دانلود کتاب The CISO’s Next Frontier: AI, Post-Quantum Cryptography and Advanced Security Paradigms

فهرست مطالب :

Foreword
Preface
Acknowledgement
Disclaimer
Contents
About the Author
Abbreviations
Part I: Post Quantum Cryptography
Are You Ready for Quantum Computing?
1 Introduction
2 Computational Difficulty
3 Classical Computing
4 Quantum Computing
4.1 Unstructured Search
4.2 Runtime and Complexity of Factoring
4.3 Factoring Methods
4.4 Shor’s Algorithm
4.5 Quantum Gates
5 The CISO Take
6 Definitions
References
Further Reading
The Need for Post-Quantum Cryptography
1 Introduction
2 Basic Encryption Concepts
2.1 Symmetric-Key Encryption
2.2 Asymmetric-Key Encryption
2.3 Computational Difficulty
2.4 Public Key Infrastructure (PKI)
3 Enhancing Existing Cryptographic Schemes
3.1 Diffie-Hellman (DH)
3.2 Elliptic-Curve Diffie-Hellman (ECDH)
3.2.1 Elliptic-Curve Diffie-Hellman Ephemeral (ECDHE)
3.3 Super Singular Isogeny Diffie-Hellman (SIDH)
3.4 Cascade Ciphering
3.5 Increase Key Size of Existing Algorithms
3.6 Increase Number of Rounds of Existing Algorithms
3.7 Other Existing Options – Sponge Functions
4 New Cryptographic Schemes
4.1 Lattice-Based Cryptography
4.2 Multivariate Cryptography
4.3 Hash-Based Cryptography
4.4 Code-Based Cryptography
4.5 Post-Quantum TLS
4.6 Homomorphic Encryption
4.7 Quantum Cryptography
5 The CISO Take
6 Definitions
References
Further Reading
Quantum Encryption Is Not a Paradox
1 Introduction
2 Genesis
3 Prelude
4 Quantum Cryptography
4.1 Quantum Key Distribution
4.2 Quantum Key Flipping
4.3 Quantum Commitment
4.4 Other Protocols
5 Post-Quantum Encryption
6 Threats
6.1 MITM (Man in the Middle) Attack
6.2 Eavesdropping, Cloning, and Intercept-Resend Attacks
6.3 PNS (Photon-Number-Splitting) Attack
6.4 DOS (Denial-of-Service) Attack
6.5 Trojan Horse Attack
6.6 Dense-Coding Attack
7 Practical Application and Implementations
7.1 Secure Communications Using Quantum Encryption
8 The CISO Take
9 Definitions
References
Further Reading
Part II: Artificial Intelligence and Machine Learning for Cyber
AI Code of Ethics for Cybersecurity
1 Preamble
2 The Code
3 The CISO Take
4 Definitions
References
Further Reading
The Case for AI/ML in Cybersecurity
1 Genesis
2 In the Not-So-Distant Past
3 The Current State
4 The Not-So-Distant Future
5 Artificial Intelligence and Machine Learning
5.1 Supervised Machine Learning
5.1.1 Classification
5.1.2 Regression
5.1.3 Ranking
5.2 Unsupervised Machine Learning
5.3 Semi-Supervised Machine Learning
5.4 Reinforcement Machine Learning
5.5 Bayes’ Law
6 AI for Cybersecurity Use Cases
6.1 Generic Requirements
6.2 Existing Models
6.2.1 Decision Tree
6.2.2 Naïve Bayes’
6.2.3 K-Nearest Neighbors
6.2.4 K-NN Classification
6.2.5 K-NN Regression
6.2.6 Deep Learning
6.2.7 Restricted Boltzmann Machine (RBM)
6.2.8 Neural Networks
6.3 Implementation Requirements and Guidance
6.3.1 Reconnaissance
1. IPSweep
6.3.2 Breach (Weaponization + Delivery)
6.3.3 Infection (Installation, Privilege Escalation, Remote Command and Control, and Code Execution)
6.3.4 Mission Goals / Malicious Actions (Data Exfiltration, Data Destruction)
6.4 Quantum AI/ML
6.5 Model Risk Scoring
7 AI/ML Risks
8 Attacks on AI/ML
9 The CISO Take
10 Definitions
References
Further Reading
Part III: Secure Remote Work
Security for Work-From-Home Technologies
1 Introduction
2 Problem Statements
3 Secure Remote Access – Current State Options
4 Basic Security Requirements
5 Security Issues with Current VPN Options
6 Security Recommendations for VPN
6.1 Other Comments
7 Secure Virtual Desktop Infrastructure (VDI)
7.1 Secure VDI – Private Interface
7.2 Secure VDI – Public Interface
7.3 Basic Security Requirements
7.4 Security Issues with VDI
7.5 Security Recommendations for VDI
7.6 Other Comments
8 The CISO Take
9 Definitions
Further Reading
Secure Video Conferencing and Online Collaboration
1 Introduction
2 Common Platforms
2.1 Skype for Business and Teams
2.2 WebEx
2.3 Zoom
3 The CISO Take –
4 Definitions
Further Reading
If You Must Work from Home, Do It Securely!
1 Introduction
2 Secure Network Connectivity
3 Implement Application Segmentation with Zero Trust
4 Close Device Side Doors
5 Implement Advanced Monitoring and Blocking
6 Manage BYOD
7 Implement Dynamic Host Checking
8 Implement End Point Controls
9 The CISO Take
10 Definitions
Further Reading
Security Controls for Remote Access Technologies
1 Introduction
2 Virtual Private Network (VPN)
2.1 Local Device Authentication
2.2 Endpoint Checking
2.3 Data Encryption
2.4 VPN Service Hardening
2.5 Network Segmentation
2.6 Split Tunneling and Dual/Multi Homing
3 Virtual Desktop Infrastructure (VDI)
3.1 Local Device Authentication
3.2 Endpoint Checking
3.3 Data Encryption
3.4 VDI Service Hardening
3.5 DLP Controls
4 Remote Desktop Services (RDP)
4.1 RDP Over VPN
5 The CISO Take
6 Definitions
Further Reading
Specialty Malware and Backdoors for VDI
1 Introduction
2 Risk Analysis
3 Malware
3.1 SquirtDanger (SD)
3.2 Disk Wipers
4 Backdoors
4.1 Golden Image
4.2 Host VM Escape
5 Protections
6 The CISO Take
7 Definitions
References
Further Reading
Part IV: Data Security
The Future State of Data Security
1 Introduction
2 Current State
2.1 Data Obfuscation
2.2 Digital Right Management (DRM)
2.3 Data Encryption
3 Future State
3.1 Encryption Basics
3.1.1 Fully Homomorphic Encryption (FHE)
3.1.2 Multi-party Computation (MPC)
4 Attacks and Issues
4.1 Susceptibility to CCA Attacks
4.1.1 Private Key Leakage
4.1.2 Approximation Schemes
4.2 Data Encoding Issues
4.3 Data Integrity
5 The CISO Take
6 Definitions
References
Further Reading
Cybersecurity Enabled by Zero Trust
1 Introduction
2 Tenets
2.1 All Assets inside and outside a Perimeter firewall Are Not to Be Trusted
2.2 Accurate Asset Inventory Must Exist for All Systems and Services
2.3 All Traffic for All Systems and Services Must Be Authenticated and Authorized
2.4 Access Control for Users, Devices, Systems and Services Must Be Provided Using Least Privilege
2.5 All Data in Transit and at Rest Must Be Encrypted End to End
2.6 Full Traffic Packet Inspection Capability for North-South and East-West Traffic
2.7 Step-Up Authentication Aided by Strong Authenticators Using Dynamic Transaction Level Risk Calculation
3 Challenges
3.1 Partial Implementations
3.2 Complexity
4 The CISO Take
5 Definitions
Further Reading
Advanced Active Directory Attacks and Prevention
1 Introduction
2 Security Threats
2.1 Pass the Ticket (PTT)
2.1.1 Protection Options for PTT
2.2 Pass the Hash (PTH)
2.2.1 Protection Options for PTH
2.3 Overpass the Hash (OPTH)
2.3.1 Protection Options for OPTH
2.4 Golden Ticket (GT)
2.4.1 Protection Options for GT
2.5 Silver Ticket (ST)
2.5.1 Protection Options for ST
2.6 DCShadow (DCS)
2.6.1 Protection Options for DCS
2.7 DCSync (DCSy)
2.7.1 Protection Options for DCSy
2.8 Kerberoasting
2.8.1 Protection Options for Kerberoasting
2.9 Skeleton Key
2.9.1 Protection Options for Skeleton Key
3 Future Protection Challenges and Techniques
3.1 New Challenges
3.1.1 Sophisticated Tools
3.1.2 Hybrid Environments
3.1.3 Hybrid Join
3.2 Better Solutions
3.2.1 Real-Time Synchronous Detection
3.2.2 Asynchronous Detection
3.2.3 Endpoint Discovery and Response (EDR)
3.2.4 Implement a Red Forest Design, aka ESAE
3.2.5 Sophisticated Backup and Recovery System
4 The CISO Take
5 Definitions
References
Further Reading
Cyber Deception Systems
1 Genesis
2 Cyber Deception
2.1 Next Generation
2.1.1 Dynamic Plug and Play
2.1.2 AI and ML
2.1.3 Cybernet
3 Deployment Use Cases
3.1 Deployment Use Cases
3.1.1 Research and Development (R&D)
3.1.2 Threat Detection
3.1.3 Monitoring and Response
3.1.4 Threat Blocking
3.2 Production Deployment
3.3 Taxonomy
3.3.1 Basic Design and Implementation
3.3.2 Benefits
3.3.3 Drawbacks
3.4 Implementations
3.4.1 Open Source
3.4.2 Commercial
4 The CISO Take
5 Definitions
Reference
Further Reading
The Cybersecurity-Driven Need for Hypervisor Introspection
1 Introduction
2 Genesis
3 Hypervisor Memory Introspection (HVMI)
3.1 Advantages of HVMI
3.2 Disadvantages of HVMI
3.3 HVMI Security Risk
3.4 Using AI/ML with HVMI
4 The CISO Take
5 Definitions
Further Reading
Bitcoin Is a Decade Old, and So Are the Threats to the Various Blockchain Ecosystems
1 Introduction
2 BlockChain Attacks
3 Some Threat Mitigation Techniques for Block-Chain Systems
4 The CISO Take
5 Definitions
Further Reading
The Advanced Malware Prevention Playbook
1 Introduction
2 What Is Ransomware?
3 Threat Prevention and Mitigation
3.1 Perform Continuous Patching
3.2 Perform Proactive Hardening
3.3 Enable Secure Backups
3.4 Enable Detect and Block
3.5 Enable Application Control
3.6 Implement DNS Sinkholing
3.7 Reduce Reliance on Third-Party Patching
3.8 Deploy Kill Switch
4 Protections from Other Advanced Malware
4.1 Implement a Cyber Threat Intel Platform
4.2 Implement Endpoint Detection and Response
4.3 Deploy Advanced Quarantine Capability
4.4 Employ Forensics Examination
5 The CISO Take
6 Definitions
Further Reading
Part V: Network Security
The 768K Precipice
1 Introduction
2 Genesis
3 Tactical Resolution
4 Current State
5 The CISO Take
6 Definitions
References
Further Reading
MAC Address Randomization to Limit User/Device Tracking
1 Introduction
2 Genesis
3 MAC Address Randomization
4 Issues
4.1 MAC Address Filtering
4.2 Detecting Stolen or Breached Devices
4.3 False Sense of Privacy
5 Potential Compromise Solution (Device Anonymization)
6 The CISO Take
7 Definitions
Reference
Further Reading
Transport Layer Security 1.3
1 Introduction
2 Impact Analysis
2.1 Key Takeaway
3 Cybersecurity Operational Impact Analysis
4 Security Issues
4.1 TLS 1.3
4.2 Security Issues with PFS
5 The CISO Take
6 Definitions
References
Further Reading
The Use of ESNI with TLS 1.3: Is It a Boon to Privacy, or Does It Raise Security Concerns?
1 Preface
2 Introduction
3 Background
3.1 Server Name Indication (SNI)
3.2 Encrypted Server Name Indication (ESNI)
4 The CISO Take
5 Definitions
Reference
Further Reading
Using FQDN vs IP Addresses in FW Rules and App Configs
1 Introduction
2 Analysis
2.1 Disadvantages of FQDN in Server/App Configs and Firewalls
2.2 Advantages of FQDN in Server/Application Configurations and Firewalls
3 The CISO Take
4 Definitions
Further Reading
Network Time Protocol (NTP) Security
1 Introduction
2 NTP
3 Importance of Network Time Synchronization
3.1 Security Forensic Analysis and Troubleshooting
3.2 Hybrid Computing
3.3 System Operations
4 Network Time Protocol Secure (NTPsec)
5 NTP Attacks
5.1 NTP DDoS Amplification Attack
5.2 Buffer Overflow Attack
5.3 Delay Attack
5.4 Man-in-the-Middle Attack
5.5 Attack on DNSSEC
6 Complete List of Vulnerabilities
7 How to Prevent Various (NTP) Attacks
8 Other Secure NTP Implementations
9 The CISO Take
10 Definitions
References
Further Reading
Domain Name System (DNS) Security
1 Genesis
2 Problem Statement
3 Recap of DNS and Available Protection Technologies
4 Security (and Misc.) Issues with DNSSEC –
4.1 Other Impediments
5 Potential Solutions to the Security Issues
6 The CISO Take
7 Definitions
References
Further Reading
Next Gen Wi-Fi and Security
1 Introduction
2 Genesis
3 The Future Is Here
3.1 Let’s Not Forgot About Security
4 Opportunistic Wireless Encryption (OWE)
4.1 Genesis
4.2 Background
4.3 Opportunistic Wireless Encryption
5 The CISO Take
6 Definitions
References
Further Reading
The Next Frontier for CA/Certificate Security - DANE and Certificate Transparency
1 Introduction
2 Known Issues
3 Solutions
3.1 DNS-Based Authentication of Named Entities (DANE)
3.2 Certificate Transparency (CT)
3.3 Hardware Security Module (HSM)
4 The CISO Take
5 Definitions
Further Reading
Man-in-the-Middle Attack Prevention
1 Introduction
2 Man-in-the-Middle-Attack (MITM)
3 Background Information
3.1 SSH Handshake Basics
3.1.1 SSL Handshake Issues
4 Protective Schemes
4.1 Certificate Pinning
4.2 Mutual Authentication
4.3 HTTP Public Key Pinning (HPKP)
4.4 TLS Downgrade Detection
5 Valid Use of MITM
6 The CISO Take
7 Definitions
Further Reading
Distributed Denial of Service (DDoS) Protection
1 Introduction
2 DDoS
2.1 Layer 7 Attacks
2.2 Layer 3 Attacks
3 Prevention Techniques
3.1 Traffic Scrubbing
3.2 Firewall
3.3 Throttling
3.4 Web Application Firewalls (WAF)
3.5 High Availability (HA) and Disaster Recovery (DR)
4 The CISO Take
5 Definitions
Further Reading
Part VI: Application and Device Security
Intro to API Security - Issues and Some Solutions!
1 Genesis
2 Introduction
3 API Security
3.1 Legacy Web Threats
3.2 API Key
3.3 OAuth 2.0
3.4 JWT
3.5 Dependency and Namespace Confusion
4 CISO Take
5 Definitions
References
Further Reading
Windows Subsystem for Linux – Security Risk and Mitigation
1 Introduction
2 Installation
2.1 Step 1 – Install WSL 1
2.2 Step 2 – Install WSL 2
2.3 Step 3 – Set WSL 2 as Your Default Version
2.4 Step 4 – Install Your Linux Distribution of Choice (Available on the Microsoft Store)
2.5 Step 5 – Launch Your Distro and Establish Creds
3 Security Evaluation
3.1 Problem Statement
3.2 Inherent Platform Security
3.3 Security Patching
3.4 Brute Force Attack Mitigations
3.5 Use Picoprocess APIs
3.6 Avoid Using WSL as a Server
4 The CISO Take
5 Definitions
References
Common Sense Security Measures for Voice-Activated Assistant Devices
1 Introduction
2 Recent Issues
3 Security Hygiene
4 Security Requirements
4.1 Biometric Authentication
4.2 Data Security
4.3 API Security
4.4 Right to Privacy
5 The CISO Take
6 Definitions
Further Reading
The Case for Code Signing and Dynamic White-Listing
1 Genesis
2 Code Signing Basics
3 How Does Code Signing Work?
4 The Future State
4.1 Continuous Runtime Verification
4.2 Dynamic Class-Loading
4.3 Dynamic White-Listing
5 The CISO Take
6 Definitions
Further Reading
Biometrics – Commentary on Data Breach Notification, Threats, and Data Security
1 Genesis
1.1 Data Breach Notification for Biometric Data –
2 Biometrics
2.1 ISO/IEC 19794 Template Standard
3 Biometric Template Protection Paradigms
3.1 Feature Transformation
3.2 Biometric Cryptosystems
4 Other Protection Schemes
5 Biometric Attacks
5.1 Inherent Weakness
5.2 Targeted Attacks
6 CPRA – Impact Analysis
7 The CISO Take
8 Definitions
References
Further Reading
Security Requirements for RPA Bots
1 Introduction
2 Attended RPA Bots
2.1 High Level Security Requirements
3 Unattended RPA Bots
3.1 High Level Security Requirements
4 RPA 2.0 – Augmented by NLP and AI
5 The CISO Take
6 Definitions
Further Reading
Polymorphic and Metamorphic Malware
1 Introduction
2 Advanced Malware
2.1 Metamorphic Malware
2.2 Polymorphic Malware
3 Advanced Evasion Techniques (AET)
4 Advanced Persistent Threat (APT)
5 Detection Techniques
5.1 Static Heuristics Analysis
5.2 Dynamic Heuristics Analysis or Sandboxing
5.3 Advanced Behavior Analysis
5.4 DNS Sinkholing and Kill Switch
5.5 Machine Learning
5.6 Traditional Forensic Examination
6 The CISO Take
7 Definitions
Further Reading
Part VII: Cloud Security
Introduction to Cloud Monitoring Security Controls
1 Background
2 Introduction
3 Monitoring: The First and Most Basic Cloud Security Control
3.1 Monitoring Strategy
3.2 Security Monitoring Patterns
3.2.1 Introduction
3.2.2 Application Monitoring
3.2.3 Network Monitoring – Cloud Access Security Broker (CASB)
3.2.4 Continuous Monitoring and Auditing
3.2.5 SCP (Service Control Policy)
3.3 Anti-Patterns
3.3.1 Application and Infrastructure Monitoring
3.3.2 On-premises SIEM
3.3.3 Internet Gateway
4 The CISO Take
5 Definitions
References
Cloud Monitoring Security Controls for AWS
1 Introduction
2 EC2 and VPC Compute Monitoring Requirements
2.1 API Security Monitoring
2.2 Internet Gateway Monitoring
2.3 AWS Services Monitoring
2.4 Network Monitoring
2.5 Application Monitoring
2.6 Logging
2.7 Database Monitoring
2.8 Scanning and Monitoring for Vulnerabilities
3 AWS Hybrid Monitoring Solutions
3.1 Basic Hybrid Monitoring Pattern
3.2 AWS GuardDuty
3.3 AWS CloudWatch
3.4 AWS CloudTrail
3.5 AWS Config
3.6 Basic Monitoring Pattern
3.7 SIEM App
4 AWS Native Monitoring
4.1 AWS Detective
4.2 AWS Security Hub
4.3 AWS Security Hub Integrates with AWS Detective
4.4 AWS Native Monitoring Pattern
5 The CISO Take
6 Definitions
References
AWS Visio Template Used
Cloud Monitoring Security Controls for Azure
1 Introduction
2 Azure Native Monitoring Solutions
2.1 Secure Score
2.2 Security Center
2.3 Operations Management Suite (OMS) within Azure Portal
2.4 Azure Log Analytics
2.5 Azure Network Watcher
2.6 Basic Native Monitoring Pattern
3 The CISO Take
4 Definitions
References
Azure Visio Template
Further Reading
Cloud Policy Enforcement Point
1 Introduction
2 Fundamentals
2.1 AWS Direct Connect (DX)
3 Cloud Policy Enforcement Point (CPEP)
3.1 Salient Features of CPEP
3.2 Basic (Home-Grown) SCP
3.3 SCP Examples
3.3.1 Example 1
3.3.2 Example 2
3.3.3 Example 3
4 CISO Take
5 Definitions
6 Disclaimer
Reference
AWS Visio Template Used
Further Reading
Part VIII: Cyber Risk and Privacy
Dynamic Measurement of Cyber Risk
1 Introduction
2 How Can Cyber Insurance Help?
3 Dynamic Risk Assessment and Analysis
4 Current Models
5 Risk Assessment and Analysis
6 The CISO Take
7 Definitions
References
Further Reading
OEM and Third-Party Sourced Application and Services Risk
1 Introduction
2 The Genesis for High Risk
3 Making the Case – Some Recent Incidents
3.1 Dell
3.1.1 Tactical Recommendation
3.2 HP
3.2.1 Tactical Recommendation
3.3 ASUS
3.3.1 Tactical Recommendations
3.4 Solarwinds
3.4.1 Tactical Recommendations
4 Strategic Remedies and Recommendations
5 The CISO Take
6 Definitions
References
Further Reading
Commentary on Insider Threat
1 Introduction
2 Threat Types
3 Detection and Prevention
3.1 Technological Solution
3.2 Human Solution
4 Using ML or AI Algorithms
4.1 Reconnaissance
4.2 Breach (Weaponization + Delivery)
4.3 Infection (Installation, Privilege Escalation, Remote Command and Control, and Code Execution)
4.4 Mission Goals/Malicious Actions (Data Exfiltration, DATA Destruction)
4.5 Commercial Implementations
5 The CISO Take
6 Definitions
Reference
Further Reading
Simplified Approach to Calculate the Probability of a Cyber Event
1 Introduction
2 Cyber Risk
2.1 Risk Score (rs)
2.2 Defensive Score (ds)
2.3 Threat Score (ts)
2.4 Cyber Event Probability
2.5 A Basic Case Study
3 The CISO Take
4 Disclaimer
5 Definitions
Further Reading
Privacy Concerns from Publicly Available Meta-data
1 Introduction
2 Concerns
3 Recommendations
4 CISO Take
5 Definitions
Reference
Further Reading
Dark Web & Dark Net
1 Genesis
2 Introduction
3 Tor
3.1 Using Tor in Combination with Virtual Private Network (VPN)
3.2 Using Tor in Combination with Pretty Good Privacy (PGP)
3.3 Using Tor in Corporate Environments
4 The CISO Take
5 Definitions
Further Reading
Risk-Based Vulnerability Management
1 Introduction
2 Risk Treatment
2.1 Risk Rating
2.2 Risk Scoring
3 Risk Optimization and Re-rating
3.1 Universal Risk Score
3.2 Local Risk Rating
3.3 Local Defensive Factor
3.4 Local Threat Factor
3.5 Local Risk Score
4 Simple Case Study
5 The CISO Take
6 Disclaimer
7 Definitions
Reference
Index