larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

CCNA Cybersecurity Operations Companion Guide

eBook (Watermarked)

  • Your Price: $62.99
  • List Price: $69.99
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

  • Description
  • Sample Content
  • Updates
  • Copyright 2018
  • Pages: 720
  • Edition: 1st
  • eBook (Watermarked)
  • ISBN-10: 0-13-516627-6
  • ISBN-13: 978-0-13-516627-7

CCNA Cybersecurity Operations Companion Guide is the official supplemental textbook for the Cisco Networking Academy CCNA Cybersecurity Operations course.


The course emphasizes real-world practical application, while providing opportunities for you to gain the skills needed to successfully handle the tasks, duties, and responsibilities of an associate-level security analyst working in a security operations center (SOC).


The Companion Guide is designed as a portable desk reference to use anytime, anywhere to reinforce the material from the course and organize your time.


The book’s features help you focus on important concepts to succeed in this course:


·         Chapter Objectives—Review core concepts by answering the focus questions listed at the beginning of each chapter.

·         Key Terms—Refer to the lists of networking vocabulary introduced and highlighted in context in each chapter.

·         Glossary—Consult the comprehensive Glossary with more than 360 terms.

·         Summary of Activities and Labs—Maximize your study time with this complete list of all associated practice exercises at the end of each chapter.

·         Check Your Understanding—Evaluate your readiness with the end-of-chapter questions that match the style of questions you see in the online course quizzes. The answer key explains each answer.


How To—Look for this icon to study the steps you need to learn to perform certain tasks.


Interactive Activities—Reinforce your understanding of topics with dozens of exercises from the online course identified throughout the book with this icon.


Packet Tracer Activities—Explore and visualize networking concepts using Packet Tracer. There are exercises interspersed throughout the chapters and provided in the accompanying Lab Manual book.


Videos—Watch the videos embedded within the online course.


Hands-on Labs—Develop critical thinking and complex problem-solving skills by completing the labs and activities included in the course and published in the separate Lab Manual.

Table of Contents

Introduction xxiv

Chapter 1 Cybersecurity and the Security Operations Center 1

Objectives 1

Key Terms 1

Introduction (1.0) 2

The Danger (1.1) 2

    War Stories (1.1.1) 2

        Hijacked People (1.1.1.1) 2

        Ransomed Companies (1.1.1.2) 3

        Nations (1.1.1.3) 3

    Threat Actors (1.1.2) 4

        Amateurs (1.1.2.1) 4

        Hacktivists (1.1.2.2) 4

        Financial Gain (1.1.2.3) 4

        Trade Secrets and Global Politics (1.1.2.4) 4

        How Secure Is the Internet of Things? (1.1.2.5) 4

    Threat Impact (1.1.3) 5

        PII and PHI (1.1.3.1) 5

        Lost Competitive Advantage (1.1.3.2) 6

        Politics and National Security (1.1.3.3) 6

Fighters in the War Against Cybercrime (1.2) 7

    The Modern Security Operations Center (1.2.1) 7

        Elements of an SOC (1.2.1.1) 7

        People in the SOC (1.2.1.2) 8

        Process in the SOC (1.2.1.3) 8

        Technologies in the SOC (1.2.1.4) 9

        Enterprise and Managed Security (1.2.1.5)

        Security vs. Availability (1.2.1.6)

    Becoming a Defender (1.2.2)

        Certifications (1.2.2.1)

        Further Education (1.2.2.2)

        Sources of Career Information (1.2.2.3)

        Getting Experience (1.2.2.4)

Summary (1.3)

Practice

Check Your Understanding

Chapter 2 Windows Operating System

Objectives

Key Terms

Introduction (2.0)

Windows Overview (2.1)

    Windows History (2.1.1)

        Disk Operating System (2.1.1.1)

        Windows Versions (2.1.1.2)

        Windows GUI (2.1.1.3)

        Operating System Vulnerabilities (2.1.1.4)

    Windows Architecture and Operations (2.1.2)

        Hardware Abstraction Layer (2.1.2.1)

        User Mode and Kernel Mode (2.1.2.2)

        Windows File Systems (2.1.2.3)

        Windows Boot Process (2.1.2.4)

        Windows Startup and Shutdown (2.1.2.5)

        Processes, Threads, and Services (2.1.2.6)

        Memory Allocation and Handles (2.1.2.7)

        The Windows Registry (2.1.2.8)

Windows Administration (2.2)

    Windows Configuration and Monitoring (2.2.1)

        Run as Administrator (2.2.1.1)

        Local Users and Domains (2.2.1.2)

        CLI and PowerShell (2.2.1.3)

        Windows Management Instrumentation (2.2.1.4)

        The net Command (2.2.1.5)

        Task Manager and Resource Monitor (2.2.1.6)

        Networking (2.2.1.7)

        Accessing Network Resources (2.2.1.8)

        Windows Server (2.2.1.9)

    Windows Security (2.2.2)

        The netstat Command (2.2.2.1)

        Event Viewer (2.2.2.2)

        Windows Update Management (2.2.2.3)

        Local Security Policy (2.2.2.4)

        Windows Defender (2.2.2.5)

        Windows Firewall (2.2.2.6)

Chapter 3 Linux Operating System

Objectives

Key Terms

Introduction (3.0)

Linux Overview (3.1)

    Linux Basics (3.1.1)

        What is Linux? (3.1.1.1)

        The Value of Linux (3.1.1.2)

        Linux in the SOC (3.1.1.3)

        Linux Tools (3.1.1.4)

    Working in the Linux Shell (3.1.2)

        The Linux Shell (3.1.2.1)

        Basic Commands (3.1.2.2)

        File and Directory Commands (3.1.2.3)

        Working with Text Files (3.1.2.4)

        The Importance of Text Files in Linux (3.1.2.5)

    Linux Servers and Clients (3.1.3)

        An Introduction to Client-Server Communications (3.1.3.1)

        Servers, Services, and Their Ports (3.1.3.2)

        Clients (3.1.3.3)

Linux Administration (3.2)

    Basic Server Administration (3.2.1)

        Service Configuration Files (3.2.1.1)

        Hardening Devices (3.2.1.2)

        Monitoring Service Logs (3.2.1.3)

    The Linux File System (3.2.2)

        The File System Types in Linux (3.2.2.1)

        Linux Roles and File Permissions (3.2.2.2)

        Hard Links and Symbolic Links (3.2.2.3)

Linux Hosts (3.3)

    Working with the Linux GUI (3.3.1)

        X Window System (3.3.1.1)

        The Linux GUI (3.3.1.2)

    Working on a Linux Host (3.3.2)

        Installing and Running Applications on a

        Linux Host (3.3.2.1)

        Keeping the System Up to Date (3.3.2.2)

        Processes and Forks (3.3.2.3)

        Malware on a Linux Host (3.3.2.4)

        Rootkit Check (3.3.2.5)

        Piping Commands (3.3.2.6)

Summary (3.4)

Practice

Check Your Understanding

Chapter 4 Network Protocols and Services

Objectives

Key Terms

Introduction (4.0)

Network Protocols (4.1)

    Network Communications Process (4.1.1)

        Views of the Network (4.1.1.1)

        Client-Server Communications (4.1.1.2)

        A Typical Session: Student (4.1.1.3)

        A Typical Session: Gamer (4.1.1.4)

        A Typical Session: Surgeon (4.1.1.5)

        Tracing the Path (4.1.1.6)

    Communications Protocols (4.1.2)

        What Are Protocols? (4.1.2.1)

        Network Protocol Suites (4.1.2.2)

        The TCP/IP Protocol Suite (4.1.2.3)

        Format, Size, and Timing (4.1.2.4)

        Unicast, Multicast, and Broadcast (4.1.2.5)

        Reference Models (4.1.2.6)

        Three Addresses (4.1.2.7)

        Encapsulation (4.1.2.8)

        Scenario: Sending and Receiving a Web Page (4.1.2.9)

Ethernet and Internet Protocol (IP) (4.2)

    Ethernet (4.2.1)

        The Ethernet Protocol (4.2.1.1)

        The Ethernet Frame (4.2.1.2)

        MAC Address Format (4.2.1.3)

    IPv4 (4.2.2)

        IPv4 Encapsulation (4.2.2.1)

        IPv4 Characteristics (4.2.2.2)

        The IPv4 Packet (4.2.2.4)

    IPv4 Addressing Basics (4.2.3)

        IPv4 Address Notation (4.2.3.1)

        IPv4 Host Address Structure (4.2.3.2)

        IPv4 Subnet Mask and Network Address (4.2.3.3)

        Subnetting Broadcast Domains (4.2.3.4)

    Types of IPv4 Addresses (4.2.4)

        IPv4 Address Classes and Default Subnet Masks (4.2.4.1)

        Reserved Private Addresses (4.2.4.2)

    The Default Gateway (4.2.5)

        Host Forwarding Decision (4.2.5.1)

        Default Gateway (4.2.5.2)

        Using the Default Gateway (4.2.5.3)

    IPv6 (4.2.6)

        Need for IPv6 (4.2.6.1)

        IPv6 Size and Representation (4.2.6.2)

        IPv6 Address Formatting (4.2.6.3)

        IPv6 Prefix Length (4.2.6.4)

Connectivity Verification (4.3)

    ICMP (4.3.1)

        ICMPv4 Messages (4.3.1.1)

        ICMPv6 RS and RA Messages (4.3.1.2)

    Ping and Traceroute Utilities (4.3.2)

        Ping: Testing the Local Stack (4.3.2.1)

        Ping: Testing Connectivity to the Local LAN (4.3.2.2)

        Ping: Testing Connectivity to Remote Host (4.3.2.3)

        Traceroute: Testing the Path (4.3.2.4)

        ICMP Packet Format (4.3.2.5)

Address Resolution Protocol (4.4)

    MAC and IP (4.4.1)

        Destination on the Same Network (4.4.1.1)

        Destination on a Remote Network (4.4.1.2)

    ARP (4.4.2)

        Introduction to ARP (4.4.2.1)

        ARP Functions (4.4.2.2)

        Removing Entries from an ARP Table (4.4.2.6)

        ARP Tables on Networking Devices (4.4.2.7)

    ARP Issues (4.4.3)

        ARP Broadcasts (4.4.3.1)

        ARP Spoofing (4.4.3.2)

The Transport Layer (4.5)

    Transport Layer Characteristics (4.5.1)

        Transport Layer Protocol Role in Network Communication (4.5.1.1)

        Transport Layer Mechanisms (4.5.1.2)

        TCP Local and Remote Ports (4.5.1.3)

        Socket Pairs (4.5.1.4)

        TCP vs. UDP (4.5.1.5)

        TCP and UDP Headers (4.5.1.6)

    Transport Layer Operation (4.5.2)

        TCP Port Allocation (4.5.2.1)

        A TCP Session Part I: Connection Establishment and Termination (4.5.2.2)

        A TCP Session Part II: Data Transfer (4.5.2.6)

        A UDP Session (4.5.2.9)

Network Services (4.6)

    DHCP (4.6.1)

        DHCP Overview (4.6.1.1)

        DHCPv4 Message Format (4.6.1.2)

    DNS (4.6.2)

        DNS Overview (4.6.2.1)

        The DNS Domain Hierarchy (4.6.2.2)

        The DNS Lookup Process (4.6.2.3)

        DNS Message Format (4.6.2.4)

        Dynamic DNS (4.6.2.5)

        The WHOIS Protocol (4.6.2.6)

    NAT (4.6.3)

        NAT Overview (4.6.3.1)

        NAT-Enabled Routers (4.6.3.2)

        Port Address Translation (4.6.3.3)

    File Transfer and Sharing Services (4.6.4)

        FTP and TFTP (4.6.4.1)

        SMB (4.6.4.2)

    Email (4.6.5)

        Email Overview (4.6.5.1)

        SMTP (4.6.5.2)

        POP3 (4.6.5.3)

        IMAP (4.6.5.4)

    HTTP (4.6.6)

        HTTP Overview (4.6.6.1)

        The HTTP URL (4.6.6.2)

        The HTTP Protocol (4.6.6.3)

        HTTP Status Codes (4.6.6.4)

Summary (4.7)

Practice

Check Your Understanding

Chapter 5 Network Infrastructure

Objectives

Key Terms

Introduction (5.0)

Network Communication Devices (5.1)

    Network Devices (5.1.1)

        End Devices (5.1.1.1)

        Routers (5.1.1.3)

        Router Operation (5.1.1.5)

        Routing Information (5.1.1.6)

        Hubs, Bridges, LAN Switches (5.1.1.8)

        Switching Operation (5.1.1.9)

        VLANs (5.1.1.11)

        STP (5.1.1.12)

        Multilayer Switching (5.1.1.13)

    Wireless Communications (5.1.2)

        Protocols and Features (5.1.2.2)

        Wireless Network Operations (5.1.2.3)

        The Client to AP Association Process (5.1.2.4)

        Wireless Devices: AP, LWAP, WLC (5.1.2.6)

Network Security Infrastructure (5.2)

    Security Devices (5.2.1)

        Firewalls (5.2.1.2)

        Firewall Type Descriptions (5.2.1.3)

        Packet Filtering Firewalls (5.2.1.4)

        Stateful Firewalls (5.2.1.5)

        Next-Generation Firewalls (5.2.1.6)

        Intrusion Protection and Detection Devices (5.2.1.8)

        Advantages and Disadvantages of IDS and IPS (5.2.1.9)

        Types of IPS (5.2.1.10)

        Specialized Security Appliances (5.2.1.11)

    Security Services (5.2.2)

        Traffic Control with ACLs (5.2.2.2)

        ACLs: Important Features (5.2.2.3)

        SNMP (5.2.2.5)

        NetFlow (5.2.2.6)

        Port Mirroring (5.2.2.7)

        Syslog Servers (5.2.2.8)

        NTP (5.2.2.9)

        AAA Servers (5.2.2.10)

        VPN (5.2.2.11)

Network Representations (5.3)

    Network Topologies (5.3.1)

        Overview of Network Components (5.3.1.1)

        Physical and Logical Topologies (5.3.1.2)

        WAN Topologies (5.3.1.3)

        LAN Topologies (5.3.1.4)

        The Three-Layer Network Design Model (5.3.1.5)

        Common Security Architectures (5.3.1.7)

Summary (5.4)

Practice

Check Your Understanding

Chapter 6 Principles of Network Security

Objectives

Key Terms

Introduction (6.0)

Attackers and Their Tools (6.1)

    Who Is Attacking Our Network (6.1.1)

        Threat, Vulnerability, and Risk (6.1.1.1)

        Hacker vs. Threat Actor (6.1.1.2)

        Evolution of Threat Actors (6.1.1.3)

        Cybercriminals (6.1.1.4)

        Cybersecurity Tasks (6.1.1.5)

        Cyber Threat Indicators (6.1.1.6)

    Threat Actor Tools (6.1.2)

        Introduction of Attack Tools (6.1.2.1)

        Evolution of Security Tools (6.1.2.2)

        Categories of Attacks (6.1.2.3)

Common Threats and Attacks (6.2)

    Malware (6.2.1)

        Types of Malware (6.2.1.1)

        Viruses (6.2.1.2)

        Trojan Horses (6.2.1.3)

        Trojan Horse Classification (6.2.1.4)

        Worms (6.2.1.5)

        Worm Components (6.2.1.6)

        Ransomware (6.2.1.7)

        Other Malware (6.2.1.8)

        Common Malware Behaviors (6.2.1.9)

    Common Network Attacks (6.2.2)

        Types of Network Attacks (6.2.2.1)

        Reconnaissance Attacks (6.2.2.2)

        Sample Reconnaissance Attacks (6.2.2.3)

        Access Attacks (6.2.2.4)

        Types of Access Attacks (6.2.2.5)

        Social Engineering Attacks (6.2.2.6)

        Phishing Social Engineering Attacks (6.2.2.7)

        Strengthening the Weakest Link (6.2.2.8)

        Denial-of-Service Attacks (6.2.2.10)

        DDoS Attacks (6.2.2.11)

        Example DDoS Attack (6.2.2.12)

        Buffer Overflow Attack (6.2.2.13)

        Evasion Methods (6.2.2.14)

Summary (6.3)

Practice

Check Your Understanding

Chapter 7 Network Attacks: A Deeper Look

Objectives

Key Terms

Introduction (7.0)

Network Monitoring and Tools (7.1)

    Introduction to Network Monitoring (7.1.1)

        Network Security Topology (7.1.1.1)

        Monitoring the Network (7.1.1.2)

        Network TAPs (7.1.1.3)

        Traffic Mirroring and SPAN (7.1.1.4)

    Introduction to Network Monitoring Tools (7.1.2)

        Network Security Monitoring Tools (7.1.2.1)

        Network Protocol Analyzers (7.1.2.2)

        NetFlow (7.1.2.3)

        SIEM (7.1.2.4)

        SIEM Systems (7.1.2.5)

Attacking the Foundation (7.2)

    IP Vulnerabilities and Threats (7.2.1)

        IPv4 and IPv6 (7.2.1.1)

        The IPv4 Packet Header (7.2.1.2)

        The IPv6 Packet Header (7.2.1.3)

        IP Vulnerabilities (7.2.1.4)

        ICMP Attacks (7.2.1.5)

        DoS Attacks (7.2.1.6)

        Amplification and Reflection Attacks (7.2.1.7)

        DDoS Attacks (7.2.1.8)

        Address Spoofing Attacks (7.2.1.9)

    TCP and UDP Vulnerabilities (7.2.2)

        TCP (7.2.2.1)

        TCP Attacks (7.2.2.2)

        UDP and UDP Attacks (7.2.2.3)

Attacking What We Do (7.3)

    IP Services (7.3.1)

        ARP Vulnerabilities (7.3.1.1)

        ARP Cache Poisoning (7.3.1.2)

        DNS Attacks (7.3.1.3)

        DNS Tunneling (7.3.1.4)

        DHCP (7.3.1.5)

    Enterprise Services (7.3.2)

        HTTP and HTTPS (7.3.2.1)

        Email (7.3.2.2)

        Web-Exposed Databases (7.3.2.3)

Summary (7.4)

Practice

Check Your Understanding

Chapter 8 Protecting the Network

Objectives

Key Terms

Introduction (8.0)

Understanding Defense (8.1)

    Defense-in-Depth (8.1.1)

        Assets, Vulnerabilities, Threats (8.1.1.1)

        Identify Assets (8.1.1.2)

        Identify Vulnerabilities (8.1.1.3)

        Identify Threats (8.1.1.4)

        Security Onion and Security Artichoke Approaches (8.1.1.5)

    Security Policies (8.1.2)

        Business Policies (8.1.2.1)

        Security Policy (8.1.2.2)

        BYOD Policies (8.1.2.3)

        Regulatory and Standard Compliance (8.1.2.4)

Access Control (8.2)

    Access Control Concepts (8.2.1)

        Communications Security: CIA (8.2.1.1)

        Access Control Models (8.2.1.2)

    AAA Usage and Operation (8.2.2)

        AAA Operation (8.2.2.1)

        AAA Authentication (8.2.2.2)

        AAA Accounting Logs (8.2.2.3)

Threat Intelligence (8.3)

    Information Sources (8.3.1)

        Network Intelligence Communities (8.3.1.1)

        Cisco Cybersecurity Reports (8.3.1.2)

        Security Blogs and Podcasts (8.3.1.3)

    Threat Intelligence Services (8.3.2)

        Cisco Talos (8.3.2.1)

        FireEye (8.3.2.2)

        Automated Indicator Sharing (8.3.2.3)

        Common Vulnerabilities and Exposures Database (8.3.2.4)

        Threat Intelligence Communication Standards (8.3.2.5)

Summary (8.4)

Practice

Check Your Understanding Questions

Chapter 9 Cryptography and the Public Key Infrastructure

Objectives

Key Terms

Introduction (9.0)

Cryptography (9.1)

    What Is Cryptography? (9.1.1)

        Securing Communications (9.1.1.1)

        Cryptology (9.1.1.2)

        Cryptography: Ciphers (9.1.1.3)

        Cryptanalysis: Code Breaking (9.1.1.4)

        Keys (9.1.1.5)

    Integrity and Authenticity (9.1.2)

        Cryptographic Hash Functions (9.1.2.1)

        Cryptographic Hash Operation (9.1.2.2)

        MD5 and SHA (9.1.2.3)

        Hash Message Authentication Code (9.1.2.4)

    Confidentiality (9.1.3)

        Encryption (9.1.3.1)

        Symmetric Encryption (9.1.3.2)

        Symmetric Encryption Algorithms (9.1.3.3)

        Asymmetric Encryption Algorithms (9.1.3.4)

        Asymmetric Encryption: Confidentiality (9.1.3.5)

        Asymmetric Encryption: Authentication (9.1.3.6)

        Asymmetric Encryption: Integrity (9.1.3.7)

        Diffie-Hellman (9.1.3.8)

Public Key Infrastructure (9.2)

    Public Key Cryptography (9.2.1)

        Using Digital Signatures (9.2.1.1)

        Digital Signatures for Code Signing (9.2.1.2)

        Digital Signatures for Digital Certificates (9.2.1.3)

    Authorities and the PKI Trust System (9.2.2)

        Public Key Management (9.2.2.1)

        The Public Key Infrastructure (9.2.2.2)

        The PKI Authorities System (9.2.2.3)

        The PKI Trust System (9.2.2.4)

        Interoperability of Different PKI Vendors (9.2.2.5)

        Certificate Enrollment, Authentication, and Revocation (9.2.2.6)

    Applications and Impacts of Cryptography (9.2.3)

        PKI Applications (9.2.3.1)

        Encrypting Network Transactions (9.2.3.2)

        Encryption and Security Monitoring (9.2.3.3)

Summary (9.3)

Practice

Check Your Understanding

Chapter 10 Endpoint Security and Analysis

Objectives

Key Terms

Introduction (10.0)

Endpoint Protection (10.1)

    Antimalware Protection (10.1.1)

        Endpoint Threats (10.1.1.1)

        Endpoint Security (10.1.1.2)

        Host-Based Malware Protection (10.1.1.3)

        Network-Based Malware Protection (10.1.1.4)

        Cisco Advanced Malware Protection (AMP) (10.1.1.5)

    Host-Based Intrusion Protection (10.1.2)

        Host-Based Firewalls (10.1.2.1)

        Host-Based Intrusion Detection (10.1.2.2)

        HIDS Operation (10.1.2.3)

        HIDS Products (10.1.2.4)

    Application Security (10.1.3)

        Attack Surface (10.1.3.1)

        Application Blacklisting and Whitelisting (10.1.3.2)

        System-Based Sandboxing (10.1.3.3)

Endpoint Vulnerability Assessment (10.2)

    Network and Server Profiling (10.2.1)

        Network Profiling (10.2.1.1)

        Server Profiling (10.2.1.2)

        Network Anomaly Detection (10.2.1.3)

        Network Vulnerability Testing (10.2.1.4)

    Common Vulnerability Scoring System (CVSS) (10.2.2)

        CVSS Overview (10.2.2.1)

        CVSS Metric Groups (10.2.2.2)

        CVSS Base Metric Group (10.2.2.3)

        The CVSS Process (10.2.2.4)

        CVSS Reports (10.2.2.5)

        Other Vulnerability Information Sources (10.2.2.6)

    Compliance Frameworks (10.2.3)

        Compliance Regulations (10.2.3.1)

        Overview of Regulatory Standards (10.2.3.2)

    Secure Device Management (10.2.4)

        Risk Management (10.2.4.1)

        Vulnerability Management (10.2.4.3)

        Asset Management (10.2.4.4)

        Mobile Device Management (10.2.4.5)

        Configuration Management (10.2.4.6)

        Enterprise Patch Management (10.2.4.7)

        Patch Management Techniques (10.2.4.8)

    Information Security Management Systems (10.2.5)

        Security Management Systems (10.2.5.1)

        ISO-27001 (10.2.5.2)

        NIST Cybersecurity Framework (10.2.5.3)

Summary (10.3)

Practice

Check Your Understanding

Chapter 11 Security Monitoring

Objectives

Key Terms

Introduction (11.0)

Technologies and Protocols (11.1)

    Monitoring Common Protocols (11.1.1)

        Syslog and NTP (11.1.1.1)

        NTP (11.1.1.2)

        DNS (11.1.1.3)

        HTTP and HTTPS (11.1.1.4)

        Email Protocols (11.1.1.5)

        ICMP (11.1.1.6)

    Security Technologies (11.1.2)

        ACLs (11.1.2.1)

        NAT and PAT (11.1.2.2)

        Encryption, Encapsulation, and Tunneling (11.1.2.3)

        Peer-to-Peer Networking and Tor (11.1.2.4)

        Load Balancing (11.1.2.5)

Log Files (11.2)

    Types of Security Data (11.2.1)

        Alert Data (11.2.1.1)

        Session and Transaction Data (11.2.1.2)

        Full Packet Captures (11.2.1.3)

        Statistical Data (11.2.1.4)

    End Device Logs (11.2.2)

        Host Logs (11.2.2.1)

        Syslog (11.2.2.2)

        Server Logs (11.2.2.3)

        Apache HTTP Server Access Logs (11.2.2.4)

        IIS Access Logs (11.2.2.5)

        SIEM and Log Collection (11.2.2.6)

    Network Logs (11.2.3)

        Tcpdump (11.2.3.1)

        NetFlow (11.2.3.2)

        Application Visibility and Control (11.2.3.3)

        Content Filter Logs (11.2.3.4)

        Logging from Cisco Devices (11.2.3.5)

        Proxy Logs (11.2.3.6)

        NextGen IPS (11.2.3.7)

Summary (11.3)

Practice

Check Your Understanding

Chapter 12 Intrusion Data Analysis

Objectives

Key Terms

Introduction (12.0)

Evaluating Alerts (12.1)

    Sources of Alerts (12.1.1)

        Security Onion (12.1.1.1)

        Detection Tools for Collecting Alert Data (12.1.1.2)

        Analysis Tools (12.1.1.3)

        Alert Generation (12.1.1.4)

        Rules and Alerts (12.1.1.5)

        Snort Rule Structure (12.1.1.6)

    Overview of Alert Evaluation (12.1.2)

        The Need for Alert Evaluation (12.1.2.1)

        Evaluating Alerts (12.1.2.2)

        Deterministic Analysis and Probabilistic Analysis (12.1.2.3)

Working with Network Security Data (12.2)

    A Common Data Platform (12.2.1)

        ELSA (12.2.1.1)

        Data Reduction (12.2.1.2)

        Data Normalization (12.2.1.3)

        Data Archiving (12.2.1.4)

    Investigating Network Data (12.2.2)

        Working in Sguil (12.2.2.1)

        Sguil Queries (12.2.2.2)

        Pivoting from Sguil (12.2.2.3)

        Event Handling in Sguil (12.2.2.4)

        Working in ELSA (12.2.2.5)

        Queries in ELSA (12.2.2.6)

        Investigating Process or API Calls (12.2.2.7)

        Investigating File Details (12.2.2.8)

    Enhancing the Work of the Cybersecurity Analyst (12.2.3)

        Dashboards and Visualizations (12.2.3.1)

        Workflow Management (12.2.3.2)

Digital Forensics (12.3)

    Evidence Handling and Attack Attribution (12.3.1)

        Digital Forensics (12.3.1.1)

        The Digital Forensics Process (12.3.1.2)

        Types of Evidence (12.3.1.3)

        Evidence Collection Order (12.3.1.4)

        Chain of Custody (12.3.1.5)

        Data Integrity and Preservation (12.3.1.6)

        Attack Attribution (12.3.1.7)

Summary (12.4)

Practice

Check Your Understanding

Chapter 13 Incident Response and Handling

Objectives

Key Terms

Introduction (13.0)

Incident Response Models (13.1)

    The Cyber Kill Chain (13.1.1)

        Steps of the Cyber Kill Chain (13.1.1.1)

        Reconnaissance (13.1.1.2)

        Weaponization (13.1.1.3)

        Delivery (13.1.1.4)

        Exploitation (13.1.1.5)

        Installation (13.1.1.6)

        Command and Control (13.1.1.7)

        Actions on Objectives (13.1.1.8)

    The Diamond Model of Intrusion (13.1.2)

        Diamond Model Overview (13.1.2.1)

        Pivoting Across the Diamond Model (13.1.2.2)

        The Diamond Model and the Cyber Kill Chain (13.1.2.3)

    The VERIS Schema (13.1.3)

        What Is the VERIS Schema? (13.1.3.1)

        Create a VERIS Record (13.1.3.2)

        Top-Level and Second-Level Elements (13.1.3.3)

        The VERIS Community Database (13.1.3.4)

Incident Handling (13.2)

    CSIRTs (13.2.1)

        CSIRT Overview (13.2.1.1)

        Types of CSIRTs (13.2.1.2)

        CERT (13.2.1.3)

    NIST 800-61r2 (13.2.2)

        Establishing an Incident Response Capability (13.2.2.1)

        Incident Response Stakeholders (13.2.2.2)

        NIST Incident Response Life Cycle (13.2.2.3)

        Preparation (13.2.2.4)

        Detection and Analysis (13.2.2.5)

        Containment, Eradication, and Recovery (13.2.2.6)

        Post-Incident Activities (13.2.2.7)

        Incident Data Collection and Retention (13.2.2.8)

        Reporting Requirements and Information Sharing (13.2.2.9)

Summary (13.3)

Practice

Check Your Understanding

Appendix A Answers to the “Check Your Understanding” Questions

Glossary

9781587134395   TOC   5/3/2018

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020