Cybersecurity Blue Team Toolkit

A practical handbook to cybersecurity for both tech and non-tech professionals

As reports of major data breaches fill the headlines, it has become impossible for any business, large or small, to ignore the importance of cybersecurity. Most books on the subject, however, are either too specialized for the non-technical professional or too general for positions in the IT trenches. Thanks to author Nadean Tanner’s wide array of experience from teaching at a University to working for the Department of Defense, the Cybersecurity Blue Team Toolkit strikes the perfect balance of substantive and accessible, making it equally useful to those in IT or management positions across a variety of industries. This handy guide takes a simple and strategic look at best practices and tools available to both cybersecurity management and hands-on professionals, whether they be new to the field or looking to expand their expertise.

Tanner gives comprehensive coverage to such crucial topics as security assessment and configuration, strategies for protection and defense, offensive measures, and remediation while aligning the concept with the right tool using the CIS Controls version 7 as a guide. Readers will learn why and how to use fundamental open source and free tools such as ping, tracert, PuTTY, pathping, sysinternals, NMAP, OpenVAS, Nexpose Community, OSSEC, Hamachi, InSSIDer, Nexpose Community, Wireshark, Solarwinds Kiwi Syslog Server, Metasploit, Burp, Clonezilla and many more.

Up-to-date and practical cybersecurity instruction, applicable to both management and technical positions

• Straightforward explanations of the theory behind cybersecurity best practices
• Designed to be an easily navigated tool for daily use
• Includes training appendix on Linux, how to build a virtual lab and glossary of key terms

The Cybersecurity Blue Team Toolkit is an excellent resource for anyone working in digital policy as well as IT security professionals, technical analysts, program managers, and Chief Information and Technology Officers. This is one handbook that won’t gather dust on the shelf, but remain a valuable reference at any career level, from student to executive.

Foreword xxi

Introduction xxiii

Chapter 1 Fundamental Networking and Security Tools 1

Ping 1

IPConfig 4

NSLookup 7

Tracert 9

NetStat 10

PuTTY 14

Chapter 2 Troubleshooting Microsoft Windows 17

RELI 18

PSR 19

PathPing 21

MTR 23

Sysinternals 24

The Legendary God Mode 28

Chapter 3 Nmap—The Network Mapper 31

Network Mapping 32

Port Scanning 34

Services Running 36

Operating Systems 38

Zenmap 39

Chapter 4 Vulnerability Management 43

Managing Vulnerabilities 43

OpenVAS 46

Nexpose Community 50

Chapter 5 Monitoring with OSSEC 57

Log-Based Intrusion Detection Systems 57

Agents 61

Adding an Agent 63

Extracting the Key for an Agent 64

Removing an Agent 64

Log Analysis 65

Chapter 6 Protecting Wireless Communication 67

802.11 67

inSSIDer 70

Wireless Network Watcher 71

Hamachi 72

Tor 78

Chapter 7 Wireshark 83

Wireshark 83

OSI Model 86

Capture 89

Filters and Colors 92

Inspection 93

Chapter 8 Access Management 97

AAA 98

Least Privilege 99

Single Sign-On 101

JumpCloud 103

Chapter 9 Managing Logs 109

Windows Event Viewer 110

Windows PowerShell 112

BareTail 116

Syslog 117

SolarWinds Kiwi 120

Chapter 10 Metasploit 125

Reconnaissance 127

Installation 128

Gaining Access 135

Metasploitable2 139

Vulnerable Web Services 144

Meterpreter 146

Chapter 11 Web Application Security 147

Web Development 148

Information Gathering 151

DNS 153

Defense in Depth 155

Burp Suite 156

Chapter 12 Patch and Configuration Management 165

Patch Management 166

Configuration Management 173

Clonezilla Live 179

Chapter 13 Securing OSI Layer 8 187

Human Nature 188

Human Attacks 192

Education 193

The Social Engineer Toolkit 195

Chapter 14 Kali Linux 205

Virtualization 206

Optimizing Kali Linux 219

Using Kali Linux Tools 221

Maltego 222

Recon-ng 223

Sparta 225

MacChanger 225

Nikto 226

Kismet 227

WiFite 228

John the Ripper 229

Hashcat 230

Chapter 15 CISv7 Controls and Best Practices 235

CIS Basic Controls—The Top Six 236

Inventory and Control of Hardware Assets 236

Inventory and Control of Software Assets 238

Continuous Vulnerability Management 239

Controlled Use of Administrative Privileges 240

Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 241

Maintenance, Monitoring, and Analysis of Audit Logs 246

In Conclusion 248

Index 249

Nadean H. Tanner has been in the technology industry for over 20 years in a variety of positions from marketing to training to web development to hardware. She has worked in academia as an IT director and a postgraduate technology instructor. She has also been a trainer and consultant in advanced cybersecurity for Fortune 500 companies as well as the U.S. Department of Defense.

A practical cybersecurity handbook for both tech and non-tech professionals

There are plenty of books exploring the individual, highly technical components of cybersecurity. They offer specialized, narrowly focused training on a multitude of topics and technologies. But the resources available for end users and managers in need of clear, straightforward, and strategic guidance on the best practices and available tools of cybersecurity are surprisingly limited.

The Cybersecurity Blue Team Toolkit is an informative, accurate, and practical handbook that provides up-todate instruction for those in hands-on management and technical positions. This balanced, comprehensive guide helps readers navigate the various cybersecurity philosophies, frameworks, vendors, and compliances to arrive at optimal solutions to protect dynamic, multifaceted environments in real-world situations. Readers new to the industry or those seeking to expand their expertise will gain knowledge of fundamental networking and security tools, Microsoft Windows troubleshooting, network mapping, vulnerability management, web application security, patch configuration, and much more. Substantive yet easy-to-read chapters cover the practice and underlying theory of cybersecurity–from assessment, configuration, protection, and defense strategies, to remediation and offensive measures.

Author Nadean H. Tanner draws from her extensive experience in both academia and the Department of Defense to provide a unique perspective on cybersecurity tools and methods applicable to a wide spectrum of industries and sectors. An invaluable addition to the desk of anyone tasked with pinging an asset, running a tracert, or pinpointing the physical and logical addresses of an unresponsive web server, this book:

• Satisfies a significant need for a practical, not overly technical guidebook for cybersecurity professionals
• Presents clear and user#45;friendly explanations of cybersecurity in both theory and practice
• Covers tools such as PuTTY, pathping, sysinternals^®, NMAP^®, OpenVAS, Metasploit^®, and WireShark^®
• Includes instructions on virtual lab construction, exercises, and illustrations