Подписывайтесь на наш Telegram-канал! Ежедневно интересно!

Подписывайтесь на наш Telegram-канал!

Помочь нашему сайту финансово на сервисе сбора донатов!

Помочь нашему сайту финансово!
 
Текущий раздел Скачать бесплатно » Книги » Другая компьютерная литература » Identity Attack Vectors: Strategically Designing and Implementing Identity Security, 2nd Edition
HostLife - лучший платный хостинг

Identity Attack Vectors: Strategically Designing and Implementing Identity Security, 2nd Edition

  • Заявить о правах (Abuse)
Автор: Limpopo5 от 2024-03-31, 01:31:48
Identity Attack Vectors: Strategically Designing and Implementing Identity Security, 2nd EditionНазвание: Identity Attack Vectors: Strategically Designing and Implementing Identity Security, 2nd Edition
Автор: Моrеу J. Наbеr, Dаrrаn Rоlls
Издательство: Apress
Год: 2024
Страниц: 301
Язык: английский
Формат: pdf, epub
Размер: 10.1 MB

Today, it’s easier for threat actors to simply log in versus hack in. As cyberattacks continue to increase in volume and sophistication, it’s not a matter of if, but when, your organization will have an incident. Threat actors target accounts, users, and their associated identities―whether human or machine, to initiate or progress their attack. Detecting and defending against these malicious activities should be the basis of all modern cybersecurity initiatives.

This book details the risks associated with poor identity security hygiene, the techniques that external and internal threat actors leverage, and the operational best practices that organizations should adopt to protect against identity theft, account compromises, and to develop an effective identity and access security strategy. As a solution to these challenges, Identity Security has emerged as a cornerstone of modern Identity and Access Management (IAM) initiatives. Managing accounts, credentials, roles, entitlements, certifications, and attestation reporting for all identities is now a security and regulatory compliance requirement.

In this book, you will discover how inadequate identity and privileged access controls can be exploited to compromise accounts and credentials within an organization. You will understand the modern identity threat landscape and learn how role-based identity assignments, entitlements, and auditing strategies can be used to mitigate the threats across an organization’s entire Identity Fabric.

Hacking Techniques: Based on these roles, the following are the most common hacking techniques that can compromise an identity and some of their associated indicators of compromise:

Password Guessing: One of the most popular techniques for password hacking is simply guessing the password. A random guess itself is rarely successful unless it is a common password or based on a dictionary word. Flat out guessing is somewhat of an art, but knowing information about the target identity enhances the process and likelihood of a successful guess by a threat actor. This information can be gathered via social media, direct interaction, deceptive conversation, or even data gleaned and merged or aggregated from prior breaches. The most common variants for passwords that are susceptible to guessing include these common password schemas:

• The word “password” or basic deviations like “passw0rd” not found in typical password dictionaries.
• Derivations of the account owner’s username, including initials. This may also include subtle variations, including numbers and special characters.
• Reformatted or explicit birthdays for the user or their relatives, most commonly, offspring.
• Memorable places or events.
• Relatives’ names and derivations with numbers or special characters when presented together.
• Pets, colors, foods, or other important items to the individual.

Repetitive guessing does not require automation. This method may be more labor-intensive and has mixed success rates. Password guessing attacks also tend to leave evidence in event logs and result in auto-locking of an account after “n” attempts. For a threat actor, getting detailed information of the intended target normally involves advanced surveillance or inside knowledge. For the average person, it may just be a game of trial and error. In addition, if the account holder does not follow best practices and reuses passwords between resources, then the risks of password guessing and lateral movement increase dramatically. Imagine a person that uses only one or two base passwords everywhere for all of their digital presence. Unfortunately, this happens all the time. The best IoC for password guessing is to determine weak passwords within an environment or using a service to determine if credentials are available for sale on the Dark Web and already compromised.

Shoulder Surfing: Shoulder surfing enables a threat actor to gain knowledge of credentials through observation. This includes observing passwords, pins, and swipe patterns as they are being entered. This includes even observing a pen scribbling a password on a sticky note. The concept is simple; a threat actor is watching physically, or with an electronic device like a camera, for passwords and reusing them for a later attack. This is why, when using an ATM, it is always recommended to shield the entry of your PIN on a keypad to avoid a threat actor from shoulder surfing your PIN. Shoulder surfing represents one of oldest identity attack vectors and one of the easiest for anyone to leverage.

Dictionary Attacks: These attacks are automated (unlike password guessing), utilizing a list of passwords against a valid account to hack the password. The list itself is a dictionary of words (no definitions, mind you), and basic password crackers use these lists of common single words like “baseball” to guess a password and hack an account. If the threat actor knows the resource they are trying to compromise, like password length and complexity requirements, the dictionary can be customized to target the resource more efficiently. Therefore, more advanced programs often use a dictionary on top of mixing in numbers or common symbols at the beginning or end of the attempt to mimic a real-world password with complexity requirements.

What You Will Learn:
Understand the concepts behind an identity and how its associated credentials and accounts can be leveraged as an attack vector
Implement an effective identity security strategy to manage identities and accounts based on roles and entitlements, including the most sensitive privileged accounts
Know the role that identity security controls play in the cyber kill chain and how privileges should be managed as a potential weak link
Build upon industry standards and strategies such as Zero Trust to integrate key identity security technologies into a corporate ecosystem
Plan for a successful identity and access security deployment; create an implementation scope and measurable risk reduction; design auditing, discovery, and regulatory reporting; and develop oversight based on real-world strategies to prevent identity attack vectors

Who This Book Is For:
Management and implementers in IT operations, security, and auditing looking to understand and implement an Identity and Access Management (IAM) program and manage privileges in these environments.

Скачать Identity Attack Vectors: Strategically Designing and Implementing Identity Security, 2nd Edition






Выгодные предложения от нашего партнёра ИГ "ЭКСМО-АРТ":

Акция С заботой о здоровье и безопасности




 


BooksKeeper - электронная библиотека, ежедневно пополняемая нашими авторами.
Все материалы, представленные на нашем сайте, Вы сможете скачать по ссылкам различных бесплатных файлообменников совершенно бесплатно!
Инструкции, поясняющие, как надо качать бесплатно с файлообменников смотреть тут
Регистрация на нашем сайте позволит Вам добавлять свои книги, а также комментировать опубликованные книги, общаться с нашими авторами.
Для этого мы рекомендуем Вам зарегистрироваться либо войти на сайт под своим именем.

Информация
Посетители, находящиеся в группе Гости, не могут оставлять комментарии к данной публикации.

HostLife - лучший платный хостинг
HostLife - лучший платный хостинг!
Отличный хостинг по цене от 1.87$/месяц! Рекомендация от сайта Bookskeeper!


Бесплатная электронная библиотека. Скачать книги бесплатно!
Текущий раздел Скачать бесплатно » Книги » Другая компьютерная литература » Identity Attack Vectors: Strategically Designing and Implementing Identity Security, 2nd Edition

Наша электронная библиотека Bookskeeper (для РФ работает через VPN) - это интернет-витрина, где любой посетитель может публиковать электронные варианты книг, журналов, газет, комиксов, в общем, любой литературы со ссылками для медленного, но бесплатного скачивания с файлообменников. В нашем книжном хранилище Вы всегда найдете литературу на любой вкус человека любого возраста - от детских комиксов и расскрасок до серьезной научной литературы.
 
 
Поддержите наш сайт!
Идет сбор донатов на хостинг
для работы нашего сайта.
Сканируйте QR-код
(или нажмите на него)
для Вашей поддержки!
Оплата картой, ЮMoney


Донаты для помощи нашему сайту!

ОГРОМНОЕ СПАСИБО
всем за Ваши донаты!

Наши рекомендации



Book24.ru - книжный интернет магазин



Turbobit - Получите турбо-доступ и скачивайте безлимитно и без рекламы!


HostLife - лучший платный хостинг



 
 

Топ публикаций

 
  • Exotic - № 42024
  • Дилетант №4 (100) 2024
  • Vivere Country №172 2024
  • Последний попаданец. Цикл из 11 книг
  • Книга пяти колец. Цикл из 6 книг
  • Наши автобусы. Спецвыпуск №11 2024
  • Десять Принцев Российской Империи. Цикл из 6 книг
  • Земляной А. - Страж. Цикл из 3 книг
  • Selber Machen №6 2023
  • Чайка Д. - Третий Рим. Цикл из 10 книг
  • Контуженный. Цикл из 6 книг
  • Барьер Ориона. Цикл из 2 книг
  • СССР 2010. Цикл из 6 книг
  • Риддер А. - Техномаг. Цикл из 3 книг
  • Провинциал. Цикл из 4 книг
  • Игра Хаоса. Цикл из 14 книг
  • Дворянская кровь. Цикл из 3 книг
  • Машины и Механизмы №4 2024
  • Кровь Василиска. Цикл из 2 книг
  • Жандарм. Цикл из 5 книг
  • Легендарные грузовики СССР №93 ЯАЗ-210Е (2024)
  • Глас Плеяды. Цикл из 4 книг
  • "Приусадебное хозяйство" № 4 2024 с приложениями
  • Зарубежное Военное Обозрение №4 2024
  • Selber Machen - Mai 2024
  • Идеальный мир для Лекаря. Цикл из 15 книг
  • Вик Разрушитель. Цикл из 6 книг
  • Собеседник №15 2024
  • Verena Модное вязание №1 2024
  • Красивые квартиры 100 дизайнов 2023/2024
  •