Showing posts with label IS. Show all posts
Showing posts with label IS. Show all posts

Tuesday, 26 March 2019

Cyber Operations: Building, Defending, and Attacking Modern Computer Networks 2nd Edition, Kindle Edition by Mike O'Leary (Author)

Know how to set up, defend, and attack computer networks with this revised and expanded second edition.
You will learn to configure your network from the ground up, beginning with developing your own private virtual test environment, then setting up your own DNS server and AD infrastructure. You will continue with more advanced network services, web servers, and database servers and you will end by building your own web applications servers, including WordPress and Joomla!. Systems from 2011 through 2017 are covered, including Windows 7, Windows 8, Windows 10, Windows Server 2012, and Windows Server 2016 as well as a range of Linux distributions, including Ubuntu, CentOS, Mint, and OpenSUSE.
Key defensive techniques are integrated throughout and you will develop situational awareness of your network and build a complete defensive infrastructure, including log servers, network firewalls, web application firewalls, and intrusion detection systems.
Of course, you cannot truly understand how to defend a network if you do not know how to attack it, so you will attack your test systems in a variety of ways. You will learn about Metasploit, browser attacks, privilege escalation, pass-the-hash attacks, malware, man-in-the-middle attacks, database attacks, and web application attacks.

What You’ll Learn
  • Construct a testing laboratory to experiment with software and attack techniques
  • Build realistic networks that include active directory, file servers, databases, web servers, and web applications such as WordPress and Joomla!
  • Manage networks remotely with tools, including PowerShell, WMI, and WinRM
  • Use offensive tools such as Metasploit, Mimikatz, Veil, Burp Suite, and John the Ripper
  • Exploit networks starting from malware and initial intrusion to privilege escalation through password cracking and persistence mechanisms
  • Defend networks by developing operational awareness using auditd and Sysmon to analyze logs, and deploying defensive tools such as the Snort intrusion detection system, IPFire firewalls, and ModSecurity web application firewalls

Who This Book Is For
This study guide is intended for everyone involved in or interested in cybersecurity operations (e.g., cybersecurity professionals, IT professionals, business professionals, and students) 

Buy :


PDF Download :


Cyber Operations: Building, Defending, and Attacking Modern Computer Networks 1st ed. Edition, Kindle Edition by Mike O'Leary (Author)

Cyber Operations walks you through all the processes to set up, defend, and attack computer networks. This book focuses on networks and real attacks, offers extensive coverage of offensive and defensive techniques, and is supported by a rich collection of exercises and resources.
You'll learn how to configure your network from the ground up, starting by setting up your virtual test environment with basics like DNS and active directory, through common network services, and ending with complex web applications involving web servers and backend databases.
Key defensive techniques are integrated throughout the exposition. You will develop situational awareness of your network and will build a complete defensive infrastructure—including log servers, network firewalls, web application firewalls, and intrusion detection systems.
Of course, you cannot truly understand how to defend a network if you do not know how to attack it, so you will attack your test systems in a variety of ways beginning with elementary attacks against browsers and culminating with a case study of the compromise of a defended e-commerce site.
The author, who has coached his university’s cyber defense team three times to the finals of the National Collegiate Cyber Defense Competition, provides a practical, hands-on approach to cyber security. 
Buy :


PDF Download :


Saturday, 23 March 2019

Personal Cybersecurity: How to Avoid and Recover from Cybercrime 1st ed. Edition, Kindle Edition by Marvin Waschke (Author)

Discover the most prevalent cyber threats against individual users of all kinds of computing devices. This book teaches you the defensive best practices and state-of-the-art tools available to you to repel each kind of threat.
Personal Cybersecurity addresses the needs of individual users at work and at home. This book covers personal cybersecurity for all modes of personal computing whether on consumer-acquired or company-issued devices: desktop PCs, laptops, mobile devices, smart TVs, WiFi and Bluetooth peripherals, and IoT objects embedded with network-connected sensors. In all these modes, the frequency, intensity, and sophistication of cyberattacks that put individual users at risk are increasing in step with accelerating mutation rates of malware and cybercriminal delivery systems.
Traditional anti-virus software and personal firewalls no longer suffice to guarantee personal security. Users who neglect to learn and adopt the new ways of protecting themselves in their work and private environments put themselves, their associates, and their companies at risk of inconvenience, violation, reputational damage, data corruption, data theft, system degradation, system destruction, financial harm, and criminal disaster. This book shows what actions to take to limit the harm and recover from the damage.
Instead of laying down a code of "thou shalt not" rules that admit of too many exceptions and contingencies to be of much practical use, cloud expert Marvin Waschke equips you with the battlefield intelligence, strategic understanding, survival training, and proven tools you need to intelligently assess the security threats in your environment and most effectively secure yourself from attacks. Through instructive examples and scenarios, the author shows you how to adapt and apply best practices to your own particular circumstances, how to automate and routinize your personal cybersecurity, how to recognize security breaches and act swiftly to seal them, and how to recover losses and restore functionality when attacks succeed.
What You'll Learn
  • Discover how computer security works and what it can protect us from
  • See how a typical hacker attack works
  • Evaluate computer security threats to the individual user and corporate systems
  • Identify the critical vulnerabilities of a computer connected to the Internet
  • Manage your computer to reduce vulnerabilities to yourself and your employer
  • Discover how the adoption of newer forms of biometric authentication affects you
  • Stop your router and other online devices from being co-opted into disruptive denial of service attacks
Who This Book Is For

Proficient and technically knowledgeable computer users who are anxious about cybercrime and want to understand the technology behind both attack and defense but do not want to go so far as to become security experts. Some of this audience will be purely home users, but many will be executives, technical managers, developers, and members of IT departments who need to adopt personal practices for their own safety and the protection of corporate systems. Many will want to impart good cybersecurity practices to their colleagues. IT departments tasked with indoctrinating their users with good safety practices may use the book as training material.
 
Buy :
PDF Download :
 

Cyber Security: Analytics, Technology and Automation (Intelligent Systems, Control and Automation: Science and Engineering) Hardcover – 10 Jun 2015 by Martti Lehto (Editor), Pekka Neittaanmäki (Editor)

The book, in addition to the cyber threats and technology, processes cyber security from many sides as a social phenomenon and how the implementation of the cyber security strategy is carried out.
The book gives a profound idea of the most spoken phenomenon of this time. The book is suitable for a wide-ranging audience from graduate to professionals/practitioners and researchers. Relevant disciplines for the book are Telecommunications / Network security, Applied mathematics / Data analysis, Mobile systems / Security, Engineering / Security of critical infrastructure and Military science / Security.

Buy :

PDF Download :



Thursday, 21 March 2019

Wireshark Network Security Paperback – Import, 29 Jul 2015 by Piyush Verma (Author)

null


If you are network administrator or a security analyst with an interest in using Wireshark for security analysis, then this is the book for you. Basic familiarity with common network and application services terms and technologies is assumed.

What You Will Learn
Familiarize yourself with the robust features offered by Wireshark
Use the powerful command-line utilities shipped with Wireshark
Analyze numerous threats to network security using Wireshark
Investigate attacks performed using popular security tools such as Nmap, Nessus, Metasploit, and more
Solve real-world CTF challenges using Wireshark
Create your own security-related profile in Wireshark
Configure Wireshark for effective network troubleshooting
Get accustomed to common scenarios faced by security analysts
Analyze malware traffic successfully by using Wireshark
Unearth anomalies hampering the speed of network communications

PDF Download :
Wireshark Network Security Paperback – Import, 29 Jul 2015 by Piyush Verma (Author) 





Friday, 15 March 2019

Cyber Security: Analytics, Technology and Automation (Intelligent Systems, Control and Automation: Science and Engineering

The book, in addition to the cyber threats and technology, processes cyber security from many sides as a social phenomenon and how the implementation of the cyber security strategy is carried out.
The book gives a profound idea of the most spoken phenomenon of this time. The book is suitable for a wide-ranging audience from graduate to professionals/practitioners and researchers. Relevant disciplines for the book are Telecommunications / Network security, Applied mathematics / Data analysis, Mobile systems / Security, Engineering / Security of critical infrastructure and Military science / Security.

Buy :


PDF Download :



Wednesday, 9 January 2019

Security organisation

Organizational structure

Actual Organizational structure is not discussed here, since every company is different. Rather, roles are described. These roles can be attributed to different persons in an organization depending on it's structure, size, culture etc. 
  
Roles and Responsibility

Depending on company size, responsibility may be attributed to the following roles. What is important is that responsibility is clear and that the responsible persons can actually assume their responsibilities (i.e. the have powers necessary to take corresponding decisions an the experience/knowledge to take the right decisions).

Executives: The managing director, CEO or equivalent is ultimately responsible for security strategy and must make the necessary resources available to combat business threats. This person is also responsible for disseminating strategy and establishing a security-aware culture.

IT Security manager: is responsible for Enterprise security. The IT security manager(s) defines IT security guidelines together with the process owner. He/she is also responsible for security awareness and advising management correctly on security issues. He/she may also carry out risk analyses. It is important that this person be up-to-date on the latest security problems/risks/solutions. Co-ordination with partner companies, security organisations is also important.

Business process / data / operation owner: is directly responsible for a particular process or business unit's data and reports directly to top management. He analyses the impact of security failures and specifies classification and guidelines/processes to ensure the security of the data for which he is responsible. He should not have any influence on auditing.
 

System supplier: Installs and maintains systems. A service level agreement should exist defining the customer/supplier roles and responsibilities. The supplier may be, for example, an external contracting company or the internal datacentre or System/Security administrator. He is responsible for the correct use of security mechanisms. Often this person is root (UNIX) or dba (databases).

System designer: The persons who develop a system have a key role in ensuring that a system can be used securely. New development projects must consider security requirements at an early stage.

Project Leaders: ensure that Security guidelines are adhered to in projects.

Line Managers: ensures that his personnel are fully aware of security policies and does not provide objectives which conflict with policy. He/she enforces policy and checks actual progress.

Users: Users, or "information processors/operators" are responsible for their actions. They are aware of company security policy, understand what the consequences of their actions are and act accordingly. They have effective mechanisms at their disposal so that they can operate with the desired level of security. Should users receive confidential information that is not classified, they are responsible for classifying and distribution of this information.

Auditor: is an independent person, within or outside the company, who checks the status of IT security, much in the same way as a Financial Auditor verifies the validity of accounting records. It is important that the Auditor be independent, not being involved in security administration. Often external consultants fulfill this role, since they can offer a more objective view of policies, processes, organizations and mechanisms.
  

Processes

The security policy needs processes and people (organization) to ensure it's implementation and accordance with business needs. Typical security processes are:
  • Security Hotline / Helpdesk (user management)
  • Change management
  • System monitoring & intruder detection
  • Data backup & recovery
  • System audits
  • Crisis management/Firewall

  1. Security Hotline/ Helpdesk


  • User account management is often available over a so-called hotline or helpdesk.
  • The help-desk is where users call when they have problems. If the helpdesk cannot resolve a problem, it is responsible for escalation (and tracking) of the problem to vendors or system administrators, for example.
  • Users should have access to a service hotline to unlock passwords quickly (if they forget them), otherwise users may write the passwords down.
  • How can password be exchanged over the phone? How can you be sure that the correct user is asking for an allowed modification? Some kind of "authentication" is required. (Perhaps by using internal phone systems where the calling number is visible?, or by calling the user back at his desk?)

2. Change Management


  • Who installs or upgrades HW and SW?
  • New SW should be tested for a few weeks before being installed on production systems.
  • Changes should be carefully prepared and carried out such that production is not disturbed and such that if the changes have a negative effect, they can be removed. During hardware changes ensure that anti-static wrist straps are worn, that the correct tools are available and that the power is connected or removed according to the manufacturer's instructions.
  • Follow the axioms KISS (Keep it simple, stupid) and "if it isn't broken, don't fix it". Only install updates if they are necessary.

3. Systems monitoring

Who monitors what systems, where, with what utilities? Monitoring is often more effective if decentralized in very large organizations.

4. Data Backup & Restore

Processes & responsibility need to be defined to ensure reliable backups and restores when needed. The restore policy should be regularly tested.

5. System audits


  • Servers should be audited regularly (e.g. once per year).
  • A audit checklist should be made for each security level/OS, for simplicity.
  • The auditor should be independent of the administration and be objective.
  • The audit should check: Guidelines, Policies, Users, Management, IT Security managers, Administrators, IT Resources.

6. Crisis Management / "Firewall" / Emergency Response Team / Disaster Planning

Even with a solid security policy, educated users and solid system administration, an emergency response team is useful. Plan for a disaster!
  • Who is on "Firewall", how should they react to a serious security breach?
  • If internal personnel are not expert enough, a "emergency standby" contract could be outsourced to a specialized company.
  • Decide in advance who will be in charge in the event of a security incident. Determine the chain of command (define processes & responsibility).
  • Keep important names, telephone numbers, email addresses off-line. Do not assume that your on-line address book will be available in an emergency.

Security Marketing

Communications Manager: responsible for spreading security awareness in the company. 

Security Information Center

Having the right information at the right time is important.
  • It is advisable to have the current books on relevant security topics available, access to Internet security Newsgroups, mailing lists, WWW servers and ftp servers.
  • All corporate documents on security and the standards on which they are based should be available.
  • Copies of rules, policies, documentation and addresses should be kept off-line (or even better on paper).
The following services could be offered to internal departments:
  • A Security Library (as detailed above).
  • Risk analysis.
  • Education: Courses on IT security for users, administrators, line managers etc.
  • Technical expertise (for each important OS / application / system) who follows security developments. Each specialist must be aware of all new security problems & fixes.
  • Guidance in the purchasing / development of new systems.
  • Testing of new systems.
  • One time audits of systems & processes: do systems conform to policy, what weaknesses do they have?
  • Statistical analysis: regular reporting of system usage, performance, user behaviour, technological trends, external connection usage.

 


Protection & Security in OS

Introduction
  • Interference in resource utilization is a very serious threat in an OS.
  • The nature of the threat depends on the nature of a resource and the manner in which it is used.
  • In this session, we will discuss the issues involved in protection and security.
  • It involves guarding a user's data and programs against interference by other authorized users of the system.

Facets to Protection of Information

There are two facets to protection of information
  • Secrecy : Implies that only authorized users should be able to access information.
  • Privacy : Implies that information should be used only for the purposes(s) for which it is intended and shared.
OS focuses on guaranteeing secrecy of information, and leaves the issue of privacy to the users and their processes.

Security and Protection : Policies and Mechanisms



Security Attributes

Security is traditionally defined by the three attributes namely:
  • Confidentiality : It is the prevention of unauthorized modification of information or resources.
  • Integrity : It is the prevention of unauthorized
  • Availability : It is the prevention of unauthorized withholding of information or resources.
Security Threats
  • Direct : This is any direct attack on your specific systems, whether from outside hackers or from disgruntled insiders.
  • Indirect : This is general random attack, most commonly computer worms or Trojan horses.
Reasons for taking Security measures
  • To prevent loss of data
  • To prevent corruption of data
  • To prevent compromise of data
  • To prevent theft of data
  • To prevent sabotage
Authentication
  • Goal of Authentication : Reasonable assurance that anyone who attempts to access a system or a network is a legitimate user.
  • 3 mechanisms
             - Password
             - Physical token or an artifact
             - Biometric measure


Security models

Security models can be discretionary or mandatory.
  • Discretionary : Holders of right can be allowed to transfer them at their discretion.
  • Mandatory : Only designated roles are allowed to grand rights and users cannot transfer them.
 Security policy Vs. Security Model
  • Security Policy : Outlines several high level points; how the data is accessed, the amount of security required and what are the steps when these requirements are not met.
  • Security Model : The mechanism to support security policy. This involves in the design of the security system.
Access Matrix Model

Consists three principal components:
  • A set of passive objects (files, terminals, devices and other entities)
  • A set of active subjects, which may be manipulate the objects
  • A set of rules governing the manipulation of objects by subjects.
  • The access matrix is a rectangular array with one row per subject and one column per object.

Role Based Access Control
  • Enforces access controls depending upon a user role(s).
  • Roles represent specific organization duties and are commonly mapped to job title. Ex: Administrator, Developer etc.
  • Role definitions and associated access rights must be based upon a thorough understanding of an organization's security policy.
Take-Grant Model
  • This model use graphs to model access control.
  • The graph structure can be represented as an adjacency matrix and labels on the arcs can be coded as different values in the matrix.
  • Nodes in the graph are of two types, one corresponding to subjects and the other to objects.
  • The possible access rights are read(r), write(w), take(t) and grant(g).
Example of Take

OS Security Goals, Policy & Model and Access Control Techniques

 Security Goals

Secrecy (confidentiality)
- Unauthorized disclosure
- Limits the objects (files/sockets) that a process can read

Integrity
- Unauthorized modification
- Limits the objects that a process can write
 (objects may contains information that other processes depend on)

Availability
- Limits the system resources that processes (or users) may consume 
- Therefore preventing denial of service attacks
- Achieved by OS resource management techniques like fair scheduling

Confidentiality & Integrity

Achieved by Access Control
  • Every access to an object in the system should be controlled
  • All and Only authorized accesses can take place
Access Control Systems

Development of an access control system has three components
- Security Policy  : high level rules that define access control
- Security Model  : a formal representation of the access control security policy and its working.
       (this allows a mathematical representation of a policy; there by aid in proving that the model is secure)
- Security Mechanism  : low level (sw / hw) functional implementations of policy and model.

Security Policy
  • A scheme for specifying and enforcing security policies in a system
  • Driven by
         - Understanding of threat and system design
  • Often take the form of a set of statements
       - Succinct statements
       - Goals are agreed upon either by
                 * The entire community
                 * Top management
                 * Or is the basis of a formal mathematical analysis


A bad security policy model of a company

Megacorp Inc security policy
  1. This policy is approved by Management.
  2. All staff shall obey this security policy.
  3. Data shall be available only to those with a 'need-to-know'. 
  4. All breaches of this policy shall be reported at once to security.


Security Model

Why have it at all?
  • It is a mathematical representation of the policy.
  • By proving the model is secure and that the mechanism correctly implements the model, we can argue that the system is indeed secure (w.r.t. the security policy)

Security Mechanism
  • Implementing a correct mechanism is non trivial 
  • Could contain bugs in implementation which would break the security
  • The implementation of the security policy must work as a 'trusted base' (reference monitor)
  • Properties of the implementation
           - Tamper proof
           - Non-bypassable (all access should be evaluated by the mechanism)
           - Security kernel - must be confined to a limited part of the system (scattering security functions all over the system implies that all code must be verified)
          - Small - so as to achieve rigorous verification.


Discretionary Access Control

Discretionary (DAC)
  • Access based on
          - Identity of requestor
          - Access rules state what requestors are (or are not) allowed to do
  • Privileges granted or revoked by an administrator
  • Users can pass on their privileges to other users
  • Example. Access Matrix Model.
Access Matrix Model
  • By Butler Lampson, 1971
  • Subjects : active elements requesting information
  • Objects : passive elements storing information



States of Access Matrix 





Popular Posts

Categories

AI (32) Android (24) AngularJS (1) Assembly Language (2) aws (17) Azure (7) BI (10) book (4) Books (146) C (77) C# (12) C++ (82) Course (67) Coursera (198) Cybersecurity (24) data management (11) Data Science (106) Data Strucures (8) Deep Learning (13) Django (14) Downloads (3) edx (2) Engineering (14) Excel (13) Factorial (1) Finance (6) flask (3) flutter (1) FPL (17) Google (21) Hadoop (3) HTML&CSS (47) IBM (25) IoT (1) IS (25) Java (93) Leet Code (4) Machine Learning (46) Meta (18) MICHIGAN (5) microsoft (4) Nvidia (1) Pandas (3) PHP (20) Projects (29) Python (888) Python Coding Challenge (285) Questions (2) R (70) React (6) Scripting (1) security (3) Selenium Webdriver (2) Software (17) SQL (42) UX Research (1) web application (8)

Followers

Person climbing a staircase. Learn Data Science from Scratch: online program with 21 courses