Muutke küpsiste eelistusi

E-raamat: Implementing Enterprise Cybersecurity with Opensource Software and Standard Architecture

Edited by (C3i Center, Indian Institute of Technology, India), Edited by (C3i Center, Indian Institute of Technology, India), Edited by (C3i Center, Indian Institute of Technology, India)
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 88,90 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Implementing Enterprise Cybersecurity with Opensource Software and Standard ArchitectureSuurem pilt
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

This book describes multiple projects which can help in developing cybersecurity solution architectures and the use of the right tools from the open-source software domain. These projects are covered in detail with recipes on how to use open-source tooling to obtain standard cyber defense and the ability to do self-penetration testing and vulnerability assessment.

Many small and medium scale businesses cannot afford to procure expensive cybersecurity tools. In many cases, even after procurement, lack of a workforce with knowledge of the standard architecture of enterprise security, tools are often used ineffectively. The editors have developed multiple projects which can help in developing cybersecurity solution architectures and the use of the right tools from the open-source software domain. This book has 8 chapters describing these projects in detail with recipes on how to use open-source tooling to obtain standard cyber defense and the ability to do self-penetration testing and vulnerability assessment. This book also demonstrates work related to malware analysis using machine learning and implementation of honeypots, network Intrusion Detection Systems in a security operation center environment. It is essential reading for cybersecurity professionals and advanced students.
Preface xi
List of Figures
xiii
List of Tables
xxi
List of Contributors
xxiii
List of Abbreviations
xxv
1 Introduction
1(2)
Rohit Negi
Anand Handa
Nitesh Kumar
Sandeep K. Shukla
I Deception Technologies & Threat Visibility - Honeypots and Security Operations
3(130)
2 Honeynet - Deploying a Connected System of Diverse Honey-pots Using Open-Source Tools
5(46)
Sreeni Venugopal
Aditya Arun
Abhishek Ghildyal
P. S. Seshadri
Damandeep Singh
2.1 Introduction
6(1)
2.2 Classification of Honeypots
7(2)
2.3 Design of the Honeynet
9(4)
2.3.1 Hosting Environment
9(1)
2.3.2 Servers Deployed
9(4)
2.3.3 Web Applications Hosted
13(1)
2.3.4 Databases
13(1)
2.4 Implementation
13(12)
2.4.1 Deployment of Servers
14(4)
2.4.2 Security and Monitoring of Honeypots/Honeynet
18(1)
2.4.3 Security - UFW - Firewall
19(2)
2.4.4 Monitoring - Elastic Stack
21(1)
2.4.5 Honeypots Deployed
22(3)
2.4.6 Precautions Taken
25(1)
2.5 Threat Analytics Using Elastic Stack
25(21)
2.5.1 Using Standard Reports Available in Kibana
25(1)
2.5.2 Developing Custom Reports in Kibana
26(1)
2.5.3 Manual Reports Based on Manual Analysis of Data Dumps and Selected Data from Kibana Reports
26(1)
2.5.4 Reports Generated
27(2)
2.5.5 Standard Kibana Analytic Reports
29(6)
2.5.6 Custom Reports Developed in Kibana
35(11)
2.6 Manual Threat Analysis
46(2)
2.6.1 Attacks to Exploit CVE-2012-1823 Vulnerability
47(1)
2.6.2 Attempts by BotNets to Upload Malware
47(1)
2.6.3 Attempts to Scan Using Muieblackcat
47(1)
2.7 Future Work
48(1)
2.8 Conclusion
49(2)
3 Implementation of Honeypot, NIDs, and HIDs Technologies in SOC Environment
51(16)
Ronald Dalbhanjan
Sudipta Chatterjee
Rajdeep Gogol
Tanuj Pathak
Shivam Sahay
3.1 Introduction
52(1)
3.2 Setup and Architecture
53(6)
3.2.1 Honeypot
53(1)
3.2.2 Firewall
54(2)
3.2.3 Host-based Intrusion Detection Systems (HIDS)
56(1)
3.2.4 Network-Based Intrusion Detection Systems (NIDS)
56(3)
3.3 Approach to the Final Setup
59(5)
3.3.1 Phase 1
59(1)
3.3.2 Phase 2
59(5)
3.4 Information Security Best Practices
64(1)
3.5 Industries and Sectors Under Study
65(2)
3.5.1 Educational Institutes
65(1)
3.5.2 Hospitals and Pharmaceutical Companies
65(1)
3.5.3 Manufacturing Industry
66(1)
4 Leveraging Research Honeypots for Generating Credible Threat Intelligence and Advanced Threat Analytics
67(44)
Praveen Pathak
Mayank Raj Jaiswal
Mudit Kumar Gupta
Suraj Sharma
Ranjit Singhnayak
4.1 Abstract
67(1)
4.2 Introduction
67(1)
4.3 How to Find the Right Honeypot for Your Environment
68(3)
4.3.1 Where to Start?
68(1)
4.3.2 What to Deploy?
69(1)
4.3.3 Customization, Obfuscation, and Implementation Considerations
70(1)
4.4 A Deep Dive in Solution Architecture
71(4)
4.5 Configuring and Deploying Cowrie Honeypot
75(9)
4.5.1 Cowrie - A Brief Introduction
75(1)
4.5.2 A Quick Run of Cowrie (Docker)
76(1)
4.5.3 Understanding Cowrie Configurations
76(3)
4.5.4 Cowrie Deployment (Using Docker)
79(1)
4.5.5 Steps to Deploy Cowrie
80(2)
4.5.6 What is in the Logs?
82(2)
4.6 Configuring and Deploying Glastopf Honeypot
84(4)
4.6.1 Glastopf-A Brief Introduction
84(1)
4.6.2 Glastopf Installation Steps
84(1)
4.6.3 Converting Glastopf Event Log Database to Text Format for Ingestion in Log Management Platform `Splunk'
85(3)
4.7 Creating Central Log Management Facility and Analytic Capability
88(15)
4.7.1 What Is Splunk?
88(1)
4.7.2 Installing and deploying Splunk
88(5)
4.7.3 Enabling Log Forwarding to Facilitate Centralized Log Management
93(2)
4.7.4 Real-Time Dashboards with Splunk for Threat Intelligence
95(8)
4.8 Behavioral Analysis of Honeypot Log Data for Threat Intelligence
103(6)
4.8.1 Building the Intuition
103(1)
4.8.2 Creating Relevant Features from Logs
104(1)
4.8.3 Creating Attacker Profiles
104(5)
4.9 Conclusion
109(1)
4.10 Future Work
109(2)
5 Collating Threat Intelligence for Zero Trust Future Using Open-Source Tools
111(22)
Piyush John
Siva Suryanarayana Nittala
Suresh Chandanapalli
5.1 Introduction
112(2)
5.1.1 Why Honeypots?
112(2)
5.2 T-Pot Honeypot
114(2)
5.3 How to Deploy a T-Pot Honeypot
116(10)
5.3.1 Steps for Installation
116(2)
5.3.2 T-Pot Installation and System Requirements
118(1)
5.3.3 System Requirements
119(1)
5.3.4 Installation Types
120(1)
5.3.5 Installation
121(5)
5.4 Kibana Dashboard
126(3)
5.5 Check out your dashboard and start analyzing
129(4)
II Malware Analysis
133(58)
6 Malware Analysis Using Machine Learning
135(32)
Charul Sharma
Kiran Desaraju
Krishna Tapasvi
Badrinarayan Ramamoorthy
Krant Joshi
6.1 Introduction
135(9)
6.1.1 What is Malware?
137(1)
6.1.2 What Does Malware Do?
137(2)
6.1.3 What are Various Types of Malware Analysis?
139(1)
6.1.4 Why Do We Need Malware Analysis Tool?
140(1)
6.1.5 How Will This Tool Help in Cybersecurity?
141(2)
6.1.6 Why Do We Need Large Dataset for Malware Analysis and Classification?
143(1)
6.2 Environment Setup for Implementation
144(4)
6.3 Use of Machine Learning in Malware Analysis
148(15)
6.3.1 Why Use Machine Learning for Malware Analysis?
148(1)
6.3.2 Which Machine Learning Approach is Used in Tool Development?
149(3)
6.3.3 Why Do We Need Features?
152(1)
6.3.4 What is Feature Extraction?
153(1)
6.3.5 What is Feature Selection?
153(1)
6.3.6 Using Machine Learning for Feature Selection
154(4)
6.3.7 How to Train the Machine Learning Model?
158(1)
6.3.8 How to Train Machine Learning Model in Python?
159(1)
6.3.9 How Much Data Shall be Used for Training and for Testing?
159(3)
6.3.10 How to Use the Machine Learning Model?
162(1)
6.4 Experimental Results
163(2)
6.5 Conclusion
165(2)
7 Feature Engineering and Analysis Toward Temporally Robust Detection of Android Malware
167(24)
Sagar Jaiswal
Anand Handa
Nitesh Kumar
Sandeep K. Shukla
7.1 Introduction
168(2)
7.2 Related Work
170(2)
7.3 Proposed Methodology
172(15)
7.3.1 Dataset Collection
172(2)
7.3.2 Feature Extraction and Selection
174(13)
7.3.3 Classification
187(1)
7.4 Experimental Results
187(2)
7.5 Conclusion
189(2)
III Tools for Vulnerability Assessment and Penetration Testing
191(54)
8 Use ModSecurity Web Application Firewall to Mitigate OWASP's Top 10 Web Application Vulnerabilities
193(44)
S. Lokesh Raju
Santosh Sheshware
Ruchit R. Patel
8.1 Introduction
193(5)
8.1.1 Defense-in-Depth Security Architecture
194(2)
8.1.2 ModSecurity Overview
196(1)
8.1.3 What Can ModSecurity Do?
196(2)
8.2 Design and Implementation
198(32)
8.2.1 Docker Essentials: A Developer's Introduction
198(3)
8.2.2 Elastic Stack
201(4)
8.2.3 Setting Up ModSecurity With Nginx Using Docker
205(7)
8.2.4 ModSecurity Custom Security Rules
212(1)
8.2.5 Monitoring ModSecurity and Nginx Logs using Elastic Stack
213(17)
8.3 Analysis
230(4)
8.4 Recommendations and Future Work
234(1)
8.5 Conclusion
235(2)
9 Offensive Security with Huntsman: A concurrent Versatile Malware
237(8)
Souvik Haldar
9.1 Introduction
237(1)
9.2 Huntsman
237(1)
9.2.1 Unique Features of Huntsman
237(1)
9.3 Installation
238(2)
9.4 Transfer to a Target
240(1)
9.5 Functions of Huntsman
240(4)
9.5.1 Fast Concurrent Port Scanning
240(1)
9.5.2 TCP Proxy
241(1)
9.5.3 TCP Listener
242(1)
9.5.4 Bind shell
242(1)
9.5.5 Keylogger
243(1)
9.6 Conclusion
244(1)
Bibliography 245(6)
Index 251(2)
About the Editors 253
Anand Handa is a researcher and executive project engineer at the C3i Center at the Indian Institute of Technology Kanpur. His research interests are at the intersection of Machine learning and Cyber security. His role at C3i involves working on projects having malware analysis and IDS as  significant components.



Rohit Negi is the lead engineer and chief security architect of the C3i Center -- a center for cyber security and cyber defense of critical infrastructures at the Indian Institute of Technology Kanpur. His research is in the field of cyber security of Cyber Physical Systems.



Sandeep K. Shukla is a professor of Computer Science and Engineering at the Indian Institute of Technology. He is an IEEE Fellow, ACM distinguished scientist and Subject Matter Expert in Cyber Security of cyber-physical systems and Blockchain Technology. A recipient of various prestigious honors, he serves as a program director of C3i Hub, joint coordinators for the C3I Center and the National Blockchain Project at IIT Kanpur, India.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97810007974426e.html
Märksõnad: