Table of Contents

Introduction xxv

Assessment Test xxxvi

Chapter 1 Today’s Security Professional 1

Cybersecurity Objectives 2

Data Breach Risks 3

The DAD Triad 3

Breach Impact 5

Implementing Security Controls 7

Security Control Categories 7

Security Control Types 8

Data Protection 9

Summary 12

Exam Essentials 12

Review Questions 14

Chapter 2 Cybersecurity Threat Landscape 19

Exploring Cybersecurity Threats 20

Classifying Cybersecurity Threats 20

Threat Actors 22

Threat Vectors 28

Threat Data and Intelligence 30

Open Source Intelligence 31

Proprietary and Closed-Source Intelligence 33

Assessing Threat Intelligence 35

Threat Indicator Management and Exchange 36

Public and Private Information Sharing Centers 37

Conducting Your Own Research 38

Summary 38

Exam Essentials 39

Review Questions 40

Chapter 3 Malicious Code 45

Malware 46

Ransomware 47

Trojans 47

Worms 48

Rootkits 48

Backdoors 49

Bots 50

Keyloggers 52

Logic Bombs 53

Viruses 53

Fileless Viruses 53

Spyware 54

Potentially Unwanted Programs (PUPs) 55

Malicious Code 55

Adversarial Artificial Intelligence 57

Summary 58

Exam Essentials 59

Review Questions 61

Chapter 4 Social Engineering, Physical, and Password Attacks 65

Social Engineering 66

Social Engineering Techniques 67

Influence Campaigns 72

Password Attacks 72

Physical Attacks 74

Summary 76

Exam Essentials 76

Review Questions 78

Chapter 5 Security Assessment and Testing 83

Vulnerability Management 84

Identifying Scan Targets 84

Determining Scan Frequency 86

Configuring Vulnerability Scans 87

Scanner Maintenance 92

Vulnerability Scanning Tools 95

Reviewing and Interpreting Scan Reports 96

Validating Scan Results 106

Security Vulnerabilities 107

Patch Management 107

Legacy Platforms 108

Weak Configurations 109

Error Messages 110

Insecure Protocols 111

Weak Encryption 112

Penetration Testing 113

Adopting the Hacker Mindset 114

Reasons for Penetration Testing 115

Benefits of Penetration Testing 115

Penetration Test Types 116

Rules of Engagement 118

Reconnaissance 119

Running the Test 120

Cleaning Up 120

Training and Exercises 120

Summary 122

Exam Essentials 122

Review Questions 124

Chapter 6 Secure Coding 129

Software Assurance Best Practices 130

The Software Development Life Cycle 130

Software Development Phases 131

Software Development Models 133

DevSecOps and DevOps 136

Designing and Coding for Security 138

Secure Coding Practices 138

API Security 139

Code Review Models 139

Software Security Testing 143

Analyzing and Testing Code 143

Injection Vulnerabilities 144

SQL Injection Attacks 145

Code Injection Attacks 148

Command Injection Attacks 149

Exploiting Authentication Vulnerabilities 150

Password Authentication 150

Session Attacks 151

Exploiting Authorization Vulnerabilities 154

Insecure Direct Object References 154

Directory Traversal 155

File Inclusion 156

Privilege Escalation 157

Exploiting Web Application Vulnerabilities 157

Cross-Site Scripting (XSS) 158

Request Forgery 160

Application Security Controls 161

Input Validation 162

Web Application Firewalls 163

Database Security 163

Code Security 166

Secure Coding Practices 168

Source Code Comments 168

Error Handling 168

Hard-Coded Credentials 170

Memory Management 170

Race Conditions 171

Unprotected APIs 172

Driver Manipulation 172

Summary 173

Exam Essentials 173

Review Questions 175

Chapter 7 Cryptography and the Public Key Infrastructure 179

An Overview of Cryptography 180

Historical Cryptography 181

Goals of Cryptography 186

Confidentiality 187

Integrity 188

Authentication 188

Nonrepudiation 189

Cryptographic Concepts 189

Cryptographic Keys 189

Ciphers 190

Modern Cryptography 191

Cryptographic Secrecy 191

Symmetric Key Algorithms 192

Asymmetric Key Algorithms 193

Hashing Algorithms 196

Symmetric Cryptography 197

Data Encryption Standard 197

Triple DES 199

Advanced Encryption Standard 200

Symmetric Key Management 200

Asymmetric Cryptography 203

RSA 203

Elliptic Curve 204

Hash Functions 205

SHA 206

MD5 207

Digital Signatures 207

HMAC 208

Digital Signature Standard 209

Public Key Infrastructure 209

Certificates 209

Certificate Authorities 211

Certificate Generation and Destruction 212

Certificate Formats 215

Asymmetric Key Management 216

Cryptographic Attacks 217

Emerging Issues in Cryptography 220

Tor and the Dark Web 220

Blockchain 220

Lightweight Cryptography 221

Homomorphic Encryption 221

Quantum Computing 222

Summary 222

Exam Essentials 222

Review Questions 224

Chapter 8 Identity and Access Management 229

Identity 230

Authentication and Authorization 231

Authentication and Authorization Technologies 232

Directory Services 236

Authentication Methods 237

Multifactor Authentication 237

One-Time Passwords 239

Biometrics 241

Knowledge-Based Authentication 243

Managing Authentication 244

Accounts 245

Account Types 245

Account Policies and Controls 245

Access Control Schemes 248

Filesystem Permissions 249

Summary 251

Exam Essentials 252

Review Questions 253

Chapter 9 Resilience and Physical Security 257

Building Cybersecurity Resilience 258

Storage Resiliency: Backups and Replication 260

Response and Recovery Controls 266

Physical Security Controls 269

Site Security 269

Summary 278

Exam Essentials 279

Review Questions 281

Chapter 10 Cloud and Virtualization Security 285

Exploring the Cloud 286

Benefits of the Cloud 287

Cloud Roles 289

Cloud Service Models 289

Cloud Deployment Models 293

Shared Responsibility Model 295

Cloud Standards and Guidelines 298

Virtualization 300

Hypervisors 300

Cloud Infrastructure Components 302

Cloud Compute Resources 302

Cloud Storage Resources 304

Cloud Networking 307

Cloud Security Issues 311

Availability 311

Data Sovereignty 311

Virtualization Security 312

Application Security 312

Governance and Auditing 313

Cloud Security Controls 313

Cloud Access Security Brokers 314

Resource Policies 314

Secrets Management 316

Summary 316

Exam Essentials 316

Review Questions 318

Chapter 11 Endpoint Security 323

Protecting Endpoints 324

Preserving Boot Integrity 325

Endpoint Security Tools 326

Hardening Endpoints and Systems 332

Service Hardening 333

Operating System Hardening 335

Hardening the Windows Registry 336

Configuration, Standards, and Schemas 336

Disk Security and Sanitization 338

File Manipulation and Other Useful Command-Line Tools 341

Scripting, Secure Transport, and Shells 343

Securing Embedded and Specialized Systems 344

Embedded Systems 345

SCADA and ICS 346

Securing the Internet of Things 348

Specialized Systems 349

Communication Considerations 350

Security Constraints of Embedded Systems 351

Summary 352

Exam Essentials 354

Review Questions 356

Chapter 12 Network Security 361

Designing Secure Networks 363

Network Segmentation 365

Network Access Control 366

Port Security and Port-Level Protections 367

Port Spanning/Port Mirroring 369

Virtual Private Network 370

Network Appliances and Security Tools 371

Network Security, Services, and Management 377

Deception and Disruption 382

Secure Protocols 383

Using Secure Protocols 383

Secure Protocols 384

Attacking and Assessing Networks 389

On-Path Attacks 389

Domain Name System Attacks 391

Layer 2 Attacks 393

Distributed Denial-of-Service Attacks 394

Network Reconnaissance and Discovery Tools and Techniques 398

Summary 411

Exam Essentials 412

Review Questions 414

Chapter 13 Wireless and Mobile Security 419

Building Secure Wireless Networks 420

Connectivity Methods 421

Wireless Network Models 425

Attacks Against Wireless Networks 426

Designing a Network 430

Controller and Access Point Security 432

Wi-Fi Security Standards 433

Wireless Authentication 434

Managing Secure Mobile Devices 436

Mobile Device Deployment Methods 436

Mobile Device Management 438

Specialized Mobile Device Security Tools 442

Summary 442

Exam Essentials 443

Review Questions 445

Chapter 14 Incident Response 449

Incident Response 450

The Incident Response Process 451

Attack Frameworks and Identifying Attacks 457

Incident Response Data and Tools 461

Security Information and Event Management Systems 462

Alerts and Alarms 464

Correlation and Analysis 465

Rules 465

Mitigation and Recovery 473

Summary 477

Exam Essentials 478

Review Questions 480

Chapter 15 Digital Forensics 485

Digital Forensic Concepts 486

Legal Holds and e-Discovery 487

Conducting Digital Forensics 488

Acquiring Forensic Data 489

Acquisition Tools 493

Validating Forensic Data Integrity 496

Data Recovery 499

Forensic Suites and a Forensic Case Example 499

Reporting 504

Digital Forensics and Intelligence 504

Summary 505

Exam Essentials 505

Review Questions 507

Chapter 16 Security Policies, Standards, and Compliance 511

Understanding Policy Documents 512

Policies 512

Standards 515

Procedures 517

Guidelines 518

Exceptions and Compensating Controls 519

Personnel Management 520

Least Privilege 520

Separation of Duties 521

Job Rotation and Mandatory Vacations 521

Clean Desk Space 522

Onboarding and Offboarding 522

Nondisclosure Agreements 522

Social Media 522

User Training 522

Third-Party Risk Management 523

Winding Down Vendor Relationships 524

Complying with Laws and Regulations 524

Adopting Standard Frameworks 525

NIST Cybersecurity Framework 525

NIST Risk Management Framework 528

ISO Standards 529

Benchmarks and Secure Configuration Guides 531

Security Control Verification and Quality Control 531

Summary 533

Exam Essentials 534

Review Questions 535

Chapter 17 Risk Management and Privacy 539

Analyzing Risk 540

Risk Identification 541

Risk Calculation 542

Risk Assessment 543

Managing Risk 547

Risk Mitigation 547

Risk Avoidance 549

Risk Transference 549

Risk Acceptance 549

Risk Analysis 550

Disaster Recovery Planning 552

Disaster Types 552

Business Impact Analysis 553

Privacy 553

Sensitive Information Inventory 554

Information Classification 554

Data Roles and Responsibilities 556

Information Lifecycle 557

Privacy Enhancing Technologies 557

Privacy and Data Breach Notification 558

Summary 559

Exam Essentials 559

Review Questions 560

Appendix Answers to Review Questions 565

Chapter 1: Today’s Security Professional 566

Chapter 2: Cybersecurity Threat Landscape 567

Chapter 3: Malicious Code 569

Chapter 4: Social Engineering, Physical, and Password Attacks 572

Chapter 5: Security Assessment and Testing 574

Chapter 6: Secure Coding 576

Chapter 7: Cryptography and the Public Key Infrastructure 578

Chapter 8: Identity and Access Management 579

Chapter 9: Resilience and Physical Security 582

Chapter 10: Cloud and Virtualization Security 584

Chapter 11: Endpoint Security 586

Chapter 12: Network Security 589

Chapter 13: Wireless and Mobile Security 591

Chapter 14: Incident Response 594

Chapter 15: Digital Forensics 596

Chapter 16: Security Policies, Standards, and Compliance 598

Chapter 17: Risk Management and Privacy 600

Index 603

About the Author

ABOUT THE AUTHORS

Mike Chapple, PhD, Security+, CySA+, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame. He's a cybersecurity professional and educator with over 20 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com.

David Seidl, Security+, CySA+, CISSP, PenTest+, is Vice President for Information Technology and CIO at Miami University. David co-led Notre Dame's move to the cloud and has written multiple cybersecurity certification books.