Foreword xxi
Introduction xxiii
Chapter 1 Measuring and Weighing Risk 1
Risk Assessment 3
Computing Risk Assessment 4
Acting on Your Risk Assessment 9
Risks Associated with Cloud Computing 17
Risks Associated with Virtualization 19
Developing Policies, Standards, and Guidelines 19
Implementing Policies 20
Understanding Control Types and
False Positives/Negatives 26
Risk Management Best Practices 28
Disaster Recovery 36
Tabletop Exercise 39
Summary 39
Exam Essentials 39
Review Questions 41
Chapter 2 Monitoring and Diagnosing Networks 45
Monitoring Networks 46
Network Monitors 46
Understanding Hardening 52
Working with Services 52
Patches 56
User Account Control 57
Filesystems 58
Securing the Network 60
Security Posture 61
Continuous Security Monitoring 61
Setting a Remediation Policy 62
Reporting Security Issues 63
Alarms 63
Alerts 63
Trends 63
Differentiating between Detection Controls and Prevention Controls 64
Summary 65
Exam Essentials 66
Review Questions 67
Chapter 3 Understanding Devices and Infrastructure 71
Mastering TCP/IP 73
OSI Relevance 74
Working with the TCP/IP Suite 74
IPv4 and IPv6 78
Understanding Encapsulation 79
Working with Protocols and Services 80
Designing a Secure Network 87
Demilitarized Zones 87
Subnetting 89
Virtual Local Area Networks 89
Remote Access 92
Network Address Translation 93
Telephony 94
Network Access Control 95
Understanding the Various Network Infrastructure Devices 95
Firewalls 96
Routers 100
Switches 102
Load Balancers 103
Proxies 103
Web Security Gateway 103
VPNs and VPN Concentrators 103
Intrusion Detection Systems 105
Understanding Intrusion Detection Systems 106
IDS vs. IPS 110
Working with a Network–Based IDS 111
Working with a Host–Based IDS 116
Working with NIPSs 117
Protocol Analyzers 118
Spam Filters 118
UTM Security Appliances 119
Summary 122
Exam Essentials 123
Review Questions 124
Chapter 4 Access Control, Authentication, and Authorization 129
Understanding Access Control Basics 131
Identification vs. Authentication 131
Authentication (Single Factor) and Authorization 132
Multifactor Authentication 133
Layered Security and Defense in Depth 133
Network Access Control 134
Tokens 135
Federations 135
Potential Authentication and Access Problems 136
Authentication Issues to Consider 137
Authentication Protocols 139
Account Policy Enforcement 139
Users with Multiple Accounts/Roles 141
Generic Account Prohibition 142
Group–based and User–assigned Privileges 142
Understanding Remote Access Connectivity 142
Using the Point–to–Point Protocol 143
Working with Tunneling Protocols 144
Working with RADIUS 145
TACACS/TACACS+/XTACACS 146
VLAN Management 146
SAML 147
Understanding Authentication Services 147
LDAP 147
Kerberos 148
Single Sign–On Initiatives 149
Understanding Access Control 150
Mandatory Access Control 151
Discretionary Access Control 151
Role–Based Access Control 152
Rule–Based Access Control 152
Implementing Access Controlling Best Practices 152
Least Privileges 153
Separation of Duties 153
Time of Day Restrictions 153
User Access Review 154
Smart Cards 154
Access Control Lists 156
Port Security 157
Working with 802.1X 158
Flood Guards and Loop Protection 158
Preventing Network Bridging 158
Log Analysis 159
Trusted OS 159
Secure Router Configuration 160
Summary 161
Exam Essentials 161
Review Questions 163
Chapter 5 Protecting Wireless Networks 167
Working with Wireless Systems 169
IEEE 802.11x Wireless Protocols 169
WEP/WAP/WPA/WPA2 171
Wireless Transport Layer Security 173
Understanding Wireless Devices 174
Wireless Access Points 175
Extensible Authentication Protocol 181
Lightweight Extensible Authentication Protocol 182
Protected Extensible Authentication Protocol 182
Wireless Vulnerabilities to Know 183
Wireless Attack Analogy 187
Summary 188
Exam Essentials 189
Review Questions 190
Chapter 6 Securing the Cloud 195
Working with Cloud Computing 196
Software as a Service (SaaS) 197
Platform as a Service (PaaS) 198
Infrastructure as a Service (IaaS) 199
Private Cloud 200
Public Cloud 200
Community Cloud 200
Hybrid Cloud 201
Working with Virtualization 201
Snapshots 203
Patch Compatibility 203
Host Availability/Elasticity 204
Security Control Testing 204
Sandboxing 204
Security and the Cloud 205
Cloud Storage 206
Summary 207
Exam Essentials 207
Review Questions 208
Chapter 7 Host, Data, and Application Security 213
Application Hardening 215
Databases and Technologies 215
Fuzzing 218
Secure Coding 218
Application Configuration Baselining 219
Operating System Patch Management 220
Application Patch Management 220
Host Security 220
Permissions 220
Access Control Lists 221
Antimalware 221
Host Software Baselining 226
Hardening Web Servers 227
Hardening Email Servers 228
Hardening FTP Servers 229
Hardening DNS Servers 230
Hardening DHCP Services 231
Protecting Data Through Fault Tolerance 233
Backups 233
RAID 234
Clustering and Load Balancing 235
Application Security 235
Best Practices for Security 236
Data Loss Prevention 236
Hardware–Based Encryption Devices 237
Summary 238
Exam Essentials 238
Review Questions 239
Chapter 8 Cryptography 243
An Overview of Cryptography 245
Historical Cryptography 245
Modern Cryptography 249
Working with Symmetric Algorithms 249
Working with Asymmetric Algorithms 251
What Cryptography Should You Use? 254
Hashing Algorithms 255
Rainbow Tables and Salt 256
Key Stretching 256
Understanding Quantum Cryptography 257
Cryptanalysis Methods 257
Wi–Fi Encryption 258
Using Cryptographic Systems 258
Confidentiality and Strength 259
Integrity 259
Digital Signatures 261
Authentication 261
Nonrepudiation 262
Key Features 262
Understanding Cryptography Standards and Protocols 263
The Origins of Encryption Standards 263
Public–Key Infrastructure X.509/Public–Key Cryptography Standards 266
X.509 267
SSL and TLS 268
Certificate Management Protocols 270
Secure Multipurpose Internet Mail Extensions 270
Secure Electronic Transaction 270
Secure Shell 271
Pretty Good Privacy 272
HTTP Secure 274
Secure HTTP 274
IP Security 274
Tunneling Protocols 277
Federal Information Processing Standard 278
Using Public–Key Infrastructure 278
Using a Certificate Authority 279
Working with Registration Authorities and Local Registration Authorities 280
Implementing Certificates 281
Understanding Certificate Revocation 285
Implementing Trust Models 285
Hardware–Based Encryption Devices 290
D
