Mcsa Ebook

[Giorgio Aguilar]

The emphasis for Microsoft prePress titles is early availability of high-quality beta chapters," says associate publisher Steve Weiss, "and giving the customer the opportunity to access valuable learning resources sooner rather than later. No need to wait until the print book is out; here it is in early-chapter form now, and you also get the completed, beautifully laid-out ebook when it's done."

With Microsoft prePress, readers can access just-written content from upcoming books. The chapters come straight from respected Microsoft Press authors, pass through a technical review and basic copy editing, and are then made available online. By ordering a Microsoft prePress version of a book, customers will be among the first to have access to the latest information on Microsoft topics.

The result will mean a significant advantage for consumers, whether they are information workers, IT-professionals, or developers. "Microsoft prePress works as a shortcut to mastering the new technologies you need to learn," adds Weiss, "in some cases, many months ahead of what was traditionally possible."

A cyber kill chain is a general approach toward breaking a cybersecurity attack down into stages. The term appears to have been first used by Jeffrey Carr in Russia/Georgia Cyber War: Findings and Analysis (2008). However, since then, it has been a registered trademark of Lockheed Martin, which developed it into a seven-stage framework as part of its Intelligence Driven Defense methodology.

Indeed, this is what reconnaissance is all about for attackers: knowing you. Attackers might begin with general scans of potential targets using internet-opened ports, or they might begin their observations about you, the victim, in a targeted fashion; particularly if you are a high-risk organization and/or in a high-risk industry.

In this phase of the cyber kill chain, attackers gather public data passively or actively (by touching your environment). To do so, they will employ open source intelligence (OSINT) tools such as Shodan, which is a search engine used to find internet-connected resources. The types of data an attacker looks for during reconnaissance include the following:

The final stage sees our adversary use all the advantages and access they have hitherto accumulated for the execution of their objectives. They are in a position to accomplish their goals, whatever they are, that is, espionage, data exfiltration, ransomware execution, supply chain infiltration, and more:

MITRE ATT&CK dives far deeper into technical techniques than the cyber kill chain. If we consider the cyber kill chain a decentralized, high-level approach to tackling cybersecurity, we can consider ATT&CK a centralized, low-level knowledge base (KB) of attacker methodology. Starting in 2013, MITRE made this KB universally available, at no cost, at attack.mitre.org. This online resource provides hundreds of referenced examples of techniques and groups using them.

In the concluding section of this first chapter, I want to tackle the elephant in the room and a question I help my customers with constantly: can Microsoft be taken seriously as a cybersecurity company?

One of the ways Microsoft improves its security offerings is by acquiring promising companies that can integrate with Microsoft platforms such as Azure and Microsoft 365. This is how we start to see the origins of Microsoft 365 Defender.

Microsoft does have some reputational problems to overcome as a business that takes security seriously. Earlier versions of Windows, which really had no significant security measures, tarnished the image of the OS and, therefore, business. The perception became that only third-party vendors could be trusted with securing Microsoft environments.

However, times have changed, and not just recently. Each iteration of Windows sees significant security improvements. For example, Windows Vista introduced User Account Control (UAC) to remove a convention of elevated rights for standard user activities. In the server world, Windows Server 2016 introduced Windows Defender built-in, and services such as (Remote) Credential Guard and Device Guard to protect against identity and untrusted code attacks.

It is impossible to avoid the term Zero Trust when discussing Microsoft security solutions. Although not an original creation of Microsoft, the model is at the front and center of its marketing and technical messaging. Unfortunately, as with many well-intentioned security principles, you will see Zero Trust being misunderstood or, at worst, hijacked. In this section, the buzz will be separated from the reality, so you will be able to understand exactly how Zero Trust should be approached and used to secure your environment.

The term was first coined by John Kindervag (Forrester, 2010) from an idea that can be traced back to the 2004 Jericho Forum, which looked at the issue of the perimeter as security becoming insufficient. By this, we mean that you cannot simply approach the idea of a castle and moat (network and firewall) and believe everything within the boundaries of the moat (firewall) is trusted or safe. Instead, we need to go as far down the layers as possible, analyzing as many signals as possible, at as lowest level as possible, before any trust can be applied.

The increase in big data, cloud services, and processing power makes Zero Trust possible. You need a well-resourced system capable of analyzing vast signal data and applying machine learning (ML) to create context and, therefore, identify threats and risks.

Additionally, you cannot implement security software that contributes to Zero Trust and label the tool itself Zero Trust. Microsoft Defender for Endpoint, Azure AD Conditional Access, and other Microsoft security services are not Zero Trust, but their combined and well-architected implementation will put you on the path to Zero Trust.

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

3a8082e126