Certified ethical hacker pdf


 

PDF Drive is your search engine for PDF files. As of today we have 78,, eBooks for you to download for free. No annoying ads, no download limits, enjoy . The Certified Ethical Hacker (C|EH v10) program is a trusted and respected EC -Council raises the bar again for ethical hacking training and certification. Electronic Flashcards. • Entire Book in PDF. SERIOUS SKILLS. Exam Exam EC Y GUIDE. Graves. EC CEH™. C ertifi ed Ethical.

Author:LORRAINE BORTLE
Language:English, Spanish, Arabic
Country:Turkmenistan
Genre:Environment
Pages:468
Published (Last):18.02.2016
ISBN:214-1-47421-277-7
Distribution:Free* [*Register to download]
Uploaded by: TAMAR

50137 downloads 118199 Views 21.41MB PDF Size Report


Certified Ethical Hacker Pdf

PDF | On Sep 15, , Subhash Bahadur Thapa and others published Introducing To Certified Ethical Hacking. Description. The Certified Ethical Hacker (CEH) Complete Video Course provides a complete overview of the topics contained in the EC-Council Blueprint for. 2. Certified e-Business Professional. • 3. Certified e-Business Consultant. • 4. E++ Certified Technical Consultant. • 5. Certified Ethical Hacker.

This comprehensive, in-depth review of CEH certification requirements is designed to help you internalize critical information using concise, to-the-point explanations and an easy-to-follow approach to the material. Covering all sections of the exam, the discussion highlights essential topics like intrusion detection, DDoS attacks, buffer overflows, and malware creation in detail, and puts the concepts into the context of real-world scenarios. Each chapter is mapped to the corresponding exam objective for easy reference, and the Exam Essentials feature helps you identify areas in need of further study. You also get access to online study tools including chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms to help you ensure full mastery of the exam material. The Certified Ethical Hacker is one-of-a-kind in the cybersecurity sphere, allowing you to delve into the mind of a hacker for a unique perspective into penetration testing. This guide is your ideal exam preparation resource, with specific coverage of all CEH objectives and plenty of practice material. The CEH certification puts you in professional demand, and satisfies the Department of Defense's Directive for all Information Assurance government positions.

Naval War College. Sean is a member of the California State Military Reserve, where he serves as a warrant officer specializing in networking and security. Your password has been changed. Please check your email for instructions on resetting your password. If you do not receive an email within 10 minutes, your email address may not be registered, and you may need to create a new Wiley Online Library account.

If the address matches an existing account you will receive an email with instructions to retrieve your username. Skip to Main Content. First published: Print ISBN: About this book The ultimate preparation guide for the unique CEH exam. Review all CEH v10 topics systematically Reinforce critical skills with hands-on exercises Learn how concepts apply in real-world scenarios Identify key proficiencies prior to the exam The CEH certification puts you in professional demand, and satisfies the Department of Defense's Directive for all Information Assurance government positions.

Free Access. Summary PDF Request permissions. Tools Get online access For authors. Email or Customer ID. Forgot password? These insiders can take advantage of the privileges they have to hack a system or network. Cyber Terrorists Cyber terrorists could be people, organized groups formed by terrorist organizations, that have a wide range of skills, motivated by religious or political beliefs, to create fear by large-scale disruption of computer networks.

This type of hacker is more dangerous as they can hack not only a website but whole Internet zones. State Sponsored Hackers State sponsored hackers are individuals employed by the government to penetrate. Hacktivism Hacktivism is an act of promoting a political agenda by hacking, especially by defacing or disabling websites It thrives in the environment where information is easily accessible Aims at sending a message through their hacking activities and gaining visibility for their cause Common targets include government agencies, multinational corporations, or any other entity perceived as bad or wrong by these groups or individuals J J It remains a fact, however, that gaining unauthorized access is a crime, no matter what the intention is Hacktivism is motivated by revenge, political or social reasons, ideology, vandalism, protest, and a desire to humiliate victims.

H acktivism Hacktivism is an act of promoting a political agenda by hacking, especially by defacing or disabling websites. The person who does these things is known as a hacktivist. Q Q Hacktivism thrives in an environment where information is easily accessible It aims to send a message through hacking activities and gain visibility for a cause.

Common targets include government agencies, multinational corporations, or any other entity perceived as "bad" or "wrong" by these groups or individuals. It remains a fact, however, that gaining unauthorized access is a crime, no matter what the intention is.

Q Hacktivism is motivated by revenge, political or social reasons, ideology, vandalism, protest, and a desire to humiliate victims. Now it's time to discuss the hacking method. Hacking cannot be accomplished in a single action. It needs to be done in phases. The information gathered or the privileges gained in one phase can be used in the next phase for advancing the process of hacking. R econnaissance Types Passive Reconnaissance Passive reconnaissance involves acquiring information without directly interacting with the target For example, searching public records or news releases.

Active Reconnaissance s Active reconnaissance involves interacting with the target directly by any means.

CEHV8 Module 01 Introduction to Ethical medical-site.info | Security Hacker | Online Safety & Privacy

H acking P h ases The various phases involved in hacking are: R econn aissan ce Reconnaissance refers to the preparatory phase where an attacker gathers as much information as possible about the target prior to launching the attack. Also in this phase, the attacker draws on competitive intelligence to learn more about the target.

This phase may also involve network scanning, either external or internal, without authorization. This is the phase that allows the potential attacker to strategize his or her attack. This may take some time as the attacker waits to unearth crucial information. Part of this reconnaissance may.

Another reconnaissance technique is "dumpster diving. Attackers can use the Internet to obtain information such as employee's contact information, business partners, technologies in use, and other critical business knowledge, but "dumpster diving" may provide them with even more sensitive information such as usernames, passwords, credit card statements, bank statements, ATM slips, social security numbers, telephone numbers, and so on.

The reconnaissance target range may include the target organization's clients, employees, operations, networks, and systems. For example, a W hois database can provide information about Internet addresses, domain names, and contacts. If a potential attacker obtains DNS information from the registrar, and is able to access it, he or she can obtain useful information such as the mapping of domain names to IP addresses, mail servers, and host information records.

It is important that a company has appropriate policies to protect its information assets, and also provide guidelines to its users of the same. Building user awareness of the precautions they must take in order to protect their information assets is a critical factor in this context.

W hen an attacker approaches the attack using passive reconnaissance techniques, he or she does not interact with the system directly. The attacker uses publicly available information, social engineering, and dumpster diving as a means of gathering information. W hen an attacker employs active reconnaissance techniques, he or she tries to interact with the system by using tools to detect open ports, accessible hosts, router locations, network mapping, details of operating systems, and applications.

The next phase of attacking is scanning, which is discussed in the following section. Some experts do not differentiate scanning from active reconnaissance. However, there is a slight difference as scanning involves more in-depth probing on the part of the attacker.

Certified Ethical Hacker Books

Often reconnaissance and scanning phases overlap, and it is not always possible to demarcate these phases as watertight compartments. Active reconnaissance is usually employed when the attacker discerns that there is a low probability that these reconnaissance activities will be detected.

Newbies and script kiddies are often found attempting this to get faster, visible results, and sometimes just for the brag value they can obtain.

As an ethical hacker, you must be able to distinguish among the various reconnaissance methods, and be able to advocate preventive measures in the light of potential threats.

Scanning refers to the pre-attack phase when the attacker scans the network for specific information on the basis of information gathered during reconnaissance. Scanning can include use of dialers, port scanners, network mappers, ping tools, vulnerability scanners, etc. Extract Information Attackers extract information such as live machines, port, port status, OS details, device type, system uptime, etc. H acking P hases Contd Scanning Scanning is what an attacker does prior to attacking the network.

In scanning, the attacker uses the details gathered during reconnaissance to identify specific vulnerabilities.

Scanning can be considered a logical extension and overlap of the active reconnaissance. An attacker can gather critical network information such as the mapping of systems, routers, and firewalls by using simple tools such as Traceroute.

Alternatively, they can use tools such as Cheops to add sweeping functionality along with what Traceroute renders. Port scanners can be used to detect listening ports to find information about the nature of services running on the target machine. The primary defense technique in this regard is to shut down services that are not required.

Appropriate filtering may also be adopted as a defense mechanism. However, attackers can still use tools to determine the rules implemented for filtering. The most commonly used tools are vulnerability scanners that can search for several known vulnerabilities on a target network, and can potentially detect thousands of vulnerabilities. Organizations that deploy intrusion detection systems IDSes still have reason to worry because attackers can use evasion techniques at both the application and network levels.

Hacking Phases Contd Gaining access refers to the point where the attacker obtains access to the operating system or applications on the computer or network. The attacker can escalate privileges to obtain complete control of the system. In the process, intermediate systems that are connected to it are also compromised. G aining A ccess Gaining access is the most important phase of an attack in terms of potential damage. Gaining access refers to the point where the attacker obtains access to the operating system or applications on the computer or network.

The attacker can gain access at the operating system level, application level, or network level. Factors that influence the chances of an attacker gaining access into a target system include the architecture and configuration of the target system, the skill level of the perpetrator, and the initial level of access obtained.

The attacker initially tries to gain minimal access to the target system or network. Once he or she gains the access, he or she tries to escalate privileges to obtain complete control of the system.

Attackers need not always gain access to the system to cause damage. For instance, denial-ofservice attacks can either exhaust resources or stop services from running on the target system. Resources can be exhausted locally by filling up outgoing communication links.

The exploit can occur locally, offline, over a LAN or the Internet as a deception or theft. Examples include stack-based buffer overflows, denial-of-service, and session hijacking. Attackers use a technique called spoofing to exploit the system by pretending to be strangers or different systems.

Step-by-Step Guide to CEH Certification

They can use this technique to send a malformed packet containing a bug to the target system in order to exploit vulnerability. Packet flooding may be used to remotely stop availability of the essential services. Smurf attacks try to elicit a response from the available users on a network and then use their legitimate address to flood the victim.

Hacking Phases Contd Maintaining access refers to the phase when the attacker tries to retain his or her ownership of the system. Attackers may prevent the system from being owned by other attackers by securing their exclusive access w ith Backdoors, RootKits, or Trojans. Attackers can upload, download, or manipulate data, applications, and configurations on the owned system. M aintaining A ccess Once an attacker gains access to the target system, the attacker can choose to use. Both these actions can damage the organization.

For instance, the attacker can implement a sniffer to capture all network traffic, including telnet and ftp sessions with other systems. Attackers, who choose to remain undetected, remove evidence of their entry and use a backdoor or a Trojan to gain repeat access.

They can also install rootkits at the kernel level to gain super user access. The reason behind this is that rootkits gain access at the operating system level while a Trojan horse gains access at the application level. Both rootkits and Trojans depend on users to install them. Within W indow s systems, most Trojans install themselves as a service and run as local system, which has administrative access. Attackers can use Trojan horses to transfer user names, passwords, and even credit card information stored on the system.

They can maintain control over their system for a long time by "hardening" the system against other attackers, and sometimes, in the process, do render some degree of protection to the system from other attacks. They can then use their access to steal data, consume CPU cycles, and trade sensitive information or even resort to extortion.

Organizations can use intrusion detection systems or deploy honeypots and honeynets to detect intruders. The latter though is not recommended unless the organization has the required security professional to leverage the concept for protection. C o verin g tracks refers to th e activities carried o u t by an attacker to h id e m a lic io u s acts.

The attacker's intentions include: Continuing access to the victim's system. T h e a ttack er o v e rw rite s th e server, system , and ap plicatio n logs to a vo id su sp icio n. C learing Tracks An attacker would like to destroy evidence of his or her presence and activities for.

Trojans such as ps or netcat come in handy for any attacker who wants to destroy the evidence from the log files or replace the system binaries with the same. Once the Trojans are in place, the attacker can be assumed to have gained total control of the system. Rootkits are automated tools that are designed to hide the presence of the attacker.

By executing the script, a variety of critical files are replaced with Trojanned versions, hiding the attacker in seconds. Other techniques include steganography and tunneling. Steganography is the process of hiding the data, for instance in images and sound files. Tunneling takes advantage of the transmission protocol by carrying one protocol over another.

Even the extra space e. An attacker can use the system as a cover to launch fresh attacks against other systems or use it as a means of reaching another system on the network without being detected. Thus, this phase of attack can turn into a new cycle of attack by using reconnaissance techniques all over again. There have been instances where an attacker has lurked on a system even as system administrators have changed. The system administration can deploy host-based IDSes and anti-.

As an ethical hacker, you must be aware of the tools and techniques that attackers deploy, so that you are able to advocate and take countermeasures to ensure protection. These will be detailed in subsequent modules. M odule Flow So far we discussed how important it is for an organization to keep their information resources secure, various security threats and attack vectors, hacking concepts, and the hacking phases. Now it's time to examine the techniques or the type of attacks the attacker adopts to hack a system or a network.

This section covers various types of attacks such as operating system attacks and applicationlevel attacks. Types of Attacks on a System J Attackers exploit vulnerabilities in an inform ation system to gain unauthorized access to the system resources J The unauthorized access may result in loss, damage or theft of sensitive information.

Types of Attacks on a System There are several ways an attacker can gain access to a system. The attacker must be able to exploit a weakness or vulnerability in a system: Operating system attacks: Attackers search for OS vulnerabilities and exploit them to gain access to a network system.

Software applications come with myriad functionalities and features. There is a dearth of time to perform complete testing before releasing products.

Those applications have various vulnerabilities and become a source of attack. Most administrators don't have the necessary skills to maintain or fix issues, which may lead to configuration errors. Such configuration errors may become the sources for an attacker to enter into the target's network or system.

Operating system applications come with numerous sample scripts to make the job of administrator easy, but the same scripts have various vulnerabilities, which can lead to shrink wrap code attacks. Attackers search for vulnerabilities in an operating system's design, installation or configuration and exploit them to gain access to a network system.

O perating System Attacks Today's operating systems, which are loaded with features, are increasingly complex. W hile users take advantage of these features, the system is prone to more vulnerabilities, thus enticing attackers. Operating systems run many services such as graphical user interfaces GUIs. These supports the use of ports and modes of access to the Internet, and extensive tweaking is required to lock them down.

Attackers are constantly looking for OS vulnerabilities so that they can exploit and gain access to network systems. To stop attackersfrom entering their network, the system or network administrators mustkeep abreast of variousnew exploits. Most operating systems' installation programs install a large number of services and open ports by default. This situation leads attackers to search for various vulnerabilities.

Applying patches and hot fixes is not easy with today's complex networks. Most patches and fixes tend to solve an immediate issue, but they cannot be considered a permanent solution. Some OS vulnerabilities include: Q Buffer overflow vulnerabilities Bugs in the operating system Unpatched operating systems. Attacks performed at the OS level include: Q Q Q Exploiting specific network protocol implementations Attacking built-in authentication systems Breaking file system security Cracking passwords and encryption mechanisms.

M isconfiguration Attacks If a system is misconfigured, such as a change is made in the file permission, it can no longer be considered secure. Misconfiguration vulnerabilities affect web servers, application platforms, databases, networks, or frameworks that may result in illegal access or possible owning of the system. The administrators are expected to change the configuration of the devices before they are deployed in the network. Failure to do this allows the default settings to be used to attack the system.

M isconfiguration Attacks Misconfiguration vulnerabilities affect web servers, application platforms, databases, networks, or frameworks that may result in illegal access or possible owning of the system.

If a system is misconfigured, such as when a change is made in the file permission, it can no longer be considered secure. Administrators are expected to change the configuration of the devices before they are deployed in the network. In order to optimize the configuration of the machine, remove any redundant services or software. Application-Level Attacks 0 Attackers exploit the vulnerabilities in applications running on organizations' information system to gain unauthorized access and steal or manipulate data.

A pplication-level Attacks Applications are being released with more features and more complex coding. With this increased demand in functionality and features, developers generally overlook the security of the application, which gives rise to vulnerabilities in applications. Attackers find and exploit these vulnerabilities in the applications using different tools and techniques. The applications are vulnerable to attack because of the following reasons: Poor or nonexistent error checking in applications leads to: Other application-level attacks include: Denial-of-Service V ulnerab le Code Statement stmnt conn.

The code below is vulnerable to denial-ofservice attack, as it fails to release connection resource. E xam ples of Application-Level Attacks Session H ijacking Attackers may exploit session information in the vulnerable code to perform session hijacking when you enable cookieless authentication in your application. When the target tries to browse through a URL, the session or authentication token appears in the request URL instead of the secure cookie, to give access to the URL requested by the target.

Here, an attacker using his or her skills and monitoring tools can hijack the targets session and steal all sensitive information. Vulnerable Code Attackers may exploit session information in the vulnerable code to perform session hijacking.

D enial-of-Service Vulnerable Code The code that follows is vulnerable to a denial-of-service attack, as it fails to release a connection resource. If stmnt! Denial-of-Service Secure Code. The problem is "not fine tuning" or customizing these scripts Q This will lead to default code or shrink wrap code attacks.

Shrink Wraps Code. M odule flow In the previous section, we discussed how an attacker can compromise an information system and what type of attacks an attacker can perform. Now, we will discuss information security controls. Information security controls prevent unwanted events from occurring and reduces the risk to the information assets of the organization with security policies.

Information Security Overview s '. This section highlights the importance of ethical hacking and discusses various security policies. W hy E thical H acking is N e c e s sa r y T o beat a hacker, you need to think like one!

Ethical hacking is necessary because it allows the countering of attacks from malicious hackers by anticipating methods they can use to break into a system. Reasons w hy Organizations Recruit Ethical Hackers To prevent hackers from gaining access to information breaches To fight against terrorism and national security breaches To build a system that avoids hackers from penetrating To test if organization's security settings are in fact secure.

Reconnaissance and Scanning phases What can an intruder do with that information? Gaining Access and Maintaining Access phases Does anyone at the target notice the intruders' attempts or successes? Reconnaissance and Covering Tracks phases If all the components of information system are adequately protected, updated, and patched How much effort, time, and money is required to obtain adequate protection?

Does the information security measures are in compliance to industry and legal standards? Why Ethical H acking Is N ecessary There is rapid growth in technology, so there is growth in the risks associated with the technology. Ethical hacking helps to predict the various possible vulnerabilities well in advance and rectify them without incurring any kind of attack from outsiders. Ethical Hacking: As hacking involves creative thinking, vulnerability testing and security audits cannot ensure that the network is secure.

Q Defense-in-Depth Strategy: To achieve this, organizations need to implement a "defense-in-depth" strategy by penetrating their networks to estimate vulnerabilities and expose them. Ethical hacking is necessary because it allows countering of attacks from malicious hackers by anticipating methods they can use to break into a system.

Scope and Limitations of Ethical Hacking Scope Ethical hacking is a crucial component of risk assessment, auditing, counterfraud, best practices, and good governance It is used to identify risks and highlight the remedial actions, and also reduces information and communications technology ICT costs by resolving those vulnerabilities.

L im ita tio n s However, unless the businesses first know what it is at that they are looking for and why they are hiring an outside vendor to hack systems in the first place, chances are there would not be much to gain from the experience An ethical hacker thus can only help the organization to better understand their security system, but it is up to the organization to place the right guards on the network. Scope and Lim itations of Ethical H acking Ethical hacking has a scope, and there are various limitations of ethical hacking, as well.

Scope The following is the scope of ethical hacking: Q Ethical hacking is a crucial component of risk assessment, auditing, counter fraud, best practices, and good governance. It is used to identify risks and highlight remedial actions, and it reduces information and communications technology ICT costs by resolving those vulnerabilities. Lim itations The following are the limitations of ethical hacking: Unless businesses first know what it is they are looking for and why they are hiring an outside vendor to hack systems in the first place; chances are that there will not be much to gain from the experience.

An ethical hacker therefore can help the organization only to better understand their security system, but it is up to the organization to implement the right safeguards on the network. Skills of an Ethical Hacker Ethical hacking is the legal hacking performed by pen tester to find vulnerabilities in the information technology environment.

In order to perform ethical hacking, the ethical hacker requires the skills of a computer expert. Ethical hackers should also have strong computer knowledge including programming and networking. They should be proficient at installing and maintaining systems using popular operating systems e. Detailed knowledge of hardware and software provided by popular computer and networking hardware vendors complement this basic knowledge.

It is not always necessary that ethical hackers possess any additional specialization in security. However, it is an advantage to know how various systems maintain their security. Management skills pertaining to these systems are necessary for actual vulnerability testing and for preparing the report after the testing is carried out.

An ethical hacker should possess immense patience as the analysis stage consumes more time than the testing stage. The time frame for an evaluation may vary from a few days to several weeks, depending on the nature of the task.

W hen an ethical hacker encounters a system with which he or she is not familiar, it is imperative the person takes the time to learn everything about the system and try to find its vulnerable spots. D efen seinDepth Multiple defense-in-depth countermeasures are taken to protect information assets of a company. The strategy is based on the military principle that it is more difficult for an enemy to defeat a complex and multi-layered defense system than to penetrate a single barrier. If a hacker gains access to a system, defense-in-depth minimizes the adverse impact and gives administrators and engineers time to deploy new or updated countermeasures to prevent a recurrence.

Q Defense-in-depth is a security strategy in which several protection layers are placed throughout an information system. It helps to prevent direct attacks against an information system and data because a break in one layer only leads the attacker to the next layer. Incident M anagem ent P rocess Incident management is a set of defined processes to identify, analyze, prioritize, and.

The purpose of the incident management process: Incident M anagem ent Process Contd Incident management is the process of logging, recording, and resolving incidents that take place in the organization. The incident may occur due to fault, service degradation, error, etc.

The incidents are reported by users, technical staff, or sometimes detected automatically by event monitoring tools. The main objective of the incident management process is to restore the service to a normal stage as early as possible to customers, while maintaining availability and quality of service. Any occurrence of the incident in an organization is handled and resolved by following these incident management steps: In fo rm a tio n S ecu rity P o lic ie s J J Security policies are the foundation of the security infrastructure A security policy is a document or set of documents that describes the security controls that will be implemented in the company at a high level.

G oals o f S e c u rity Policies Maintain an outline for the management and administration of network security. Prevent unauthorized modifications of the data Reduce risks caused by illegal use of the system resource, loss of sensitive, confidential data, and potential property.

Protect confidential, proprietary information from theft, misuse, unauthorized disclosure. Inform ation Security P o licies A security policy is a document or set of documents that describes the security controls that should be implemented in the company at a high level for safeguarding the organizational network from inside and outside attacks.

This document defines the complete security architecture of an organization and the document includes clear objectives, goals, rules and regulations, formal procedures, and so on. It clearly mentions the assets to be protected and the person who can log in and access sites, who can view the selected data, as well as the people who are allowed to change the data, etc.

W ithout these policies, it is impossible to protect the company from possible lawsuits, lost revenue, and so on. Security policies are the foundation of the security infrastructure. These policies secure and safeguard the information resources of an organization and provide legal protection to the organization. These policies are beneficial since they help bring awareness of the staff working in the organization to work together to secure its communication, as well as minimizing the risks of security weaknesses through "human-factor" mistakes such as disclosing sensitive information to unauthorized or unknown sources, improper use of Internet, etc.

In addition, these policies provide protection against cyber-attacks, malicious threats, foreign intelligence, and so on.

They mainly address physical security, network security, access authorizations, virus protection, and disaster recovery. The goals of security policies include: Defines what kind of user is using the network Defines the limitations that are applied on users to secure the network Ex: Password management policy.

Issue Sp e cific Policies 9 Recognize specific areas of concern and describe the organization's status for top level management 9 Ex: Physical security policy, personnel security policy, communications security. Backup policies, server configuration, patch update, and modification policies, firewall policies. G eneral Policies Defines the responsibility for general business purposes Ex: High level program policy, business continuity plans, crisis management, disaster recovery.

C lassification of Security P o licies Security policies are sets of policies that are developed to protect or safeguard a company's information assets, networks, etc. These policies are applicable to users, IT departments, organization, and so on. For effective security management, security policies are classified into five different areas: User P olicy Defines what kind of user is using the network Defines the limitations that are applied on users to secure the network Ex: Password Management Policy.

Issu e-sp ecific P o licies Recognize specific areas of concern and describe the organization's status for top-. Structure and Contents of Security P olicies Security Policy Structure Detailed description of the policy issues Description about the status of the policy Applicability of the policy to the environment Functionalities of those affected by the policy.

Contents of Security Policies High-level security requirements: Requirement of a system to implement security policies Policy description: Focuses on security disciplines, safeguards, procedures, continuity of operations, and documentation Security concept of operation: Defines the roles, responsibilities, and functions of a security policy Allocation of security enforcement to architecture elements: Provides a computer system architecture allocation to each system of the program.

Security policies should be structured very carefully and should be reviewed properly to make sure that there is no wording that someone could take advantage of. The basic structure of security policies should include the following: High-level Security Requirements: Explains the requirements of a system for the security policies to be implemented.

The four different types of requirements are discipline, safeguard, procedural, and assurance. Discipline Security Requirements: This requirement includes various security. This requirement mainly contains access control, archive, audit, authenticity, availability, confidentiality, cryptography, identification and authentication, integrity, interfaces, marking, non-repudiation, object reuse, recovery, and virus protection.

Procedural Security Requirements: This requirement mainly contains access. Assurance Security: This includes certification and accreditation reviews and sustaining planning documents used in the assurance process. Policy Description: Focuses on security disciplines, safeguards, procedures, continuity of operations, and documentation.

Each subset of this portion of the policy describes how the system's architecture will enforce security. Mainly defines the roles, responsibilities, and functions of a security policy.

It focuses on mission, communications, encryption, user and maintenance rules, idle-time management, use of privately owned versus public-domain software, shareware software rules, and a virus protection policy. H- t Types of Security P o licies A security policy is a document that contains information on the way the company plans to protect its information assets from known and unknown threats.

These policies help to maintain the confidentially, availability, and integrity of information. The four major types of security policies are as follows:. Prom iscuous P olicy With a promiscuous policy, there is no restriction on Internet access. A user can. W hile this can be useful in corporate businesses where people who travel or work at branch offices need to access the organizational networks, many malware, virus, and Trojan threats are present on the Internet.

Due to free Internet access, this malware can come as attachments without the knowledge of the user. Network administrators must be extremely alert if this type of policy is chosen. Administrators are always playing catch-up with new attacks and exploits. Prudent P olicy A prudent policy starts with all services blocked. The administrator enables safe and necessary services individually. This provides maximum security. Everything, such as system and network activities, is logged. Paranoid P olicy c w In a paranoid policy, everything is forbidden.

There is strict restriction on all usage of company computers, whether it is system usage or network usage. There is either no Internet connection or severely limited Internet usage.

Due to these overly severe restrictions, users often try to find ways around them. Steps to Create and Implement Security Policies Include senior management Perform risk assessment to identify risks to the organization's assets and all other staff in policy development Make final version available to all of the staff in the organization.

Steps to Create and Im plem ent Security P o licies Implementing security policies reduces the risk of being attacked. Thus, every company must have its own security policies based on its business. The following are the steps to be followed by every organization in order to create and implement security policies: Perform risk assessment to identify risks to the organization's assets Learn from standard guidelines and other organizations Include senior management and all other staff in policy development Set clear penalties and enforce them and also review and update the security policy Make the final version available to all staff in the organization Ensure every member of your staff reads, signs, and understands the policy Install the tools you need to enforce the policy.

It defines the acceptable use of system resources It defines the account creation process and authority, rights and responsibilities of user accounts It defines who can have remote access, and defines access medium and remote access security controls iWT It defines the sensitivity levels of information, who may have access, how is it stored and transmitted, and how should it be deleted from storage media It defines access, management, and monitoring of firewalls in the organization This policy defines the terms and conditions of granting special access to system resources It defines who can install new resources on the network, approve the installation of new devices, document network changes, etc.

It is created to govern the proper usage of corporate email It provides guidelines for using strong password protection on organization's resources. Exam ples of Security P olicies The following are some examples of security polies that are created, accepted, and used by organizations worldwide to secure their assets and important resources.

Acceptable-Use Policy Defines the acceptable use of system resources User-Account Policy Defines the account creation process and authority, rights, and responsibilities of user accounts Remote-Access Policy Defines who can have remote access, and defines access medium and remote access security controls Information-Protection Policy Defines the sensitivity levels of information, who may have access, how is it stored and transmitted, and how should it be deleted from storage media Firewall-Management Policy.

Defines access, management, and monitoring of firewalls in the organization Special-Access Policy This policy defines the terms and conditions of granting special access to system resources Network-Connection Policy Defines who can install new resources on the network, approve the installation of new devices, document network changes, etc.

Certified Ethical Hacker Books

Email Security Policy Created to govern the proper usage of corporate email Password Policy Provides guidelines for using strong password protection on organization's resources.

V u ln e r a b ility R e s e a r c h J The process of discovering vulnerabilities and design flaws that will open an operating system and its applications to attack or misuse Vulnerabilities are classified based on severity level low, medium, or high and exploit range local or remote.

V ulnerability R esearch Vulnerability research means discovering system design faults and weaknesses that might help attackers compromise the system. Once the attacker finds out the vulnerability in the product or the application, he or she tries to exploit it. Vulnerability research helps both security administrators and attackers: Q Discovering system design faults and weaknesses that might help attackers to compromise the system Keeping abreast of the latest vendor-supported products and other technologies in order to find news related to current exploits Checking newly released alerts regarding relevant innovations and product.

An administrator needs vulnerability research: To gather information about security trends, threats, and attacks To get information that helps to prevent security problems To find weaknesses and alert the network administrator before a network attack To know how to recover from a network attack Module 01 Page 81 Ethical Hacking and Countermeasures Copyright by EC-C0UnCil All Rights Reserved.

V ulnerability R esearch W ebsites The following are the some vulnerability research websites that you can use:. The CodeRed Center is a comprehensive security resource administrators can turn to for daily, accurate, up-to-date information on the latest viruses, Trojans, malware, threats, security tools, risks, and vulnerabilities.

TechNet is a project team from across Microsoft Lync Server teams and the community at large. It is led by the Lync Server documentation team; their writers and technical reviewers come from all disciplines, including product engineers, field engineers, support engineers, documentation engineers, and some of the most respected technology bloggers and authors in the Lync Server universe.

Security Magazine is uniquely focused on solutions for enterprise security leaders. It is designed and written for business-minded executives who manage enterprise risk and security. Security Magazine provides management-focused features, opinions, and trends for leaders in business. SecurityFocus Source: Q BugTraq is a high-volume, full-disclosure mailing list for the detailed discussion and announcement of computer security vulnerabilities. BugTraq serves as the cornerstone of the Internet-wide security community.

Help Net Security Source: Besides covering news around the globe, HNS focuses on quality technical articles and papers, vulnerabilities, vendor advisories, malware, and hosts the largest security software download area with software for Windows, Linux, and Mac OS X.

HackerStorm Source: There are three separate editions of the magazine: North America - U. The magazine is published monthly, usually in the first week of each month. It is the longest running information security magazine in the world, with the widest distribution. SC Magazine provides IT security professionals with in-depth and unbiased information in one incomparable publication. In each monthly issue it has timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders and the best, most extensive collection of product reviews in the business.

They been doing this since , when it first began campaigning for organizations' information security leaders, making it the longest established IT security title in the United States. Computerworld Source: Computerworld's website Computerworld. It propagates news specifically related to information security threats and issues from all over the world.

Its research teams search and compile news from tens of thousands of sites to bring you the most relevant Cyber Security titles in one location. In addition to news, it hosts blogs and discussions, education videos, as well as its World Famous Hack. ED column, providing education series in Ethical Hacking and Countermeasure Techniques and technologies.

Windows security has blogs posted by famous authors who are leading industry experts. It has various features such as articles and tutorials, blogs, message boards, security tests, and white papers. Penetration testing is a method of evaluating the security of an information system or network by simulating an attack to find out vulnerabilities that an attacker could exploit.

Testing involves active analysis of system configurations, design weaknesses, network architecture, technical flaws, and vulnerabilities. Black box testing simulates an attack from someone who has no prior knowledge of the system, and white box testing simulates an attack from someone who has complete knowledge about the system. A comprehensive report with details of vulnerabilities discovered and suite of recommended countermeasures is delivered to the executive, management, and technical audiences.

What Is Penetration Testing? Penetration testing is a method of evaluating security levels of a particular system or network. This helps you determine the flaws related to hardware and software. The early identification helps protect the network. If the vulnerabilities aren't identified early, then they become an easy source for the attacker for the intrusion.

During penetration testing, a pen tester analyzes all the security measures employed by the organization for design weaknesses, technical flaws, and vulnerabilities.