CYBERSECURITY SURVIVAL GUIDE Principles & Best Practices Third Edition | August 2018 Lawrence C. Miller, CISSP www.paloaltonetworks.com/academy Advisory Panel: Brian Adams Jim Boardman Steve Bradshaw Keith Cantillon James Dalton Matthew Frohlich Thomas Trevethan Palo Alto Networks, Inc. www.paloaltonetworks.com © 2018 Palo Alto Networks – all rights reserved. Aperture, AutoFocus, GlobalProtect, Palo Alto Networks, PAN-OS, Panorama, Traps, and WildFire are trademarks of Palo Alto Networks, Inc. All other trademarks are the property of their respective owners. Table of Contents Table of Contents ..................................................................................................... i Table of Figures...................................................................................................... vi List of Tables ........................................................................................................ viii Foreword ............................................................................................................... ix Introduction ............................................................................................................ x Module 1 – Cybersecurity Foundation ................................................................ 1 1.1 Cybersecurity Landscape .................................................................................................. 1 1.1.1 Modern computing trends ........................................................................................ 2 1.1.2 New application framework and threat vectors ....................................................... 8 1.1.3 Turbulence in the cloud .......................................................................................... 10 1.1.4 SaaS application risks .............................................................................................. 12 1.1.5 Compliance and security are not the same ............................................................ 13 1.1.6 Recent high-profile cyber-attack examples ............................................................ 16 1.2 Cyberthreats ................................................................................................................... 20 1.2.1 Attacker profiles and motivations .......................................................................... 20 1.2.2 Modern cyber-attack strategy ................................................................................ 22 1.3 Endpoint security basics ................................................................................................. 27 1.4 Cyber-attack Techniques and Types .............................................................................. 27 1.4.1 Malware .................................................................................................................. 28 1.4.2 Vulnerabilities and exploits..................................................................................... 33 1.4.3 Spamming and phishing .......................................................................................... 35 1.4.4 Bots and botnets ..................................................................................................... 37 1.5 Wi-Fi and Advanced Persistent Threats ......................................................................... 42 1.5.1 Wi-Fi vulnerabilities ................................................................................................ 42 1.5.2 Wi-Fi man-in-the-middle attacks ............................................................................ 48 1.5.3 Advanced Persistent Threats .................................................................................. 52 Module 2 – Cybersecurity Gateway................................................................... 56 2.1 The Connected Globe ..................................................................................................... 57 2.1.1 The NET: How things connect ................................................................................. 57 2.1.2 Introduction to networking devices ....................................................................... 57 CYBERSECURITY SURVIVAL GUIDE, Third Edition i 2.1.3 Routed and routing protocols ................................................................................. 59 2.1.4 Area networks and topologies ................................................................................ 61 2.1.5 Domain Name System (DNS) .................................................................................. 66 2.2 Physical, Logical, and Virtual Addressing ....................................................................... 69 2.2.1 IP addressing basics ................................................................................................ 74 2.2.2 Introduction to subnetting ..................................................................................... 78 2.3 Packet Encapsulation and Lifecycle................................................................................ 80 2.3.1 The OSI and TCP/IP models ..................................................................................... 81 2.3.2 Data encapsulation ................................................................................................. 87 2.4 Network Security Models ............................................................................................... 88 2.4.1 Perimeter-based network security strategy ........................................................... 89 2.4.2 Zero Trust security .................................................................................................. 90 2.5 Cloud and Data Center Security ..................................................................................... 97 2.5.1 Cloud computing depends on virtualization ........................................................... 98 2.5.2 Cloud computing security considerations and requirements ................................ 98 2.5.3 Traditional data security solution weaknesses ..................................................... 101 2.5.4 East-west traffic protection .................................................................................. 102 2.5.5 Implementing security in virtualized data centers ............................................... 104 2.6 Network Security Technologies.................................................................................... 107 2.6.1 Firewalls ................................................................................................................ 107 2.6.2 Intrusion detection and prevention systems ........................................................ 110 2.6.3 Web content filters ............................................................................................... 111 2.6.4 Virtual private networks ....................................................................................... 112 2.6.5 Data loss prevention ............................................................................................. 115 2.6.6 Unified Threat Management ................................................................................ 116 2.6.7 Security information and event management...................................................... 117 2.7 Endpoint security ......................................................................................................... 119 2.7.1 Anti-malware ........................................................................................................ 119 2.7.2 Anti-spyware ........................................................................................................ 123 2.7.3 Personal firewalls .................................................................................................. 123 2.7.4 Host-based Intrusion Prevention Systems (HIPS) ................................................. 124 2.7.5 Mobile device management ................................................................................. 124 ii PALO ALTO NETWORKS® 2.8 Cloud, Virtualization, and Storage Security ................................................................. 126 2.8.1 Cloud computing ................................................................................................... 126 2.8.2 Virtualization ......................................................................................................... 128 2.8.3 Local and remote storage ..................................................................................... 130 2.9 Networking Concepts ................................................................................................... 131 2.9.1 Server and system administration ........................................................................ 132 2.9.2 Directory services .................................................................................................. 133 2.9.3 Structured host and network troubleshooting ..................................................... 133 2.9.4 ITIL fundamentals.................................................................................................. 136 2.9.5 Help desk and technical support .......................................................................... 137 Module 3 – Cybersecurity Essentials ............................................................... 138 3.1 Security Operating Platform ........................................................................................ 138 3.2 Network Security .........................................................................................................