A practical handbook to cybersecurity for both tech and non-tech professionals
As reports of major data breaches fill the headlines, it has become impossible for any business, large or small, to ignore the importance of cybersecurity. Most books on the subject, however, are either too specialized for the non-technical professional or too general for positions in the IT trenches. Thanks to author Nadean Tanner’s wide array of experience from teaching at a University to working for the Department of Defense, the Cybersecurity Blue Team Toolkit strikes the perfect balance of substantive and accessible, making it equally useful to those in IT or management positions across a variety of industries. This handy guide takes a simple and strategic look at best practices and tools available to both cybersecurity management and hands-on professionals, whether they be new to the field or looking to expand their expertise.
Tanner gives comprehensive coverage to such crucial topics as security assessment and configuration, strategies for protection and defense, offensive measures, and remediation while aligning the concept with the right tool using the CIS Controls version 7 as a guide. Readers will learn why and how to use fundamental open source and free tools such as ping, tracert, PuTTY, pathping, sysinternals, NMAP, OpenVAS, Nexpose Community, OSSEC, Hamachi, InSSIDer, Nexpose Community, Wireshark, Solarwinds Kiwi Syslog Server, Metasploit, Burp, Clonezilla and many more.
Up-to-date and practical cybersecurity instruction, applicable to both management and technical positions
- Straightforward explanations of the theory behind cybersecurity best practices
- Designed to be an easily navigated tool for daily use
- Includes training appendix on Linux, how to build a virtual lab and glossary of key terms
The Cybersecurity Blue Team Toolkit is an excellent resource for anyone working in digital policy as well as IT security professionals, technical analysts, program managers, and Chief Information and Technology Officers. This is one handbook that won’t gather dust on the shelf, but remain a valuable reference at any career level, from student to executive.
Table of Contents
Foreword xxi
Introduction xxiii
Chapter 1 Fundamental Networking and Security Tools 1
Ping 1
IPConfig 4
NSLookup 7
Tracert 9
NetStat 10
PuTTY 14
Chapter 2 Troubleshooting Microsoft Windows 17
RELI 18
PSR 19
PathPing 21
MTR 23
Sysinternals 24
The Legendary God Mode 28
Chapter 3 Nmap - The Network Mapper 31
Network Mapping 32
Port Scanning 34
Services Running 36
Operating Systems 38
Zenmap 39
Chapter 4 Vulnerability Management 43
Managing Vulnerabilities 43
OpenVAS 46
Nexpose Community 50
Chapter 5 Monitoring with OSSEC 57
Log-Based Intrusion Detection Systems 57
Agents 61
Adding an Agent 63
Extracting the Key for an Agent 64
Removing an Agent 64
Log Analysis 65
Chapter 6 Protecting Wireless Communication 67
802.11 67
inSSIDer 70
Wireless Network Watcher 71
Hamachi 72
Tor 78
Chapter 7 Wireshark 83
Wireshark 83
OSI Model 86
Capture 89
Filters and Colors 92
Inspection 93
Chapter 8 Access Management 97
AAA 98
Least Privilege 99
Single Sign-On 101
JumpCloud 103
Chapter 9 Managing Logs 109
Windows Event Viewer 110
Windows PowerShell 112
BareTail 116
Syslog 117
SolarWinds Kiwi 120
Chapter 10 Metasploit 125
Reconnaissance 127
Installation 128
Gaining Access 135
Metasploitable2 139
Vulnerable Web Services 144
Meterpreter 146
Chapter 11 Web Application Security 147
Web Development 148
Information Gathering 151
DNS 153
Defense in Depth 155
Burp Suite 156
Chapter 12 Patch and Configuration Management 165
Patch Management 166
Configuration Management 173
Clonezilla Live 179
Chapter 13 Securing OSI Layer 8 187
Human Nature 188
Human Attacks 192
Education 193
The Social Engineer Toolkit 195
Chapter 14 Kali Linux 205
Virtualization 206
Optimizing Kali Linux 219
Using Kali Linux Tools 221
Maltego 222
Recon-ng 223
Sparta 225
MacChanger 225
Nikto 226
Kismet 227
WiFite 228
John the Ripper 229
Hashcat 230
Chapter 15 CISv7 Controls and Best Practices 235
CIS Basic Controls - The Top Six 236
Inventory and Control of Hardware Assets 236
Inventory and Control of Software Assets 238
Continuous Vulnerability Management 239
Controlled Use of Administrative Privileges 240
Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 241
Maintenance, Monitoring, and Analysis of Audit Logs 246
In Conclusion 248
Index 249