of what will be covered is installing the Enhanced Mitigation Experience Toolkit
(EMET), Group Policy best practices, and Microsoft SQL security. For Unix, we will
cover third-party updates and server/OS hardening, including disabling services, file
permissions, host-based firewalls, disk partitions, and other access controls. Endpoint
management also falls into this category. A common struggle that we see in corpora‐
tions includes bring your own device (BYOD) practices and mobile device manage‐
ment (MDM). We will also go into managing and implementing endpoint
encryption.
Two other important verticals that are often ignored (or not given as much love as
they should be) are networking infrastructure and password management. While
going over networking infrastructure, we will cover port security, disabling insecure
technologies, device firmware, egress filtering, and more. We will cover segmentation,
including implementing VLANs with ACLs to ensure the network isn’t flat, delega‐
tion of permissions, and Network Access Controls. We will then look into vulnerabil‐
ity scanning and remediation. While most enterprise vulnerability scanners are not
free, we talk about them in this chapter to prove their worth by using them for a free
trial period (to work toward the purchase of the entire product) or getting the most
out of a full version already in the organization.
Many organizations have their own development team; however, traditional training
for developers typically focuses on performance optimization, scalability, and intero‐
perability. Secure coding practices have only been included in software development
training in relatively recent years. We discuss techniques that can be used to enhance
the current situation and reduce the risk often associated with in-house development.
Purple teaming, which is the combination of both offensive (red team) and defensive
(blue team) security, can be difficult to implement depending on staffing and corpo‐
rate policies. It is a relatively new concept that has gained a significant amount of
attention over the last couple of years. Chapter 18 covers some basic penetration test‐
ing concepts, as well as social engineering and open source intelligence.
Finally, some of the most time-intensive security practices and devices are covered as
we go through IDS, IPS, SOC, logging, and monitoring. We have found that many
organizations feel as though these technologies are a one-time install or setup proce‐
dure and you can walk away feeling protected. It is well worth the time, effort, and
investment to have a continually in-progress configuration because your internal
environment is always changing, as are the threats you should be concerned about.
We won’t be making any specific vendor recommendations, but rather have opted to
discuss overall solutions and concepts that should stand the test of time a lot better
than a specific vendor recommendation for the current toolset.
Oh, and the Extra Mile...that’s the junk drawer where you will find our bits and pieces
of configuration ideas and advice that didn’t really have a home anywhere else.
xvi | Introduction