| |
| |
| |
| Presenting the Business Case for Free Solutions | |
| |
| |
| Introduction | |
| |
| |
| The Costs of Using Free Security Solutions | |
| |
| |
| Training Costs | |
| |
| |
| Hardware Costs | |
| |
| |
| Consulting Costs | |
| |
| |
| Hidden Costs | |
| |
| |
| The Savings of Using Free Security Solutions | |
| |
| |
| Purchase Costs | |
| |
| |
| Maintenance Costs | |
| |
| |
| Customization Costs | |
| |
| |
| Comparing Free Solutions with Commercial Solutions | |
| |
| |
| Strengths of Free Solutions | |
| |
| |
| Weaknesses of Free Solutions | |
| |
| |
| Evaluating Individual Solutions | |
| |
| |
| "Selling" a Free Solution | |
| |
| |
| Selling by Doing | |
| |
| |
| Presenting a Proposal | |
| |
| |
| Summary | |
| |
| |
| Solutions Fast Track | |
| |
| |
| Frequently Asked Questions | |
| |
| |
| |
| Protecting Your Perimeter | |
| |
| |
| Introduction | |
| |
| |
| Firewall Types | |
| |
| |
| Firewall Architectures | |
| |
| |
| Screened Subnet | |
| |
| |
| One-Legged | |
| |
| |
| True DMZ | |
| |
| |
| Implementing Firewalls | |
| |
| |
| Hardware versus Software Firewalls | |
| |
| |
| Configuring netfilter | |
| |
| |
| Choosing a Linux Version | |
| |
| |
| Choosing Installation Media | |
| |
| |
| Linux Firewall Operation | |
| |
| |
| Configuration Examples | |
| |
| |
| GUIs | |
| |
| |
| Smoothwall | |
| |
| |
| Configuring Windows Firewall | |
| |
| |
| Providing Secure Remote Access | |
| |
| |
| Providing VPN Access | |
| |
| |
| Using Windows as a VPN Concentrator | |
| |
| |
| iPig | |
| |
| |
| OpenSSL VPN | |
| |
| |
| Providing a Remote Desktop | |
| |
| |
| Windows Terminal Services | |
| |
| |
| VNC | |
| |
| |
| Using the X Window System | |
| |
| |
| Providing a Remote Shell | |
| |
| |
| Using Secure Shell | |
| |
| |
| Using a Secure Shell GUI Client | |
| |
| |
| Summary | |
| |
| |
| Solutions Fast Track | |
| |
| |
| Frequently Asked Questions | |
| |
| |
| |
| Protecting Network Resources | |
| |
| |
| Introduction | |
| |
| |
| Performing Basic Hardening | |
| |
| |
| Defining Policy | |
| |
| |
| Access Controls | |
| |
| |
| Authentication | |
| |
| |
| Authorization | |
| |
| |
| Auditing | |
| |
| |
| Hardening Windows Systems | |
| |
| |
| General Hardening Steps | |
| |
| |
| Users and Groups | |
| |
| |
| File-Level Access Controls | |
| |
| |
| Additional Steps | |
| |
| |
| Using Microsoft Group Policy Objects | |
| |
| |
| Account Lockout Policy | |
| |
| |
| Audit Policy | |
| |
| |
| User Rights Assignment | |
| |
| |
| Hardening Linux Systems | |
| |
| |
| General Hardening Steps | |
| |
| |
| Users and Groups | |
| |
| |
| File-Level Access Controls | |
| |
| |
| Using the Bastille Hardening Script | |
| |
| |
| Using SELinux | |
| |
| |
| Hardening Infrastructure Devices | |
| |
| |
| Patching Systems | |
| |
| |
| Patching Windows Systems | |
| |
| |
| Patching Linux Systems | |
| |
| |
| Personal Firewalls | |
| |
| |
| Windows Firewall | |
| |
| |
| Netfilter Firewall | |
| |
| |
| Configuring TCP Wrappers | |
| |
| |
| Providing Antivirus and Antispyware Protection | |
| |
| |
| Antivirus Software | |
| |
| |
| Clam AntiVirus | |
| |
| |
| Using Online Virus Scanners | |
| |
| |
| Antispyware Software | |
| |
| |
| Microsoft Windows Defender | |
| |
| |
| Microsoft Malicious Software Removal Tool | |
| |
| |
| Encrypting Sensitive Data | |
| |
| |
| EFS | |
| |
| |
| Summary | |
| |
| |
| Solutions Fast Track | |
| |
| |
| Frequently Asked Questions | |
| |
| |
| |
| Configuring an Intrusion Detection System | |
| |
| |
| Introduction | |
| |
| |
| Intrusion Detection Systems | |
| |
| |
| Configuring an Intrusion Detection System | |
| |
| |
| Hardware Requirements | |
| |
| |
| Placing Your NIDS | |
| |
| |
| Configuring Snort on a Windows System | |
| |
| |
| Installing Snort | |
| |
| |
| Configuring Snort Options | |
| |
| |
| Using a Snort GUI Front End | |
| |
| |
| Configuring IDS Policy Manager | |
| |
| |
| Configuring Snort on a Linux System | |
| |
| |
| Configuring Snort Options | |
| |
| |
| Using a GUI Front End for Snort | |
| |
| |
| Basic Analysis and Security Engine | |
| |
| |
| Other Snort Add-Ons | |
| |
| |
| Using Oinkmaster | |
| |
| |
| Additional Research | |
| |
| |
| Demonstrating Effectiveness | |
| |
| |
| Summary | |
| |
| |
| Solutions Fast Track | |
| |
| |
| Frequently Asked Questions | |
| |
| |
| |
| Managing Event Logs | |
| |
| |
| Introduction | |
| |
| |
| Generating Windows Event Logs | |
| |
| |
| Using Group Policy to Generate Windows Events Logs | |
| |
| |
| Generating Custom Windows Event Log Entries | |
| |
| |
| Collecting Windows Event Logs | |
| |
| |
| Analyzing Windows Event Logs | |
| |
| |
| Generating Syslog Event Logs | |
| |
| |
| Windows Syslog | |
| |
| |
| Generating Syslog Events | |
| |
| |
| Receiving Syslog Events | |
| |
| |
| Linux Syslog | |
| |
| |
| Generating Syslog Events | |
| |
| |
| Encrypting Syslog Traffic | |
| |
| |
| Receiving Syslog Events on a Linux Host | |
| |
| |
| Analyzing Syslog Logs on Windows and Linux | |
| |
| |
| Windows Log Analysis | |
| |
| |
| Linux Log Analysis | |
| |
| |
| Securing Your Event Logs | |
| |
| |
| Ensuring Chain of Custody | |
| |
| |
| Ensuring Log Integrity | |
| |
| |
| Applying Your Knowledge | |
| |
| |
| Summary | |
| |
| |
| Solutions Fast Track | |
| |
| |
| Frequently Asked Questions | |
| |
| |
| |
| Testing and Auditing Your Systems | |
| |
| |
| Introduction | |
| |
| |
| Taking Inventory | |
| |
| |
| Locating and Identifying Systems | |
| |
| |
| Nmap | |
| |
| |
| Super Scanner | |
| |
| |
| Angry IP Scanner | |
| |
| |
| Scanline | |
| |
| |
| Special-Purpose Enumerators | |
| |
| |
| Locating Wireless Systems | |
| |
| |
| Network Stumbler | |
| |
| |
| Documentation | |
| |
| |
| Network Topology Maps | |
| |
| |
| Access Request Forms | |
| |
| |
| Business Continuity and Disaster Recovery Plans | |
| |
| |
| IT Security Policies/Standards/Procedures | |
| |
| |
| Vulnerability Scanning | |
| |
| |
| Nessus | |
| |
| |
| Running Nessus on Windows | |
| |
| |
| Running Nessus on Linux | |
| |
| |
| X-Scan | |
| |
| |
| Microsoft Baseline Security Analyzer | |
| |
| |
| OSSTMM | |
| |
| |
| Summary | |
| |
| |
| Solutions Fast Track | |
| |
| |
| Frequently Asked Questions | |
| |
| |
| |
| Network Reporting and Troubleshooting | |
| |
| |
| Introduction | |
| |
| |
| Reporting on Bandwidth Usage and Other Metrics | |
| |
| |
| Collecting Data for Analysis | |
| |
| |
| Understanding SNMP | |
| |
| |
| Configuring Multi Router Traffic Grapher | |
| |
| |
| Configuring MZL & Novatech TrafficStatistic | |
| |
| |
| Configuring PRTG Traffic Grapher | |
| |
| |
| Configuring ntop | |
| |
| |
| Enabling SNMP on Windows Hosts | |
| |
| |
| Enabling SNMP on Linux Hosts | |
| |
| |
| Troubleshooting Network Problems | |
| |
| |
| Using a GUI Sniffer | |
| |
| |
| Using a Command-Line Sniffer | |
| |
| |
| Additional Troubleshooting Tools | |
| |
| |
| Netcat | |
| |
| |
| Tracetcp | |
| |
| |
| Netstat | |
| |
| |
| Summary | |
| |
| |
| Solutions Fast Track | |
| |
| |
| Frequently Asked Questions | |
| |
| |
| |
| Security as an Ongoing Process | |
| |
| |
| Introduction | |
| |
| |
| Patch Management | |
| |
| |
| Network Infrastructure Devices | |
| |
| |
| Operating System Patches | |
| |
| |
| Application Patches | |
| |
| |
| Change Management | |
| |
| |
| Change Causes Disruption | |
| |
| |
| Inadequate Documentation Can Exacerbate Problems | |
| |
| |
| Change Management Strategy | |
| |
| |
| Antivirus | |
| |
| |
| Antispyware | |
| |
| |
| Intrusion Detection Systems | |
| |
| |
| Vulnerability Scanning | |
| |
| |
| Vulnerability Management Cycle | |
| |
| |
| Roles and Responsibilities | |
| |
| |
| Penetration Testing | |
| |
| |
| Obtaining the Support of Senior Management | |
| |
| |
| Clarify What You Are Buying | |
| |
| |
| Policy Review | |
| |
| |
| Physical Security | |
| |
| |
| Cert Team | |
| |
| |
| Summary | |
| |
| |
| Solutions Fast Track | |
| |
| |
| Frequently Asked Questions | |
| |
| |
| Index | |