Implementing Enterprise Cyber Security with Open Source Software and Standard Architecture Volume II 1st Edition by Anand Handa, Rohit Negi, Venkatesan, Sandeep Shukla ISBN 9781000922387 8770227950

Implementing Enterprise Cyber Security with Open Source Software and Standard Architecture Volume II 1st Edition by Anand Handa, Rohit Negi, Venkatesan, Sandeep Shukla – Ebook PDF Instant Download/Delivery: 9781000922387 ,8770227950
Full download Implementing Enterprise Cyber Security with Open Source Software and Standard Architecture Volume II 1st Edition after payment

Product details:

ISBN 10: 8770227950
ISBN 13: 9781000922387
Author: Anand Handa, Rohit Negi, Venkatesan, Sandeep Shukla

Implementing Enterprise Cyber Security with Open Source Software and Standard Architecture Volume II 1st Edition Table of contents:

Part I Web Application Security

1 OWASP G0rKing – Exploiting the Hidden Aspects of Google’s Search Capabilities

1.1 Introduction

1.2 Literature Survey

1.2.1 What is google dorking?

2.2.2 A brief history of dorking

1.3 Purpose

1.4 Objective

4.4.1 Types of crawling

1.5 Technical Details

5.5.1 Google dorking techniques

1.6 Project SaUR0N – One Tool to Search Them All

3.6.1 Project deliverables

1.7 Project Requirements Packages

1.8 DorkingGuide – Tool User Manual

1.9 The Tool – G0rKing aka SaUR0N

9.9.1 For simple google dorking (search)

9.9.2 For URL probing

1.10 Dorking Queries

10.10.1 Guide

1.11 Best Practices and Learnings

1.12 Website Security and Best Practices

1.13 Tool: SaUR0N

1.14 GitHub Repository

2 OSS Known Vulnerability Scanner – Helping Software Developers Detect Third-Party Dependency Vulnerabilities in Real Time

2.1 Introduction

2.2 Background

2.3 Problem Statement

2.4 Tool Architecture

2.5 Tool Implementation

5.5.1 Components and their implementations

2.6 Deployment

3.6.1 Enterprise deployment

3.6.2 Standalone deployment

2.7 Tool Validation and Result

2.8 Conclusion

2.9 Acknowledgments

Part II Malware Analysis

3 Detecting Malware using Machine Learning

3.1 Introduction

3.2 Detecting Malware in JPEG Files

2.2.1 JPEG file structure

2.2.2 EXIF tags

3.3 Dataset

3.3.1 Dataset split – train and test set

3.4 Feature Extraction Strategies

4.4.1 Strategy I: (using the length of the tags as features)

4.4.2 Strategy II: (forming TF-IDF)

3.5 Working of the System

3.6 Building the Model

3.6.1 Constants used

3.6.2 Functions used to extract EXIF tags from JPEG files

3.6.3 Example of EXIF tags

3.6.4 Unique keys extraction for all files

3.6.5 Preparation of data frame for creating TF-IDF

3.6.6 Forming the TF-IDF

3.6.7 Handling the imbalanced datasets

3.6.8 Development of decision tree model

3.6.9 Development of random forest model

3.7 Conclusions on the Model

3.8 Creating the Web Service

3.9 Creating a Simple Client Application

3.10 Sample of a Sophisticated Client Application

3.11 Detecting Malware in ELF Files

3.12 About ELF Files

3.12.1 ELF file header

3.12.2 Program header

3.12.3 Section information

3.12.4 ELF dataset

3.12.5 Distribution of dataset

3.13 Feature Engineering andMachine Learning Classification

3.14 Building the Model

3.14.1 Constants used

3.14.2 Functions used to extract information from ELF files

3.15 Extract the Unique List of Keys for All the Files

3.16 Create a Data Frame

3.17 Random Forest Model Generation

3.18 Outcomes from the Model

3.19 Creating the Web Service

3.20 Conclusion

3.21 Acknowledgments

4 New Age Attack Vectors – JPEG Images Machine Learning-based Solution for the Detection of Malicious JPEG Images

4.1 Introduction

4.2 Background

4.2.1 JPEG file structure

4.3 Related Work

4.4 Methodology

4.4.1 Input JPEG images

4.4.2 JPEG reader

4.4.3 Data preparation

4.4.4 Machine learning model

4.5 Model Evaluation

4.5.1 Evaluation metrics

4.5.2 JPEG image detection

4.6 Conclusion

4.7 Acknowledgments

5 Live Monitoring of Malware Attacks on Cloud using Windows Agent-based Solution

5.1 Introduction

5.1.1 About malware

5.1.2 Types of malware

5.1.3 Fileless malware

5.2 Background

5.2.1 Procmon

5.3 Project Approach

5.3.1 Detection engine – agent development

5.3.2 Analysis engine

5.3.3 Classification engine

5.3.4 Reporting with ELK

5.4 Deployment Architecture

5.4.1 Product tool architecture (benefits of the agent)

5.5 Product Future Enhancements

5.6 Conclusion and Future Directions

5.7 Acknowledgments

6 Malware also Needs “Attention”

6.1 Introduction

6.2 Related Work

6.3 Proposed Methodology

6.3.1 Datasets

6.3.2 Methodology

6.3.2.1 API call level understanding – Word2Vec

6.3.2.2 Function and binary file level understanding – attention

6.3.3 Network architecture

6.4 Experiments and Results

6.4.1 Experimental setup

6.4.2 Results

6.4.2.1 Dataset 1

6.4.2.2 Dataset 2

6.5 Conclusion

Part III IDS

7 Implementation of an Intrusion Detection System and Deception Technologies using Open Source Tools for Small Businesses

7.1 Introduction

7.2 Tool Setup and Architecture

7.2.1 Central management server (CMS)

7.2.1.1 OpenDistro for Elasticsearch

7.2.1.2 Wazuh manager

7.2.1.3 Suricata

7.2.1.4 Nginx reverse proxy

7.2.2 Endpoints or honeypots

7.2.2.1 Cowrie honeypot

7.2.2.2 WordPress honeypot

7.2.2.3 Honeypot dionea

7.2.2.4 Honeypot mailoney

7.2.2.5 Wazuh agent

7.3 Implementation of Tools

7.3.1 Create droplet on digital ocean

7.3.2 Deploying Wazuh with open Distro for Elasticsearch

7.3.3 Installing Filebeat

7.3.4 Installing Kibana

7.3.5 Installing Nginx as a reverse proxy

7.3.6 Installing Suricata on CMS

7.3.7 Integration with IP repudiation feeds

7.3.8 Configuring the CDB lists

7.4 Honeypots

7.4.1 WordPress honeypot deployment and configuration

7.4.2 Mailoney honeypot deployment and configuration

7.4.3 Cowrie honeypot deployment and configuration

7.4.4 Dionaea honeypot deployment and configuration

7.4.5 Deploying Wazuh agents on honeypot systems

7.4.5.1 Configuration for logs forwarding from honeypot’s server to Wazuh manager

7.4.6 Installing Suricata on honeypot server

7.4.7 Custom rules

7.4.8 Centralized configuration

7.4.9 Log data collection

7.4.10 Security configuration assessment

7.4.11 File integrity monitoring

7.4.12 VirusTotal integration

7.4.13 Slack

7.4.13.1 Integration with Slack

7.4.14 Configuration on Wazuh server

7.5 Result

7.5.1 Geolocation of attacks

7.5.2 Top usernames

7.5.3 Top attacker countries

7.5.4 Top 10 attacker machine IPs

7.5.5 Attacks for MySQL servers

7.5.6 Top signatures-based attempts

7.5.7 Top 10 attempted passwords

7.6 Conclusion and Future Work

8 Attack Vector Analysis with a New Benchmark

8.1 Introduction

8.2 Background and Related Work

8.2.1 Application hardening

8.2.2 Operating system hardening

8.2.3 Server hardening

8.2.4 Database hardening

8.2.5 Network hardening

8.3 Threat Vector and Attack Surface

8.3.1 Attack surface

8.3.2 Attack vector

8.3.3 Hardening steps

8.3.4 During installation

8.3.5 Updates and upgrades

8.3.6 File systems

8.3.7 Users, groups and authentication

8.3.8 Warning banners

8.3.9 Configuring crons

8.3.10 User shell configuration

8.3.11 USB devices

8.3.12 Uncommon network protocol

8.3.13 Kernel hardening

8.3.14 Compilers

8.3.15 Additional tools to enhance hardening index

8.4 Post Hardening

8.5 Results

8.6 Conclusion and Future Work

Part IV Honeypot

9 Stealpot Honeypot Network

9.1 Introduction

9.1.1 Problem statement

9.2 Methodology

9.3 Architecture: Keeping It Simple and Straightforward

9.3.1 Components

9.3.2 Honeypots: Ubuntu 18.04 as the base OS, deployed at four different regions across the globe

9.3.3 Other components/integration

9.4 Conclusion

References

Index

People also search for Implementing Enterprise Cyber Security with Open Source Software and Standard Architecture Volume II 1st Edition:

implementing a cybersecurity program
    
what is implementing enterprise cybersecurity
    
implementing cyber security framework
    
implementing a cyber-security system for an international company
    
implementing enterprise cybersecurity

Tags:

Anand Handa,Rohit Negi,Venkatesan,Sandeep Shukla,Implementing Enterprise,Cyber Security,Source Software