16 Appendix: Cross-Domain Challenges PARADIGM SHIFTS IN INFORMATION SECURITY? PIVOT 1: TURN THE ATTACKERS' PLAYBOOKS AGAINST THEM PIVOT 2: CYBERSECURITY HYGIENE: THINK SMALL, ACT SMALL PIVOT 3: FLIP THE “DATA-DRIVEN VALUE FUNCTION” PIVOT 4: OPERATIONALIZE SECURITY ACROSS THE IMMEDIATE AND LONGER TERM PIVOT 5: ZERO-TRUST ARCHITECTURES AND OPERATIONS OTHER DANGERS ON THE WEB AND NET CURIOSITY AS COUNTERMEASURE NOTES
17 Index
List of Tables
1 IntroductionTABLE I.1 Kill Chain Phases Mapped to Chapters
2 Chapter 1TABLE 1.1 Forms of Intellectual Property Protection
3 Chapter 4TABLE 4.1 Indicators, Alarms, and IOCsTABLE 4.2 Security Events and Response Priorities
4 Chapter 5TABLE 5.1 Overview of Block CiphersTABLE 5.2 Common Stream Ciphers
5 Chapter 6TABLE 6.1 OSI and TCP/IP Datagram NamingTABLE 6.2 IPv4 Address ClassesTABLE 6.3 Address Classes and CIDRTABLE 6.4 Important Characteristics for Common Network Cabling TypesTABLE 6.5 Commonly Used Security and Access Control Protocols and Port Numbe...TABLE 6.6 Commonly Used Network Management Protocols and Port NumbersTABLE 6.7 Commonly Used Email Protocols and Port NumbersTABLE 6.8 Commonly Used Web Page Access Protocols and Port NumbersTABLE 6.9 Commonly Used Utility Protocols and Port NumbersTABLE 6.10 Wireless Connections OverviewTABLE 6.11 IEEE 802.11 Standard AmendmentsTABLE 6.12 Basic Overview of Cellular Wireless Technologies
List of Illustrations
1 IntroductionFIGURE I.1 MITRE's ATT&CK cybersecurity kill chain model
2 Chapter 1FIGURE 1.1 The DIKW knowledge pyramidFIGURE 1.2 ISO 27002 phasesFIGURE 1.3 AWS dashboard
3 Chapter 2FIGURE 2.1 Subjects and objectsFIGURE 2.2 US-CERT Traffic Light Protocol for information classification and...FIGURE 2.3 Bell–LaPadula (a) versus Biba access control models (b)FIGURE 2.4 Crossover error rate
4 Chapter 3FIGURE 3.1 Kill chain conceptual modelFIGURE 3.2 Target 2013 data breach kill chainFIGURE 3.3 Four bases of risk, viewed togetherFIGURE 3.4 Risk timelineFIGURE 3.5 ISO 31000 RMFFIGURE 3.6 PCI-DSS goals and requirements
5 Chapter 4FIGURE 4.1 Triage: from precursors to incident responseFIGURE 4.2 Incident response lifecycleFIGURE 4.3 NIST incident handling checklistFIGURE 4.4 Indicators of a kill chain in actionFIGURE 4.5 The descent from anomaly to organizational deathFIGURE 4.6 Continuity of operations planning and supporting planning process...FIGURE 4.7 Beyond the seventh layer
6 Chapter 5FIGURE 5.1 Crypto family treeFIGURE 5.2 Comparing hashing and encryption as functionsFIGURE 5.3 Notional S-boxFIGURE 5.4 Notional P-boxFIGURE 5.5 Feistel encryption and decryption (notional)FIGURE 5.6 CBC modeFIGURE 5.7 CFB modeFIGURE 5.8 CTR modeFIGURE 5.9 ECB with small block size weaknesses showingFIGURE 5.10 RC4 stream cipherFIGURE 5.11 Diffie-Hellman-Merkle shared key generation (conceptual)FIGURE 5.12 TLS handshakeFIGURE 5.13 The blockchain conceptFIGURE 5.14 Chains of trustFIGURE 5.15 Certification path validation algorithm
7 Chapter 6FIGURE 6.1 Wrapping: layer-by-layer encapsulationFIGURE 6.2 DNS resolver in actionFIGURE 6.3 DNS cachingFIGURE 6.4 Dynamic routing protocols family treeFIGURE 6.5 OSI Seven-Layer Reference ModelFIGURE 6.6 IPv4 packet formatFIGURE 6.7 TCP three-way handshakeFIGURE 6.8 OSI and TCP/IP side-by-side comparisonFIGURE 6.9 TCP flag fieldsFIGURE 6.10 Changes to packet header from IPv4 to IPv6FIGURE 6.11 A ring topographyFIGURE 6.12 A star topographyFIGURE 6.13 A mesh topographyFIGURE 6.14 Man-in-the-middle attackFIGURE 6.15 Smurfing attackFIGURE 6.16 Network access control in contextFIGURE 6.17 Remote access in contextFIGURE 6.18 Common areas of increased risk in remote accessFIGURE 6.19 Extranet advantages and disadvantagesFIGURE 6.20 Perimeter net and screened hosts
8 Chapter 7FIGURE 7.1 Cloud service models
9 AppendixFIGURE A.1 Zero-trust architecture logical core
Guide
1 Cover
8 Foreword
11 Appendix: Cross-Domain Challenges
12 Index
Pages
1 iii
2 iv
3 v
4 vi
5 vii
6 ix
7 xxiii