| |
| |
| |
Presenting the Business Case for Free Solutions | |
| |
| |
Introduction | |
| |
| |
The Costs of Using Free Security Solutions | |
| |
| |
Training Costs | |
| |
| |
Hardware Costs | |
| |
| |
Consulting Costs | |
| |
| |
Hidden Costs | |
| |
| |
The Savings of Using Free Security Solutions | |
| |
| |
Purchase Costs | |
| |
| |
Maintenance Costs | |
| |
| |
Customization Costs | |
| |
| |
Comparing Free Solutions with Commercial Solutions | |
| |
| |
Strengths of Free Solutions | |
| |
| |
Weaknesses of Free Solutions | |
| |
| |
Evaluating Individual Solutions | |
| |
| |
"Selling" a Free Solution | |
| |
| |
Selling by Doing | |
| |
| |
Presenting a Proposal | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Protecting Your Perimeter | |
| |
| |
Introduction | |
| |
| |
Firewall Types | |
| |
| |
Firewall Architectures | |
| |
| |
Screened Subnet | |
| |
| |
One-Legged | |
| |
| |
True DMZ | |
| |
| |
Implementing Firewalls | |
| |
| |
Hardware versus Software Firewalls | |
| |
| |
Configuring netfilter | |
| |
| |
Choosing a Linux Version | |
| |
| |
Choosing Installation Media | |
| |
| |
Linux Firewall Operation | |
| |
| |
Configuration Examples | |
| |
| |
GUIs | |
| |
| |
Smoothwall | |
| |
| |
Configuring Windows Firewall | |
| |
| |
Providing Secure Remote Access | |
| |
| |
Providing VPN Access | |
| |
| |
Using Windows as a VPN Concentrator | |
| |
| |
iPig | |
| |
| |
OpenSSL VPN | |
| |
| |
Providing a Remote Desktop | |
| |
| |
Windows Terminal Services | |
| |
| |
VNC | |
| |
| |
Using the X Window System | |
| |
| |
Providing a Remote Shell | |
| |
| |
Using Secure Shell | |
| |
| |
Using a Secure Shell GUI Client | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Protecting Network Resources | |
| |
| |
Introduction | |
| |
| |
Performing Basic Hardening | |
| |
| |
Defining Policy | |
| |
| |
Access Controls | |
| |
| |
Authentication | |
| |
| |
Authorization | |
| |
| |
Auditing | |
| |
| |
Hardening Windows Systems | |
| |
| |
General Hardening Steps | |
| |
| |
Users and Groups | |
| |
| |
File-Level Access Controls | |
| |
| |
Additional Steps | |
| |
| |
Using Microsoft Group Policy Objects | |
| |
| |
Account Lockout Policy | |
| |
| |
Audit Policy | |
| |
| |
User Rights Assignment | |
| |
| |
Hardening Linux Systems | |
| |
| |
General Hardening Steps | |
| |
| |
Users and Groups | |
| |
| |
File-Level Access Controls | |
| |
| |
Using the Bastille Hardening Script | |
| |
| |
Using SELinux | |
| |
| |
Hardening Infrastructure Devices | |
| |
| |
Patching Systems | |
| |
| |
Patching Windows Systems | |
| |
| |
Patching Linux Systems | |
| |
| |
Personal Firewalls | |
| |
| |
Windows Firewall | |
| |
| |
Netfilter Firewall | |
| |
| |
Configuring TCP Wrappers | |
| |
| |
Providing Antivirus and Antispyware Protection | |
| |
| |
Antivirus Software | |
| |
| |
Clam AntiVirus | |
| |
| |
Using Online Virus Scanners | |
| |
| |
Antispyware Software | |
| |
| |
Microsoft Windows Defender | |
| |
| |
Microsoft Malicious Software Removal Tool | |
| |
| |
Encrypting Sensitive Data | |
| |
| |
EFS | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Configuring an Intrusion Detection System | |
| |
| |
Introduction | |
| |
| |
Intrusion Detection Systems | |
| |
| |
Configuring an Intrusion Detection System | |
| |
| |
Hardware Requirements | |
| |
| |
Placing Your NIDS | |
| |
| |
Configuring Snort on a Windows System | |
| |
| |
Installing Snort | |
| |
| |
Configuring Snort Options | |
| |
| |
Using a Snort GUI Front End | |
| |
| |
Configuring IDS Policy Manager | |
| |
| |
Configuring Snort on a Linux System | |
| |
| |
Configuring Snort Options | |
| |
| |
Using a GUI Front End for Snort | |
| |
| |
Basic Analysis and Security Engine | |
| |
| |
Other Snort Add-Ons | |
| |
| |
Using Oinkmaster | |
| |
| |
Additional Research | |
| |
| |
Demonstrating Effectiveness | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Managing Event Logs | |
| |
| |
Introduction | |
| |
| |
Generating Windows Event Logs | |
| |
| |
Using Group Policy to Generate Windows Events Logs | |
| |
| |
Generating Custom Windows Event Log Entries | |
| |
| |
Collecting Windows Event Logs | |
| |
| |
Analyzing Windows Event Logs | |
| |
| |
Generating Syslog Event Logs | |
| |
| |
Windows Syslog | |
| |
| |
Generating Syslog Events | |
| |
| |
Receiving Syslog Events | |
| |
| |
Linux Syslog | |
| |
| |
Generating Syslog Events | |
| |
| |
Encrypting Syslog Traffic | |
| |
| |
Receiving Syslog Events on a Linux Host | |
| |
| |
Analyzing Syslog Logs on Windows and Linux | |
| |
| |
Windows Log Analysis | |
| |
| |
Linux Log Analysis | |
| |
| |
Securing Your Event Logs | |
| |
| |
Ensuring Chain of Custody | |
| |
| |
Ensuring Log Integrity | |
| |
| |
Applying Your Knowledge | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Testing and Auditing Your Systems | |
| |
| |
Introduction | |
| |
| |
Taking Inventory | |
| |
| |
Locating and Identifying Systems | |
| |
| |
Nmap | |
| |
| |
Super Scanner | |
| |
| |
Angry IP Scanner | |
| |
| |
Scanline | |
| |
| |
Special-Purpose Enumerators | |
| |
| |
Locating Wireless Systems | |
| |
| |
Network Stumbler | |
| |
| |
Documentation | |
| |
| |
Network Topology Maps | |
| |
| |
Access Request Forms | |
| |
| |
Business Continuity and Disaster Recovery Plans | |
| |
| |
IT Security Policies/Standards/Procedures | |
| |
| |
Vulnerability Scanning | |
| |
| |
Nessus | |
| |
| |
Running Nessus on Windows | |
| |
| |
Running Nessus on Linux | |
| |
| |
X-Scan | |
| |
| |
Microsoft Baseline Security Analyzer | |
| |
| |
OSSTMM | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Network Reporting and Troubleshooting | |
| |
| |
Introduction | |
| |
| |
Reporting on Bandwidth Usage and Other Metrics | |
| |
| |
Collecting Data for Analysis | |
| |
| |
Understanding SNMP | |
| |
| |
Configuring Multi Router Traffic Grapher | |
| |
| |
Configuring MZL & Novatech TrafficStatistic | |
| |
| |
Configuring PRTG Traffic Grapher | |
| |
| |
Configuring ntop | |
| |
| |
Enabling SNMP on Windows Hosts | |
| |
| |
Enabling SNMP on Linux Hosts | |
| |
| |
Troubleshooting Network Problems | |
| |
| |
Using a GUI Sniffer | |
| |
| |
Using a Command-Line Sniffer | |
| |
| |
Additional Troubleshooting Tools | |
| |
| |
Netcat | |
| |
| |
Tracetcp | |
| |
| |
Netstat | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Security as an Ongoing Process | |
| |
| |
Introduction | |
| |
| |
Patch Management | |
| |
| |
Network Infrastructure Devices | |
| |
| |
Operating System Patches | |
| |
| |
Application Patches | |
| |
| |
Change Management | |
| |
| |
Change Causes Disruption | |
| |
| |
Inadequate Documentation Can Exacerbate Problems | |
| |
| |
Change Management Strategy | |
| |
| |
Antivirus | |
| |
| |
Antispyware | |
| |
| |
Intrusion Detection Systems | |
| |
| |
Vulnerability Scanning | |
| |
| |
Vulnerability Management Cycle | |
| |
| |
Roles and Responsibilities | |
| |
| |
Penetration Testing | |
| |
| |
Obtaining the Support of Senior Management | |
| |
| |
Clarify What You Are Buying | |
| |
| |
Policy Review | |
| |
| |
Physical Security | |
| |
| |
Cert Team | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
Index | |