Defensive Security Handbook
The Defensive Security Handbook is written as a survey of the practices that blue team defenders should understand. It covers a lot of ground, touching on topics that range from vulnerability scanning, to disaster recovery, to compliance standards and frameworks, to essential Microsoft Windows and Unix administration.
The book opens with a chapter on creating a new security program at your company, explaining how to begin to analyze the company’s risks and where to begin with prioritizing and mitigating the risks. After framing the work that a security team does, it moves into chapters touching on various technologies and activities that a good security team should understand. I found the chapters were great to dip into when I wanted to reference a topic, and so I treated the Handbook a little more like I do the Python Cookbook than a book that I would sit down and read cover to cover in order.
The chapters covering various technologies were clearly written and worked well to orient the reader on a topic. I wish it had gone into a little more technical detail in places, but depth and dense dives on each topic would have turned the book into a doorstop, so you should think of this as more of a survey-and-orientation for further research. As an example, I have a *nix background, so my Microsoft Windows knowledge can be kind of spotty. The chapter on Microsoft Windows Infrastructure was one of the first ones that I turned to after reading the introduction and first chapter of the book. We start off with “quick wins,” which are “standard no-brainer” best practices for defenders tasked with managing a Windows environment. Upgrading; applying third party patches, and managing open shares are all covered. The book next spends several pages talking through Active Directory: how do domain controllers work? how should the accounts be set up and handled in organizations with huge user bases?
After the Windows chapter, I read the password management and multi-factor authentication chapter, as I’ve been on the lookout for good documentation about best practices for some of the user trainings we do in DC Legal Hackers. The Handbook explains encryption, salting, and how to set password policies for your users, as well as surveying various multi-factor authentication schemes. This chapter gives the reader a good summary of the basics for managing passwords, focused on giving a security engineer some pointers to the tools that they will need to use to administer password and authentication policies in their enterprise.
I’ve found this a really handy book to have nearby to read over when I need to reference something I’m not as familiar with, like Active Directory, and then turning to google to read up further if I need more details on something. The breadth of knowledge packed into this book is really impressive, and it contains solid suggestions to ensure that your baseline security program is comprehensive. I think it’s a great desk reference for people working on compliance audits, setting up security programs as small or mid-sized businesses, or for new security engineers joining a larger enterprise team.
