وبلاگ بلیان

Privileged Attack Vectors : Building Effective Cyber-Defense Strategies to Protect Organizations

جلد کتاب Privileged Attack Vectors : Building Effective Cyber-Defense Strategies to Protect Organizations

معرفی کتاب «Privileged Attack Vectors : Building Effective Cyber-Defense Strategies to Protect Organizations» نوشتهٔ Renarde، Giselle و Morey J. Haber، منتشرشده توسط نشر Apress : Imprint: Apress در سال 2020. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

Table of Contents 5 About the Author 12 About the Technical Reviewer 13 Foreword 14 Acknowledgments 18 Introduction 19 Chapter 1: Privileged Attack Vectors 32 Threat Personas 36 Chapter 2: Privileges 42 Guest Users 45 Standard Users 45 Power User 49 Administrators 50 Identity Management 51 Identities 54 Accounts 55 Credentials 56 Default Credentials 57 Anonymous Access 58 Blank Password 60 Default Password 62 Default Randomized Password 64 Pattern-Generated Passwords 65 Forced Password Change 68 Chapter 3: Credentials 69 Shared Credentials 69 Account Credentials 70 Shared Administrator Credentials 72 Temporary Accounts 75 SSH Keys 76 Overview of SSH Key Security Authentication 77 Benefits of SSH Key Authentication 77 Generating SSH Keys 78 SSH Key Access 78 SSH Key Sprawl Poses Security and Operational Risk 79 SSH Key Security Best Practices 79 Personal and Work Passwords 80 Applications 82 Devices 84 Aliases 87 Email Addresses as Account Usernames 90 Chapter 4: Attack Vectors 95 Password Hacking 96 Guessing 96 Shoulder Surfing 98 Dictionary Attacks 98 Brute Force 100 Pass-the-Hash 100 Security Questions 101 Credential Stuffing 104 Password Spraying 104 Password Resets 105 SIM Jacking 108 Malware 109 Other Techniques 114 Chapter 5: Passwordless Authentication 116 A Physical Discussion Around Passwordless Authentication 116 An Electronic Discussion Around Passwordless Authentication 117 Requirements for Passwordless Authentication 121 The Reality Around Passwordless Authentication 123 Chapter 6: Privilege Escalation 128 Credential Exploitation 129 Vulnerabilities and Exploits 131 Misconfigurations 135 Malware 136 Social Engineering 137 Multi-factor Authentication 142 Local Vs. Centralized Privileges 144 Chapter 7: Insider and External Threats 146 Insider Threats 146 External Threats 151 Chapter 8: Threat Hunting 155 Chapter 9: Unstructured Data 160 Chapter 10: Privilege Monitoring 165 Session Recording 165 Keystroke Logging 168 Application Monitoring 170 Session Auditing 172 Remote Access 173 Chapter 11: Privileged Access Management 176 Privileged Access Management Challenges 179 Password Management 184 Least Privilege Management 185 Secure Remote Access 186 Application-to-Application Privilege Automation 188 Privileged SSH Keys 191 Directory Bridging 192 Auditing and Reporting 193 Privileged Threat Analytics 195 Chapter 12: PAM Architecture 197 On-Premise 206 Cloud 207 Infrastructure as a Service (IaaS) 208 Software as a Service (SaaS) 209 Platform as a Service (PaaS) 211 Chapter 13: Break Glass 213 Break Glass Process 214 Break Glass Using a Password Manager 216 Session Management 218 Stale Passwords 219 Application-to-Application Passwords 221 Physical Storage 222 Context-Aware 223 Architecture 224 Break Glass Recovery 225 Chapter 14: Industrial Control Systems (ICS) and Internet of Things (IoT) 227 Industrial Control Systems (ICS) 227 Internet of Things (IoT) 235 Chapter 15: The Cloud 239 Cloud Models 245 Infrastructure as a Service (IaaS) 247 Software as a Service (SaaS) 248 Platform as a Service (PaaS) 250 Chapter 16: Mobile Devices 251 Chapter 17: Ransomware and Privileges 257 Chapter 18: Remote Access 263 Vendor Remote Access 267 Working from Home 269 Secure Remote Access 273 Chapter 19: Secured DevOps (SecDevOps) 275 Chapter 20: Regulatory Compliance 280 Payment Card Industry (PCI) 281 HIPAA 283 SOX 285 GLBA 285 NIST 286 ISO 287 GDPR 291 CCPA 296 ASD 298 MAS 300 SWIFT 301 MITRE ATT&CK 303 Chapter 21: Just in Time 308 Just-in-Time (JIT) Privileged Access Management 309 Just-in-Time Privilege Management Strategy 311 Implementing Just-in-Time Privileged Access Management 316 Chapter 22: Zero Trust 318 Success with a Zero Trust Model 319 Obstacles for Zero Trust 323 Considering Zero Trust? 327 Chapter 23: Sample Privileged Access Management Use Cases 328 Chapter 24: Deployment Considerations 347 Privileged Risk 348 Privileged Credential Oversight 349 Shared Credentials 350 Embedded Credentials 350 SSH Keys 351 Privileged Credentials in the Cloud 351 Functional Accounts 352 Applications 354 Application-Specific Password 356 Chapter 25: Privileged Account Management Implementation 357 Step 1: Improve Accountability for Privileged Accounts 359 Step 2: Implement Least Privilege on Desktops 362 Step 3: Implement Least Privilege on Servers 364 Step 4: Application Reputation 367 Step 5: Remote Access 368 Step 6: Network Devices and IoT 370 Step 7: The Cloud and Virtualization 372 Step 8: DevOps and SecDevOps 375 Step 9: Privileged Account Integration 377 Third-Party Integrations 377 Directory Bridging 378 Step 10: Identity and Access Management Integration 380 Chapter 26: Machine Learning 382 Machine Learning and Information Security 383 The Human Element 384 Attack Vectors 384 Machine Learning Benefits 386 Chapter 27: Conclusion 387 Final Thoughts 392 Index 394 See how privileges, insecure passwords, administrative rights, and remote access can be combined as an attack vector to breach any organization. Cyber attacks continue to increase in volume and sophistication. It is not a matter of if , but when, your organization will be breached. Threat actors target the path of least resistance: users and their privileges. In decades past, an entire enterprise might be sufficiently managed through just a handful of credentials. Today’s environmental complexity has seen an explosion of privileged credentials for many different account types such as domain and local administrators, operating systems (Windows, Unix, Linux, macOS, etc.), directory services, databases, applications, cloud instances, networking hardware, Internet of Things (IoT), social media, and so many more. When unmanaged, these privileged credentials pose a significant threat from external hackers and insider threats. We are experiencing an expanding universe of privileged accounts almost everywhere. There is no one solution or strategy to provide the protection you need against all vectors and stages of an attack. And while some new and innovative products will help protect against or detect against a privilege attack, they are not guaranteed to stop 100% of malicious activity. The volume and frequency of privilege-based attacks continues to increase and test the limits of existing security controls and solution implementations. Privileged Attack Vectors details the risks associated with poor privilege management, the techniques that threat actors leverage, and the defensive measures that organizations should adopt to protect against an incident, protect against lateral movement, and improve the ability to detect malicious activity due to the inappropriate usage of privileged credentials.   This revised and expanded second edition covers new attack vectors, has updated definitions for privileged access management (PAM), new strategies for defense, tested empirical steps for a successful implementation, and includes new disciplines for least privilege endpoint management and privileged remote access. What You Will Learn Know how identities, accounts, credentials, passwords, and exploits can be leveraged to escalate privileges during an attack Implement defensive and monitoring strategies to mitigate privilege threats and risk Understand a 10-step universal privilege management implementation plan to guide you through a successful privilege access management journey Develop a comprehensive model for documenting risk, compliance, and reporting based on privilege session activity Who This Book Is For Security management professionals, new security professionals, and auditors looking to understand and solve privilege access management problems See how privileges, insecure passwords, administrative rights, and remote access can be combined as an attack vector to breach any organization. Cyber attacks continue to increase in volume and sophistication. It is not a matter of if , but when, your organization will be breached. Threat actors target the path of least resistance: users and their privileges. In decades past, an entire enterprise might be sufficiently managed through just a handful of credentials. Today's environmental complexity has seen an explosion of privileged credentials for many different account types such as domain and local administrators, operating systems (Windows, Unix, Linux, macOS, etc.), directory services, databases, applications, cloud instances, networking hardware, Internet of Things (IoT), social media, and so many more. When unmanaged, these privileged credentials pose a significant threat from external hackers and insider threats. We are experiencing an expanding universe of privileged accounts almost everywhere. There is no one solution or strategy to provide the protection you need against all vectors and stages of an attack. And while some new and innovative products will help protect against or detect against a privilege attack, they are not guaranteed to stop 100% of malicious activity. The volume and frequency of privilege-based attacks continues to increase and test the limits of existing security controls and solution implementations. Privileged Attack Vectors details the risks associated with poor privilege management, the techniques that threat actors leverage, and the defensive measures that organizations should adopt to protect against an incident, protect against lateral movement, and improve the ability to detect malicious activity due to the inappropriate usage of privileged credentials. This revised and expanded second edition covers new attack vectors, has updated definitions for privileged access management (PAM), new strategies for defense, tested empirical steps for a successful implementation, and includes new disciplines for least privilege endpoint management and privileged remote access. What You Will Learn Know how identities, accounts, credentials, passwords, and exploits can be leveraged to escalate privileges during an attack Implement defensive and monitoring strategies to mitigate privilege threats and risk Understand a 10-step universal privilege management implementation plan to guide you through a successful privilege access management journey Develop a comprehensive model for documenting risk, compliance, and reporting based on privilege session activity Who This Book Is For Security management professionals, new security professionals, and auditors looking to understand and solve privilege access management problems
دانلود کتاب Privileged Attack Vectors : Building Effective Cyber-Defense Strategies to Protect Organizations