PN yt alee Ethical Hacking Essential Concepts - IIEhleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 ee | Module Objectives CEH a | (Overview of informationSecurity Canteols . | undertnsngietneSegentionnd etn Seite ee | undesansngt Manager Snes Cont and ser RecneryConet | Understanding CyberThreatintaligence snd Threat Modeling Understanding Penetration Teng areas | Uneasy petonandFonncinesion | desandngotuaeDeveapmeecry onset Management Information Security Controls ‘Appendix ® Pape 3323 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures tle Making Essential Concepts 1 vam 222.50 Certiie Ethical Hacker Information Security Management Program c/EH Information Security ‘Management Framework, ‘Acomblaation of well-defined polices, processes, procedures, standards, and guidelines to establish the required levelof information security |@ Programs that are designed to enable a business to operate in a state of reduced risk |G Encompasses ll organizational and operational processes, and participants relevant to information security ‘an organization’ information systems 1) seantyeis Enterprise Information Security Architecture (ISA) _¢|EH {© ESAIsa set of requirements, processes, principles, ond models that determinesthe structure and behavior of Helps to monitor and detect network behaviors inresl time, acting pan internal and enters 12 slosan organization detect and recover from security breather Helpsto prorszs the resourcesof an crganzation and monitor various threats Goals 2 rrr serrate estes see ‘recovery event correlation and cher scurty prosors B))epsto anaes he procedure nero: the department function propery and ientiy atts 1G _Hepstopertonm isk assessment of an organzationIF assets withthe cooperationot staf ‘Appendix ® Pape 3326 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker Ethie Making Essential Concepts 1 Information Security Controls cleH Administrative D> | Pres secrty D> | Renae trols Security Controls Administrative Security Controls [© Administrative Security Controls are the administrative access controls implemented by the management to ‘ensure the safety of the organization Examples of Administrative Security Controls | @ Resvatory Framework Compliance | © lormation castcation | © information Security Policy | @ separation oF Duties | © Employee Monitoring and Supervising | @ Princisleof Lest Privileges ‘Appendix Pape 3325 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Regulatory Frameworks Compliance c/EH “© Complying with regulatory frameworks is a collaborative effort between governments and private bodies to ‘encourage voluntary improvements to cybersecurity Role of regulatory frameworks compliance in an organization's administrative security ego PO — a =o Sa a S Patina iain fed Information Security Policies |@ Security policies are the foundation of security infrastructure [© Information security policy defines the basic security requirements and rules tobe implemented in order to protect {and secure an organization’ information systems Goals of Security Policies © Meine mtr managment ‘east of pete secuy — mm | fermentation | [eo sapsstenenicmmton | | @ syne se oom Je msrnmerreene | | murmmrmeporaes as ; |e mzexemmuremmrn Notes: _ ‘Appendix Pape 3326 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Types of Security Policies c/EH | women wget opmreouce {© Policy bogins wide open and only known dangerous services, attacks, and Permissive | behaviors are blocked | \@ Policy should be updated regularly tobe effective [© provides maximum security while allowing know but necessary dangers © ttblocks al services and only safe or necessary services are individually enabled; longed | everything | Internet connection amet | tor maging Tre eter sry incr goo | Examples of Security Policies ————ee—_aeaeaoeeoo “Access-control Policy ‘User-account Policy Ctins he esos big tected he es th cont acess Defines te mer acre procs. ec uy a omen ohne essences Remote-access Policy Information: protection Policy ce eee eee bunt settled formation who ay have ais Seine won enh rete Tortie orem dt mtn ad Firewallmanagement Policy @ Speciabaccess Policy aes aces, manager, sd mang of ‘ats he tems canons ong pel ‘Network connection Policy Email-security Policy ‘aft wn cn nal nr emcee ‘rete to gover th proper ine of crore mat fuetatonotnen doves amar ae charg one = \ <= Prove gusta: fo sing sony passrd poten fx he beroncons came Dns he een ele system sores 1 —_—_ ‘Appendix ® Pape 3327 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 1 Privacy Policies at the Workplace CEH 1@ «Employers withave acess to employes’ personal information that may be confidential and that they wish to seep priate ‘Basic Rales for Privacy Policies at the Workplace ape wees eee a colec viyandwnacyeu wi Go wae complete and upto ate | inte clacton of formation and cole trond employes th ace tothe personal ‘how for and ef means inrmaton Inlormerplyees bout potenti eet, ep employes pertonal norman sce i ee a eae I Steps to Create and Implement Security Policies Performa riskassessmentto Learn rom stondard guidelines Include senior management sdentifyrisisto the andather organizations andallotherstatfin policy organization’sassets development Setclear penalties and enforce ‘Make thefinal version Ensureevery member your them avalableto allstaffinthe staff reads, signs, and ‘organization | ‘understands thepolicy Deploytoolsto enforce policies ‘Tainemployeesandedueate Reguariyreview and update themaboutthe policy the policy ‘he secur soley developmen team inn eanasion sencray conta irene Tee Senne! Wet, eh somes Lge Cun, rs Ress, Aut ad Camco lm, aa Ut cape Notes: _ ‘Appendix Pape 3328 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker Ethie Making Essential Concepts 1 HR or Legal Implications of Security Policy Enforcement cE H HR Implications of Legal Implications of Security Policy Enforcement Security Policy Enforcement 1B The HA department is responsible for |& Enterprise information policies should ‘making employees aware of security bbe developed in consultation with poliies and training them in the best Joga experts and must comply with practices defined inthe policy relevant loca laws |e The HAdepartment works with |© Enforcement ofa security policy that management to monitor policy may violate users’ rights in implementation and address any policy contravention to local laws may result Violation issues In lawsuts against the organization Security Awareness and Training (@ Employer sone ofthe primary ate of anorganeton (© catrent methods ous emplayes are: andcan be pat ofthe oresnatonsatacksurace (© Organisation aes to rode oral curt auarenes tmmineother employees when ring ncpenod cay thereafersothacther cassom steaming loninetnine 1 Knowhow to defend hemeeies and the eatin pound tabi dicumions earstovess Fellow sunt polices nd procedures for woeking tail ppaelnead vaihinlormatonceomaogy() Know whom tocontacif they cover a seeunty est ‘sre ableton tbe nature of database on data Chesheston ont seminars occtthe pyseatand infomation assets ofthe ‘wesnation creer fey wat comply with certain rgaltry ‘romewors, ofanaatonsshous rouse secu sarees ating to employes 1 ee reguatxy ‘Appendix ® Pape 3329 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures tle Making Essential Concepts 1 vam 222.50 Certiie Ethical Hacker Security Awareness and Training: Security Policy c/EH (© Security Policy Tesining teaches employees how to perform their duis and to comply with security Policy (© Organizations should train new employees before ranting them access to the network or only Provide limited access unt thelr training is oy Ravantages: © Effective implementation of securty policy © Creates awareness of compliance issues (© Helps an organization enhance their network searity Employee Awareness and Training: Physical Security |G Proper training should be elven to educate employees on physicalsecurity | Walning increases knowledge and awareness of physical security @ aon ce: 7 © How ro minimize breaches © How to identify the elements that are more prone to haraware theft © How to assess the risks when handling sensitive data © How to ensure physical security at the workplace ‘Appendix ® Pape 3330 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Employee Awareness and Training: Social Engineering _¢|EH | = serene psy ter ahve Impersonation {© Not providing any confidential information © Not throwing sensitive documents inthe thrash Dumpster Diving © Shredding document before throwing out Erasing magnetic data before throwing out Differentiating between legitimate emails anda Phishing or Malicious targeted phishing ema ‘tachments [Not downloading malicious attachments ‘Attack Technique yee or Help Desk on ‘How to dats and mark document based dastietion = eee [eves andtep sensttve documentin a secure place ‘Typical Information classification levels: | Secuty labels reused to mark the security evel fe Topsecret (ts) ‘ramets iterator aun ananeo ‘sae (© Organisations use security label to manage accent — ‘Saeance to th infortion ests © ofFeat © uncsiied a © cemance vg ( Compartmenediohomation ‘Appendix Pape 3331 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures tle Making Essential Concepts 1 vam 222.50 Certiie Ethical Hacker (POLP) Separation of Duties (SoD) and Principle of Least Privileges CEH Separation of Duties (0D) (© Conflicting responsibilities create unwanted risks suchas security breaches, information theft, and reumvention of security controls |G A successful security reach sometimes requires the collusion of two or more parties. In such cases, separation of duties woks well to reduce the likelihood of erime “© Regulations such as GOPR insiston paying attention to the roles and duties of your secu team Principle of Least Privileges (POLP) |© Believes in providing employees withthe ‘minimum necessary access they need ,no mere, no less (© Helps te organization protect agains rom ‘malicious behavior, and achieve better system Stablity and system security Information Security Controls Administrative Security Controls. Technical Security Controls ‘Appendix ® Pape 3332 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Physical Security Controls ia ra] = |G. Asetof security measures taken to prevent unauthorized access to physical devices Bxamples of Physical Access Controls ade systems Security guards Mantrap doors [aim |e) 216 Biomevicsystems Uahting me | Physical Security (© Physical secuty is the frst layer of protection in any organization xb {© involves the protection of organizational assets from environmental and man-made threats Why Physical Secusity? (© Toprevent any unauthorized access to the systems resources Physical Security Throats “© Environmental threats © loads sndenrthqunkes © Toprevent the tampering r stealing of data os {rom the computer systems © To safeguard agzinst espionage, sabotage, damage, and theft © Toprotect personnel and prevent socal engineering attacks umpsterdinganctnett F if i > © exaleson ° ‘Appendix Pape 3333 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker Ethie Making Essential Concepts 1 Types of Physical Security Controls CEH meen | osetia rin Controis | w examples nce dor ack secur guid and other esses o "© tet sect voto and record ay intone peti | cane met noo a rn eae methods | Usedte scourge atacters arson warning messagesto he aacesto dscouragemeusoN ‘Controls vee (© exactions ype warming sant Tssgey | f eatmtemseem naam ntensin tne mine Controls | w examples inch daster recover busines cont lr, chip systems andthe processes Compensating | © Usedasan atersatvecorotwhen the intended conta iedorcamot be wsed saa | |@ examples include hot sites, backup power systems, and other means Physical Security Controls [nd oor k's eaocs and oe methods Lockupimpatat fle and dacinents Leckequpmertwhen rot inuse Locke sstemsiwhon nt nus, disable or 2k having em ovabie maa an OVOROM ces, CCTV ‘cameras and worstatonloyut den Locksaxmacnines wen not nus. he reed foes propety sale madens auto arcwer mode, not place eovabiereda In publ paces aed physealy dest corrupted reronable media ‘Separcte wor srs, mpleant bomatre acess onl [ingeratng, oral sesnrng. sarang ven Structure eeagation fia ecopitin vole costo, ene man taps acl lgmin proces, Ident icationbadees another means ‘point person ooo ater cmputerequementmaimersrce ovina nest a wes canyng dt, tee he wires ug eld abe, and never ene ay wie eomed umidy and at contioning UAC, Fie suppression EM shiing and ho are col ase ‘Appendix ® Pape 3336 ‘Ethical Hacking and Countermensures Copyright © by EC-Coumell "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 ia Information Security Controls ra] = Technical Security Controls (© Asef seaiy meres aan ort data dst om nutri prone | ‘Examples of Technical Security Controls ccs ons Autoren Secu Protea 1 2 3 4 \5 6 Auten ‘seine Neer Securty Desces Notes: _ ‘Appendix Pape 3335 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 ia Access Control ra] = |@ Access controlisthe selective restrietion of acces toa place or other system or networkresource (© Protects information assets by determining who can and cannot access them (© tnvolvesuser identification, authentication authorization andaccountality Access Control Terminology Rofrstoa patel user or procs tech wont access the resource elerstoa spect resource tat te toons acoie ech ne sryhardware deve Subject oject aterence checks the acces conto fr Moston speaheresncons Operation Represents the action taken bythe subject onthe objet Types of Access Control Discretionary Mandatory Access Rolebared Recess Control DBC) ‘Control (MAC) ‘Recess 1 Permitsthe user who's 1 oes not permite end (© Ueerscanbe assigned aca pone accesto User to dee who can Systems les ad els on 2 Fromaton tei hw sccessthe Infomation re by one ban whereby to prteet he nermation reece grmed tothe ses for ‘and determine the desired a cneudeger nnieetaar ‘a particular file or system 7 pass veges onto other tevslof shoring terse sytem acees could {con simpitythe assignment of Accesso fess rested SSS pvepestnd ensure at to ues and groups based Inhls ave al vpon the ent and the pregesnecesory te perform (Poupstounicn ine users, ferautes fone ‘Appendix ® Pape 3336 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker Ethie Making Essential Concepts 1 Identity and Access Management (IAM) ¢ \EH (© danse ane acess Management (404s 2 frameworktnatconsstsof Softvareprocucsto manage ser gta! tents anc neces te resources ofan reenaaten ensures that te gh users conto acess tote right Infomation othe ht me” The eres provide aM recanted into fourdiinet Component © User Marae ‘Amethodto ensurethatan individual holds valididentiy (Eg. username, account number, Mentification | 4 otheridentivingdata) Authentication | Involesvaldotingthedentty ofan indiviaual Eg. p2s5WorePIN,or other method) butcannotoverwmteor delete) ‘Amethodo keeping track user actions onthe network Itkeeps trackofthe whe when, voealign usc mn bg een | | ecounting howof user acess to the network it helpstoidentfyauthoriaed anc unauthorized actions | ‘Appendix Pape 3337 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Types of Authentication: Password Authentication ia ra] = Password Authentication uses a combination of ‘sername and passwordto authenticate network ‘The passwords checked against database and allows access ft matches Password authentication can be vulnerable to password cracking attacks such as brute force ‘or dictionary attacks ‘wo-factorauthentcation involves using two diferent authentication factors ut of» posibletvee (a knowledge actor a possession factor and an inherence factor)to vey the identity of an individualin order to cenhancesecurtyin authentication systems Combinations of two-factor authentication: password and smartcard token, password and biometics, passwordand OTP, smarteardor token anabiometries or other combinations tobe the hardestto forge or spot ‘The most widely used physiealor behavioral characteristics to establish or verifyan identity include fingerprints palmpattem,voiceor face pattern, ns features, keyboard dynamic, andsignaturedynamics, amongothers internet net aunente) ste es compan eltveaarmemtonsi conse | ‘Appendix ® Pape 3338 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Types of Authentication: Biometrics ia ra] = |© Blometricsrefersto the kentiiation of indlviduals based on their physicacharactersties ‘Biometric Identification Techniques Fingerprinting ‘Retinal Seanning ie Seanning © Ridges an furroson the (Anais the tye ood © Analyzes the colored partot surface ofthe Fingertip wich vessesat te Bac of her ees there reinduisayongue ‘Vein Structure Recognition Face Recognition, Vote Recognition 1 Anaiyzes ne tines and 1 Analzesthe pattem o fac © Aralyzesanindiduals vocal lection of vine fetures pare Types of Authentication: Smart Card Authentication (© Asmartcardis 2 small computer chip device that holds the personal information required to ‘authenticate the user (© Users must insert their Smartcard into readers and their Personal Identification Number (P19) 0 complete authentication (© Smartcard Authentication is cyptography-based authentication methed that provides stronger secunty than password authentication ‘Appendix Pape 3339 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Types of Authentication: Single Sign-on (SSO) c/EH (© $50 allows 2 user to authenticate themselves to multiple servers on a network with single password without re-entering it every time Advantages: © Uses donot need to remember pasworsformulipi aplcationsor system 1 Reduces the Hine needed for entering unename and pasar © Resuces the networktralicto the centralized server (© Users ony ned a enter credentials once formutipe applications anon G Types of Authorization | Authorization involves controlling an individual's access of information (Eg, the user can read the file but not ‘overwrite oF delete it) “Types of Authorization Systems ‘Centralized Authorization Iemplicit Authorization Authors fornetwork access is done through 2 1 Users can aces the requested resource on behalf of ‘Sng cenralzed muthorzaion unit other © Maintains single detabaeforautharisingall he 1 The access equest goes through primar exoure to networeresoureesor apnseatons access the requested resource Decentralized Authorization Explicit Authorization 1 Excnnetwork resource mints ts authoraation unit © Unite Impliot Autoraaton @trequites separate andlecaly performsautrorzaton ‘authorization foresehrequesedesouree | Maintains ts own database or athoneaton © Expt maintains authorzasontor each requested object ‘Appendix ® Pape 3340 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Accounting ¢ EH 1 Accountingis2 method of keeping tack of user actions onthe network It keeps track ofthe who, when, andhowof user acces to thenetwork ‘© ithelpsinidentfving2uthorzed andunauthoried actions ‘= Theaccount ata canbe used fr trend analysis dota breach detection, forensics investigations, ansother purposes ‘accountability Authentication Network Segmentation ‘Appendix ® Pape 3341 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures tle Making Essential Concepts 1 vam 222.50 Certiie Ethical Hacker Network Segmentation (a Neer Seamenton ste aie ot alitings recat smter etwas choad wera) se pe! are ‘erwort fan ect cn marae fo perete trour seer (a inacagnomad etry, grote otaytansarappistons at havens ‘tector wih cach oer wl be pced aire mtr segment (9 nue ce, tan aac mange parte ptt eye anna cei eon a om te Seren 1a Sear be oto epetaton Network Security Zoning |e Network security zoning mechanism allows an Internet Zone ‘organization to manage & secure network environment by electing the appropriate ‘security levels for diferent —— zones of Internet and Intranet networks Production |G Ithelps in effecvely ‘Network Zone monitoring and controling Inbound and outbound traffic Intranet Zone ze PS [Network Zone Examples of Network Security Zones ‘© Anunconteolled zone outside the boundaries of an organization ‘© Acontrolied zone that provides a barier between Internal netwocks andthe internet (© A restricted zone tat strictly controls dict access from Uncontrolled networks ‘© Acontrolied zone with no heavy restrictions (© Asecured zone with strict poles ‘Appendix ® Pape 3342 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Network Segmentation Example: Demilitarized Zone (DMZ) ¢ | EH (© Acomputer subnetwork is placed between the organizations private network such as @ LAN, and an outside public network suchas the Intemet, and acts as an addtional security layer (© Contains the servers that need to be accessed from an outside network (© DME configurations Secure Network Administration Principles:Network clEH Virtualization (NV) {© Network virualzation isthe process of combining all the available network resources and allowing network administrators to share ‘these resources amongst the network users sing single administstive nit ‘Thisisdone by spliting up the available bbandwactn into independent channels, which canbe assigned or reassignedto a particular server or device in real time ‘This allows each network users to access all of the avilable network resources (files, folders, ‘computer, printers, hard drives, or other resources) from their computer ‘Appendix Pape 3343 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Secure Network Administration Principles: Virtual Networks \EH Virtual networks are the end product of network vitualzation |G Virwal network software s used for virtual networking. This softwares ether placed outside a vital server (external or inside a virtual server, depending on the size and type of the vtualization platform Secure Network Administration Principles: VLANs (© ViAns (virtual Local Area Networks) ar logieal groupings of workstations, servers, and network devices that behave asf they are ona single, isolated LAN regarcessf the location |G The purpose ofa VAN isto create a simple network with improved security and better traffic management BD vowans Bh vcs a ret Ane Bios as0smieh ‘Appendix ® Pape 3344 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures tle Making Essential Concepts 1 vam 222.50 Certiie Ethical Hacker Network Security Solutions Security Incident and Event Management (SIEM) clEH {© SIEM performs real-time $0¢ (Security Operations Center functions like identifying, monitoring, recording, auiting, and analyzing security incidents |@ Mtprovides security by tracking suspicious end-user behavior activities within a real-time T environment © teprovides security management services combining Security Information Management (Si), 216 Security Event Management (SEM) (© SIM supports permanent storage, analysis and reporting of og data © SEM deals with real-time monitoring, correlation ‘of events, notifications, and console views (© SIEM protectsan organizations assets fom data breaches dust internal and excemalthreats ‘SIEM Functions Log Collection Log analysis Event Coreelation Log Forensies IT Compliance and Reporting ‘Application Log Monitoring ‘Object Access Auciting Data ageregation ResLtime Alerting User Actaty Monitoring Dashboards Fle tegrityMonitonng, ‘5ystemand Device Log Monitoring Log Retention ‘Appendix ® Pape 3345 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 SIEM Architecture ¢ EH User Behavior Analytics (UBA) |@ UBAis the process of tracking user behavior to detect malicious attacks, potential threats, and financial fraud (© teprovides advanced threat detection in an organizationto monitor spect behavioral characteristics of ‘employees |@ UBA technologies are designed to identify variations in traffic patterns caused by user behaviors which can be ‘either disgruntled employees or malicious attackers ‘Why User Behavior Bnalytics is Effective? [analyzes different pattems of human behavior and large volumes of user data Monitors geolocation for each login attempt Detects alos behavor and reduces sk g Monitors pnleged account and gives realtime alert for suspicous behavior Provides insights to security teams Produces results soon after deployment ‘Appendix ® Pape 3346 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Unified Threat Management (UTM) ia ra] = (© UTM network security management solution that allows aéministrator to monitor and manage the ‘organizations network security through a centralized management console |@ tepcovides firewall intrusion detection, antimalware, spam fier load balancing, content fitering, data oss prevention, and VPN capabilities using a single UTM appliance a oe enccemmemy | 0 surmimauns oe ee (© EasyMaragement Load Balancer [© Aad balancer isa device responsible to distribute networktraffle across. a number of serves ina dstributed system © Iteancontrolthe number of requests and protect rate-based attacs like deniakot-service (Oe) or distributed: deniabof-service[DD0S) ‘Appendix Pape 3347 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Network Access Control (NAC) c/EH (© Network Access Control, also known as Network Admission Control (NAC), are appliances or solutions that attempt to protect the network by restitng the connection of an end user to the network based upon a securty policy (© Te pre-installed software agent may inspect several items betore admiting the device and may restrict where the device is connected ‘What NEC does? (© Authenticate users connected to network resources © Identity devices, platforms, and operating systems 1 Define aconnection point for network devices [© Develop and apply security policies Virtual Private Network (VPN) CEH |@ VPNs are use to securely communicate with different comouters ove insecure channels (© AVPN use the internet and ensures secure communication to distant offices Cor users within the enterprise's network ‘Appendix ® Pape 3348 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 How VPN Works © Aciient wing to connect toa company's ‘network intally connects tothe internet (© The dientinitiaes a VPN connection wth the company’s server 1© Before establishing 3 connection, Endpoints ‘must be authenticated through passwords, biometrics, personal data or any combination ofthese ‘Once the connection is established the cient can securely aceess the company's network VPN Components YEN components a vv cient {© Tune! eminsting Device or VP server (© Networkaccesssener (NAS) VPN protco ‘Appendix ® Pape 3349 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 ia ra] = VPN Concentrators |G AVPN Concentrator Is 2 network devce used to create secure VPN connections |G tacts asa VPN router which is generally used to createa remote access or site-to-site VPN (© tuses tunneling protocols to negotiate security parameters, create and manage tunnels, encapsulate, transmit, lor receive packets through the tunnel, and de-encapsulate them Functions of a VPN Concentrator | AVPN Concentrator functionsas a bi-directional tunnel endpoint ‘The VPN Concontrater functions are: |B eet en | EE menses | | Eh stone | | BE eerste | sa tunnel endpoint or router | Be) ress teoun and toad taro ‘Appendix ® Pape 3350 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction I Src Pr robesEhleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 ia Secure Router Configuration ra] = |G Routers are the main gateway tothe network and not designed tobe security devices “© Routers are vulnerable to diferent attacks from inside and outside ofthe network {© Anadministator needs to configure a router securely; a misconfigured router isa target for mounting attacks Hardening » Router will enable the Admins to prevent atfackers from: Gaining information about the network Disabling routers and the disrupting the nexwork ) Reconfiguring routers Using routers to perform intemal attacks Using routers to perform extemal atacks Rerouting network trafic Router Security Measures [Eb nro | BP sam emennyncts |e ermronteeor | LD vsoma senses | [Nm nzeeenze ores eto: 3rd protocols \q nude passed oneyption sooreses \a Iaplment ores reniction on contole | \a Enables \a Diabla unnacstarysorcas | iL: seNP i setthe router's ime of dy acuratey ropvanteneacnsevecschsons | [Ef GOR rer rset ‘Appendix Pape 3351 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Design, Implement, and Enforce Router Security Policy ce H Reuter Security Policy Should consist of: © Password Pley © Redundoncy Poy ‘© Auhenition Policy {Documentation Policy 0 tacts cco © trical Access Policy © Fitering Policy © Mantring Poticy © backup Foley © UpsatePoicy Data Leakage ‘Appendix Pape 3352 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fs StrictEhleal Hacking and Countermeasures tle Making Essential Concepts 1 vam 222.50 Certiie Ethical Hacker Data Leakage (© Data leakage retersto unauthoriaed access or ‘Aisclosure of sensitive or confidential data Data leakage mayhappen ‘dlectronically trough an ‘email or malicious ink or ‘a some physical method such as device thelt or hacker break-ins Heavyfines Unfavorablecompetitor advantage Insolvency riquidstion Decline nsharevalue os of brand name Loss of eputation os of customer loyalty Potentialitigations Reduction ofsalesand revenue Unfavorablemedia attention ‘Major Risks to Organizations Loss ofnewandexitingcustomers Monetaryloss Prone cyber criminalattacks Loss of productivity Disclosure of trade secrets Preselease of atesttechnology developedby company oss of proprietaryand.ustomer Information Readyto release projects pet pirated Data Leakage Threats CEH Insider Threats {© Disgrunted or negligent employees may knowingly fr unkmowingly leak sensitive cata tothe outside worl, incurring huge nancial losses and business Interruptions (© Employoes may use various techniques such as eavesdropping, shoulder surfing, or dumpster Giving, to gbin unauthoried access to information In Violation of corporate polices ‘Reasons for Insider Threats ‘© inagequatesceurtyawarenes and traning |© Laccof proper managementconiros for montring employe activities (© Use of aninsecure mode of data transers ‘attacker take advantage of insiders wulnerbities to perform various attacks by stealing the ‘credentials of a legtimate employee This gives the stacker unlimited acess tothe target network Examples of External Throats Hacking or Code njecton tacks Corporate espionage or compestors ‘Appendix Pape 3353 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 ia What is Data Loss Prevention (DLP)? ra] = DLP isthe identification and monitoring of sensitive data to ensure thet end users do not send sensitive information outside the corporate network Data Backup ‘Appendix ® Pape 3354 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Data Backup CEH Backup Strategy or Plan (© Data is the heart of any organization; data loss can be costly asit ‘mayhave financial impact to any organization © Identity eritcal business data © Select backup media © Select backup technology |© Backup Is the process of making a dupleate copy of critical data © Select appropriate RAID levels that can be used for restore and recovery purposes when the primary copy is lost or corrupted either accidentally or on purpose || © Select an appropriate backup methog ‘Choose the backup location ® {© Data backup plays crucial rolein maintaining business continuity || Steet Ee backup types ° ‘by helping organizations recover from iT dsasters such as ‘Choose the right backup solution hardware fallures, application fallures, securty breaches, Auman error, 2nd deliberate sabotage © Conduct a recovery dil test RAID (Redundant Array Of Independent Disks) Technology € \EH |@ RaIDis amethod of combining multiple hard erves Into a single nit and writing data across several disk ves ‘that offers fault tolerance if one drive fas, the system can continue operations) (©. Ptacing data on RAID sks enables input/output (/0 operations to overlap ina balanced way, improving sytem performance, simplifying the storage management, and protecting from data loss |@ RAD represents 2 portion of computer storage that can divide and replicate data among several drives working _assecondary storage [© RAD has sixlevls: AID 0, RAID 2, RAID 3, RAID, RAID 10, and RAID 50, to function effectively. Al the RAID levels depend onthe below storage techniques: © Striping © Mircoring © arity ‘Appendix Pape 3355 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 ia Advantages and Disadvantages of RAID Systems ra] = ‘Advantages © Dos hot saping or hot plagaing Le. sem component placement caea cea) wut atlcting network fontonalty © RAD supports ds spine. resting nan improvement of eat pefooance asthe s}stem compete umes thepoeeor sped a © cried RAD pay ec prove ysemcrish or cata loss © erase sataredundancy haps etre dtain the event of areal © RaDinceae: gatemuptine Disadvantages © 0's notcompetble wit some hardware components andsoftware systems 2g. system maging programs 1 up aa est fimportant res al ove ater another eg, nthe case of RAD, a ive tat elusive fo pay cannct (RP cannot pote data and fle paformance boss forall apications| © configuration eat RAID Level 0: Disk Striping tou a sai eis mb be rs S cocenrapeanerentn “y :Sketiminas J Sp errenrinad 3 3 ; ; ‘Appendix Pape 3356 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 ia RAID Level 1: Disk Mirroring ra] = er a eT rows ra rehar ene ame Toten meee Eee] vcnrsannone re coee RAID Level 3: Disk Striping with Parity (© Dates striped at the byte level across multiple dives. One drive per set is taken up for parity information © fadeve fails, data recovery and error correction are possible using the parity drive in the set sr (© The party drive stores the information on multiple drives Beoes Notes: _ ‘Appendix Pape 3357 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 RAID Level 5: Block Interleaved Distributed Parity c/EH |G The aataisstriped atthe byte level across multiple crives and the parity informations cstibuted among all the member drives |G The data waiting process is slow |G This love requires a minimum of three drives ” = @ ™ seas RAID Level 10: Blocks Striped and Mirrored CEH {@ RAD 10%s a combination of RAID 9 (Striping Volume Data) and RAID 1 (Disk Mirroring) and requires atleast four Crives to implement © Ithas the same fault tolerance as RAID level 1 and the same overhead for mirroring as Raid O (© stripes the data across mirrored pars. The mirroring provides redundancy and improved performance, The data striping provides maximum performance Notes: _ ‘Appendix ® Pape 3358 ‘Ethical Hacking and Countermessures Copyright © by EC Coun "Al RightsReserved. Reproduction I Stic robietesEhleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 RAID Level 80: Mirroring and Striping Across Multiple RAID Levels ia ra] = RAID SOs a combination of RAID O striping and the cistributed parity of RAID S tis more fault tolerant than RAID S but uses twice the parity overhead A minimum of 6 drives are required for setup. Adve from each segment can fall and the array wil recover If ‘ore than one drive fails ina segment, the array wil stp functioning “This RAD level offers greater reads and wltes compared to RAIDS and the highest levels of redundancy and performance goer ipeer- lpeae Selecting an Appropriate Backup Method [@ Select the backup method according the organization's requirements and based on tscost and ability Hot Backup (Ontine) (Cold Backup (Oftine) ‘Warm Backup (Neasiine) (6 actu the date uber the application, | | Backup the dtaahen the appcton, || A combination ofboth hotand cold eta or ssn rng an datas or stem snot ening oon ati tours (tht ands rot mallet ‘© sd whanceotce ent downsine’s || g treaunenaserestens downtime || set lowed betes fereery © Less expemivethans ht backup ‘nee need © Switching over the data backup takes a Advantage: ‘ess time compared 10a cold backup peeaiane) Sons ce cera eating atnaday || temo ore ‘Sora Secrsione © tn ne ont nt Immerse data backup sith overs serie ‘Appendix ® Pape 3359 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker tle Making Essential Concepts 1 Choosing the Backup Location CEH ‘onsite Data Backup tte Data Backup Cloud Data Backup "© oniystomgbackuncate atonste | | @ stongbechpdas remote © Sornebactpass onorse oor ication intro, prow bya nine baa ae SSotuutie sates ponior a dant dant 1 Onsite bau datacnte easly er nee Screed ndvetored © omisseared © Thedata eneypted antes rom oh ‘omphysenscey tents tems decoy eat sch fv or ren ‘toon Datacanbe tray ceed — Duadeonage advantages tof datas rts peter none ontol hie bap moblans wha regu dita = backup senate ch — Data Recovery ¢ |@ ata recovery is a process for the recovery of data that may have been accidentally or intentionally deleted or corrupted [© Deleted items include files, folders, and partitions from electronic storage media (hard drives, removable media, optical devices, and other storage media) (© The majonty oflost data is recoverable. However, there are situations where the damage tothe data is permanent and ireversibie (© When attempting to recover data from a target, use a varlety of data recovery tools —| ——_|_— ‘Appendix Pape 3360 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures tle Making Essential Concepts 1 vam 222.50 Certiie Ethical Hacker Risk Management Concepts Risk Management |G Riskmanagement isthe process of reducing and ‘maintaining risk tan acceptable level by means of awell-defined and actively employed security program (© Involves identifying, assessing, and responding to risks by Implementing controls to help the ‘organization manage potential effects |G Has2 prominent place throughout the system's security ifecycle Risk Management Benefits Focuses on potential rskimpact areas Addresses Risks according tothe Risk evel Improves the rskhanalng process ‘Allows security ofcersto act effectvalyin ‘adverse situations (© Enables the effective use of risk handling © Minimize the effect of riskon the organization’: © Identities suitable control for security ‘Appendix ® Pape 3361 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.Ehleal Hacking and Countermeasures vam 222.50 Certiie Ethical Hacker Ethie Making Essential Concepts 1 Risk Management Framework:Enterprise Risk Management (py Framework (ERM) SEE ERM defines the implementation acthities specie tow an ‘crganaionhondiesrsk Provides structured proces that nterats information Secu and dskmarapementactvies ‘entity, analy, and perform the flowing actions: 1 ik avn aan ats te tsk © okrnucton byt he ened orga | moving rit management proces tana Goals of the ERM Framework 1 terete enepserik maragenentwthth onto’ penance management J 2D communi ents of sk management ) 3) tne terol nds ox mange therensaton ) 4D sana h mpring ard evaaing ere ) (5 setosandrdaproaho managerssinteoanzaton ) > settrsousin mame its ) Wie acencay prnnsicia 1© Asset Value (AV): The value you have determined an asst to'be worth (© Exposure Factor (EF): The estimated percentage of damage or impact that a realized threst would have on the asset 1 Single Loss Expectancy (SLE): The projected loss of single event onan asset [© Annual Rate if Occurrence (ARO): The estimated number of times over @ period the threat islikely to occur (© Annualized Loss Expectancy (ALE): The projected loss to the asset based on an annual estimate Quantitative Risk vs. Qualitative Risk Qualitative | Quantitative Antec meet a «© cote rteatcuern mappa || © cust to ees onary Semncecigeted neha Saati reo ca nro nigel ny be tenet cactaccnt Semin spent ng thet «6 Nernetotsogs eee Pte caty tanec ana Sipe ache ee ond 2 beter eater a x = @) senate ecole expectancy = Annualized toss expectancy Notes: _ ‘Appendix Pape 3366 ‘Ethical Hacking and Countermessures Copyright © by EC Count "Al RightsReserved. Reproduction fSrcty Prohibited.