Conrad Eric - Eleventh Hour CISSP

Third Edition

Eric Conrad

Seth Misenar

Joshua Feldman

Technical Editor

Bryan Simon

Syngress is an imprint of Elsevier

50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States

Copyright 2017, 2014, 2011 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

ISBN: 978-0-12-811248-9

For information on all Syngress publications visit our website at https://www.elsevier.com/

Acquisition Editor: Todd Green

Editorial Project Manager: Anna Valutkevich

Production Project Manager: Mohana Natarajan

Cover Designer: Alan Studholme

Typeset by SPi Global, India

Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GISP, GCED), is a senior SANS instructor and CTO of Backshore Communications, which provides information warfare, hunt teaming, penetration testing, incident handling, and intrusion detection consulting services. He started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and health care, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He is lead author of MGT414: SANS Training Program for CISSP Certification , and coauthor of both SANS SEC511: Continuous Monitoring and Security Operations and SANS SEC542: Web App Penetration Testing and Ethical Hacking . He graduated from the SANS Technology Institute with a master of science degree in information security engineering, and he earned his bachelor of arts in English from Bridgewater State College. He lives in Peaks Island, Maine, with his family, Melissa, Eric, and Emma. His website is http://ericconrad.com.

Joshua Feldman (CISSP) is a vice president at Moodys, a bond ratings agency critical to the security, health, and welfare of the global commerce sector. He drives M&A, security architecture, design, and integration efforts for IT Risk and InfoSec. Before taking on this promotion, Feldman was the Enterprise Security Architect for Corning, Inc., where he helped to deliver numerous security transformations for Corning and was a key team member focused on maturing the security function. From 2002 to 2012, he worked as the technical director of a US DoD cybersecurity services contract. Supporting the DoD, he helped create the current standard used for assessing cyberthreats and analyzing potential adversaries for impact. During his tenure, he supported many DoD organizations including the Office of the Secretary of Defense, DISA, and the Combatant Commands. He got his start in the cybersecurity field when he left his high school science teaching position in 1997 and began working for Network Flight Recorder (NFR, Inc.), a small Washington, DC-based startup, making the first generation of network intrusion detection systems (NIDS). He earned a master of science in cyber operations from National Defense University and a bachelor of science degree from the University of Maryland. He currently resides in New York, with his two dogs, Jacky and Lily.

Seth Misenar (CISSP, GIAC GSE, GSEC, GPPA, GCIA, GCIH, GCWN, GCFA, GWAPT, GPEN) is a cybersecurity expert who serves as a senior instructor with the SANS Institute and as a principal consultant at Context Security, LLC. He is numbered among the few security experts worldwide to have achieved the GIAC GSE (#28) credential. He teaches a variety of cybersecurity courses for the SANS Institute including two very popular courses for which he is lead author: the bestselling SEC511: Continuous Monitoring and Security Operations and SEC542: Web Application Penetration Testing and Ethical Hacking. He also serves as coauthor for MGT414: SANS Training Program for CISSP Certification. His background includes security research, intrusion analysis, incident response, security architecture design, and network and web application penetration testing. He has previously served as a security consultant for Fortune 100 companies and as the HIPAA security officer for a state government agency. He has a bachelor of science degree in philosophy from Millsaps College and resides in Jackson, Mississippi, with his wife, Rachel, and children, Jude, Hazel, and Shepherd.

Bryan Simon , CISSP is an internationally recognized expert in cybersecurity and has been working in the information technology and security field since 1991. Over the course of his career, Bryan has held various technical and managerial positions in the education, environmental, accounting, and financial services sectors. Bryan speaks on a regular basis at international conferences and with the press on matters of cybersecurity. He has instructed individuals from organizations such as the FBI, NATO, and the UN in matters of cybersecurity, on three continents. Bryan has specialized expertise in defensive and offensive capabilities. He has received recognition for his work in IT Security and was most recently profiled by McAfee (part of Intel Security) as an IT Hero. Bryan holds 11 GIAC Certifications including GSEC, GCWN, GCIH, GCFA, GPEN, GWAPT, GAWN, GISP, GCIA, GCED, and GCUX. Bryans scholastic achievements have resulted in the honor of him sitting as a current member of the Advisory Board for the SANS Institute and his acceptance into the prestigious SANS Cyber Guardian program. Bryan is a SANS Certified Instructor for SEC401: Security Essentials Bootcamp Style, SEC501: Advanced Security Essentials - Enterprise Defender, SEC505: Securing Windows with PowerShell and the Critical Security Controls, and SEC511: Continuous Monitoring and Security Operations.