Mastering Defensive Security E-Book

Mastering Defensive Security

Effective techniques to secure your Windows, Linux, IoT, and cloud infrastructure

Cesar Bravo

BIRMINGHAM—MUMBAI

Mastering Defensive Security

Copyright © 2021 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Vijin Boricha

Publishing Product Manager: Shrilekha Malpani

Senior Editor: Arun Nadar

Content Development Editor: Yasir Ali Khan

Technical Editor: Nithik Cheruvakodan

Project Coordinator: Shagun Saini

Proofreader: Safis Editing

Indexer: Manju Arasan

Production Designer: Jyoti Chauhan

First published: October 2021

Production reference: 1211021

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80020-816-2

www.packt.com

To all the brave people that decided to pursue a career in cybersecurity, and their countless efforts and sacrifices to keep the world safe!

Foreword

Throughout my career—which reads like a coming-of-age tale from cyberpunk hacker to cybersecurity CEO—I have grown to see this industry evolve and mature in a similar fashion. For many of us with humble hacking origins common in that early era, the institutional knowledge of attack and defense comes as second nature. 

As new threats continuously emerge, the need for a robust security culture is underscored by the billions lost to breaches. The importance of this collective wisdom distilled in an actionable manner for the next generation of cyber defenders is all too apparent. 

This book's author, Cesar Bravo, takes you beyond the theory. His practical approach bridges the gap between concept and application.  

Bravo leverages his profound experience as a cybersecurity expert to lay out a comprehensive understanding of risk, compliance, and the foundational concepts so crucial to the application of defensive techniques.  

Moreover, the critical intersection of man and machine—where breakdowns in physical security most often occur—is uniquely covered alongside the frameworks and strategies necessary to become a vigilant defender. 

If you are a cyber professional looking to master defensive security, this book is for you! 

Darren Kitchen

Founder, Hak5 

Contributors

About the author

Cesar Bravo is a researcher and inventor who has more than 100 inventions related to cybersecurity that are being patented in the US, Germany, China, and Japan. Those inventions include cybersecurity hardware, secure IoT systems and devices, and even cybersecurity systems for autonomous cars.

He loves to share knowledge and he has been working with several universities to teach cybersecurity at all levels, from introductory courses for non-IT people up to a master's degree in cybersecurity (for which he has also served as a thesis director).

In recent years, Cesar has become a recognized speaker (including delivering a TEDx talk), giving international presentations about cybersecurity and innovation in the UK, Germany, Mexico, the US, and Spain.

First, I want to thank all my students, who always encourage me with their questions and comments to become a better professional.

To my peer masters in cybersecurity, who took the challenge to learn about new topics and explore a new universe of possibilities, I am super grateful and proud of all of you.

To the cybersecurity community, who invest countless hours to stay up to date with new threats to make the world a better and more secure place to live, for you that live and work in the shadow of your desk, let me say that YOU are the real heroes!

And to my family and friends, who have always supported and encouraged me to become the best version of myself, to all of you, THANK YOU!

About the reviewers

Smith Gonsalves is the director and principal consultant of CyberSmithSECURE, a boutique consulting firm that specializes in providing cybersecurity services to MNCs worldwide. He has been known and recognized in the industry as one of India's youngest cyber evangelists and information security professionals of the time. His key area of work is in the instrumentation of orchestrating cyber capabilities for safeguarding high-end enterprises and institutions. Smith is a Cert-In Certified Auditor and has completed industry-nominated certifications including CISA, OSCP, CEH, CHFI, and TOGAF during his 7+ years of experience.

Yasser Ali is a cybersecurity consultant and red teamer at Dubai Electricity & Water Authority (DEWA).

Yasser has an extensive background in consultancy and advisory services. His experience in vulnerability research, pentesting, and reviewing standards and best practices has made Yasser a highly sought-after expert for enterprises.

Yasser's passion is mostly spent on the development of red teaming labs and offensive training where cybersecurity professionals sharpen their skills and learn new tradecraft-emulating techniques, tactics, and procedures (TTPs) used by adversaries.

Yasser was showcased in the BBC documentary movie How Hackers Steal Your ID. He is a specialized trainer and is regularly invited to participate in global information security conferences and discussion panels.

I wish to thank Shagun, Ali Mehdi, and the Packt team for their time and for allowing me the opportunity to review this book.

Big thanks to all security researchers and InfoSec communities such as HackerOne, Hackers Academy, and Malcrove. Without their contribution, innovation, and willingness to break the rules but not the law and to help one another, cybersecurity wouldn't be what it is today.

Lastly, a special heartfelt thanks to my caring and loving parents and siblings for always supporting me.

Table of Contents

Preface

Section 1: Mastering Defensive Security Concepts

Chapter 1: A Refresher on Defensive Security Concepts

Technical requirements

Deep dive into the core of cybersecurity

The cybersecurity triad

Types of attacks

Managing cybersecurity's legendary pain point: Passwords

Password breaches

Social engineering attacks using compromised passwords

Brute-force attacks

Dictionary attacks

Creating a secure password

Managing passwords at the enterprise level

Bonus track

Mastering defense in depth

Factors to consider when creating DiD models

Asset identification

Defense by layers

Bonus track

Comparing the blue and red teams

Summary

Further reading

Chapter 2: Managing Threats, Vulnerabilities, and Risks

Technical requirements

Understanding cybersecurity vulnerabilities and threats

Performing a vulnerability assessment

The vulnerability assessment process

When should you check for vulnerabilities?

Types of vulnerabilities

USB HID vulnerabilities

Types of USB HID attacks

A false sense of security

Protecting against USB HID attacks

Managing cybersecurity risks

Risk identification

Risk assessment

Risk response

Risk monitoring

The NIST Cybersecurity Framework

Identify

Protect

Detect

Respond

Recover

Creating an effective Business Continuity Plan (BCP)

Creating a Business Impact Analysis (BIA)

Business Continuity Planning (BCP)

Implementing a best-in-class DRP

Creating a DRP

Implementing the DRP

Summary

Further reading

Chapter 3: Comprehending Policies, Procedures, Compliance, and Audits

Creating world-class cybersecurity policies and procedures

Cybersecurity policies

Cybersecurity procedures

The CUDSE method

Understanding and achieving compliance

Types of regulations

Achieving compliance

Exploring, creating, and managing audits

Internal cybersecurity audits

External cybersecurity audits

Data management during audits

Types of cybersecurity audit

What triggers an audit?

Applying a CMM

The goals of a CMM

Characteristics of a good CMM

The structure of a good CMM

Analyzing the results

Advantages of a CMM

Summary

Further reading

Chapter 4: Patching Layer 8

Understanding layer 8 – the insider threat

The inadvertent user

The malicious insider

How do you spot a malicious insider?

Protecting your infrastructure against malicious insiders

Mastering the art of social engineering

The social engineering cycle

Social engineering techniques

Types of social engineering attacks

Defending against social engineering attacks (patching layer 8)

Creating your training strategy

Admin rights

Implementing a strong BYOD policy

Performing random social engineering campaigns

Summary

Further reading

Chapter 5: Cybersecurity Technologies and Tools

Technical requirements

Advanced wireless tools for cybersecurity

Defending from wireless attacks

Pentesting tools and methods

Metasploit framework

Social engineering toolkit

exe2hex

Applying forensics tools and methods

Dealing with evidence

Forensic tools

Recovering deleted files

Dealing with APTs

Defensive techniques

Leveraging security threat intelligence

Threat intelligence 101

Implementing threat intelligence

Converting a threat into a solution

The problem

The solution

Summary

Further reading

Section 2: Applying Defensive Security

Chapter 6: Securing Windows Infrastructures

Technical requirements

Applying Windows hardening

Hardening by the infrastructure team

Creating a hardening checklist

Creating a patching strategy

The complexity of patching

Distribution of tasks (patching roles and assignments)

Distribution and deployment of patches

Types of patches

Applying security to AD

Secure administrative hosts

Windows Server Security documentation

Mastering endpoint security

Windows updates

Why move to Windows 10?

Physical security

Antivirus solutions

Windows Defender Firewall

Application control

URL filtering

Spam filtering

Client-facing systems

Backups

Users

Securing the data

Leveraging encryption

Configuring BitLocker

Summary

Chapter 7: Hardening a Unix Server

Technical requirements

Securing Unix services

Defining the purpose of the server

Secure startup configuration

Managing services

Applying secure file permissions

Understanding ownership and permissions

Default permissions

Permissions in directories (folders)

Changing default permissions with umask

Permissions hierarchy

Comparing directory permissions

Changing permissions and ownership of a single file

Useful commands to search for unwanted permissions

Enhancing the protection of the server by improving your access controls

Viewing ACLs

Managing ACLs

Default ACL on directories

Removing ACLs

Enhanced access controls

Configuring host-based firewalls

Understanding iptables

Configuring iptables

SSH brute-force protection with iptables

Protecting from port scanning with iptables

Advanced management of logs

Leveraging the logs

Summary

Further reading

Chapter 8: Enhancing Your Network Defensive Skills

Technical requirements

Using the master tool of network mapping – Nmap

Phases of a cyber attack

Nmap

Nmap scripts

Improving the protection of wireless networks

Wireless network vulnerabilities

User's safety guide for wireless networks

Introducing Wireshark

Finding users using insecure protocols

FTP, HTTP, and other unencrypted traffic

Wireshark for defensive security

Working with IPS/IDS

What is an IDS?

What is an IPS?

Free IDS/IPS

IPS versus IDS

Summary

Chapter 9: Deep Diving into Physical Security

Technical requirements

Understanding physical security and associated threats

The powerful LAN Turtle

The stealthy Plunder Bug LAN Tap

The dangerous Packet Squirrel

The portable Shark Jack

The amazing Screen Crab

The advanced Key Croc

USB threats

Equipment theft

Environmental risks

Physical security mechanisms

Mastering physical security

Clean desk policy

Physical security audits

Summary

Further reading

Chapter 10: Applying IoT Security

Technical requirements

Understanding the Internet of Things

The risks

The vulnerabilities

Understanding IoT networking technologies

LoRaWAN

Zigbee

Sigfox

Bluetooth

Security considerations

Improving IoT security

Creating cybersecurity hardware using IoT-enabled devices

Raspberry Pi firewall and intrusion detection system

Defensive security systems for industrial control systems (SCADA)

Secure USB-to-USB copy machine

Creating a $10 honeypot

Advanced monitoring of web apps and networks

Creating an internet ad blocker

Access control and physical security systems

Bonus track – Understanding the danger of unauthorized IoT devices

Detecting unauthorized IoT devices

Detecting a Raspberry Pi

Disabling rogue Raspberry Pi devices

Summary

Further reading

Chapter 11: Secure Development and Deployment on the Cloud

Technical requirements

Secure deployment and implementation of cloud applications

Security by cloud models

Data security in the cloud

Securing Kubernetes and APIs

Cloud-native security

Controlling access to the Kubernetes API

Controlling access to kubelet

Preventing containers from loading unwanted kernel modules

Restricting access to etcd

Avoiding the use of alpha or beta features in production

Third-party integrations

Hardening database services

Testing your cloud security

Azure Security Center

Amazon CloudWatch

AppDynamics

Nessus vulnerability scanner

InsightVM

Intruder

Summary

Further reading

Chapter 12: Mastering Web App Security

Technical requirements

Gathering intelligence about your site/web application

Importance of public data gathering

Open Source Intelligence

Hosting information

Checking data exposure with Google hacking (dorks)

Leveraging DVWA

Installing DVWA on Kali Linux

Overviewing the most common attacks on web applications

Exploring XSS attacks

Using Burp Suite

Burp Suite versions

Setting up Burp Suite on Kali

SQL injection attack on DVWA

Fixing a common error

Brute forcing web applications' passwords

Analyzing the results

Summary

Further reading

Section 3: Deep Dive into Defensive Security

Chapter 13: Vulnerability Assessment Tools

Technical requirements

Dealing with vulnerabilities

Who should be looking for vulnerabilities?

Bug bounty programs

Internal vulnerabilities

Vulnerability testing tools

Using a vulnerability assessment scanner (OpenVAS)

Authenticated tests

Installing OpenVAS

Using OpenVAS

Updating your feeds

Overview of Nexpose Community

Summary

Further reading

Chapter 14: Malware Analysis

Technical requirements

Why should I analyze malware?

Malware functionality

Malware objectives

Malware connections

Malware backdoors

Affected systems

Types and categories of malware analysis

Static malware analysis

Dynamic malware analysis

Hybrid malware analysis

Static properties analysis

Interactive behavior analysis

Fully automated analysis

Manual code reversing

Best malware analysis tools

Process Explorer

Process Monitor

ProcDOT

Ghidra

PeStudio

Performing malware analysis

Security measurements

Executing the analysis

Summary

Further reading

Chapter 15: Leveraging Pentesting for Defensive Security

Technical requirements

Understanding the importance of logs

Log files

Log management

The importance of logs

Knowing your enemy's best friend – Metasploit

Metasploit

Metasploit editions

Installing Armitage

Configuring Metasploit for the first time

Installing Armitage (continued)

Exploring Armitage

Launching an attack with Armitage

Executing Metasploit

Other offensive hacking tools

Searchsploit

sqlmap

Weevely

Summary

Further reading

Chapter 16: Practicing Forensics

Introduction to digital forensics

Forensics to recover deleted or missing data

Digital forensics on defensive security

Who should be in charge of digital forensics?

The digital forensics process

Forensics platforms

CAINE

SIFT Workstation

PALADIN

Finding evidence

Sources of data

Mobile forensics

Deviceless forensics

Important data sources on mobile devices

Transporting mobile devices

Managing the evidence (from a legal perspective)

ISO 27037

Digital Evidence Policies and Procedures Manual

FBI's Digital Evidence Policy Guide

Regional Computer Forensics Laboratory

US Cybersecurity & Infrastructure Security Agency

Summary

Further reading

Chapter 17: Achieving Automation of Security Tools

Why bother with automation?

Benefits of automation

The risks of ignoring automation

Types of automated attacks

Account aggregation

Account creation

Ad fraud

CAPTCHA defeat

Card cracking

Carding

Cashing out

Credential cracking

Credential stuffing

Denial of inventory

DoS

Expediting

Fingerprinting

Footprinting

Scalping

Sniping

Scraping

Skewing

Spamming

Token cracking

Vulnerability scanning

Automation of cybersecurity tools using Python

Local file search

Basic forensics

Web scraping

Network security automation

Cybersecurity automation with the Raspberry Pi

Automating threat intelligence gathering with a Fail2ban honeypot on a Raspberry Pi

Automated internet monitoring system with the Raspberry Pi

Summary

Further reading

Chapter 18: The Master's Compilation of Useful Resources

Free cybersecurity templates

Business continuity plan and disaster recovery plan templates

Risk management

Design and management of cybersecurity policies and procedures

Must-have web resources

Cyber threat or digital attack maps

Cybersecurity certifications

Cybersecurity news and blogs

Cybersecurity tools

Password-related tools

Industry-leading best practices

Regulations and standards

Cybersecurity frameworks, standards, and more

Summary

Further reading

Why subscribe?

Other Books You May Enjoy

Section 1: Mastering Defensive Security Concepts

This section will immerse you in the foundations of cybersecurity. After reading this section, you will have all the knowledge required to be able to talk like a master of cybersecurity.

This section contains the following chapters: