企业网络安全架构与防御策略

需积分: 10 36 浏览量更新于2024-07-22 收藏 20.87MB PDF 举报

"Enterprise Cybersecurity" Enterprise Cybersecurity 是一本关于企业网络安全的书籍，旨在帮助企业建立一个全面的网络安全计划，以对抗现代目标网络攻击。该书提供了一个详细的框架，指导企业如何架构、设计、实施和运营一个协调一致的网络安全计划。该书的作者是网络安全领域的专家，他们有多年的经验，曾经在政府、军队和商业实体中担任过各种职位，从高层策略家到系统架构师再到网络战士。他们分享了自己的经验，指导读者如何领导、设计、部署、运营和支持企业网络安全能力。本书的主要内容包括： 1. 如何创建一个基于数据的、客观管理的网络安全计划，以适应组织的需求。 2. 如何组织、评估和评分网络安全计划，使用作者提出的企业网络安全架构方案。 3. 目标攻击的方法和原因。 4. 网络安全风险管理、能力评估、范围选择、运营和信息系统支持的过程。 5. 如何审计和报告网络安全计划，以符合监管框架。此外，本书还提供了一个详细的目录，包括网络安全挑战、企业网络安全架构、新型企业网络安全、网络安全防御、企业网络安全评估、企业网络安全计划等方面的内容。本书适合企业高管、经理、架构师、IT专业人士、网络安全服务提供商和工程学生等。他们可以从中学习如何建立一个强大的网络安全计划，以保护企业免受现代目标网络攻击的威胁。网络安全是一个非常重要的问题，因为黑客攻击可以对企业造成致命的损害。因此，企业需要采取有效的网络安全措施，以保护自己的计算机系统和IT网络。这个问题需要企业的所有员工共同努力，因为网络安全是一个共同的责任。在本书中，作者提供了许多有价值的经验和建议，指导读者如何建立一个强大的网络安全计划，以保护企业免受现代目标网络攻击的威胁。同时，本书也强调了网络安全的重要性和紧迫性，敦促企业采取行动，保护自己的网络安全。 Enterprise Cybersecurity 是一本非常有价值的书籍，对于企业来说是一个非常重要的参考资料。它提供了一个详细的框架和指导，帮助企业建立一个强大的网络安全计划，以保护自己免受现代目标网络攻击的威胁。

xlii

■ INTRODUCTION

APPENDIX E: Cybersecurity Operational Processes

Appendix E contains detailed flowcharts for the 17 operational processes of enterprise cybersecurity, and it

also introduces the 14 supporting information systems.

APPENDIX F: Object Measurement

Appendix F introduces the Object Measurement methodology for objective assessment, and explains how to

use it to measure and report enterprise cybersecurity architecture effectiveness.

APPENDIX G: Cybersecurity Capability Value Scales

Appendix G contains detailed, example Object Measurement value scales for measuring the performance of

each of the 113 enterprise cybersecurity architecture capabilities, grouped by the 11 functional areas.

APPENDIX H: Cybersecurity Sample Assessment

Appendix H provides an example enterprise cybersecurity assessment using the methodology contained in

this book, providing multiple levels of detail showing how different types of assessment can be performed.

APPENDIX I: Network Segmentation

Appendix I describes a simple methodology for network segmentation that is suitable for countering many

advanced threats and provides a good balance between containment and security versus complexity and cost.

Glossary

The Glossary provides an explanation of the cybersecurity terms used in this book, expressed in plain

English for the non-technical reader.

Bibliography

The Bibliography provides additional literature for readers who wish to explore extensions to material

addressed in this book and who wish to explore alternatives to what this book addresses.

Index

The Index provides a means for the reader to locate concepts and other material the book addresses in a

timely manner.

Chapter 1

Defining the Cybersecurity

Challenge

It appears that lately cybersecurity is in trouble, or at least going through a difficult time. If you are reading

this book, you are one of the people trying to make cybersecurity work despite daunting challenges and

information technology (IT) environments seemingly ill-suited to facing those challenges. The authors share

your concerns.

This book is about building effective cybersecurity that works against advanced cyberthreats, despite

the challenges. Effective cybersecurity works when you are faced with an adversary who is well-funded,

intelligent, sophisticated, and who does not give up at the first sign of cyberdefense. Effective cybersecurity

evolves over time to handle increasingly sophisticated adversaries in an increasingly interconnected world.

Effective cybersecurity involves cybersecurity as a partner, coach, and scorekeeper for IT, rather than just a

naysayer standing in the way of progress.

This book describes a comprehensive framework for managing an enterprise cybersecurity program

that is pragmatic, realistic, and suited to battling today’s cyberthreats. This book’s field-proven framework

has been used to run large-scale cybersecurity efforts against advanced nation-state adversaries and

talented individual hackers. This flexible framework is designed to manage cyberdefenses against today’s

sophisticated cyberthreats, as well as tomorrow’s next-generation cyberthreats.

The Cyberattacks of Today

Compared to today, cybersecurity used to be relatively simple. The major cyberthreats were viruses, worms,

and Trojan horse. These cyberthreats randomly attacked computers directly connected to the Internet,

but posed little enterprise threat. Inside enterprise networks with firewalls on the outside and anti-virus

protection on the inside, the enterprise appeared to be protected and relatively safe. Occasionally an

incident would occur and cyberdefenders would rally to fight it, but once the defenders understood the

malicious code, detecting it and defeating it was straightforward.

Then, slowly but surely, a transformation started to take place. Cyberattackers started getting inside

enterprise networks, and once they were inside they operated surreptitiously. Cyberattackers took control

of infected machines and connected them to remote command-and-control systems. They captured

usernames and passwords, and then used them to connect to systems for stealing data or money.

Cyberattackers exploited vulnerabilities inside the enterprise to move laterally among computers on the

network and capture the credentials of more and more people within the enterprise. Finally, cyberattackers

escalated privileges and got control of the systems administrator accounts in charge of everything. Once

these attackers got administrative control of the enterprise, they were able to do anything they wanted.

CHAPTER 1 ■ DEFINING THE CYBERSECURITY CHALLENGE

“We are using outdated, conventional defenses to guard against cutting-edge, innovative malware.

We are no more prepared to do this than a 19th century army trying to defend itself against today’s electronic

weaponry.” —FireEye.

In recent years, this trend has played out in more and more spectacular breaches hitting the headlines.

Just a couple of the severe intrusions include the following:

• In 2011, RSA’s enterprise was breached and the security keys for many of its customers

were believed to have been stolen. This breach prompted RSA to replace millions of

its SecureID tokens to restore security for its customers. This breach is disconcerting

because RSA is one of the oldest and most established cybersecurity brands.

• In 2013, Target’s point of sale (POS) network was compromised, resulting in the loss

of personal information and credit card numbers for over 40 million customers. The

costs of this breach, particularly when reputational damage and lawsuits are taken

into account, will likely be huge.

• In 2014, Sony Pictures Entertainment reported attackers had infiltrated its

environment and disabled almost every computer and server in the company.

This cyberattack brought the company to its knees and resulted in the public release

of thousands of proprietary documents and e-mail messages.

• In 2014, a German steel mill was affected by a hacking incident that caused one of

its blast furnaces to malfunction. This resulted in significant physical damage to the

plant and its facilities.

• In 2015, Anthem reported its IT systems had been breached and personal

information on over 80 million current and former members of their healthcare

network was compromised, which included the US government’s Blue Cross Blue

Shield program.

These intrusions are but a handful of the myriad of cybersecurity breaches that have occurred recently.

However, these breaches are indicative of some of the major trends. Cyberattackers are now targeting

personal identities, financial accounts, and healthcare information and getting such information on millions

or tens of millions of people in a single breach. Cyberattackers are taking control of industrial equipment

and causing physical damage to plants and equipment. Thankfully, no one has been hurt so far, but given

the current trends it may just be a matter of time.

These headlines seem to indicate that the attackers have gotten the upper hand, at least for now. The

question is, “What has changed and how can the defenders recover?”

The Sony Pictures Entertainment Breach of 2014

In November 2014, Sony Pictures Entertainment employees got to the office to find themselves in the

crosshairs of an IT horror story. Their computers had been taken over. Instead of displaying logon prompts,

office productivity, and corporate web sites, they were completely nonfunctional and displayed a message

from an organization claiming to be the Guardians of Peace. By the end of the day, most of the computers

at Sony Pictures had been completely disabled, sharply impairing the company’s business while they

FireEye, “Advanced Malware Exposed,” www2.fireeye.com/wp_advmalware_exposed.html, 2011.

CHAPTER 1 ■ DEFINING THE CYBERSECURITY CHALLENGE

recovered data and IT systems. The cyberattackers then went on to publish proprietary data from Sony

Pictures, including salaries and personal e-mails of its senior executives. The breach caused a media

sensation due to the salaciousness of the data published. The breach also caused earthquakes in the

cybersecurity industry, as the IT community got a glimpse of what a devastating cyberattack could do.

Key lessons learned include the following:

• The Sony hack is significant, not because the attackers did something no one could

do before, but because the attackers did what cyberattackers have been able to do all

along, but have chosen not to. The security industry has been warning for years that

cyberattackers could bring a company to their knees. The Sony hack put the reality of

this possibility in full view of the press and the public.

• It is reasonable to expect that Sony’s cyberdefenses were consistent with industry

norms and reflected what is and is not being done at a myriad of other companies

around the world. In fact, Sony Pictures was likely better defended than most

enterprises due to its size and prominence. One has to ask, “Is this an indication of

how vulnerable everyone is to a devastating cyberattack?”

• The effectiveness of the Sony hack was likely amplified by the consolidation of IT

systems administration that has occurred over the past 20 years. In the past, a single

systems administrator might manage a handful of servers providing, at most, one or

two enterprise services. Today, the same administrator may have privileged access

to a hundred systems, or even thousands. If attackers can get control of that one

person’s administrative credentials, the damage they can do is devastating.

• These types of attacks show how professional attackers, who understand how modern

IT works and how it is managed, can effectively turn an enterprise’s IT infrastructure

against it. These infrastructures are largely designed for functionality, not security,

and often lack compartmentalization to contain a breach and limit its damage.

• Finally, attacks like Sony’s underscore the fear factor that devastating cyberattacks

can have on an industry and the nation. What would be the political impact if an

individual, an organization, or a nation-state could pull off a hundred Sony-style

attacks, all simultaneously?

There is a mega-trend going on here. These types of cyberattacks are moving down market over time.

In other words, the techniques nation-states were using a couple of years ago are being used by cybercriminals

today. The techniques cybercriminals were using a couple of years ago are in commodity malware and viruses

today. It is reasonable to expect what was done to Sony Pictures Entertainment will become more common

in the future as cyberattack tools and techniques proliferate and become available to larger and larger

communities. So, while these types of threats may only be of concern to a small group of top-tier players

today, as these threats move down market, they will become more widespread.

The tools and techniques to fight these types of attackers exist today, but they are not cheap or easy to

deploy. Also, fighting these cyberattackers requires re-thinking many aspects of IT so that security is baked

in rather than bolted on. One cannot simply buy a widget and be immune to Sony-style attacks. Just as banks

have to invest in alarms and security guards, enterprises have to invest in people doing the dirty, grunt work

of cybersecurity, day in and day out. Enterprises have to be constantly evolving their defenses. Cybersecurity

defense is an arms race and the attackers are smart, competent, and ill-intended. The attackers who hit Sony

Pictures Entertainment are advanced, persistent, and very, very threatening.

剩余507页未读，继续阅读

ramissue

粉丝: 354
资源: 1487

企业网络安全架构与防御策略

Enterprise Cybersecurity(Apress,2015)

Enterprise Cybersecurity Study Guide.pdf

Enterprise Cybersecurity - How to build a ....

「漏洞预警」Optimizing Enterprise Cybersecurity through Serious Gam

Enterprise Cybersecurity Study Guide How to Build a Successful Cyberdefense epub

Enterprise Cybersecurity Study Guide How to Build a Successful 无水印原版pdf

automotive-cybersecurity-exida.pdf

Hands-On Cybersecurity for Architects

RedTeam Security Services Overview-10.pdf

Top_Security_and_Risk_Management_Trends_for_2020.pdf

最新资源