|
|
.
|
|
|
0 (hodnocen0 x )
|
|
|
EB
|
|
|
ONLINE
|
|
|
|
|
|
|
|
|
Aalborg : River Publishers, 2021
|
|
|
1 online resource (280 pages)
|
| Externí odkaz |
 Plný text PDF
|
|
* Návod pro vzdálený přístup
|
|
|
|
|
|
|
|
|
|
ISBN 9781000794281 (electronic bk.)
|
|
|
ISBN 9788770224239
|
|
|
River Publishers Series in Electronic Materials and Devices Ser.
|
|
|
Print version: Handa, Anand Implementing Enterprise Cybersecurity with Opensource Software and Standard Architecture Aalborg : River Publishers,c2021 ISBN 9788770224239
|
|
|
|
|
|
|
|
|
Cover -- Half Title -- Series -- Title -- Copyright -- Contents -- Preface -- List of Figures -- List of Tables -- List of Contributors -- List of Abbreviations -- 1 Introduction -- I Deception Technologies & -- Threat Visibility - Honeypots and Security Operations -- 2 Honeynet - Deploying a Connected System of Diverse Honey-pots Using Open-Source Tools -- 2.1 Introduction -- 2.2 Classification of Honeypots -- 2.3 Design of the Honeynet -- 2.3.1 Hosting Environment -- 2.3.2 Servers Deployed -- 2.3.3 Web Applications Hosted -- 2.3.4 Databases -- 2.4 Implementation -- 2.4.1 Deployment of Servers -- 2.4.2 Security and Monitoring of Honeypots/Honeynet -- 2.4.3 Security - UFW - Firewall -- 2.4.4 Monitoring - Elastic Stack -- 2.4.5 Honeypots Deployed -- 2.4.6 Precautions Taken -- 2.5 Threat Analytics Using Elastic Stack -- 2.5.1 Using Standard Reports Available in Kibana -- 2.5.2 Developing Custom Reports in Kibana -- 2.5.3 Manual Reports Based on Manual Analysis of Data Dumps and Selected Data from Kibana Reports -- 2.5.4 Reports Generated -- 2.5.5 Standard Kibana Analytic Reports -- 2.5.6 Custom Reports Developed in Kibana -- 2.6 Manual Threat Analysis -- 2.6.1 Attacks to Exploit CVE-2012-1823 Vulnerability -- 2.6.2 Attempts by BotNets to Upload Malware -- 2.6.3 Attempts to Scan Using Muieblackcat -- 2.7 Future Work -- 2.8 Conclusion -- 3 Implementation of Honeypot, NIDs, and HIDs Technologies in SOC Environment -- 3.1 Introduction -- 3.2 Setup and Architecture -- 3.2.1 Honeypot -- 3.2.2 Firewall -- 3.2.3 Host-based Intrusion Detection Systems (HIDS) -- 3.2.4 Network-Based Intrusion Detection Systems (NIDS) -- 3.3 Approach to the Final Setup -- 3.3.1 Phase 1 -- 3.3.2 Phase 2 -- 3.4 Information Security Best Practices -- 3.5 Industries and Sectors Under Study -- 3.5.1 Educational Institutes -- 3.5.2 Hospitals and Pharmaceutical Companies.
|
|
|
3.5.3 Manufacturing Industry -- 4 Leveraging Research Honeypots for Generating Credible Threat Intelligence and Advanced Threat Analytics -- 4.1 Abstract -- 4.2 Introduction -- 4.3 How to Find the Right Honeypot for Your Environment -- 4.3.1 Where to Start? -- 4.3.2 What to Deploy? -- 4.3.3 Customization, Obfuscation, and Implementation Considerations -- 4.4 A Deep Dive in Solution Architecture -- 4.5 Configuring and Deploying Cowrie Honeypot -- 4.5.1 Cowrie - A Brief Introduction -- 4.5.2 A Quick Run of Cowrie (Docker) -- 4.5.3 Understanding Cowrie Configurations -- 4.5.4 Cowrie Deployment (Using Docker) -- 4.5.5 Steps to Deploy Cowrie -- 4.5.6 What is in the Logs? -- 4.6 Configuring and Deploying Glastopf Honeypot -- 4.6.1 Glastopf - A Brief Introduction -- 4.6.2 Glastopf Installation Steps -- 4.6.3 Converting Glastopf Event Log Database to Text Format for Ingestion in Log Management Platform ’Splunk’ -- 4.7 Creating Central Log Management Facility and Analytic Capability -- 4.7.1 What Is Splunk? -- 4.7.2 Installing and deploying Splunk -- 4.7.3 Enabling Log Forwarding to Facilitate Centralized Log Management -- 4.7.4 Real-Time Dashboards with Splunk for Threat Intelli- gence -- 4.8 Behavioral Analysis of Honeypot Log Data for Threat Intelligence -- 4.8.1 Building the Intuition -- 4.8.2 Creating Relevant Features from Logs -- 4.8.3 Creating Attacker Profiles -- 4.9 Conclusion -- 4.10 Future Work -- 5 Collating Threat Intelligence for Zero Trust Future Using Open-Source Tools -- 5.1 Introduction -- 5.1.1 Why Honeypots ? -- 5.2 T-Pot Honeypot -- 5.3 How to Deploy a T-Pot Honeypot -- 5.3.1 Steps for Installation -- 5.3.2 T-Pot Installation and System Requirements -- 5.3.3 System Requirements -- 5.3.4 Installation Types -- 5.3.5 Installation -- 5.4 Kibana Dashboard -- 5.5 Check out your dashboard and start analyzing -- II Malware Analysis.
|
|
|
8.3 Analysis -- 8.4 Recommendations and Future Work -- 8.5 Conclusion -- 9 Offensive Security with Huntsman: A concurrent Versatile Malware -- 9.1 Introduction -- 9.2 Huntsman -- 9.2.1 Unique Features of Huntsman -- 9.3 Installation -- 9.4 Transfer to a Target -- 9.5 Functions of Huntsman -- 9.5.1 Fast Concurrent Port Scanning -- 9.5.2 TCP Proxy -- 9.5.3 TCP Listener -- 9.5.4 Bind shell -- 9.5.5 Keylogger -- 9.6 Conclusion -- Bibliography -- Index -- About the Editors.
|
|
|
6 Malware Analysis Using Machine Learning -- 6.1 Introduction -- 6.1.1 What is Malware? -- 6.1.2 What Does Malware Do? -- 6.1.3 What are Various Types of Malware Analysis? -- 6.1.4 Why Do We Need Malware Analysis Tool? -- 6.1.5 How Will This Tool Help in Cybersecurity? -- 6.1.6 Why Do We Need Large Dataset for Malware Analy- sis and Classification? -- 6.2 Environment Setup for Implementation -- 6.3 Use of Machine Learning in Malware Analysis -- 6.3.1 Why Use Machine Learning for Malware Analysis? -- 6.3.2 Which Machine Learning Approach is Used in Tool Development? -- 6.3.3 Why Do We Need Features? -- 6.3.4 What is Feature Extraction? -- 6.3.5 What is Feature Selection? -- 6.3.6 Using Machine Learning for Feature Selection -- 6.3.7 How to Train the Machine Learning Model? -- 6.3.8 How to Train Machine Learning Model in Python? -- 6.3.9 How Much Data Shall be Used for Training and for Testing? -- 6.3.10 How to Use the Machine Learning Model? -- 6.4 Experimental Results -- 6.5 Conclusion -- 7 Feature Engineering and Analysis Toward Temporally Robust Detection of Android Malware -- 7.1 Introduction -- 7.2 Related Work -- 7.3 Proposed Methodology -- 7.3.1 Dataset Collection -- 7.3.2 Feature Extraction and Selection -- 7.3.3 Classification -- 7.4 Experimental Results -- 7.5 Conclusion -- III Tools for Vulnerability Assessment and Penetration Testing -- 8 Use ModSecurity Web Application Firewall to Mitigate OWASP’s Top 10 Web Application Vulnerabilities -- 8.1 Introduction -- 8.1.1 Defense-in-Depth Security Architecture -- 8.1.2 ModSecurity Overview -- 8.1.3 What Can ModSecurity Do? -- 8.2 Design and Implementation -- 8.2.1 Docker Essentials: A Developer’s Introduction -- 8.2.2 Elastic Stack -- 8.2.3 Setting Up ModSecurity With Nginx Using Docker -- 8.2.4 ModSecurity Custom Security Rules -- 8.2.5 Monitoring ModSecurity and Nginx Logs using Elastic Stack.
|
|
|
This book demonstrates work related to malware analysis using machine learning and implementation of honeypots, network Intrusion Detection Systems in a security operation center environment. It is essential reading for cybersecurity professionals and advanced students..
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
001905160
|
|
|
express
|
|
|
(Au-PeEL)EBL6705007
|
|
|
(MiAaPQ)EBC6705007
|
|
|
(OCoLC)1264475220
|
Dotazy a připomínky