Defensive Security Handbook Best Practices for Securing Infrastructure - Second Edition (Amanda Berlin, Lee Brotherston etc.) (Z-Library) (1)

Amanda Berlin, Lee Brotherston & William F. Reyor III Second Edition Defensive Security Handbook Best Practices for Securing Infrastructure

SECURIT Y Defensive Security Handbook linkedin.com/company/oreilly-media youtube.com/oreillymedia Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don’t have the budget for an information security (InfoSec) program. If you’re forced to protect yourself by improvising on the job, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost. Each chapter in this book provides step-by-step instructions for dealing with issues such as breaches and disasters, compliance, network infrastructure, password management, vulnerability scanning, penetration testing, and more. Network engineers, system administrators, and security professionals will learn how to use frameworks, tools, and techniques to build and improve their cybersecurity programs. This book will help you: • Plan and design incident response, disaster recovery, compliance, and physical security • Learn and apply basic penetration-testing concepts through purple teaming • Conduct vulnerability management using automated processes and tools • Use IDS, IPS, SOC, logging, and monitoring • Bolster Microsoft and Unix systems, network infrastructure, and password management • Use segmentation practices and designs to compartmentalize your network • Reduce exploitable errors by developing code securely 9 7 8 1 0 9 8 1 2 7 2 4 4 5 6 5 9 9 US $65.99 CAN $82.99 ISBN: 978-1-098-12724-4 “Defensive Security Handbook is a must- read for anyone looking to build a strong security foundation. It provides invaluable insights and practical guidance for protecting your organization’s infrastructure.” —Matt Warner CTO of Blumira Amanda Berlin is a principal detection and product manager for Blumira, where she heads an R&D team dedicated to improving the overall security landscape. She’s also an author, speaker, and podcaster. Lee Brotherston is the founding security engineer at OpsHelm, having worked for the past two decades as both practitioner and management in blue teams across a number of industry verticals. William F. Reyor III, director of security at Modus Create, blends expertise in DevSecOps, AI/LLM security, and software supply chain integrity to help organizations improve their security posture.

Praise for Defensive Security Handbook, 2nd ed. Defensive Security Handbook is a must-read for anyone looking to build a strong security foundation. It provides invaluable insights and practical guidance for protecting your organization’s infrastructure. —Matt Warner, CTO of Blumira If you’re looking for soup-to-nuts security, this book contains all the recipes you’ll need for a well-balanced information security program. Easily digestible and all-inclusive, the contents are perfect for beginners and seasoned security veterans alike. Zero fluff, all flavor. —Heather Balas, keynote speaker and senior engineering manager of security, Etsy The authors have translated the otherwise overwhelming topic of building effective and comprehensive security programs into bite-sized segments in an entertaining yet business-focused, informative manner. —Liz Wharton, attorney and founder, Silver Key Strategies This book offers essential insights for mastering defensive security measures. Perfect for both beginners and experts, it provides practical strategies for building an effective defensive security program. A highly recommended resource for anyone in the field. —Dave Kennedy (HackingDave), founder and chief hacking officer for Binary Defense and TrustedSec

A book by practitioners for practitioners. It’s not just a good read but a much-needed reference work for security professionals on all levels. —Wim Remes, operations manager, Spotit.be The first edition of this book was a comprehensive guide to assist defenders in securing their environments. The second edition of this book continues as one of the best resources for understanding blue team concepts in an accessible and actionable way. You will not be disappointed having this book on your shelf and will refer to it for years to come. Amanda, Lee, and William continue to create excellent content that is sorely needed in our industry. —Bryan Brake, “Brakeing Down Security” podcast

Amanda Berlin, Lee Brotherston, and William F. Reyor III Defensive Security Handbook Best Practices for Securing Infrastructure SECOND EDITION Boston Farnham Sebastopol TokyoBeijing

978-1-098-12724-4 [LSI] Defensive Security Handbook by Amanda Berlin, Lee Brotherston, and William F. Reyor III Copyright © 2024 Amanda Berlin, Lee Brotherston, and William F. Reyor III. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com. Acquisitions Editors: Jennifer Pollock & Simina Calin Development Editor: Shira Evans Production Editor: Clare Laylock Copyeditor: Rachel Head Proofreader: Krsta Technology Solutions Indexer: nSight, Inc. Interior Designer: David Futato Cover Designer: Karen Montgomery Illustrator: Kate Dullea April 2017: First Edition July 2024: Second Edition Revision History for the Second Edition 2024-06-26: First Release See http://oreilly.com/catalog/errata.csp?isbn=9781098127183 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Defensive Security Handbook, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.

Table of Contents Foreword to the First Edition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii 1. Creating a Security Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Laying the Groundwork 1 Establishing Teams 2 Determining Your Baseline Security Posture 3 Assessing Threats and Risks 4 Identify Scope, Assets, and Threats 4 Assess Risk and Impact 4 Mitigate 5 Monitor 6 Govern 6 Prioritizing 7 Creating Milestones 8 Use Cases, Tabletops, and Drills 9 Expanding Your Team and Skillsets 14 Conclusion 15 2. Asset Management and Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 What Is Asset Management? 19 Documentation 19 Establishing the Schema 20 Data Storage Options 20 Data Classification 22 v

Understanding Your Inventory Schema 25 Asset Management Implementation Steps 33 Defining the Lifecycle 33 Information Gathering 35 Change Tracking 38 Monitoring and Reporting 39 Asset Management Guidelines 40 Automate 40 Establish a Single Source of Truth 40 Organize a Company-wide Team 41 Find Executive Champions 41 Keep on Top of Software Licensing 41 Conclusion 42 3. Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Language 44 Document Contents 45 Topics 46 Storage and Communication 48 Conclusion 48 4. Standards and Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Standards 50 Procedures 52 Document Contents 53 Conclusion 54 5. User Education. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Broken Processes 56 Bridging the Gap 57 Building Your Own Program 57 Establish Objectives 57 Establish Baselines 58 Scope and Create Program Rules and Guidelines 58 Provide Positive Reinforcement 58 Define Incident Response Processes 59 Obtaining Meaningful Metrics 59 Measurements 59 Tracking Success Rate and Progress 60 Important Metrics 60 Conclusion 60 vi | Table of Contents

6. Incident Response. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Processes 61 Pre-Incident Processes 61 Incident Processes 63 Post-Incident Processes 64 Tools and Technology 65 Log Analysis 65 EDR/XDR/MDR/All the “Rs” 66 Disk and File Analysis 67 Memory Analysis 68 PCAP Analysis 68 All-in-One Tools 69 Conclusion 69 7. Disaster Recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Setting Objectives 71 Recovery Point Objective 72 Recovery Time Objective 72 Recovery Strategies 73 Traditional Physical Backups 73 Warm Standby 73 High Availability 74 Alternate System 75 System Function Reassignment 75 Cloud Native Disaster Recovery 75 Dependencies 77 Scenarios 77 Invoking a Failover...and Back 78 Testing 79 Security Considerations 79 Conclusion 80 8. Industry Compliance Standards and Frameworks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Industry Compliance Standards 81 Family Educational Rights and Privacy Act (FERPA) 82 Gramm-Leach-Bliley Act (GLBA) 82 Health Insurance Portability and Accountability Act (HIPAA) 84 Payment Card Industry Data Security Standard (PCI DSS) 84 Sarbanes-Oxley (SOX) Act 85 Frameworks 85 Table of Contents | vii

Center for Internet Security (CIS) 85 Cloud Control Matrix (CCM) 86 The Committee of Sponsoring Organizations of the Treadway Commission (COSO) 86 Control Objectives for Information and Related Technologies (COBIT) 86 ISO-27000 Series 86 MITRE ATT&CK 87 NIST Cybersecurity Framework (CSF) 87 Regulated Industries 88 Financial 88 Government 88 Healthcare 89 Conclusion 90 9. Physical Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Physical 91 Restrict Access 92 Video Surveillance 92 Authentication Maintenance 93 Secure Media 94 Datacenters 94 Operational Aspects 95 Identifying Visitors and Contractors 95 Physical Security Training 96 Conclusion 98 10. Microsoft Windows Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Quick Wins 99 Upgrade 100 Third-Party Patches 101 Open Shares 101 Active Directory Domain Services 102 Forests 102 Domains 103 Domain Controllers 104 Organizational Units 105 Groups 105 Accounts 106 Group Policy Objects (GPOs) 106 Conclusion 107 viii | Table of Contents

11. Unix Application Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Keeping Up-to-Date 110 Third-Party Software Updates 110 Core Operating System Updates 112 Hardening a Unix Application Server 113 Disable Services 113 Set File Permissions 114 Use Host-Based Firewalls 116 Manage File Integrity 116 Configure Separate Disk Partitions 117 Use chroot 118 Set Up Mandatory Access Control 119 Conclusion 119 12. Endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Keeping Up-to-Date 122 Microsoft Windows 122 macOS 122 Unix Desktops 123 Third-Party Updates 124 Hardening Endpoints 124 Disable Services 124 Use Desktop Firewalls 125 Implement Full-Disk Encryption 126 Use Endpoint Protection Tools 128 Mobile Device Management 129 Endpoint Visibility 129 Centralization 131 Conclusion 131 13. Databases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Introduction to Databases and Their Importance in Information Security 134 Database Implementations 134 Common Database Management Systems 135 A Real-World Case Study: The Marriott Breach 135 Database Security Threats and Vulnerabilities 136 Unauthorized Access 137 SQL Injection 138 Data Leakage 139 Insider Threats 140 Table of Contents | ix

Defense Evasion 140 Database Security Best Practices 141 Data Encryption 141 Authentication and Authorization Mechanisms 143 Secure Database Configuration and Hardening 145 Database Management in the Cloud 146 Hands-on Exercise: Implementing Encryption in a MySQL Database (Operation Lockdown) 147 Conclusion 148 14. Cloud Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Types of Cloud Services and Their Security Implications 150 Software as a Service (SaaS) 150 Platform as a Service (PaaS) 150 Infrastructure as a Service (IaaS) 151 The Shared Responsibility Model 151 Common Cloud Security Mistakes and How to Avoid Them 152 Misconfigurations 152 Inadequate Credential and Secrets Management 153 Overpermissioned Cloud Resources 156 Poor Security Hygiene 157 Failing to Understand the Shared Responsibility Model 159 Cloud Security Best Practices 159 Start with Secure Architectural Patterns 160 Properly Manage Secrets 161 Embrace Well-Architected Frameworks 163 Continue Following Security Best Practices 163 Exercise: Gaining Security Visibility into an AWS Environment 164 Configure an SNS Email Notification 164 Enable GuardDuty 166 Set Up EventBridge to Route Alerts to Email 167 Testing 169 Conclusion 172 15. Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Identity and Access Management 173 Passwords 174 Password Basics 175 Encryption, Hashing, and Salting 177 Password Management 180 Additional Password Security 183 x | Table of Contents

Common Authentication Protocols 184 NTLM 184 Kerberos 186 LDAP 187 RADIUS 187 Differences Between Protocols 189 Protocol Security 190 Choosing the Best Protocol for Your Organization 190 Multi-Factor Authentication 191 MFA Weaknesses 193 Where It Should Be Implemented 194 Conclusion 194 16. Secure Network Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Device Hardening 198 Firmware/Software Patching 198 Services 199 SNMP 201 Encrypted Protocols 202 Management Network 203 Hardware Devices 204 Bastion Hosts 204 Routers 204 Switches 205 Wireless Devices 205 Design 207 Egress Filtering 207 IPv6: A Cautionary Note 208 TACACS+ 209 Networking Attacks 209 ARP Cache Poisoning and MAC Spoofing 210 DDoS Amplification 210 VPN Attacks 211 Wireless 211 Conclusion 212 17. Segmentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 Network Segmentation 213 Physical 213 Logical 214 Physical and Logical Network Example 220 Table of Contents | xi

Software-Defined Networking 222 Application Segmentation 222 Segmentation of Roles and Responsibilities 223 Conclusion 225 18. Vulnerability Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 Authenticated Versus Unauthenticated Scans 228 Vulnerability Assessment Tools 230 Open Source Tools 231 Vulnerability Management Program 232 Program Initialization 232 Business as Usual 233 Remediation Prioritization 234 Risk Acceptance 236 Conclusion 236 19. Development. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Language Selection 237 Assembly 238 C and C++ 238 Go 239 Rust 239 Python/Ruby/Perl 239 PHP 240 Secure Coding Guidelines 240 Testing 241 Automated Static Testing 241 Automated Dynamic Testing 242 Peer Review 242 Software Development Lifecycle 243 Conclusion 244 20. OSINT and Purple Teaming. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Open Source Intelligence 246 Types of Information and Access 246 Modern OSINT Tools 252 Purple Teaming 260 A Purple Teaming Example 261 Conclusion 263 xii | Table of Contents

21. Understanding IDSs and IPSs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 Role in Information Security 266 Exploring IDS and IPS Types 267 Network-Based IDSs 268 Host-Based IDSs 269 IPSs 272 NGFWs 272 IDSs and IPSs in the Cloud 273 AWS 274 Azure 275 GCP 276 Working with IDSs and IPSs 276 Managing False Positives 276 Writing Your Own Signatures 277 IDS/IPS Positioning 279 Encrypted Protocols 280 Conclusion 281 22. Logging and Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283 Security Information and Event Management 283 Why Use a SIEM 284 Scope of Coverage 284 Designing the SIEM 285 Log Analysis and Enrichment 286 Sysmon 287 Group Policy 292 Alert Examples and Log Sources to Focus On 293 Authentication Systems 293 Application Logs 293 Cloud Services 294 Databases 296 DNS 296 Endpoint Protection Solutions 296 IDSs/IPSs 297 Operating Systems 297 Proxy and Firewall Logs 298 User Accounts, Groups, and Permissions 298 Testing and Continuing Configuration 299 Aligning with Detection Frameworks, Compliance Mandates, and Use Cases 300 MITRE ATT&CK 300 Table of Contents | xiii

Sigma 301 Compliance 302 Use Case Analysis 302 Conclusion 303 23. The Extra Mile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 Email Servers 305 DNS Servers 307 Security Through Obscurity 309 Useful Resources 310 Books 310 Blogs 311 Podcasts 311 Websites 312 Appendix: User Education Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313 Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 xiv | Table of Contents

Foreword to the First Edition Spend any time in the information security world, and it will become quickly evident that most of the press and accolades go to those folks working on the offensive side of security. From finding new vulnerabilities, creating exploits, breaking into systems, bug bounties, the occasional cable TV show, and capture the flag contests, the red teams get all the glory. But there is more—much more—to the security world than just offense. Being on the defensive side, the blue team, can seem a lonely, unappreciated battle. But doing defense is a vital, noble, and worthwhile pursuit. We defenders matter, greatly, to the future of our organizations and the jobs and livelihoods of our cowork‐ ers. When the bad guys win, people lose their jobs, organizations are distracted from their core goals, and the bad guys are often enriched to continue their nefarious pur‐ suits. And, like something out of a cyberpunk novel, with the trend of the Internet of Things, soon actually lives may be at threat when the bad guys are successful. So many of us got our start in the security world as tool engineers, running perhaps a firewall or intrusion detection system (IDS) platform for our employer. Though those skills are highly valued, moving beyond them to a more holistic view of defensive security can sometimes be a challenge without the right resources to bring a bigger- picture view. As we continue to experience a shortage of valuable information secu‐ rity defensive talent, we will need more folks than ever to continue to learn and grow into the defensive security role, and to do it well, they need a holistic view of the secu‐ rity landscape. Another challenge we often face is that a great deal of the narrative around defenses, technology, threats, and thought leadership in the defensive security world comes from the vendors themselves, and their snazzy demos and marketing presentations. Though a lot can be learned from vendors in the space, as they are laser focused on the problems organizations are trying to solve, they also have a sometimes narrow view of the world. IT Security Vendors will often define the problem set as the prob‐ lem they can solve with their technology, not necessarily the problem an organization xv

actually has. Countering that view with a holistic view of defensive security is vital to helping organizations become as secure as they can be. This is why I am so honored to write the foreword for the Defensive Security Hand‐ book. The world of security is changing rapidly, and we need more folks on the defen‐ sive side, learning from the best practices and the hard-won lessons of those who came before. This book does a great job of laying out key principles and skills, and giving a broad overview of the complex and growing landscape of the defensive secu‐ rity side of the world. Amanda Berlin and Lee Brotherston have laid out an overview of the multifaceted world of defensive security. Certainly, whole books have been written on tiny segments of the topics covered, but this handbook does a marvelous job of giving a defensive security professional an overview of the myriad of skill sets necessary to be successful. This handbook is a great primer for those new to the world of information security defense, those who want to expand their skills into more areas, and even those who have many years in the industry and are looking to make sure they are covering all their bases. I think you’ll find this a valuable resource to keep nearby and reference throughout your career. Best of luck on your path, and remember to keep fighting the good fight. Even when it may seem lonely and tough, remember what you are doing matters, and there are many out there who can and will help. Amanda and Lee have done a great job sharing their experience; now it’s up to us to learn from their experience. — Andrew Kalat Cohost of the Defensive Security Podcast February 2017 xvi | Foreword to the First Edition

Preface Over the last decade, technology adoption has exploded worldwide and corporations have struggled to keep pace. Usability and revenue creation have been the key moti‐ vating factors, often ignoring the proactive design and security required for long- term stability. With the increase of breaking news hacks, record-breaking data leaks, and ransomware attacks, it is our job not only to scrape by with default installs but also to secure our data and assets to the best of our abilities. There will always be cases where you will walk into an environment that is a metaphorical train wreck with so many fires that you don’t even know where to start. This book will give you what you need to create a solid and secure design for the majority of situations that you may encounter. Modern attacks can occur for many different motivations and are perpetrated by peo‐ ple ranging from organized crime groups seeking to monetize breaches, through to hacktivists seeking to enact retribution on the organizations they deem to be immoral or counter to public interest. Whatever the motivation and whomever the attacker, a large number of attacks are organized and carried out by skilled individuals, often with funding. This change in landscape has led to many organizations engaging in a game of Info‐ Sec catch-up, often realizing that their information security program has either not received the executive backing that it required or simply never existed in the first place. These organizations are seeking to correct this and begin along the path to ini‐ tiating or maturing their information security efforts. There is, however, a problem. Information security is an industry that is currently undergoing a period of negative unemployment; that is, there are more open positions than there are candidates to fill those positions. Hiring people is hard, and hiring good people is harder. For those seeking employment, this can be an advantageous situation; however, it is a high risk for employers seeking to hire someone for an information security position as they would be instilling a certain amount of trust with possible high-dollar assets in a new hire. xvii

For this reason, many companies that are only now embarking on their information security program have taken the route to promote someone from another role such as a system administrator or architect to an information security practitioner role. Another common practice is hiring a more junior information security professional into a role than would normally be the case and expecting the newly appointed employee to learn on the job. This situation is precisely what this book is intended to address. A large number of issues encountered by companies with an immature information security program can be remedied, or at least vastly reduced, with some basic security hygiene. The knee-jerk reaction to the task of inheriting a new and immature security department can be to buy as many devices with pretty blinky LEDs as possible, in the hope that they will remedy issues. Some people would rather pay another company to set up an outsourcing agreement, which can be leveraged in order to assist. Both of these options require money. Many organizations that are new to information secu‐ rity do not have the budget to undertake either of these solutions to the problem— using the tools that are already in the environment may well be all you have. Our Goal Our goal is to not only make this a standard that can be applied to most enterprise networks but also be a little entertaining to read along the way. There are already deep-dive standards out there from a variety of government and private organiza‐ tions that can drone on and on about the validity of one security measure or the next. We want this to be an informative dialog backed by real-life experiences in the indus‐ try. There will be good policy, best practices, code snippets, screenshots, walk‐ throughs, and snark all mixed in together. We want to reach out to the masses—the net admins who can’t get approval to hire help; directors who want to know they aren’t the only ones fighting the battles that we see day in and day out; and the people who are getting their hands dirty in the trenches and aren’t even close to being ready to start down the path of reading whitepapers and RFCs. Who This Book Is For This book is designed to serve as a Security 101 handbook that is applicable to as many environments as possible, in order to drive maximum improvement in your security posture for the minimum financial spend. Types of positions that will be able to take away knowledge and actionable data from this include upper-level chief infor‐ mation officers (CIOs), directors, security analysts, systems administrators, and other technological roles. xviii | Preface