ISBN 9788126555895,Security Intelligence

Security Intelligence



Wiley India Pvt Ltd

Publication Year 2015

ISBN 9788126555895

ISBN-10 8126555890


Number of Pages 360 Pages
Language (English)


Security Intelligence: A Practitioner's Guide to Solving Enterprise Security Challenges guides you through a deciphering process that translates each security goal into a set of security variables, substitutes each variable with a specific security technology domain, formulates the equation that is the deployment strategy, then verifies the solution against the original problem by analyzing security incidents and mining hidden breaches, ultimately refines the security formula iteratively in a perpetual cycle.

Table of Contents : -
Chapter 1 : Fundamentals of Secure Proxies
Security Must Protect and Empower Users
The Birth of Shadow IT
Internet of Things and Connected Consumer Appliances
Conventional Security Solutions
Traditional Firewalls - What Are Their Main Deficiencies?
Firewall with DPI - A Better Solution?
IDS / IPS and Firewall
Unified Threat Management and Next Generation Firewall
Security Proxy - A Necessary Extension of the End Point
Transaction Based Processing
The Proxy Architecture
SSL Proxy and Interception
Interception Strategies
Certificates and Keys
Certificate Pinning and OCSP Stapling
SSL Interception and Privacy

Chapter 2 : Proxy Deployment Strategies and Challenges
Definitions of Proxy Types - Transparent Proxy and Explicit Proxy
Inline Deployment of Transparent Proxy - Physical Inline and Virtual Inline Physical Inline Deployment
Virtual Inline Deployment
Traffic Redirection Methods - WCCP and PBR
LAN Port and WAN Port
Forward Proxy and Reverse Proxy
Challenges of Transparent Interception
Directionality of Connections
Maintaining Traffic Paths
Avoiding Interception
Asymmetric Traffic Flow Detection and Clustering
Proxy Chaining

Chapter 3 Proxy Policy Engine and Policy Enforcements
Policy System Overview
Conditions and Properties
Policy Transaction
Policy Ticket
Policy Updates and Versioning System
Security Implications
Policy System in the Cloud Security Operation
Policy Evaluation
Policy Checkpoint
Policy Execution Timing
Revisiting the Proxy Interception Steps
Enforcing External Policy Decisions

Chapter 4 Malware and Malware Delivery Networks
Cyber Warfare and Targeted Attacks
Espionage and Sabotage in Cyberspace
Industrial Espionage
Operation Aurora Watering Hole Attack
Breaching the Trusted Third Party
Casting the Lures
Spear Phishing
Cross Site Scripting
Search Engine Poisoning
Drive by Downloads and the Invisible iframe
Tangled Malvertising Networks
Malware Delivery Networks
Fast Flux Networks
Explosion of Domain Names
Abandoned Sites and Domain Names
Antivirus Software and End Point Solutions - The Losing Battle

Chapter 5 Malnet Detection Techniques
Automated URL Reputation System
Creating URL Training Sets
Extracting URL Feature Sets
Classifier Training
Dynamic Webpage Content Rating
Keyword Extraction for Category Construction
Keyword Categorization
Detecting Malicious Web Infrastructure
Detecting Exploit Servers through Content Analysis
Topology]Based Detection of Dedicated Malicious Hosts
Detecting C2 Servers
Detection Based on Download Similarities
Detecting Malicious Servers with a Honey client
High Interaction versus Low Interaction
Capture HPC: A High]Interaction Honey client
Thug - A Low Interaction Honey client
Evading Honey clients

Chapter 6 Writing Policies
Overview of the ProxySG Policy Language
Scenarios and Policy Implementation
Web Access
Access Logging
User Authentication
Safe Content Retrieval
SSL Proxy
Reverse Proxy Deployment
DNS Proxy
Data Loss Prevention
Email Filtering
A Primer on SMTP
Email Filtering Techniques

Chapter 7 The Art of Application Classification
A Brief History of Classification Technology
Signature Based Pattern Matching Classification
Extracting Matching Terms - Aho Corasick Algorithm
Prefix - Tree Signature Representation
Manual Creation of Application Signatures
Automatic Signature Generation
Flow Set Construction
Extraction of Common Terms
Signature Distiller
Machine Learning Based Classification Technique
Feature Selection
Supervised Machine Learning Algorithms
Naive Bayes Method
Unsupervised Machine Learning Algorithms
Expectation Maximization
K Means Clustering
Classifier Performance Evaluation
Proxy versus Classifier

Chapter 8 Retrospective Analysis
Data Acquisition
Logs and Retrospective Analysis
Log Formats
Log Management and Analysis
Packet Captures
Capture Points
Capture Formats
Capture a Large Volume of Data
Data Indexing and Query
B]tree Index
B]tree Search
B]tree Insertion
Range Search and B+]tree
Bitmap Index
Bitmap Index Search
Bitmap Index Compression
Inverted File Index
Inverted File
Inverted File Index Query
Inverted File Compression
Performance of a Retrospective Analysis System
Index Sizes
Index Building Overhead
Query Response Delay
Notes on Building a Retrospective Analysis System
MapReduce and Hadoop
MapReduce for Parallel Processing
Open Source Data Storage and Management Solution
Why a Traditional RDBMS Falls Short
NoSQL and Search Engines
NoSQL and Hadoop

Chapter 9 : Mobile Security
Mobile Device Management or Lack Thereof
Mobile Applications and Their Impact on Security
Security Threats and Hazards in Mobile Computing
Cross]Origin Vulnerability
Near Field Communication
Application Signing Transparency
Library Integrity and SSL Verification Challenges
Ad Fraud
Research Results and Proposed Solutions
Infrastructure]Centric Mobile Security Solution
Towards the Seamless Integration of WiFi and Cellular Networks
Security in the Network