Robert Shimonski, CASP+, CySA+, PenTest+, Security+, is a technology executive specializing in healthcare IT for one of the largest health systems in America. In his current role, Rob is responsible for bringing operational support and incident response into the future with the help of new technologies such as cloud and artificial intelligence. His current focus is on deploying securely to the cloud (Azure, AWS, and Google), DevOps, DevSecOps, and AIOps. Rob spent many years in the technology trenches, handling networking and security architecture, design, engineering, testing, and development efforts for global projects. A go-to person for all things security related, Rob has been a major force in deploying security-related systems for 25+ years. Rob also worked for various companies reviewing and developing security curriculum as well as other security-related books, technical articles, and publications based on technology deployment, testing, hacking, pen testing, and many other aspects of security. Rob holds dozens of technology certifications, including 20+ CompTIA certifications, [...] GIAC, GSEC, and GCIH, as well as many vendor-based cloud-specialized certifications from Google, Microsoft Azure, and Amazon AWS. Rob is considered a leading expert in prepping others to achieve certification success.

Marty M. Weiss has spent his career serving in the U.S. Navy and as a civilian helping large organizations with their information security. He has a Bachelor of Science degree in computer studies from the University of Maryland Global Campus and an MBA from the Isenberg School of Management at the University of Massachusetts Amherst. He also holds several certifications, including CISSP, CISA, and Security+. Having authored numerous acclaimed books on information technology and security, he is now diving into his next endeavora seductive romance novel where love and cybersecurity collide in a high-stakes adventure.

Introduction. . . . . . . . . . . . . . . . . . . . . . . xxvi

Part 1: General Security Concepts 1

CHAPTER 1: Security Controls.. . . . . . . . . . . . . . . . . . . . . . 3

Nature of Controls.. . . . . . . . . . . . . . . . . . . 3

Functional Use of Controls.. . . . . . . . . . . . . . . . 4

What Next?.. . . . . . . . . . . . . . . . . . . . . . 9

CHAPTER 2: Fundamental Security Concepts.. . . . . . . . . . . . . . . . 11

Confidentiality, Integrity, and Availability (CIA).. . . . . . . . . 12

Non-Repudiation.. . . . . . . . . . . . . . . . . . . 13

Authentication, Authorization, and Accounting (AAA).. . . . . . . 13

Gap Analysis. . . . . . . . . . . . . . . . . . . . . 14

Zero Trust.. . . . . . . . . . . . . . . . . . . . . . 15

Physical Security. . . . . . . . . . . . . . . . . . . . 18

Video Surveillance. . . . . . . . . . . . . . . . . . . 20

Deception and Disruption Technology. . . . . . . . . . . . 23

What Next?.. . . . . . . . . . . . . . . . . . . . . 26

CHAPTER 3: Change Management Processes and the Impact to Security.. . . . . 27

Change Management. . . . . . . . . . . . . . . . . . 28

Business Processes Impacting Security Operations. . . . . . . . 28

Technical Implications.. . . . . . . . . . . . . . . . . . 31

Documentation. . . . . . . . . . . . . . . . . . . . 35

Version Control.. . . . . . . . . . . . . . . . . . . . 36

What Next?.. . . . . . . . . . . . . . . . . . . . . 38

CHAPTER 4: Cryptographic Solutions. . . . . . . . . . . . . . . . . . . 39

Public Key Infrastructure (PKI).. . . . . . . . . . . . . . 40

Encryption. . . . . . . . . . . . . . . . . . . . . . 43

Tools.. . . . . . . . . . . . . . . . . . . . . . . . 55

What Next?.. . . . . . . . . . . . . . . . . . . . . 80

Part 2: Threats, Vulnerabilities, and Mitigations 81

CHAPTER 5: Threat Actors and Motivations.. . . . . . . . . . . . . . . . 83

Threat Actors.. . . . . . . . . . . . . . . . . . . . . 84

Motivations.. . . . . . . . . . . . . . . . . . . . . 90

What Next?.. . . . . . . . . . . . . . . . . . . . . 96

CHAPTER 6: Threat Vectors and Attack Surfaces.. . . . . . . . . . . . 97

Types of Threat Vectors and Attack Surfaces. . . . . . . . . . 98

What Next?.. . . . . . . . . . . . . . . . . . . . . 114

CHAPTER 7: Vulnerability Types.. . . . . . . . . . . . . . . . . . .. 115

Application. . . . . . . . . . . . . . . . . . . . . . 116

Operating System-Based.. . . . . . . . . . . . . . . . . 118

Web-Based. . . . . . . . . . . . . . . . . . . . . . 119

Hardware. . . . . . . . . . . . . . . . . . . . . . 120

Virtualization.. . . . . . . . . . . . . . . . . . . . . 121

Cloud-Specific.. . . . . . . . . . . . . . . . . . . . 122

Supply Chain.. . . . . . . . . . . . . . . . . . . . . 123

Cryptographic.. . . . . . . . . . . . . . . . . . . . 125

Misconfiguration. . . . . . . . . . . . . . . . . . . . 126

Mobile Device.. . . . . . . . . . . . . . . . . . . . 127

Zero-Day. . . . . . . . . . . . . . . . . . . . . . 127

What Next?.. . . . . . . . . . . . . . . . . . . . . 130

CHAPTER 8: Malicious Attacks and Indicators.. . . . . . . . .. . . . . 131

Malware Attacks.. . . . . . . . . . . . . . . . . . . . 132

Physical Attacks.. . . . . . . . . . . . . . . . . . . . 138

Network Attacks.. . . . . . . . . . . . . . . . . . . . 139

Application Attacks.. . . . . . . . . . . . . . . . . . . 148

Cryptographic Attacks.. . . . . . . . . . . . . . . . . . 153

Password Attacks. . . . . . . . . . . . . . . . . . . . 154

Indicators of Malicious Activity. . . . . . . . . . . . . . . 156

What Next?.. . . . . . . . . . . . . . . . . . . . . 160

CHAPTER 9 Mitigation Techniques for Securing the Enterprise.. . . . . 161

Segmentation.. . . . . . . . . . . . . . . . . . . . . 162

Access Control.. . . . . . . . . . . . . . . . . . . . 162

Application Allow List.. . . . . . . . . . . . . . . . . . 164

Isolation. . . . . . . . . . . . . . . . . . . . . . . 165

Patching.. . . . . . . . . . . . . . . . . . . . . . 165

What Next?.. . . . . . . . . . . . . . . . . . . . . 176

Part 3: Security Architecture 177

CHAPTER 10: Security Implications of Architecture Models. . . . . . . . 179

Architecture and Infrastructure Concepts. . . . . . . . . . . 180

Considerations.. . . . . . . . . . . . . . . . . . . . 201

What Next?.. . . . . . . . . . . . . . . . . . . . . 209

CHAPTER 11: Enterprise Architecture Security Principles.. . . . . . . . . 211

Infrastructure Considerations.. . . . . . . . . . . . . . . 212

Secure Communication/Access.. . . . . . . . . . . . . . . 224

Selection of Effective Controls.. . . . . . . . . . . . . . . 228

What Next?.. . . . . . . . . . . . . . . . . . . . . 232

CHAPTER 12: Data Protection Strategies.. . . . . . . . . . . . . . . . . . 233

Data Types. . . . . . . . . . . . . . . . . . . . . . 234

Data Classifications.. . . . . . . . . . . . . . . . . . . 237

General Data Considerations.. . . . . . . . . . . . . . . 238

Methods to Secure Data. . . . . . . . . . . . . . . . . 240

What Next?.. . . . . . . . . . . . . . . . . . . . . 246

CHAPTER 13: Resilience and Recovery in Security Architecture.. . . .. . 247

High Availability.. . . . . . . . . . . . . . . . . . . . 248

Site Considerations.. . . . . . . . . . . . . . . . . . . 249

Platform Diversity. . . . . . . . . . . . . . . . . . . 251

Multicloud Systems.. . . . . . . . . . . . . . . . . . . 252

Continuity of Operations.. . . . . . . . . . . . . . . . . 252

Capacity Planning. . . . . . . . . . . . . . . . . . . 253

Testing.. . . . . . . . . . . . . . . . . . . . . . . 254

Backups.. . . . . . . . . . . . . . . . . . . . . . . 255

Power.. . . . . . . . . . . . . . . . . . . . . . . 261

What Next?.. . . . . . . . . . . . . . . . . . . . . 264

Part 4: Security Operations 265

CHAPTER 14: Securing Resources. . . . . . . . . . . . . . . . . . . . 267

Secure Baselines.. . . . . . . . . . . . . . . . . . . . 268

Hardening Targets.. . . . . . . . . . . . . . . . . . . 270

Wireless Devices. . . . . . . . . . . . . . . . . . . . 278

Mobile Solutions. . . . . . . . . . . . . . . . . . . . 281

Wireless Security Settings.. . . . . . . . . . . . . . . . 285

Application Security.. . . . . . . . . . . . . . . . . . 289

Sandboxing.. . . . . . . . . . . . . . . . . . . . . 290

Monitoring.. . . . . . . . . . . . . . . . . . . . . 291

What Next?.. . . . . . . . . . . . . . . . . . . . . 293

CHAPTER 15: Hardware, Software, and Data Asset Management.. . . . . . . . . 295

Acquisition/Procurement Process.. . . . . . . . . . . . . . 296

Assignment/Accounting.. . . . . . . . . . . . . . . . . 297

Monitoring and Asset Tracking.. . . . . . . . . . . . . . . 299

Disposal/Decommissioning.. . . . . . . . . . . . . . . . 300

What Next?.. . . . . . . . . . . . . . . . . . . . . 305

CHAPTER 16: Vulnerability Management.. . . . . . . . . . . . . . . . . . 307

Identification Methods. . . . . . . . . . . . . . . . . . 308

Analysis.. . . . . . . . . . . . . . . . . . . . . . . 316

Vulnerability Response and Remediation.. . . . . . . . . . . 322

Validation of Remediation.. . . . . . . . . . . . . . . . 325

Reporting. . . . . . . . . . . . . . . . . . . . . . 326

What Next?.. . . . . . . . . . . . . . . . . . . . . 328

CHAPTER 17: Security Alerting and Monitoring. . . . . . . . . . . . . . . . 329

Monitoring Computing Resources.. . . . . . . . . . . . . 330

Activities.. . . . . . . . . . . . . . . . . . . . . . 332

Tools.. . . . . . . . . . . . . . . . . . . . . . . . 336

What Next?.. . . . . . . . . . . . . . . . . . . . . 347

CHAPTER 18: Enterprise Security Capabilities.. . . . . . . . . . . . . . . . 349

Firewall.. . . . . . . . . . . . . . . . . . . . . . . 350

IDS/IPS. . . . . . . . . . . . . . . . . . . . . . . 354

Web Filter.. . . . . . . . . . . . . . . . . . . . . . 357

Operating System Security.. . . . . . . . . . . . . . . . 361

Implementation...