURE 7.5 CMOS Security Configuration
6. FIGURE 7.6 Physical PC Ports
7. FIGURE 7.7 Pathways to the Vital Components
8. FIGURE 7.8 A USB Port
9. FIGURE 7.9 USB Desktop Connections
10. FIGURE 7.10 USB Connectors
11. FIGURE 7.11 FireWire Plug and Connector
12. FIGURE 7.12 eSATA Interface Connections
13. FIGURE 7.13 Typical IO Port Connectors
14. FIGURE 7.14 Port-Enabling Options
15. FIGURE 7.15 Removable Media
16. FIGURE 7.16 Sample BIOS Initial Settings Screen
17. FIGURE 7.17 Advanced Mode Highlighted
18. FIGURE 7.18 Advanced Mode Initial Menu
19. FIGURE 7.19 USB Configuration
20. FIGURE 7.20 USB Single Port Control
21. FIGURE 7.21 Enable or Disable USB Ports
22. FIGURE 7.22 Security Settings
23. FIGURE 7.23 BIOS Administrator and User Password Settings
24. FIGURE 7.24 Boot Menu
25. FIGURE 7.25 Boot Option #1 Attempted to Boot First
26. FIGURE 7.26 Secure Boot
27. FIGURE 7.27 Key Management
28. FIGURE 7.28 Key Management Settings
Chapter 8
1. FIGURE 8.1 The Inner Perimeter
2. FIGURE 8.2 Basic OS File Structure
3. FIGURE 8.3 The Position of the OS in the Computer System
4. FIGURE 8.4 The Position of the Kernel
5. FIGURE 8.5 Directory Traversal
6. FIGURE 8.6 2014 Smartphone OS Graph
7. FIGURE 8.7 Local Security Policy/Security Settings
8. FIGURE 8.8 Microsoft Local User and Group Accounts
9. FIGURE 8.9 Windows Lockout Options
10. FIGURE 8.10 Fingerprint Scanners
11. FIGURE 8.11 Viewing Security Audit Logs
12. FIGURE 8.12 Configuring Auditing in Windows
13. FIGURE 8.13 Establishing a Local Security Policy Setting
14. FIGURE 8.14 Linux Auditing
15. FIGURE 8.15 Data Encryption
16. FIGURE 8.16 The Encryption/Decryption Process
17. FIGURE 8.17 Using the TPM
18. FIGURE 8.18 Windows Drive Encryption Options
19. FIGURE 8.19 Access Control List
20. FIGURE 8.20 Perm_Test Folder Created
21. FIGURE 8.21 File test1 Properties window
22. FIGURE 8.22 Permissions for Test1 Given to TestUser2
23. FIGURE 8.23 Using AxCrypt to Encrypt the test4 File
24. FIGURE 8.24 Encrypted Data in .txt Document
Chapter 9
1. FIGURE 9.1 Firewall Operation
2. FIGURE 9.2 Firewall Functionality
3. FIGURE 9.3 Internet Options
4. FIGURE 9.4 IE Security Tab
5. FIGURE 9.5 HTTP Transfer Operations
6. FIGURE 9.6 Cookie Poisoning
7. FIGURE 9.7 Antispyware Product Types
8. FIGURE 9.8 Basic Windows Firewall Settings
9. FIGURE 9.9 Customize Settings Window for Windows Firewall
10. FIGURE 9.10 Windows Firewall with Advanced Security Console
11. FIGURE 9.11 Windows Firewall with Advanced Security on Local Computer Properties
12. FIGURE 9.12 Outbound Rules in Windows Firewall with Advanced Security
13. FIGURE 9.13 New Outbound Rule Wizard
14. FIGURE 9.14 New Outbound Rule Wizard Steps: Protocol and Ports
15. FIGURE 9.15 New Outbound Rule Wizard Steps: Name Page
16. FIGURE 9.16 Windows Firewall with Advanced Security New Outbound Rule
17. FIGURE 9.17 New Outbound Rule Wizard Steps: Program Page
18. FIGURE 9.18 Customize ICMP Settings
19. FIGURE 9.19 New Outbound Rule Steps: Scope Page
20. FIGURE 9.20 New Outbound Rule Wizard Steps: Name Page
21. FIGURE 9.21 New Outbound Rule in Windows Firewall with Advanced Security
22. FIGURE 9.22 Ping Failure
23. FIGURE 9.23 Ping Success
Chapter 10
1. FIGURE 10.1 USB Port Locks
2. FIGURE 10.2 Known Vulnerabilities
3. FIGURE 10.3 Implementation
Chapter 11
1. FIGURE 11.1 The Company Layout
2. FIGURE 11.2 The Company Network Layout
Chapter 12
1. FIGURE 12.1 The OSI Networking Model
2. FIGURE 12.2 Building Transmission Packets
3. FIGURE 12.3 Bus, Ring, Star, and Mesh Configurations
4. FIGURE 12.4 Primary/Secondary Ring Topologies
5. FIGURE 12.5 Logical Topologies
6. FIGURE 12.6 Windows Firewall with Advanced Security
7. FIGURE 12.7 Expanded Monitoring and Security Associations Items
8. FIGURE 12.8 New Connection Security Rule Wizard
9. FIGURE 12.9 New Connection Security Rule Wizard – Requirements Window
10. FIGURE 12.10 The Customize button is active.
11. FIGURE 12.11 Customize Advanced Authentication Methods Window
12. FIGURE 12.12 Add First Authentication Method Window
13. FIGURE 12.13 New Connection Security Rule Wizard – Profile Window
14. FIGURE 12.14 Naming the Rule
15. FIGURE 12.15 Viewing the New Rule
16. FIGURE 12.16 Request IPsec Rule Properties
Chapter 13
1. FIGURE 13.1 TCP/IP Packet
2. FIGURE 13.2 SYN/ACK Sequence
3. FIGURE 13.3 Subnetting with IPv4
4. FIGURE 13.4 A Typical Ethernet Frame
5. FIGURE 13.5 A Peer-to-Peer Network
6. FIGURE 13.6 A Client/Server Network
7. FIGURE 13.7 Accessing the Command Prompt
8. FIGURE 13.8 Changing the Command Prompt Font Type and Size
9. FIGURE 13.9 Changing the Command Prompt Colors
10. FIGURE 13.10 Listing the Network Configuration
11. FIGURE 13.11 Mapping IP Addresses to MAC Addresses
12. FIGURE 13.12 Observing Data Packet Statistical Information
13. FIGURE 13.13 Displaying the Routing Table
14. FIGURE 13.14 Numerical Address and Port Connections
15. FIGURE 13.15 Identifying Remote Host Connections
16. FIGURE 13.16 Creating a List of Nodes on a LAN
17. FIGURE 13.17 Creating a List of Shared Host Devices
18. FIGURE 13.18 Tracking a Data Packet with TRACERT
19. FIGURE 13.19 Testing the Local Host and TCP/IP
20. FIGURE 13.20 Pinging the Remote Google Server Cluster
Chapter 14
1. FIGURE 14.1 Typical Rack-Mount Server Cabinet
2. FIGURE 14.2 Server Security Points
3. FIGURE 14.3 A Locking Server Chassis
4. FIGURE 14.4 Mandatory Access Control
5. FIGURE 14.5 Role-Based Access Control
6. FIGURE 14.6 Adding Users or Groups in a Linux Distribution
7. FIGURE 14.7 Password Policies
8. FIGURE 14.8 Viewing Security Audit Logs
9. FIGURE 14.9 Distributed IDS
10. FIGURE 14.10 A Typical Vulnerability Scanner
11. FIGURE 14.11 Remote Monitoring Components
12. FIGURE 14.12 IPCONFIG
13. FIGURE 14.13 Contents of the Etc Folder
14. FIGURE 14.14 The Snort Configuration File
15. FIGURE 14.15 Network Address Change
16. FIGURE 14.16 Rule Paths Changed
17. FIGURE 14.17 Whitelist and Blacklist Changed
18. FIGURE 14.18 Configuring Log Directory
19. FIGURE 14.19 Dynamic Preprocessor Path
20. FIGURE 14.20 Dynamic Engine Path Changed
21. FIGURE 14.21 Dynamic Rules Excluded
22. FIGURE 14.22 Inline Packet Normalization Excluded
23. FIGURE 14.23 Enable Portscan
24. FIGURE 14.24 Whitelist and Blacklist Excluded
25. FIGURE 14.25 Output Alert
26. FIGURE 14.26 Setting Rules
27. FIGURE 14.27 Step #8 Changes
28. FIGURE 14.28 Extract Window
29. FIGURE 14.29 Community-Rules
30. FIGURE 14.30 Rules Folder Community-
31. FIGURE 14.31 Community File Moved to Rules Folder
32. FIGURE 14.32 cd c:\snort\bin
33. FIGURE 14.33 Snort List of Interfaces
34. FIGURE 14.34 Snort Successful Validation
35. FIGURE 14.35 Snort IDS Mode Breakdown
36. FIGURE 14.36 Snort in Sniffer Mode
Chapter 15
1. FIGURE 15.1 A Network-Switch Connection
2. FIGURE 15.2 A Network Router
3. FIGURE 15.3 Internal Structure of a Network Router
4. FIGURE 15.4 Gateway Operations
5. FIGURE 15.5 A Network Bridge Arrangement
6. FIGURE 15.6 A Wireless Access Point
7. FIGURE 15.7 A Denial of Service Attack
8. FIGURE 15.8 A Man-in-the-Middle Attack
9. FIGURE 15.9 Run Dialog
10. FIGURE 15.10 Command Prompt
11. FIGURE 15.11 IPCONFIG Output
12. FIGURE 15.12 Setting the Password
13. FIGURE 15.13 Turning Off Remote Management
14. FIGURE 15.14 Turning Off the Guest Network
Chapter 16
1. FIGURE 16.1 UTP and STP Cabling
2. FIGURE 16.2 Coaxial Cable
3. FIGURE 16.3 Transmitting Over Fiber-Optic Cable
4. FIGURE 16.4 Bluetooth PAN
5. FIGURE 16.5 ZigBee PAN
6. FIGURE 16.6 WiMAX
7. FIGURE 16.7 Enter your credentials.
8. FIGURE 16.8 The Logs
9. FIGURE 16.9 Turn off all SSID broadcasts and change the default name.
10. FIGURE 16.10 Turn off the 5 GHz wireless router radio.
11. FIGURE 16.11 Disabling UPnP
Chapter 17
1. FIGURE 17.1 The Company Layout
2. FIGURE 17.2 Role-Based Architecture
3. FIGURE 17.3 Loosely Managed Environment
4. FIGURE 17.4 Maintaining Control
5. FIGURE 17.5 The Master Key
6. FIGURE 17.6 Suggested Network
Chapter 18
1. FIGURE 18.1 The Company Network Layout
Chapter 19
1. FIGURE 19.1 Internet Players
2. FIGURE 19.2 TCP Segment Structure
3. FIGURE 19.3 Network Messaging Types
4. FIGURE 19.4 Routing Operations
5. FIGURE 19.5 TLD Organization
6. FIGURE 19.6 ISP Position and Services
7. FIGURE 19.7 Locating Internet Explorer
8. FIGURE 19.8 Accessing Internet Options
9. FIGURE 19.9 Website Data Settings
10. FIGURE 19.10 Delete Browsing History Window
11. FIGURE 19.11 Security Tab of Internet Options
12. FIGURE 19.12 Restricted Sites Window
13. FIGURE 19.13 The msn.com Website as a Restricted Site
14. FIGURE 19.14 Security Settings – Restricted Sites Zone Window
15. FIGURE 19.15 The Privacy Tab in Internet Options
16. FIGURE 19.16 Pop-Up Blocker Settings
Chapter 20
1. FIGURE 20.1 NAT Configuration
2. FIGURE 20.2 PAT Configurations
3. FIGURE 20.3 Port Forwarding
4. FIGURE 20.4 A Segmented Network
5. FIGURE 20.5 Virtual Instances
6. FIGURE 20.6 A VLAN
7. FIGURE 20.7 Systeminfo Command Output
8. FIGURE 20.8 Windows Features
9. FIGURE 20.9 Enabling Hyper-V
10. FIGURE 20.10 Ready for the Reboot
11. FIGURE 20.11 Pinning Hyper-V to Taskbar
12. FIGURE 20.12 Virtual Switch Manager
13. FIGURE 20.13 Apply Network Changes Warning
14. FIGURE 20.14 New Virtual Machine Wizard – Before You Begin Window
15. FIGURE 20.15 Specify Name and Location
16. FIGURE 20.16 Selecting the Network Connection
17. FIGURE 20.17 Selecting the ISO
18. FIGURE 20.18 Virtual Machine Installed in Hyper-V
19. FIGURE 20.19 Ubuntu Linux 16.04.3 LTS Running as a VM
Chapter 21
1. FIGURE 21.1 The Perimeter
2. FIGURE 21.2 Internet Connectivity
3. FIGURE 21.3 Gateway Connection Options
4. FIGURE 21.4 Private and Public Networks
5. FIGURE 21.5 Network Firewall
6. FIGURE 21.6 Stateful Firewall Operations
7. FIGURE 21.7 A UTM Device
8. FIGURE 21.8 Operation of a Proxy Server
9. FIGURE 21.9 Reverse Proxy Operations
10. FIGURE 21.10 A DMZ
11. FIGURE 21.11 A Single-Firewall DMZ
12. FIGURE 21.12 A Dual-Firewall DMZ
13. FIGURE 21.13 Honeypot Implementation
14. FIGURE 21.14 An Extranet
15. FIGURE 21.15 Viewing www.opera.com
16. FIGURE 21.16 Using the Installer
17. FIGURE 21.17 Skipping the Import
18. FIGURE 21.18 Opera Browser
19. FIGURE 21.19 The Browser Settings Gear
20. FIGURE 21.20 The VPN Settings
21. FIGURE 21.21 The Results of Apache “Whoami
22. FIGURE 21.22 The Results of “Where Am I”
23. FIGURE 21.23 Choosing Location in Asia
Chapter 22
1. FIGURE 22.1 Kerberos Authentication
2. FIGURE 22.2 Viewing Credentials
3. FIGURE 22.3 Symmetric vs. Asymmetric Keys
4. FIGURE 22.4 Digital Certificates
5. FIGURE 22.5 CAPTCHA Examples
6. FIGURE 22.6 VPN Connections
7. FIGURE 22.7 Show File Extensions
8. FIGURE 22.8 The Hash Algorithms
9. FIGURE 22.9 Creating the HashTest.txt File
10. FIGURE 22.10 Contents of HashTest File
11. FIGURE 22.11 The Md5deep Folder
12. FIGURE 22.12 Md5deep Contents in the Command Prompt
13. FIGURE 22.13 MD5 Hash Output
14. FIGURE 22.14 64-bit MD5 Hash output
15. FIGURE 22.15 Sha-1 Hash Output
16. FIGURE 22.16 Whirlpool Hash Output
17. FIGURE 22.17 New Contents of HashTest File
18. FIGURE 22.18 Comparing the MD5 Hash Outputs
19. FIGURE 22.19 Comparing the Sha-1 Hash Outputs
20. FIGURE 22.20 Comparing the Whirlpool Hash Outputs
Chapter 23
1. FIGURE 23.1 Whois Tool
2. FIGURE 23.2 PING
3. FIGURE 23.3 Traceroute Operation
4. FIGURE 23.4 Telnet Operation
5. FIGURE 23.5 A Packet Analyzer Tool
6. FIGURE 23.6 Wireshark
7. FIGURE 23.7 Snort
8. FIGURE 23.8 Nmap Utility
9. FIGURE 23.9 Metasploit Operation
10. FIGURE 23.10 Wireshark Interface
11. FIGURE 23.11 Starting to Capture Packet Traffic
12. FIGURE 23.12 Wireshark Capture Window
13. FIGURE 23.13 Sending a PING Request
14. FIGURE 23.14 Ping
15. FIGURE 23.15 Wireshark Capture Window with ICMP Packets
16. FIGURE 23.16 Viewing the PING
17. FIGURE 23.17 Wireshark Examples Folder Contents
18. FIGURE 23.18 Arp-Storm Example
19. FIGURE 23.19 Teardrop Attack Example
Chapter 24
1. FIGURE 24.1 SQL Injection
2. FIGURE 24.2 Cross-Site Scripting
3. FIGURE 24.3 An Example Phishing Attack
4. FIGURE 24.4 Broadcast Storm
5. FIGURE 24.5 Session Hijacking
6. FIGURE 24.6 MITM Attack
7. FIGURE 24.7 Clickjacking
8. FIGURE 24.8 A Typical DoS Attack
9. FIGURE 24.9 A DRDoS Attack
10. FIGURE 24.10 Tarpitting
11. FIGURE 24.11 Local Security Policy
12. FIGURE 24.12 No Software Restriction Policies Defined
13. FIGURE 24.13 Software Restriction Policies with Contents
14. FIGURE 24.14 Enforcement Properties
15. FIGURE 24.15 Security Levels
16. FIGURE 24.16 Additional Rules
17. FIGURE 24.17 New Path Rule
18. FIGURE 24.18 Notepad Selected in Browse for File or Folder
19. FIGURE 24.19 New Rule in Additional Rules
20. FIGURE 24.20 Notepad Blocked
Appendix C
1. FIGURE C.1: The NIST Framework Stakeholders

Pages

C1
i
ii
iii
iv
v
vi
xix
xx
xxi
xxii
xxiii
xxiv
xxv
1
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
113
115
116
117
118
119
120
121
122
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
263
265
267
268
269
270
271
272
273
274
276
277
279
281
282
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
385
387
389
390
391
393
394
395
396
397
398
399
400
401
402
403
404
405
407
408
409
410
411
412
413
414
416
418
419
420
421
422
423
424
425
426
427
428
429
430
431
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
449
451
452
453
454
455
457
458
459
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
497
498
499
500
501
502
503
504
505
506
507
508
509
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
553
554
555
556
557
558
559
560
561
562
563
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
591
592
593
594
595
596
597
598
599
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
715
716
717
718
719
720
721
722
723
724
725
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
E1

Development Editor: David Clark
Technical Editors: Raymond Blockmon, Chris Culling, Jeff Parker
Production Editor: Athiyappan Lalith Kumar
Copy Editor: Kathy Carlyle
Editorial Manager: Mary Beth Wakefield
Production Manager: Kathleen Wisor
Executive Editor: Jim Minatel
Proofreader: Nancy Bell
Indexer: Johnna VanHoose Dinse
Project Coordinator, Cover: Brent Savage
Cover Designer: Wiley
Cover Image: © ktsdesign/Shutterstock

Copyright © 2018 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-36239-5
ISBN: 978-1-119-36243-2 (ebk)
ISBN: 978-1-119-36245-6 (ebk)

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2018943782

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

INTRODUCTION

Welcome to Cybersecurity Essentials. This book is designed to provide a solid theory and practical platform for cybersecurity personnel. Key information provided in this edition includes:

Critical infrastructure security systems and devices
Security for local intelligent computing, and controlling devices and systems
Security for local area network components and systems
Cybersecurity for users and networks attached to the Internet

Each chapter begins with a list of learning objectives that establishes a foundation and systematic preview of the chapter.

A wealth of graphic diagrams and screen shots are included in each chapter to provide constant visual reinforcement of the concepts being discussed.

Key thoughts, cautions, and warnings in the chapter are presented in special boxes to call extra attention to them. Key terms are presented in italic type throughout the text. These terms are also defined in a comprehensive glossary at the end of the book that provides quick, easy access to the key terms that appear in each chapter.

Each part concludes with an extensive key-points review of its material.

One of the driving forces in the ongoing development of cybersecurity initiatives in the United States is the National Institute of Standards and Technology’s (NIST) Cybersecurity Frameworks. These frameworks have been developed to assist governmental and business organizations in the design and development of systems and techniques to provide security for their critical infrastructure.

Security Challenges

Another outstanding pedagogical feature of this book is the presentation of the scenario-based NIST Security Challenges placed at the beginning of each Part. At the beginning of each Part there are one or more scenario-based Security Challenges that present descriptions of a particular security setting related to the information that will be presented in the chapter. You will be asked to read the scenario, put on your security professional persona, and consider how you might go about exploiting the key assets of the scenario, then contemplate how you could go about establishing systems and strategies to protect those assets.

These challenges are designed to provide you with real, open-ended context that sets the expectation level for the material to be studied. Ideally, you will be considering how the theory and hands-on materials you encounter as you move through the chapter apply to those scenarios.

At the completion of each Part, you will be asked to return to these Security Challenges and create new observations based on your increased knowledge. You will also be asked to compare their observations to those of professional security specialists who have provided their feedback for these scenarios.

Who Should Read This Book

This book is intended for:

Students preparing for a career in IT, networking, or cybersecurity
Network professionals who want to improve their network security skills
Management personnel who need to understand the cybersecurity threats they face and basic options for confronting those threats

If you’re interested in certification for the CompTIA Security+ or Microsoft MTA – 98-367 Security Fundamentals Certification exams, this book can be a great resource to help you prepare. See https://certification.comptia.org/certifications/security and www.microsoft.com/en-us/learning/exam-98-367.aspx for more certification information and resources.

What You Will Learn

You will learn to apply a systematic approach to securing IT networks and infrastructure. This approach begins with addressing physical security concerns from the outer edge of the physical environment to the interior region where the most valuable assets are located. The first half of any security objective is to limit physical access to the assets. If you can’t get to it, you can’t steal, damage, or destroy it. You will learn to view physical security in terms of three perimeters and to implement the proper tools at each.

After securing the physical environment, you will explore tools and techniques used to secure local endpoint computing devices. Following the three-perimeter strategy developed for physical security, you will address the security of these devices from their outer edge to their most desirable asset: your data.

After the local endpoint devices have been secured, you will turn your attentions to securing the servers, connectivity devices, and transmission media that make up the balance of your local area network. You will learn to secure these devices to protect your IT assets within the connected environment that you control.

Finally, you will explore tools and techniques used to protect your data when it leaves the protection of the network you control and passes through unprotected territory: the Internet. This will include building network structures to protect your network from the bad people hiding in the Internet, as well as how to guard your data when it is traveling through their territory.

What Is Covered in This Book

This book is a basic training system designed to provide a solid theoretical understanding of cybersecurity challenges, tools, and techniques, as well as to develop the foundations of a professional cybersecurity skill set. This is accomplished in a progressive four-section process, as follows:

Part I—Infrastructure Security—This part introduces the concepts and techniques associated with physical infrastructure security devices, systems, and techniques used to combat theft, prevent physical damage, maintain system integrity and services, and limit unauthorized disclosure of information.

Chapter 1 presents two Infrastructure Security Scenarios for the reader to consider and research selected NIST Cybersecurity Framework Functions and Categories and then apply them to the given scenarios.

Chapter 2 deals with common Access Control systems for protecting physical infrastructure assets. This section contains information about different types of physical barriers and their associated monitoring and control systems. The Authentication Systems section that follows is a logical extension of the physical access control materials. Devices and systems covered in this portion of the chapter are used for controlling access and denial of access to key physical assets.

Next the material moves on to examine the components and operation of a typical physical security monitoring and notification system. In this section, security controllers, sensors, and enunciators are covered along with logical implementation strategies.

The material in Chapter 3 flows quite naturally to the addition of visual Surveillance Systems to the security monitoring system. Information contained in this section includes: surveillance cameras, video recorders, modulators, and switchers.

Chapter 4 completes the Infrastructure Security material with a section covering Intrusion detection and reporting systems.

Chapter 5 provides a Summary and Review for the Scenarios and chapters of Part I. This chapter includes a complete list of relevant Summary Points and a Review Quiz. It also returns the reader to the Scenarios that began the Infrastructure Security part so they can update their response to the scenario challenges and then compare them to the response generated by an active Cyber Security Professional.

Part II—Local Host Security—One of the most useful tools ever introduced to business, industry, government, and medicine is the personal computer. This chapter primarily deals with personal computers and focuses on security efforts at the local computer level.

Chapter 6 presents two Local Host Security Scenarios for the reader to consider and research selected NIST Cybersecurity Framework Functions and Categories and then apply them to the given scenarios.

Chapter 7 begins the Part II discussion with sections covering physically securing personal computing devices. Information covered here includes biometric authentication devices such as fingerprint scanners, smart cards, and RFID cards. The material then moves on to physical port access risks and solutions. Options for accessing the PC covered here include the USB and Firewire ports.

Chapter 8 provides an overview of operating system structures, security features, and tools across the spectrum of operating system suppliers. In addition, the chapter covers logical (software-based) authentication methods for access control at the user’s level. Topics covered here include passwords and computer locking features. Finally, the chapter provides an overview of operating system auditing and logging utilities and wraps up with a discussion of OS-based encryption tools.

Chapter 9 completes the Local Host Security part by examining security associated with remote access options. Included in this line of discussion are local software-based firewalls, intrusion detection systems, and Internet Browser Security options. The chapter concludes with a detailed discussion dealing with malicious software protection options, such as antivirus and antispyware programs, as well as software updating and patching efforts.

Chapter 10 provides a Summary and Review for the Scenarios and chapters of Part II. This chapter includes a complete list of relevant Summary Points and a Review Quiz. It also returns the reader to the Scenarios that began the Local Host Security part so they can update their response to the scenario challenges and then compare them to the response generated by an active Cyber Security Professional.

Part III—Local Network Security in the Real World—While networks provide computer users with extended power to communicate and control devices remotely, they also provide a very large window to information stored on different devices attached to the network, as well as control devices operated remotely through the network.

Chapter 11 presents two Local Network Security Scenarios for the reader to consider and research selected NIST Cybersecurity Framework Functions and Categories and then apply them to the given scenarios.

Because modern networking involves so much information, Chapter 12 is designed to provide a basic introduction to networking. This chapter also examines typical network topologies (connection schemes). This is followed by an in-depth discussion of the OSI model that describes the different layers that all modern networks are designed on.

Chapter 13 provides information about network control strategies. These include networking protocols (rules) such as TCP/IP and IP addressing schemes. It concludes with a discussion covering the Ethernet standard.

Servers are the backbone of local area networks. Chapter 14 is dedicated to network servers and security tools and practices associated with them. Items discussed in this chapter include the roles of administrators, physical and logical access controls applied to servers, and steps for hardening server operating systems.

As with previous chapters, the material moves into logical access control for network environments. Topics covered here include user and group access controls instituted through the server’s network operating system. Next the chapter covers techniques and tools involved in maintaining server security. These include network-level logging and auditing considerations, conducting backing up operations, and securing network backup media. The chapter concludes with coverage of distributed IDS systems, vulnerability scanning, and remote server monitoring.

Chapter 15 moves on to cover the other major hardware components in the local area network: the different types of connectivity devices used to tie the network together. Topics covered in this chapter include: managed network switches, enterprise routers, gateways, bridges, and wireless access points. The second half of the chapter is dedicated to vulnerabilities and attack types associated with each type of device. The chapter concludes with a discussion of techniques used to harden local area networks.

Chapter 16 concludes the discussion of LAN security by concentrating on the different transmission media types that connect the servers from Chapter 14 and the devices from Chapter 15 together. The first half of the chapter deals with the strengths and weaknesses of the various media types while the second half discusses vulnerabilities associated with each media type.

Chapter 17 provides a Summary and Review for the Scenarios and chapters of Part III. This chapter includes a complete list of relevant Summary Points and a Review Quiz. It also returns the reader to the Scenarios that began the Local Network Security part so they can update their response to the scenario challenges and then compare them to the response generated by an active Cyber Security Professional.

Part IV—Perimeter Security in the Real World—This part of the book builds on the information from the Local Area chapters in Part III to deal with security issues posed by Wide Area Networks (WANs) such as the Internet.

Chapter 18 presents two Perimeter Security Scenarios for the reader to consider and research selected NIST Cybersecurity Framework Functions and Categories and then apply them to the given scenarios.

The first chapter in this part of the book is designed to provide an understanding of the security environment at the edge of the local area network and beyond. It establishes the Basics of Internet Security. Topics covered in this chapter include: TCP/IP, unicasts/broadcasts/multicasts, common TCP/UDP ports, and routing. The chapter concludes with coverage of Internet Services, standards and RFCs, and security organization and standards associated with Internet security.

Chapter 20 is all about hiding the local (private) network from the external, public Internet. It begins with an introduction to the concepts of private networks and then moves on to techniques used to hide them from the outside. Topics covered here include: Network and Port Address Translation schemes, port forwarding and mapping, and network segmentation/segregation techniques. The chapter concludes with an exploration of virtualization techniques (VLANs) to hide network segments from each other.

Chapter 21 is about Protecting the Perimeter. The information presented focuses on protection of the organization from external threats. The most widely used device at the network perimeter is the firewall. This chapter begins with an extensive discussion of different firewall types and functions. It then moves on to discuss other types of devices and structures employed at the network perimeter to provide protection services. These devices and structures include network appliances, proxies, DMZs, honey pots, and Extranets.

Chapter 22 is dedicated to securing data in motion as it moves through the Internet. The key elements of this chapter cover authentication protocols, data cryptography, and data encryption techniques. The chapter continues with coverage of Virtual Private Networks (VPNs) and firewalls.

In Chapter 23 you are introduced to tools and utilities commonly used to monitor, diagnose, and control network environments. Tools covered here include common command line utilities used to test connectivity, packet/protocol analyzers used to inspect network traffic, network mapping tools, and penetration testing tools and utilities.

Chapter 24 deals with identifying and defending against common cyber vulnerabilities. Topics discussed in this chapter include: Zero Day vulnerabilities, software exploits, social engineering exploits, network threats, and other common exploit types.

Chapter 25 provides a Summary and Review for the Scenarios and chapters of Part IV. This chapter includes a complete list of relevant Summary Points and a Review Quiz. It also returns the reader to the Scenarios that began the Perimeter Security part so they can update their response to the scenario challenges and then compare them to the response generated by an active Cyber Security Professional.

Finally, Appendix A is a glossary of terms, Appendix B is a list of acronyms, and Appendix C includes the NIST Preliminary Cybersecurity Framework

The Essentials Series

The Essentials series from Sybex provides outstanding instruction for readers who are just beginning to develop their professional skills. Every Essentials book includes these features:

Multimode instruction, providing specific or hands-on procedures wherever appropriate
Review questions and/or bonus labs at the end of each chapter, where you can practice and extend your skills

How to Contact the Author

We’re always interested in comments and feedback from our readers as well as information about books you’d like to see from us in the future. You can reach us by writing to info@marcraft.com. For more information about our work, please visit my website at marcraft.com.

Sybex strives to keep you supplied with the latest tools and information you need for your work. Please check their website at http://www.wiley.com/go/cybersecurityessentials, where we’ll post additional content and updates that supplement this book if the need arises.

Chapter 1	Infrastructure Security in the Real World
Chapter 2	Understanding Access Control and Monitoring Systems
Chapter 3	Understanding Video Surveillance Systems
Chapter 4	Understanding Intrusion Detection and Reporting Systems
Chapter 5

CYBERSECURITY ESSENTIALS

ACKNOWLEDGMENTS

ABOUT THE AUTHORS