Cybersecurity Essentials E-Book

Table of Contents

COVER

ACKNOWLEDGMENTS

ABOUT THE AUTHORS

INTRODUCTION

Who Should Read This Book

What Is Covered in This Book

The

Essentials

Series

How to Contact the Author

PART I: Securing the Infrastructure

CHAPTER 1: Infrastructure Security in the Real World

Security Challenges

Summary

CHAPTER 2: Understanding Access-Control and Monitoring Systems

A Quick Primer on Infrastructure Security

Access Control

Security Policies

Physical Security Controls

Access-Control Gates

Authentication Systems

Remote-Access Monitoring

Hands-On Exercises

CHAPTER 3: Understanding Video Surveillance Systems

Video Surveillance Systems

Hands-On Exercises

CHAPTER 4: Understanding Intrusion-Detection and Reporting Systems

Intrusion-Detection and Reporting Systems

Hands-On Exercises

CHAPTER 5: Infrastructure Security: Review Questions and Hands-On Exercises

Summary Points

Security Challenge Scenarios

Review Questions

Exam Questions

PART II: Securing Local Hosts

CHAPTER 6: Local Host Security in the Real World

Security Challenges

Summary

CHAPTER 7: Securing Devices

The Three Layers of Security

Securing Host Devices

Hands-On Exercises

CHAPTER 8: Protecting the Inner Perimeter

The Inner Perimeter

Hands-On Exercises

CHAPTER 9: Protecting Remote Access

Protecting Local Computing Devices

Implementing Local Protection Tools

Using Local Intrusion-Detection Tools

Configuring Browser Security Options

Defending Against Malicious Software

Hardening Operating Systems

Overseeing Application Software Security

Applying Software Updates and Patches

Hands-On Exercises

CHAPTER 10: Local Host Security: Review Questions and Hands-On Exercises

Summary Points

Security Challenge Scenarios

Review Questions

Exam Questions

PART III: Securing Local Networks

CHAPTER 11: Local Network Security in the Real World

Security Challenges

Summary

CHAPTER 12: Networking Basics

Understanding the Basics of Networking

The OSI Networking Model

Data Transmission Packets

OSI Layer Security

Network Topologies

Logical Topologies

Hands-On Exercises

CHAPTER 13: Understanding Networking Protocols

The Basics of Networking Protocols

Network Control Strategies

Hands-On Exercises

CHAPTER 14: Understanding Network Servers

The Basics of Network Servers

Hands-On Exercises

CHAPTER 15: Understanding Network Connectivity Devices

Network Switches

Routers

Gateways

Network Bridges

Wireless Network Connectivity

Hands-On Exercises

CHAPTER 16: Understanding Network Transmission Media Security

The Basics of Network Transmission MEDIA

Transmission Media Vulnerabilities

Hands-On Exercises

CHAPTER 17: Local Network Security: Review Questions

Summary Points

Security Challenge Scenarios

Review Questions

PART IV: Securing the Perimeter

CHAPTER 18: Perimeter Security in the Real World

Security Challenges

Summary

CHAPTER 19: Understanding the Environment

The Basics of Internet Security

Understanding the Environment

Hands-On Exercises

CHAPTER 20: Hiding the Private Network

Understanding Private Networks

Hands-On Exercises

CHAPTER 21: Protecting the Perimeter

Understanding the Perimeter

Firewalls

Network Appliances

Proxy Servers

Demilitarized Zones (DMZs)

Honeypots

Extranets

Hands-On Exercises

CHAPTER 22: Protecting Data Moving Through the Internet

Securing Data in Motion

Cryptography

Hands-On Exercises

CHAPTER 23: Tools and Utilities

Using Basic Tools

Monitoring Tools and Software

Hands-On Exercises

CHAPTER 24: Identifying and Defending Against Vulnerabilities

Zero Day Vulnerabilities

Software Exploits

Social Engineering Exploits

Network Threats and Attacks

Dictionary Attacks

Denial of Service (DoS) Attacks

Spam

Other Exploits

Hands-On Exercises

CHAPTER 25: Perimeter Security: Review Questions and Hands-On Exercises

Summary Points

Security Scenario Review

Review Questions

Exam Questions

APPENDIX A: Glossary

APPENDIX B: Acronyms

APPENDIX C: NIST Preliminary Cybersecurity Framework

INDEX

END USER LICENSE AGREEMENT

List of Tables

Chapter 2

TABLE 2.1 Biometric Device Comparisons

TABLE 2.2 Access-Control Gates

TABLE 2.3 Access-Control Doors

TABLE 2.4 Door/Gate Actuators

TABLE 2.5 Security Controllers

TABLE 2.6 Security Keypads

TABLE 2.7 Door Contacts/Sensors

TABLE 2.8 Driveway Sensors

TABLE 2.9 Authentication Devices/Systems

TABLE 2.10 Door Locks

Chapter 3

TABLE 3.1 Video Cameras

TABLE 3.2 Digital Video Recorders

TABLE 3.3 Additional Video Monitoring Software

TABLE 3.4 Authentication/Access-Control Devices and Systems

TABLE 3.5 Door Contacts/Sensors

TABLE 3.6 Door Locks

Chapter 4

TABLE 4.1 Door Locks

TABLE 4.2 Door Contacts/Sensors

TABLE 4.3 Motion Detectors

Chapter 7

TABLE 7.1 Typical and Legacy I/O Ports

Chapter 8

TABLE 8.1 Operating System Security Comparisons

TABLE 8.2 Permissions Available in

test1

ACL

TABLE 8.3 TestUser2 Access Levels

Chapter 9

TABLE 9.1 Typical I/O Ports

TABLE 9.2 Types of Networks

TABLE 9.3 Recommended Ports to Close

TABLE 9.4 Recommended ICMP Types and Codes to Close

Chapter 12

TABLE 12.1 OSI Layer Security

TABLE 12.2 Rule Types

Chapter 13

TABLE 13.1 LAN Information

Chapter 14

TABLE 14.1 RBAC Rights and Permissions

TABLE 14.2 File A

TABLE 14.3 Folder B

Chapter 16

TABLE 16.1 Bluetooth Parameters

Chapter 19

TABLE 19.1 A Few Common Ports and Their Uses

TABLE 19.2 Delete Browsing History Options

TABLE 19.3 Internet Explorer Security Zones

TABLE 19.4 Options

Chapter 23

TABLE 23.1 Defining Columns

List of Illustrations

Chapter 1

FIGURE 1.1 The Electrical Substation

FIGURE 1.2 Headquarters Facility Plans

Chapter 2

FIGURE 2.1 The Three Perimeters

FIGURE 2.2 Access Control

FIGURE 2.3 Authorization

FIGURE 2.4 Physical Barriers

FIGURE 2.5 Key-Locking Deadbolt

FIGURE 2.6 Electronic Deadbolt

FIGURE 2.7 Cipher Lock

FIGURE 2.8 Sliding Gate

FIGURE 2.9 Swinging Gate

FIGURE 2.10 SPST Relay Schematic

FIGURE 2.11 Gate Controller Relay and Associated Components

FIGURE 2.12 Magnetic Stripe Card System

FIGURE 2.13 Smart Cards

FIGURE 2.14 RFID System

FIGURE 2.15 Typical Biometric Authentication Methods

FIGURE 2.16 Remote-Access Communication Options

FIGURE 2.17 Window Sensor with Magnetic Switch Contacts

FIGURE 2.18 Remote-Control Operations

FIGURE 2.19 Remote-Monitoring Systems

FIGURE 2.20 The Facility

FIGURE 2.21 Security Perimeters

FIGURE 2.22 Device Locations

Chapter 3

FIGURE 3.1 A Basic Video Surveillance System

FIGURE 3.2 Video Surveillance Camera

FIGURE 3.3 IP Camera

FIGURE 3.4 Pan-Tilt-Zoom Camera

FIGURE 3.5 Analog and Digital Camera Resolution

FIGURE 3.6 IR Camera

FIGURE 3.7 Monitoring Passageways

FIGURE 3.8 Asset Monitoring

FIGURE 3.9 A Video Recorder

FIGURE 3.10 DAS Video Storage

FIGURE 3.11 NAS and SAN Storage Systems

FIGURE 3.12 Quad Camera Switcher with a Sensor and Video Recorder

FIGURE 3.13 The Inner Perimeter

Chapter 4

FIGURE 4.1 Basic Intrusion-Detection and Reporting System

FIGURE 4.2 Control Box with Panel and Battery

FIGURE 4.3 Security Panel Zone Inputs

FIGURE 4.4 Creating a Physical Zone

FIGURE 4.5 Zoning Concepts

FIGURE 4.6 Sensor Mounting

FIGURE 4.7 Glass-Breakage Sensors

FIGURE 4.8 A PIR Motion Detector

FIGURE 4.9 PIR Field of View

FIGURE 4.10 Photoelectric Beam System

FIGURE 4.11 Controller Keypad

FIGURE 4.12 Security Key Fob

FIGURE 4.13 A Typical Smoke Detector

FIGURE 4.14 Electronic Siren

FIGURE 4.15 Strobe Light

FIGURE 4.16 Automatic Voice/Pager Dialer Console

FIGURE 4.17 The Warehouse Area and Offices

FIGURE 4.18 The Interior Security Zone

Chapter 5

FIGURE 5.1 Threat-Informed Pyramid

Chapter 6

FIGURE 6.1 Corporate Desktop PC

FIGURE 6.2 Notebook PC

Chapter 7

FIGURE 7.1 The Three Layers

FIGURE 7.2 PC Security Cable

FIGURE 7.3 A Docking Station

FIGURE 7.4 Typical PCs

FIGURE 7.5 CMOS Security Configuration

FIGURE 7.6 Physical PC Ports

FIGURE 7.7 Pathways to the Vital Components

FIGURE 7.8 A USB Port

FIGURE 7.9 USB Desktop Connections

FIGURE 7.10 USB Connectors

FIGURE 7.11 FireWire Plug and Connector

FIGURE 7.12 eSATA Interface Connections

FIGURE 7.13 Typical IO Port Connectors

FIGURE 7.14 Port-Enabling Options

FIGURE 7.15 Removable Media

FIGURE 7.16 Sample BIOS Initial Settings Screen

FIGURE 7.17 Advanced Mode Highlighted

FIGURE 7.18 Advanced Mode Initial Menu

FIGURE 7.19 USB Configuration

FIGURE 7.20 USB Single Port Control

FIGURE 7.21 Enable or Disable USB Ports

FIGURE 7.22 Security Settings

FIGURE 7.23 BIOS Administrator and User Password Settings

FIGURE 7.24 Boot Menu

FIGURE 7.25 Boot Option #1 Attempted to Boot First

FIGURE 7.26 Secure Boot

FIGURE 7.27 Key Management

FIGURE 7.28 Key Management Settings

Chapter 8

FIGURE 8.1 The Inner Perimeter

FIGURE 8.2 Basic OS File Structure

FIGURE 8.3 The Position of the OS in the Computer System

FIGURE 8.4 The Position of the Kernel

FIGURE 8.5 Directory Traversal

FIGURE 8.6 2014 Smartphone OS Graph

FIGURE 8.7 Local Security Policy/Security Settings

FIGURE 8.8 Microsoft Local User and Group Accounts

FIGURE 8.9 Windows Lockout Options

FIGURE 8.10 Fingerprint Scanners

FIGURE 8.11 Viewing Security Audit Logs

FIGURE 8.12 Configuring Auditing in Windows

FIGURE 8.13 Establishing a Local Security Policy Setting

FIGURE 8.14 Linux Auditing

FIGURE 8.15 Data Encryption

FIGURE 8.16 The Encryption/Decryption Process

FIGURE 8.17 Using the TPM

FIGURE 8.18 Windows Drive Encryption Options

FIGURE 8.19 Access Control List

FIGURE 8.20

Perm_Test

Folder Created

FIGURE 8.21 File

test1

Properties window

FIGURE 8.22 Permissions for

Test1

Given to TestUser2

FIGURE 8.23 Using AxCrypt to Encrypt the

test4

File

FIGURE 8.24 Encrypted Data in

.txt

Document

Chapter 9

FIGURE 9.1 Firewall Operation

FIGURE 9.2 Firewall Functionality

FIGURE 9.3 Internet Options

FIGURE 9.4 IE Security Tab

FIGURE 9.5 HTTP Transfer Operations

FIGURE 9.6 Cookie Poisoning

FIGURE 9.7 Antispyware Product Types

FIGURE 9.8 Basic Windows Firewall Settings

FIGURE 9.9 Customize Settings Window for Windows Firewall

FIGURE 9.10 Windows Firewall with Advanced Security Console

FIGURE 9.11 Windows Firewall with Advanced Security on Local Computer Properties

FIGURE 9.12 Outbound Rules in Windows Firewall with Advanced Security

FIGURE 9.13 New Outbound Rule Wizard

FIGURE 9.14 New Outbound Rule Wizard Steps: Protocol and Ports

FIGURE 9.15 New Outbound Rule Wizard Steps: Name Page

FIGURE 9.16 Windows Firewall with Advanced Security New Outbound Rule

FIGURE 9.17 New Outbound Rule Wizard Steps: Program Page

FIGURE 9.18 Customize ICMP Settings

FIGURE 9.19 New Outbound Rule Steps: Scope Page

FIGURE 9.20 New Outbound Rule Wizard Steps: Name Page

FIGURE 9.21 New Outbound Rule in Windows Firewall with Advanced Security

FIGURE 9.22 Ping Failure

FIGURE 9.23 Ping Success

Chapter 10

FIGURE 10.1 USB Port Locks

FIGURE 10.2 Known Vulnerabilities

FIGURE 10.3 Implementation

Chapter 11

FIGURE 11.1 The Company Layout

FIGURE 11.2 The Company Network Layout

Chapter 12

FIGURE 12.1 The OSI Networking Model

FIGURE 12.2 Building Transmission Packets

FIGURE 12.3 Bus, Ring, Star, and Mesh Configurations

FIGURE 12.4 Primary/Secondary Ring Topologies

FIGURE 12.5 Logical Topologies

FIGURE 12.6 Windows Firewall with Advanced Security

FIGURE 12.7 Expanded Monitoring and Security Associations Items

FIGURE 12.8 New Connection Security Rule Wizard

FIGURE 12.9 New Connection Security Rule Wizard – Requirements Window

FIGURE 12.10 The Customize button is active.

FIGURE 12.11 Customize Advanced Authentication Methods Window

FIGURE 12.12 Add First Authentication Method Window

FIGURE 12.13 New Connection Security Rule Wizard – Profile Window

FIGURE 12.14 Naming the Rule

FIGURE 12.15 Viewing the New Rule

FIGURE 12.16 Request IPsec Rule Properties

Chapter 13

FIGURE 13.1 TCP/IP Packet

FIGURE 13.2 SYN/ACK Sequence

FIGURE 13.3 Subnetting with IPv4

FIGURE 13.4 A Typical Ethernet Frame

FIGURE 13.5 A Peer-to-Peer Network

FIGURE 13.6 A Client/Server Network

FIGURE 13.7 Accessing the Command Prompt

FIGURE 13.8 Changing the Command Prompt Font Type and Size

FIGURE 13.9 Changing the Command Prompt Colors

FIGURE 13.10 Listing the Network Configuration

FIGURE 13.11 Mapping IP Addresses to MAC Addresses

FIGURE 13.12 Observing Data Packet Statistical Information

FIGURE 13.13 Displaying the Routing Table

FIGURE 13.14 Numerical Address and Port Connections

FIGURE 13.15 Identifying Remote Host Connections

FIGURE 13.16 Creating a List of Nodes on a LAN

FIGURE 13.17 Creating a List of Shared Host Devices

FIGURE 13.18 Tracking a Data Packet with

TRACERT

FIGURE 13.19 Testing the Local Host and TCP/IP

FIGURE 13.20 Pinging the Remote Google Server Cluster

Chapter 14

FIGURE 14.1 Typical Rack-Mount Server Cabinet

FIGURE 14.2 Server Security Points

FIGURE 14.3 A Locking Server Chassis

FIGURE 14.4 Mandatory Access Control

FIGURE 14.5 Role-Based Access Control

FIGURE 14.6 Adding Users or Groups in a Linux Distribution

FIGURE 14.7 Password Policies

FIGURE 14.8 Viewing Security Audit Logs

FIGURE 14.9 Distributed IDS

FIGURE 14.10 A Typical Vulnerability Scanner

FIGURE 14.11 Remote Monitoring Components

FIGURE 14.12 IPCONFIG

FIGURE 14.13 Contents of the Etc Folder

FIGURE 14.14 The Snort Configuration File

FIGURE 14.15 Network Address Change

FIGURE 14.16 Rule Paths Changed

FIGURE 14.17 Whitelist and Blacklist Changed

FIGURE 14.18 Configuring Log Directory

FIGURE 14.19 Dynamic Preprocessor Path

FIGURE 14.20 Dynamic Engine Path Changed

FIGURE 14.21 Dynamic Rules Excluded

FIGURE 14.22 Inline Packet Normalization Excluded

FIGURE 14.23 Enable

Portscan

FIGURE 14.24 Whitelist and Blacklist Excluded

FIGURE 14.25 Output Alert

FIGURE 14.26 Setting Rules

FIGURE 14.27 Step #8 Changes

FIGURE 14.28 Extract Window

FIGURE 14.29 Community-Rules

FIGURE 14.30 Rules Folder Community-

FIGURE 14.31 Community File Moved to Rules Folder

FIGURE 14.32

cd c:\snort\bin

FIGURE 14.33 Snort List of Interfaces

FIGURE 14.34 Snort Successful Validation

FIGURE 14.35 Snort IDS Mode Breakdown

FIGURE 14.36 Snort in Sniffer Mode

Chapter 15

FIGURE 15.1 A Network-Switch Connection

FIGURE 15.2 A Network Router

FIGURE 15.3 Internal Structure of a Network Router

FIGURE 15.4 Gateway Operations

FIGURE 15.5 A Network Bridge Arrangement

FIGURE 15.6 A Wireless Access Point

FIGURE 15.7 A Denial of Service Attack

FIGURE 15.8 A Man-in-the-Middle Attack

FIGURE 15.9 Run Dialog

FIGURE 15.10 Command Prompt

FIGURE 15.11 IPCONFIG Output

FIGURE 15.12 Setting the Password

FIGURE 15.13 Turning Off Remote Management

FIGURE 15.14 Turning Off the Guest Network

Chapter 16

FIGURE 16.1 UTP and STP Cabling

FIGURE 16.2 Coaxial Cable

FIGURE 16.3 Transmitting Over Fiber-Optic Cable

FIGURE 16.4 Bluetooth PAN

FIGURE 16.5 ZigBee PAN

FIGURE 16.6 WiMAX

FIGURE 16.7 Enter your credentials.

FIGURE 16.8 The Logs

FIGURE 16.9 Turn off all SSID broadcasts and change the default name.

FIGURE 16.10 Turn off the 5 GHz wireless router radio.

FIGURE 16.11 Disabling UPnP

Chapter 17

FIGURE 17.1 The Company Layout

FIGURE 17.2 Role-Based Architecture

FIGURE 17.3 Loosely Managed Environment

FIGURE 17.4 Maintaining Control

FIGURE 17.5 The Master Key

FIGURE 17.6 Suggested Network

Chapter 18

FIGURE 18.1 The Company Network Layout

Chapter 19

FIGURE 19.1 Internet Players

FIGURE 19.2 TCP Segment Structure

FIGURE 19.3 Network Messaging Types

FIGURE 19.4 Routing Operations

FIGURE 19.5 TLD Organization

FIGURE 19.6 ISP Position and Services

FIGURE 19.7 Locating Internet Explorer

FIGURE 19.8 Accessing Internet Options

FIGURE 19.9 Website Data Settings

FIGURE 19.10 Delete Browsing History Window

FIGURE 19.11 Security Tab of Internet Options

FIGURE 19.12 Restricted Sites Window

FIGURE 19.13 The msn.com Website as a Restricted Site

FIGURE 19.14 Security Settings – Restricted Sites Zone Window

FIGURE 19.15 The Privacy Tab in Internet Options

FIGURE 19.16 Pop-Up Blocker Settings

Chapter 20

FIGURE 20.1 NAT Configuration

FIGURE 20.2 PAT Configurations

FIGURE 20.3 Port Forwarding

FIGURE 20.4 A Segmented Network

FIGURE 20.5 Virtual Instances

FIGURE 20.6 A VLAN

FIGURE 20.7 Systeminfo Command Output

FIGURE 20.8 Windows Features

FIGURE 20.9 Enabling Hyper-V

FIGURE 20.10 Ready for the Reboot

FIGURE 20.11 Pinning Hyper-V to Taskbar

FIGURE 20.12 Virtual Switch Manager

FIGURE 20.13 Apply Network Changes Warning

FIGURE 20.14 New Virtual Machine Wizard – Before You Begin Window

FIGURE 20.15 Specify Name and Location

FIGURE 20.16 Selecting the Network Connection

FIGURE 20.17 Selecting the ISO

FIGURE 20.18 Virtual Machine Installed in Hyper-V

FIGURE 20.19 Ubuntu Linux 16.04.3 LTS Running as a VM

Chapter 21

FIGURE 21.1 The Perimeter

FIGURE 21.2 Internet Connectivity

FIGURE 21.3 Gateway Connection Options

FIGURE 21.4 Private and Public Networks

FIGURE 21.5 Network Firewall

FIGURE 21.6 Stateful Firewall Operations

FIGURE 21.7 A UTM Device

FIGURE 21.8 Operation of a Proxy Server

FIGURE 21.9 Reverse Proxy Operations

FIGURE 21.10 A DMZ

FIGURE 21.11 A Single-Firewall DMZ

FIGURE 21.12 A Dual-Firewall DMZ

FIGURE 21.13 Honeypot Implementation

FIGURE 21.14 An Extranet

FIGURE 21.15 Viewing www.opera.com

FIGURE 21.16 Using the Installer

FIGURE 21.17 Skipping the Import

FIGURE 21.18 Opera Browser

FIGURE 21.19 The Browser Settings Gear

FIGURE 21.20 The VPN Settings

FIGURE 21.21 The Results of Apache “Whoami

FIGURE 21.22 The Results of “Where Am I”

FIGURE 21.23 Choosing Location in Asia

Chapter 22

FIGURE 22.1 Kerberos Authentication

FIGURE 22.2 Viewing Credentials

FIGURE 22.3 Symmetric vs. Asymmetric Keys

FIGURE 22.4 Digital Certificates

FIGURE 22.5 CAPTCHA Examples

FIGURE 22.6 VPN Connections

FIGURE 22.7 Show File Extensions

FIGURE 22.8 The Hash Algorithms

FIGURE 22.9 Creating the

HashTest.txt

File

FIGURE 22.10 Contents of HashTest File

FIGURE 22.11 The Md5deep Folder

FIGURE 22.12 Md5deep Contents in the Command Prompt

FIGURE 22.13 MD5 Hash Output

FIGURE 22.14 64-bit MD5 Hash output

FIGURE 22.15 Sha-1 Hash Output

FIGURE 22.16 Whirlpool Hash Output

FIGURE 22.17 New Contents of HashTest File

FIGURE 22.18 Comparing the MD5 Hash Outputs

FIGURE 22.19 Comparing the Sha-1 Hash Outputs

FIGURE 22.20 Comparing the Whirlpool Hash Outputs

Chapter 23

FIGURE 23.1 Whois Tool

FIGURE 23.2 PING

FIGURE 23.3

Traceroute

Operation

FIGURE 23.4 Telnet Operation

FIGURE 23.5 A Packet Analyzer Tool

FIGURE 23.6 Wireshark

FIGURE 23.7 Snort

FIGURE 23.8 Nmap Utility

FIGURE 23.9 Metasploit Operation

FIGURE 23.10 Wireshark Interface

FIGURE 23.11 Starting to Capture Packet Traffic

FIGURE 23.12 Wireshark Capture Window

FIGURE 23.13 Sending a

PING

Request

FIGURE 23.14

Ping

FIGURE 23.15 Wireshark Capture Window with ICMP Packets

FIGURE 23.16 Viewing the

PING

FIGURE 23.17 Wireshark Examples Folder Contents

FIGURE 23.18 Arp-Storm Example

FIGURE 23.19 Teardrop Attack Example

Chapter 24

FIGURE 24.1 SQL Injection

FIGURE 24.2 Cross-Site Scripting

FIGURE 24.3 An Example Phishing Attack

FIGURE 24.4 Broadcast Storm

FIGURE 24.5 Session Hijacking

FIGURE 24.6 MITM Attack

FIGURE 24.7 Clickjacking

FIGURE 24.8 A Typical DoS Attack

FIGURE 24.9 A DRDoS Attack

FIGURE 24.10 Tarpitting

FIGURE 24.11 Local Security Policy

FIGURE 24.12 No Software Restriction Policies Defined

FIGURE 24.13 Software Restriction Policies with Contents

FIGURE 24.14 Enforcement Properties

FIGURE 24.15 Security Levels

FIGURE 24.16 Additional Rules

FIGURE 24.17 New Path Rule

FIGURE 24.18 Notepad Selected in Browse for File or Folder

FIGURE 24.19 New Rule in Additional Rules

FIGURE 24.20 Notepad Blocked

Appendix C

FIGURE C.1: The NIST Framework Stakeholders

Guide

Cover

Table of Contents

Begin Reading

Pages

C1

i

ii

iii

iv

v

vi

xix

xx

xxi

xxii

xxiii

xxiv

xxv

1

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

113

115

116

117

118

119

120

121

122

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

263

265

267

268

269

270

271

272

273

274

276

277

279

281

282

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

385

387

389

390

391

393

394

395

396

397

398

399

400

401

402

403

404

405

407

408

409

410

411

412

413

414

416

418

419

420

421

422

423

424

425

426

427

428

429

430

431

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

449

451

452

453

454

455

457

458

459

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

497

498

499

500

501

502

503

504

505

506

507

508

509

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

553

554

555

556

557

558

559

560

561

562

563

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

591

592

593

594

595

596

597

598

599

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

654

655

656

657

658

659

660

661

662

663

664

665

666

667

668

669

670

671

672

673

674

675

676

677

678

679

680

681

682

683

684

685

686

687

688

689

690

691

692

693

694

695

696

697

698

699

700

701

702

703

704

705

706

707

708

709

710

711

712

713

715

716

717

718

719

720

721

722

723

724

725

727

728

729

730

731

732

733

734

735

736

737

738

739

740

741

742

743

744

745

746

747

748

749

750

751

752

753

754

755

756

757

758

E1

CYBERSECURITY ESSENTIALS

Development Editor: David ClarkTechnical Editors: Raymond Blockmon, Chris Culling, Jeff ParkerProduction Editor: Athiyappan Lalith KumarCopy Editor: Kathy CarlyleEditorial Manager: Mary Beth WakefieldProduction Manager: Kathleen WisorExecutive Editor: Jim MinatelProofreader: Nancy BellIndexer: Johnna VanHoose DinseProject Coordinator, Cover: Brent SavageCover Designer: WileyCover Image: © ktsdesign/Shutterstock

Copyright © 2018 by John Wiley & Sons, Inc., Indianapolis, IndianaPublished simultaneously in CanadaISBN: 978-1-119-36239-5ISBN: 978-1-119-36243-2 (ebk)ISBN: 978-1-119-36245-6 (ebk)

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2018943782

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

To my wife Robbie, for all of her understanding, support, and help with these projects, as well as Robert, Jamaica, Michael, and Joshua.

Charles Brooks

To my close friends and family here and gone who have stood by me and encouraged me along my way. Your support through the years, mental, emotional, and financial, has brought me to this point. I dedicate this work to all of you, without which this would not have been possible for me.

Christopher Grow

To my wife Caralee, who has endured many times over the years my travels, my long stays in our nation’s capital, and mostly her understanding of the importance of my commitment to cybersecurity. As we celebrate her birthday on September 11 every year, we are reminded of what it means to our daily lives.

Philip Craig

To my family whose grace and support have amazed me for decades. My loving wife of 33 years, Norma, and my children Kenny and Breanne continue to support my efforts and endure the challenges of my entrepreneurial life.

Donald Short

ACKNOWLEDGMENTS

As always, I want to thank the staff at ETG/Marcraft for making it easy to turn out a good product. In particular, thanks to Cathy Boulay and Luke Johns from the Product Development department for their excellent work in getting the text and graphics ready to go and looking good.

Many thanks as well to Jeff Riley, whom I’ve known and worked with in the book production business for many years. Thanks for putting together another great project.

—Charles Brooks

I would like to start by thanking some of the many people who have made what has become my repository of knowledge and skill available to help make this book possible. First there is my father David P. Grow. His knowledge, mentoring, patience, and understanding started my journey down the career path of computer support and computer networking.

I would also like to thank all of my mentors along the way who have increased my skills and knowledge. Whether they were employers or colleagues, each mentor has made contributions to my knowledge and skill that helped make this all possible. Especially the support staff and leadership here with my current employer at ETG/Marcraft: Charles Brooks, Kevin Smith, Cathy Boulay, Grant Ter-Oganov and any personnel working behind the scenes that I did not meet.

Lastly I would like to thank my close friends and family for all their help and support as I worked through the process of creating my contribution to this book.

—Christopher Grow

To the folks who commit their lives and careers developing new approaches to cybersecurity that protects the immense landscape of computing infrastructures from acts of malicious and sometimes deadly outcomes of cyber attacks, I dedicate these works to you. The next generation of cyber-protectors will gain significant value from this book and hopefully will find its content sparking new dedication to the cyber challenges we will face in the years ahead.

To the leadership at ETG/Marcraft whose vision recognizes the value of the teaching through hands-on experiences and not just the texts, thank you for recognizing and implementing your approach to our trade.

—Philip Craig

I would like to thank my customers and associates from the past 25 plus years who have helped me grow and learn at a rate I would not have thought possible.

—Donald Short

ABOUT THE AUTHORS

Charles J. Brooks is currently co-owner and vice president of Educational Technologies Group Inc., as well as co-owner of eITPrep LLP, an online training company. He is in charge of research and product development at both organizations.

A former electronics instructor and technical writer with the National Education Corporation, Charles taught and wrote on post-secondary ETG curriculum, including introductory electronics, transistor theory, linear integrated circuits, basic digital theory, industrial electronics, microprocessors, and computer peripherals.

Charles has authored several books, including seven editions of A+ Certification Training Guide, The Complete Introductory Computer Course, and IBM PC Peripheral Troubleshooting and Repair. He also writes about green technologies, networking, residential technology integration, and IT convergence.

Christopher M. Grow is currently the Technical Services Manager for Educational Technologies Group. He is responsible for product support, solution development, onsite implementation/installation, and instructor support and training for a wealth of cybersecurity and information technology products. He also is involved in program management and contributes in R&D of new products and revisions of current offerings.

Christopher has been a consultant and contractor in the IT industry for over 20 years. As an Information Security and Surveillance manager for a casino in Washington State, Christopher helped design and implement security policies, frameworks, and training to protect and segregate public and private information for the casino and their customers. He also helped to design procedures and train personnel on the physical security aspects of the casino industry.

Philip Craig is the founder of BlackByte Cyber Security, LLC, a consultancy supporting the Pacific Northwest National Laboratory (PNNL) research and national security agendas as well as the National Rural Electric Cooperative Association and National Rural Telecommunications Cooperative.

For many years, Phil served as a Senior Cyber Security Research Scientist at PNNL, where he provided engineering and program management support in the fields of cybersecurity, supervisory control and data acquisition (SCADA) technologies, computing, and communications infrastructure.

This included development of complex system and policy solutions in a variety of critical infrastructures including the nuclear power, electric power, and water sectors. He developed and deployed both strategic and tactical cybersecurity defensive solutions for the electric power and nuclear sectors.

Donald Short is the President of One World Telecommunications, Inc., an Internet Service Provider in Kennewick, Washington, where he both manages the business and programs web and database applications.

Don has been both a pharmacist and computer scientist for over 35 years, working in many programming languages on a variety of network architectures, and has developed large and complex online content and learning management systems.

INTRODUCTION

Welcome to Cybersecurity Essentials. This book is designed to provide a solid theory and practical platform for cybersecurity personnel. Key information provided in this edition includes:

Critical infrastructure security systems and devices

Security for local intelligent computing, and controlling devices and systems

Security for local area network components and systems

Cybersecurity for users and networks attached to the Internet

Each chapter begins with a list of learning objectives that establishes a foundation and systematic preview of the chapter.

A wealth of graphic diagrams and screen shots are included in each chapter to provide constant visual reinforcement of the concepts being discussed.

Key thoughts, cautions, and warnings in the chapter are presented in special boxes to call extra attention to them. Key terms are presented in italic type throughout the text. These terms are also defined in a comprehensive glossary at the end of the book that provides quick, easy access to the key terms that appear in each chapter.

Each part concludes with an extensive key-points review of its material.

One of the driving forces in the ongoing development of cybersecurity initiatives in the United States is the National Institute of Standards and Technology’s (NIST) Cybersecurity Frameworks. These frameworks have been developed to assist governmental and business organizations in the design and development of systems and techniques to provide security for their critical infrastructure.

Security Challenges

Another outstanding pedagogical feature of this book is the presentation of the scenario-based NIST Security Challenges placed at the beginning of each Part. At the beginning of each Part there are one or more scenario-based Security Challenges that present descriptions of a particular security setting related to the information that will be presented in the chapter. You will be asked to read the scenario, put on your security professional persona, and consider how you might go about exploiting the key assets of the scenario, then contemplate how you could go about establishing systems and strategies to protect those assets.

These challenges are designed to provide you with real, open-ended context that sets the expectation level for the material to be studied. Ideally, you will be considering how the theory and hands-on materials you encounter as you move through the chapter apply to those scenarios.

At the completion of each Part, you will be asked to return to these Security Challenges and create new observations based on your increased knowledge. You will also be asked to compare their observations to those of professional security specialists who have provided their feedback for these scenarios.

Who Should Read This Book

This book is intended for:

Students preparing for a career in IT, networking, or cybersecurity

Network professionals who want to improve their network security skills

Management personnel who need to understand the cybersecurity threats they face and basic options for confronting those threats

If you’re interested in certification for the CompTIA Security+ or Microsoft MTA – 98-367 Security Fundamentals Certification exams, this book can be a great resource to help you prepare. See https://certification.comptia.org/certifications/security and www.microsoft.com/en-us/learning/exam-98-367.aspx for more certification information and resources.

What You Will Learn

You will learn to apply a systematic approach to securing IT networks and infrastructure. This approach begins with addressing physical security concerns from the outer edge of the physical environment to the interior region where the most valuable assets are located. The first half of any security objective is to limit physical access to the assets. If you can’t get to it, you can’t steal, damage, or destroy it. You will learn to view physical security in terms of three perimeters and to implement the proper tools at each.

After securing the physical environment, you will explore tools and techniques used to secure local endpoint computing devices. Following the three-perimeter strategy developed for physical security, you will address the security of these devices from their outer edge to their most desirable asset: your data.

After the local endpoint devices have been secured, you will turn your attentions to securing the servers, connectivity devices, and transmission media that make up the balance of your local area network. You will learn to secure these devices to protect your IT assets within the connected environment that you control.

Finally, you will explore tools and techniques used to protect your data when it leaves the protection of the network you control and passes through unprotected territory: the Internet. This will include building network structures to protect your network from the bad people hiding in the Internet, as well as how to guard your data when it is traveling through their territory.

What Is Covered in This Book

This book is a basic training system designed to provide a solid theoretical understanding of cybersecurity challenges, tools, and techniques, as well as to develop the foundations of a professional cybersecurity skill set. This is accomplished in a progressive four-section process, as follows:

Part I—Infrastructure Security—This part introduces the concepts and techniques associated with physical infrastructure security devices, systems, and techniques used to combat theft, prevent physical damage, maintain system integrity and services, and limit unauthorized disclosure of information.

Chapter 1 presents two Infrastructure Security Scenarios for the reader to consider and research selected NIST Cybersecurity Framework Functions and Categories and then apply them to the given scenarios.

Chapter 2 deals with common Access Control systems for protecting physical infrastructure assets. This section contains information about different types of physical barriers and their associated monitoring and control systems. The Authentication Systems section that follows is a logical extension of the physical access control materials. Devices and systems covered in this portion of the chapter are used for controlling access and denial of access to key physical assets.

Next the material moves on to examine the components and operation of a typical physical security monitoring and notification system. In this section, security controllers, sensors, and enunciators are covered along with logical implementation strategies.

The material in Chapter 3 flows quite naturally to the addition of visual Surveillance Systems to the security monitoring system. Information contained in this section includes: surveillance cameras, video recorders, modulators, and switchers.

Chapter 4 completes the Infrastructure Security material with a section covering Intrusion detection and reporting systems.

Chapter 5 provides a Summary and Review for the Scenarios and chapters of Part I. This chapter includes a complete list of relevant Summary Points and a Review Quiz. It also returns the reader to the Scenarios that began the Infrastructure Security part so they can update their response to the scenario challenges and then compare them to the response generated by an active Cyber Security Professional.

Part II—Local Host Security—One of the most useful tools ever introduced to business, industry, government, and medicine is the personal computer. This chapter primarily deals with personal computers and focuses on security efforts at the local computer level.

Chapter 6 presents two Local Host Security Scenarios for the reader to consider and research selected NIST Cybersecurity Framework Functions and Categories and then apply them to the given scenarios.

Chapter 7 begins the Part II discussion with sections covering physically securing personal computing devices. Information covered here includes biometric authentication devices such as fingerprint scanners, smart cards, and RFID cards. The material then moves on to physical port access risks and solutions. Options for accessing the PC covered here include the USB and Firewire ports.

Chapter 8 provides an overview of operating system structures, security features, and tools across the spectrum of operating system suppliers. In addition, the chapter covers logical (software-based) authentication methods for access control at the user’s level. Topics covered here include passwords and computer locking features. Finally, the chapter provides an overview of operating system auditing and logging utilities and wraps up with a discussion of OS-based encryption tools.

Chapter 9 completes the Local Host Security part by examining security associated with remote access options. Included in this line of discussion are local software-based firewalls, intrusion detection systems, and Internet Browser Security options. The chapter concludes with a detailed discussion dealing with malicious software protection options, such as antivirus and antispyware programs, as well as software updating and patching efforts.

Chapter 10 provides a Summary and Review for the Scenarios and chapters of Part II. This chapter includes a complete list of relevant Summary Points and a Review Quiz. It also returns the reader to the Scenarios that began the Local Host Security part so they can update their response to the scenario challenges and then compare them to the response generated by an active Cyber Security Professional.

Part III—Local Network Security in the Real World—While networks provide computer users with extended power to communicate and control devices remotely, they also provide a very large window to information stored on different devices attached to the network, as well as control devices operated remotely through the network.

Chapter 11 presents two Local Network Security Scenarios for the reader to consider and research selected NIST Cybersecurity Framework Functions and Categories and then apply them to the given scenarios.

Because modern networking involves so much information, Chapter 12 is designed to provide a basic introduction to networking. This chapter also examines typical network topologies (connection schemes). This is followed by an in-depth discussion of the OSI model that describes the different layers that all modern networks are designed on.

Chapter 13 provides information about network control strategies. These include networking protocols (rules) such as TCP/IP and IP addressing schemes. It concludes with a discussion covering the Ethernet standard.

Servers are the backbone of local area networks. Chapter 14 is dedicated to network servers and security tools and practices associated with them. Items discussed in this chapter include the roles of administrators, physical and logical access controls applied to servers, and steps for hardening server operating systems.

As with previous chapters, the material moves into logical access control for network environments. Topics covered here include user and group access controls instituted through the server’s network operating system. Next the chapter covers techniques and tools involved in maintaining server security. These include network-level logging and auditing considerations, conducting backing up operations, and securing network backup media. The chapter concludes with coverage of distributed IDS systems, vulnerability scanning, and remote server monitoring.

Chapter 15 moves on to cover the other major hardware components in the local area network: the different types of connectivity devices used to tie the network together. Topics covered in this chapter include: managed network switches, enterprise routers, gateways, bridges, and wireless access points. The second half of the chapter is dedicated to vulnerabilities and attack types associated with each type of device. The chapter concludes with a discussion of techniques used to harden local area networks.

Chapter 16 concludes the discussion of LAN security by concentrating on the different transmission media types that connect the servers from Chapter 14 and the devices from Chapter 15 together. The first half of the chapter deals with the strengths and weaknesses of the various media types while the second half discusses vulnerabilities associated with each media type.

Chapter 17 provides a Summary and Review for the Scenarios and chapters of Part III. This chapter includes a complete list of relevant Summary Points and a Review Quiz. It also returns the reader to the Scenarios that began the Local Network Security part so they can update their response to the scenario challenges and then compare them to the response generated by an active Cyber Security Professional.

Part IV—Perimeter Security in the Real World—This part of the book builds on the information from the Local Area chapters in Part III to deal with security issues posed by Wide Area Networks (WANs) such as the Internet.

Chapter 18 presents two Perimeter Security Scenarios for the reader to consider and research selected NIST Cybersecurity Framework Functions and Categories and then apply them to the given scenarios.

The first chapter in this part of the book is designed to provide an understanding of the security environment at the edge of the local area network and beyond. It establishes the Basics of Internet Security. Topics covered in this chapter include: TCP/IP, unicasts/broadcasts/multicasts, common TCP/UDP ports, and routing. The chapter concludes with coverage of Internet Services, standards and RFCs, and security organization and standards associated with Internet security.

Chapter 20 is all about hiding the local (private) network from the external, public Internet. It begins with an introduction to the concepts of private networks and then moves on to techniques used to hide them from the outside. Topics covered here include: Network and Port Address Translation schemes, port forwarding and mapping, and network segmentation/segregation techniques. The chapter concludes with an exploration of virtualization techniques (VLANs) to hide network segments from each other.

Chapter 21 is about Protecting the Perimeter. The information presented focuses on protection of the organization from external threats. The most widely used device at the network perimeter is the firewall. This chapter begins with an extensive discussion of different firewall types and functions. It then moves on to discuss other types of devices and structures employed at the network perimeter to provide protection services. These devices and structures include network appliances, proxies, DMZs, honey pots, and Extranets.

Chapter 22 is dedicated to securing data in motion as it moves through the Internet. The key elements of this chapter cover authentication protocols, data cryptography, and data encryption techniques. The chapter continues with coverage of Virtual Private Networks (VPNs) and firewalls.

In Chapter 23 you are introduced to tools and utilities commonly used to monitor, diagnose, and control network environments. Tools covered here include common command line utilities used to test connectivity, packet/protocol analyzers used to inspect network traffic, network mapping tools, and penetration testing tools and utilities.

Chapter 24 deals with identifying and defending against common cyber vulnerabilities. Topics discussed in this chapter include: Zero Day vulnerabilities, software exploits, social engineering exploits, network threats, and other common exploit types.

Chapter 25 provides a Summary and Review for the Scenarios and chapters of Part IV. This chapter includes a complete list of relevant Summary Points and a Review Quiz. It also returns the reader to the Scenarios that began the Perimeter Security part so they can update their response to the scenario challenges and then compare them to the response generated by an active Cyber Security Professional.

Finally, Appendix A is a glossary of terms, Appendix B is a list of acronyms, and Appendix C includes the NIST Preliminary Cybersecurity Framework

The Essentials Series

The Essentials series from Sybex provides outstanding instruction for readers who are just beginning to develop their professional skills. Every Essentials book includes these features:

Multimode instruction, providing specific or hands-on procedures wherever appropriate

Review questions and/or bonus labs at the end of each chapter, where you can practice and extend your skills

How to Contact the Author

We’re always interested in comments and feedback from our readers as well as information about books you’d like to see from us in the future. You can reach us by writing to [email protected]. For more information about our work, please visit my website at marcraft.com.

Sybex strives to keep you supplied with the latest tools and information you need for your work. Please check their website at http://www.wiley.com/go/cybersecurityessentials, where we’ll post additional content and updates that supplement this book if the need arises.

PART ISecuring the Infrastructure

Chapter 1

Infrastructure Security in the Real World

Chapter 2

Understanding Access Control and Monitoring Systems

Chapter 3

Understanding Video Surveillance Systems

Chapter 4

Understanding Intrusion Detection and Reporting Systems

Chapter 5

Infrastructure Security: Review Questions & Hands-On Exercises

CHAPTER 1Infrastructure Security in the Real World

The following challenges will provide contextual reference points for the concepts you will learn in Part I. Because you have not yet read the chapters in Part I, the challenges in this chapter are designed to introduce you to the infrastructure security scenarios you’ll face in the real world. In this chapter, you’ll learn to:

Understand the relevance of infrastructure security

Describe the functions, categories, subcategories, and reference structure of the NIST Cybersecurity Framework

Apply the NIST Framework references to specific cybersecurity scenarios

Security Challenges

The NIST Cybersecurity Framework was developed by the U.S. National Institute of Standards and Technology (NIST) to provide a set of independent guidelines that organizations can use to implement or upgrade their cybersecurity programs. Because the framework is a product-independent tool, it provides guidelines that any organization can tailor to meet its own cybersecurity needs.

The frameworks are divided into five functions (Identify, Protect, Detect, Respond, and Recover) that provide a top-level description of the cybersecurity development process. Each function is then divided into applicable categories that underpin the stated function. Each category is further divided into subcategories and implementation methodology. Finally, the subcategories are supported by lists of reference documents that contain the nuts and bolt of building the cybersecurity program.

This chapter will kickstart your thought processes for what you are about to learn in Part I. It contains two specific cybersecurity scenarios to which you will be asked to apply the NIST Framework in order to produce a cybersecurity solution that meets the desired objectives. In each case, you will be provided with specific subcategories to research, along with some guidance to help you produce your solutions.

In this first pass through the scenarios, you are expected to generate and record general observations about securing the infrastructure described, as you have not yet been introduced to the supporting material. As mentioned earlier, this is activity is designed to get your cybersecurity thought processes started.

In Chapter 5, you will return to these scenarios and use what you have learned in Chapters 2, 3, and 4 to revise your initial assessments. You will also compare your observations to those of professional security specialists who have provided their observations and solutions for these scenarios.

Infrastructure Security Scenario 1

You are in charge of planning and implementing a security system for a new electrical substation that will be built next to a new housing development. The substation is equipped with high-voltage electrical switching gear for the surrounding community. It is not manned on a full-time basis but does have a control building that houses instrumentation and communication equipment, as shown in Figure 1.1.

FIGURE 1.1The Electrical Substation

The high-voltage switch gear accepts electrical power from different sources, which it then conditions and routes to the community users as needed. The energy arrives on a set of different high-voltage supply lines and leaves the facility via different sets of distribution lines.

The monitoring devices and control systems in the substation communicate with different parts of the utility’s transmission and distribution system to route electrical power where and when it is needed. These communication channels include wireless radio signals, signals transmitted across the power lines, and traditional network communications media.

Risk Assessment 1

From the information provided in this first scenario, consider the National Institute of Standards and Technology (NIST) functions detailed in this section and then record your observations as they relate to each category.

SEE APPENDIX C FOR THE NIST CYBER SECURITY FRAMEWORK

A copy of the NIST Cyber Security Framework is available in Appendix C. These frameworks were developed by the U.S. National Institute of Standards and Technology to provide cybersecurity guidelines for Improving Critical Infrastructure Cybersecurity under executive order 13636. The ultimate goal of this initiative is to provide guidelines for the nation’s critical infrastructure in business, industry, and utility organizations to reduce their cybersecurity risks.

Identify

Create an inventory of physical assets (devices and systems) within the substation (NIST ID.AM-1).

UNDERSTANDING NIST REFERENCES

NIST references include the function, the category, and the subcategory. In the example of ID.AM-1 mentioned earlier, the function is Identify (ID); the category is Asset Management (AM); and the subcategory is 1 (which is “physical devices and systems within the organization are inventoried”). To implement this portion of the Framework for the scenario presented, you may want to refer to an online copy of the designated Reference documents listed under this subcategory. The same is true of the following subcategories as well.

Protect

Describe in general how you might go about protecting the physical assets identified in the previous point (NIST PR.AC-2).

Detect

How would you know if someone or something was attempting to access, disable, degrade, or destroy one or more of the devices and/or systems in the substation? How could you detect anomalies and events that might impact the operation of the substation (NIST DE.CM-2, 8)?

Respond

How would you need to respond to the anomalies and events you’ve identified through the devices, systems, and steps you would implement in the previous point (NIST RS.AN-1, 2, 3)?

Recover

Which steps could be put in place to recover from actions intended to access, disable, degrade, or destroy the assets you previously identified (NIST RC.RP-1)?

Infrastructure Security Scenario 2

Your company is building a new corporate facility, as shown in Figure 1.2, to house its 5,000 headquarters employees. The facility will feature multiple floors. Some management personnel will use traditional offices with doors and windows, but the majority of the employees will work in open cubicles.

FIGURE 1.2Headquarters Facility Plans

Each office and cubicle will be equipped with a telephone and network connection. In addition, many of the employees travel as part of their job roles and require portable computers. Other employees work with desktop personal computers.