Enterprise Security: A Data-Centric Approach to Securing the Enterprise电子书

Enterprise Security: A Data-Centric Approach to Securing the Enterprise

Table of Contents

Enterprise Security: A Data-Centric Approach to Securing the Enterprise

Credits

About the Author

About the Reviewers

www.packtpub.com

Support files, e-books, discount offers, and more

Why Subscribe?

Free Access for Packt account holders

Instant Updates on New Packt Books

Preface

What this book covers

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Enterprise Security Overview

The façade of enterprise security

The history and making of the façade

Our current approach to security

Security architecture 101

A new approach to security

Enterprise security pitfalls

Shortcomings of the current security architecture

Communicating information security

The cost of information security

The conflicting message of enterprise security

Proving a negative

The road map to securing the enterprise

Road map components

Defining users

Defining applications

Defining data

Defining roles

Defining processes

Defining policies and standards

Defining network infrastructure

Defining application security architecture

Summary

2. Security Architectures

Redefining the network edge

Drivers for redefinition

Feature-rich web applications

Business partner access

Miscellaneous third-party services

Cloud initiatives

Security architecture models

Defining the building blocks of trust models

Defining data in a trust model

Data locations

Data types

Defining processes in a trust model

Defining applications in a trust model

Defining users in a trust model

Defining roles in a trust model

Defining policies and standards

Enterprise trust models

Application user (external)

Application owner (business partner)

System owner (contractor)

Data owner (internal)

Automation

Micro architectures

Data risk-centric architectures

BYOD initiatives

Bring your own mobile device

Bring your own PC

Summary

3. Security As a Process

Risk analysis

What is risk analysis?

Assessing threats

Assessing impact

Assessing probability

Assessing risk

Qualitative risk analysis

Qualitative risk analysis exercise

Quantitative risk analysis

Quantitative risk analysis exercise

Applying risk analysis to trust models

Deciding on a risk analysis methodology

Other thoughts on risk and new enterprise endeavors

Security policies and standards

Policy versus standard

A quick note on wording

Understanding security policy development

Common IT security policies

Information security policy

Acceptable use policy

Technology use policy

Remote access policy

Data classification policy

Data handling policy

Data retention policy

Data destruction policy

Policies for emerging technologies

Policy considerations

Emerging technology challenges

Developing enterprise security standards

Common IT security standards

Wireless network security standard

Trust model building block for wireless network security standard

Applying trust models to develop standards

Enterprise monitoring standard

Enterprise encryption standard

System hardening standard

Security exceptions

Security review of changes

Perimeter security changes

Data access changes

Network architectural changes

Summary

4. Securing the Network

Overview

Next generation firewalls

Benefits of NGFW technology

Application awareness

Intrusion prevention

Advanced malware mitigation

Intrusion detection and prevention

Intrusion detection

Intrusion prevention

Detection methods

Behavioral analysis

Anomaly detection

Signature-based detection

Advanced persistent threat detection and mitigation

Securing network services

DNS

DNS resolution

DNS zone transfer

DNS records

DNSSEC

E-mail

SPAM filtering

SPAM filtering in the cloud

Local SPAM filtering

SPAM relaying

File transfer

Implementation considerations

Secure file transfer protocols

User authentication

User Internet access

Websites

Secure coding

Next generation firewalls

IPS

Web application firewall

Network segmentation

Network segmentation strategy

Asset identification

Security mechanisms

Applying security architecture to the network

Security architecture in the DMZ

Security architecture in the internal network

Security architecture and internal segmentation

Summary

5. Securing Systems

System classification

Implementation considerations

System management

Asset inventory labels

System patching

File integrity monitoring

Implementation considerations

Implementing FIM

Real-time FIM

Manual mode FIM

Application whitelisting

Implementation considerations

Host-based intrusion prevention system

Implementation considerations

Host firewall

Implementation considerations

Anti-virus

Signature-based anti-virus

Heuristic anti-virus

Implementation considerations

User account management

User roles and permissions

User account auditing

Policy enforcement

Summary

6. Securing Enterprise Data

Data classification

Identifying enterprise data

Data types

Data locations

Automating discovery

Assign data owners

Assign data classification

Data Loss Prevention

Data in storage

Data in use

Data in transit

DLP implementation

DLP Network

DLP E-mail and Web

DLP Discover

DLP Endpoint

Encryption and hashing

Encryption and hashing explained

Encryption

Encrypting data at rest

Database encryption

The need for database encryption

Methods of database encryption

Application encryption

Selective database encryption

Complete database encryption

Tokenization

File share encryption

Encrypting data in use

Encrypting data in transit

Tokenization

Data masking

Authorization

Developing supporting processes

Summary

7. Wireless Network Security

Security and wireless networks

Securing wireless networks

A quick note on SSID cloaking and MAC filtering

Wireless authentication

Using shared key

Caveats of shared key implementation

Using IEEE 802.1X

Caveats of 802.1X implementation

Wireless encryption

WEP

WPA

WPA2

Wireless network implementation

Wireless signal considerations

End system configuration

Wireless encryption and authentication recommendations

Encryption

Authentication

Client-side certificates

EAP-TLS

Unique system check

Wireless segmentation

Wireless network integration

Wireless network intrusion prevention

Summary

8. The Human Element of Security

Social engineering

Electronic communication methods

Spam e-mail

Key indicators of a spam e-mail

Mitigating spam and e-mail threats

Social media

Mitigating social media threats

In-person methods

Mitigating in-person social engineering

Phone methods

Mitigating phone methods

Business networking sites

Mitigating business networking site attacks

Job posting sites

Mitigating job posting-based attacks

Security awareness training

Training materials

Computer-based training

Classroom training

Associate surveys

Common knowledge

Specialized material

Effective training

Continued education and checks

Access denied – enforcing least privilege

Administrator access

System administrator

Data administrator

Application administrator

Physical security

Summary

9. Security Monitoring

Monitoring strategies

Monitoring based on trust models

Data monitoring

Process monitoring

Application monitoring

User monitoring

Monitoring based on network boundary

Monitoring based on network segment

Privileged user access

Privileged data access

Privileged system access

Privileged application access

Systems monitoring

Operating system monitoring

Host-based intrusion detection system

Network security monitoring

Next-generation firewalls

Data loss prevention

Malware detection and analysis

Intrusion prevention

Security Information and Event Management

Predictive behavioral analysis

Summary

10. Managing Security Incidents

Defining a security incident

Security event versus security incident

Developing supporting processes

Security incident detection and determination

Physical security incidents

Network-based security incidents

Incident management

Getting enterprise support

Building the incident response team

Roles

Desktop support

Systems support

Applications support

Database support

Network support

Information security

HR, legal, and public relations

Responsibilities

Expected response times

Incident response contacts

Supporting procedures

A quick note on forensics

Developing the incident response plan

Taking action

Incident reporting

Incident response

In-house incident response

Contracted incident response

Summary

A. Applying Trust Models to Develop a Security Architectuture

Encrypted file transfer (external)

External user

Internal user

Data owner

Automation

B. Risk Analysis, Policy and Standard, and System Hardening Resources

Risk analysis resources

Policy and standard resources

System hardening resources

C. Security Tools List

Tools for securing the network

Tools for securing systems

Tools for securing data

Tools for security monitoring

Tools for testing security

Tools for vulnerability scanning

D. Security Awareness Resources

General presentation and training

Social engineering

Security awareness materials

Safe and secure computing resources

E. Security Incident Response Resources

Building a CSIRT team

Incident response process

An example of incident response process flow

A sample incident response report form

A sample incident response form

Index