Network Security Strategies Protect your network and enterprise against advanced cybersecurity attacks and threats Aditya Mukherjee BIRMINGHAM - MUMBAI Network Security Strategies Copyright © 2020 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Commissioning Editor: Vijin Boricha Acquisition Editor: Meeta Rajani Content Development Editor: Carlton Borges/Alokita Amanna Senior Editor: Rahul Dsouza Technical Editor: Sarvesh Jaywant Copy Editor: Safis Editing Project Coordinator: Neil Dmello Proofreader: Safis Editing Indexer: Rekha Nair Production Designer: Jyoti Chauhan First published: October 2020 Production reference: 1061020 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78980-629-8 www.packt.com Packt.com Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website. Why subscribe? Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals Improve your learning with Skill Plans built especially for you Get a free eBook or video every month Fully searchable for easy access to vital information Copy and paste, print, and bookmark content Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. Contributors About the author Dr. Aditya Mukherjee is a cybersecurity veteran and an information security leader with over 14 years' experience in leadership roles across information security domains, including defense and law enforcement, financial services, health and public services, products, resources, communications, and media and technology. His core expertise includes cybersecurity strategy, strategic risk and cyber resilience assessment, tactical leadership and development, GRC and security auditing, security operations, architecture and engineering, threat management, security investigations, and forensics. I would like to sincerely thank my mother and Shri. KumKum Roy Choudhury for all their support and encouragement in my life. I would also like to express my gratitude to those fine individuals and colleagues who have helped me tremendously in the formulation of this piece of literature by sharing their knowledge and constructive criticism – Sameer Bengeri, Pradipta Mukherjee, Abhinav Singh, and Deep Shankar Yadav. Dhanyavaadaha. About the reviewer Yasser Ali is a cybersecurity consultant at Thales in the Middle East. He has extensive experience in providing consultancy and advisory services to enterprises regarding the implementation of cybersecurity best practices, critical infrastructure protection, red teaming, penetration testing, and vulnerability assessment, managing bug bounty programs, and web and mobile application security assessment. He is also an advocate speaker and participant in information security industry discussions, panels, committees, and conferences, and is a specialized trainer, featuring regularly on different media platforms around the world. Packt is searching for authors like you If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea. Table of Contents Preface 1 Section 1: Network Security Concepts, Threats, and Vulnerabilities Chapter 1: Network Security Concepts 8 Technical requirements 8 An overview of network security 9 Network security concepts 9 Network security components 10 Network and system hardening 12 Network segmentation 12 Network choke-points 12 Defense-in-Depth 13 Due diligence and cyber resilience 13 Soft targets 14 Continuous monitoring and improvement 14 Post-deployment review 14 Network security architecture approach 14 Planning and analysis 16 Designing 17 Building 18 Testing 19 Deployment 21 Post-deployment 22 Network security best practices and guidelines 23 Network Operations Center overview 23 Proper incident management 24 Functional ticketing system and knowledge base 25 Monitoring policy 26 A well-defined investigation process 26 Reporting and dashboards 27 Escalation 27 High availability and failover 28 Assessing network security effectiveness 28 Key attributes to be considered 29 The action priority matrix 30 Threat modeling 31 Assessing the nature of threats 32 STRIDE 33 PASTA 33 Trike 34 Table of Contents VAST 35 OCTAVE 35 Summary 36 Questions 37 Further reading 38 Chapter 2: Security for Cloud and Wireless Networks 40 Technical requirements 41 An introduction to secure cloud computing 41 AWS' shared responsibility model 43 Major cybersecurity challenges with the cloud 43 Amazon Web Services (AWS) 45 AWS security features 46 Well-defined identity capabilities 47 Traceability 47 Defense in depth 48 Automation of security best practices 48 Continuous data protection 48 Security event response 49 Microsoft Azure security technologies 50 The Zero Trust model 51 Security layers 51 Identity management using Azure 52 Infrastructure protection using Azure 52 Criticality of infrastructure 53 Encryption 54 Identifying and classifying data 54 Encryption on Azure 55 Network security 55 Internet protection 56 Virtual networks 56 Network integrations 57 CipherCloud 57 Securing cloud computing 60 Security threats 61 Countermeasures 61 Wireless network security 62 Wi-Fi attack surface analysis and exploitation techniques 62 Wi-Fi data collection and analysis 63 Wi-Fi attack and exploitation techniques 64 Best practices 65 Security assessment approach 68 Software-defined radio attacks 70 Types of radio attacks 70 Replay attacks 71 Cryptanalysis attacks 71 Reconnaissance attacks 72 [ ii ] Table of Contents Mitigation techniques 72 Summary 73 Questions 74 Further reading 76 Chapter 3: Mitigating the Top Network Threats of 2020 77 Technical requirements 78 The top 10 network attacks and how to fix them 78 Phishing – the familiar foe 79 How to fix phishing threats 82 Rogue applications and fake security alerts – intimidation and imitation 83 How to fix rogue applications and software threats 84 Insider threats – the enemy inside the gates 85 How to fix insider threats 87 Viruses and worms – a prevailing peril 89 How to fix viruses and worms threats 91 Botnets – an adversarial army at disposal 91 How to fix botnet threats 94 Trojan horse – covert entry 94 How to fix trojan threats 96 Rootkit – clandestine malicious applications 96 How to fix rootkit threats 97 Malvertising – ads of chaos 97 How to fix malvertising threats 98 DDoS – defending against one too many 99 How to fix DDoS threats 100 Ransomware – cyber extortions 101 How to fix ransomware threats 103 Notable mentions 105 Drive-by download 105 Exploit kits and AI-ML-driven attacks 105 Third-party and supply chain attacks 106 Creating an integrated threat defense architecture 107 Keeping up with vulnerabilities and threats 107 Understanding various defense mechanisms 108 Safeguarding confidential information from third parties 108 Implementing strong password policies 109 Enhancing email security 109 Vulnerability management policies 110 Vulnerability management life cycle 110 Network vulnerability assessments 111 Utilizing scanning tools in vulnerability assessment 112 Exercising continuous monitoring 113 The NIST Risk Management Framework 114 The NIST Release Special Publication 800-37 116 Summary 117 Questions 118 [ iii ] Table of Contents Further reading 119 Section 2: Network Security Testing and Auditing Chapter 4: Network Penetration Testing and Best Practices 122 Technical requirements 122 Approach to network penetration testing 123 Pre-engagement 124 Reconnaissance 125 Threat modeling 125 Exploitation 125 Post-exploitation 126 Reporting 126 Retesting 127 Top penetration testing platforms 128 Setting up our network 128 Performing automated exploitation 130 OpenVas 130 Sparta 131 Armitage 133 Performing manual exploitation 136 Kali Linux 136 Nmap 136 Nikto 139 Dirb 139 Metasploit 143 Browser Exploitation Framework (BeEF) 150 Burp Suite 153 Penetration testing best practices 155 Case study 155 Information gathering 156 Scanning the servers 156 Identifying and exploiting vulnerabilities 157 Reporting 158 Presentation 158 A few other practices 159 The concept of teaming 160 Red team 160 Blue team 161 Purple team 161 Capture the flag 161 Engagement models and methodologies 162 Black box 162 Gray box 162 White box 162 Summary 163 Questions 163 [ iv ]