Chapter 7 - 08 - Discuss Other Network Security Controls - 01_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Chapter 7 - 01 - Discuss Essential Network Security Protocols - 06_ocred_fax_ocred.pdf
- 5. Computer Security - Lec 4.pdf
- Chapter 11 - 04 - Discuss and Implement Wireless Network Security Measures - 03_ocred_fax_ocred.pdf
- 5. Computer Security - Lec 4.pdf
- Information & Network Security Past Paper PDF (R-2023)
- GIT Module 2 Unit 9 - Computer and Cybersecurity PDF
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Module Flow Discuss Essenti...
Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Module Flow Discuss Essential Network Understand Different Types of Security Protocols Proxy Servers and their Benefits Discuss Fundamentals of VPN Discuss Security Benefits - o e and its importance in Network o’ of Network Segmentation - {,‘. ’ Security o Understand Different Different Types Types @ \ /\ Discuss Other Network Security of Firewalls and their Role Controls Understand Different Different Types Types Discuss Importance of Load of IDS/IPS and their Role E‘ E\ Balancing in Network Security Understand Different Types Understand Various Understand Various of Honeypots Antivirus/Anti-malware Software Copyright ©© byby Copyright All Rights All Rights Reserved. Reserved. Reproduction Reproductionis Strictly Strictly Prohibited. Prohibited. Discuss Other Network Security Controls The objective of this section is to explain the various essential network security solutions. It describes the security solutions such as user behavior analytics (UBA), network access control (NAC), web content filter, unified threat management (UTM), and security orchestration, automation, and response (SOAR). Module 07 Page 969 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls User Behavior Analytics (UBA) @ UBA is the process of tracking user behavior to detect malicious attacks, potential threats, and financial fraud It provides advanced threat detection in an < ||.4] organization to monitor specific behavioral characteristics of employees UBA technologies are designed to identify variations in traffic patterns caused by user behaviors which can be either disgruntled employees or malicious attackers Copyright © by | L. All Rights Reserved. Reproduction Is Strictly Prohibited User Behavior Analytics (UBA) UBA is the process of tracking user behavior to detect malicious attacks, potential threats, and financial frauds. It provides advanced threat detection in an organization to monitor specific behavioral characteristics of the employees. UBA technologies are designed to identify any unusual variations in traffic patterns caused by users, who can be either disgruntled employees or malicious attackers. UBA is used as a defense mechanism to address anomalous user behavior to overcome the most complicated issues faced by security professionals today. The employees working in a company access different websites, tools, and applications. All their activities are logged and monitored. While these applications are running, there is a possibility of an intruder gaining access to the IT system and stealing credentials without the knowledge of the user. When an intruder (external attacker or an insider) stays on the company’s network as a legitimate user, UBA distinguishes this unusual behavior of the account by comparing the behavior baselines of both the user and the attacker; it then issues an alert on its database and highlights the risk scores. When an alert is issued, a notification is sent to the user’s personal device for confirmation. In case the user does not confirm this activity, it is considered a major security breach. Through UBA, the user’s account can be disabled by the security teams depending on the severity of the incident and the risk level. Module 07 Page 970 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Why User Behavior Analytics is Effective? 1 2 3 4 |e S — — | [ e ]— [ 1] — ) Detects malicious Identifies possible risk Analyzes different Monitors geo-location insiders and outsiders events in the IT patterns of human for each login attempt at an early stage infrastructure behavior and large volumes of user’s data S 6 1{ 8 Detects malicious Monitors privileged Provides insights to Produces results soon behavior and reduces accounts and provides security teams after deployment risk real time alerts for suspicious behavior Copyright Copyright ©© by by E EC-L: II.. AllAll Rights Rights Reserved. Reserved. Reproduction ReproductionIsis Strictly Strictly Prohibited Prohibited. Why User Behavior Analytics is Effective? = Detects malicious insiders and outsiders at an early stage = Identifies possible risk events in the IT infrastructure |dentifies = Analyzes different patterns of human behavior and large volumes of user data = Monitors geo-location for each login attempt = Detects malicious behavior and reduces risk = Monitors privileged accounts and issues real-time alerts for suspicious behavior insights to security teams = Provides insights to security teams * Produces results soon after deployment Module 07 Page 971 Certified Cybersecurity Technician Copyright ©© by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls UBA/UEBA Tools [ | Q Exabeam Advanced Analytics https://www.exabeam.com OQ User Behavior Analytics (UBA)/User and Entity Behavior Behavior (UEBA) Tools (UEBA) Tools 20 7 RY o D a @ @’ o") | LogRhythm UEBA collect user activity details https://logrhythm.com https://logrhythm.com from multiple sources and @ D use artificial intelligence @ \ and machine learning learning of Dtex Systems (A1/ML) (A1/ML) algorithms to algorithms to e/ aystams.con https://dtexsystems.com perform user behavior analysis to prevent prevent and ". deteZ:t varigus S nm l\ 0 * Gur/tlncul Risk Analytics (GRA) Gurucul detect various threats before the fraud is e—— N » ! | e https://qurucul.com https://gurucul. perpetrated (l) Q) Securonix UEBA https://www.securonix.com UBA/UEBA Tools User Behavior Analytics (UBA)/User and Entity Behavior (UEBA) Tools collect user activity details from multiple sources and use artificial intelligence and machine learning algorithms to perform user behavior analysis to prevent and detect various threats before the fraud is perpetrated User accounts are not the only entities in UEBA; entities also include system accounts such as virtual servers, workstations, 10T, |oT, and OT devices connected to the network. Listed below are some of the important UBA/UEBA tools: = (https://www.exabeam.com) Exabeam Advanced Analytics (https.//www.exabeam.com) * LogRhythm UEBA (https://logrhythm.com) = Dtex Systems (https.//dtexsystems.com) (https://dtexsystems.com) = Gurucul Gurucul Risk Analytics (GRA) (https://gurucul.com) = Securonix UEBA (https://www.securonix.com) Module 07 Page 972 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Network Access Control (NAC) O QO Network access control, also known as the network admission control (NAC) are appliances or solutions that attempt to protect the network by restricting the connection of an end user to a network on the basis of a security policy O The preinstalled software agent might inspect several items before admitting the device and might restrict where the device might be connected B 8 e g8 Examples of NAC @ What does NAC do? ForeScout CounterACT hittps://www.forescout.com @ Authentication of users connected to network resources ExtremeControl https://www.extremenetworks.com @ Identification of devices, platforms, and operating systems T> (;GD TTrustwave's rustwave's's NAC NA NAC @ Defining a connection point of network devices ) https://www.trustwave.com https://www.trustwave.com @ Development and application of security policies Cisco NAC Appliance https.//www.cisco.com hitps.//www.cisco.com Copyright © byby E I. All Rights Reserved. Reproductions Strictly Prohibited Network Access Control (NAC) Network access control (NAC), also known as network administration control, restricts the availability of a network to the end user depending on the security policy. It mainly restricts systems without antivirus and intrusion prevention software from accessing the network. NAC allows a user to create policies for each user or systems and define policies for networks in terms of the IP addresses. The preinstalled software agent might inspect several items before admitting the device and might restrict where the device might be connected. = NAC implements detection programs using the following points: NACimplements o It searches for an antivirus program and examines whether it has been updated or not. o It checks if the end system has a configured firewall or intrusion prevention software. o It searches for any viruses on the network and checks if the operating system has been updated or not. = NAC performs the following actions: o It evaluates unauthorized users, devices, or behaviors in the network. It provides access to authorized users and other entities. o It helps in identifying users and devices on a network. It also determines whether these users and devices are secure or not. o It examines the system integration with the network according to the security policies of the organization. Module 07 Page 973 EC-Council Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls NAC helps in maintaining security policies for an increased control of the network. An organization must look into the threats to its network while considering the cost of implementing NAC. Organizations need to have plans to rectify the faults in the policies while implementing NAC. They should consider the following points: = Do the NAC policies authenticate users? = How well has the NAC been implemented? = Has the NAC been properly integrated with the device? * Does the NAC tool check if the end user is blocked? Organizations need to consider the following resources while implementing NAC: * Network infrastructure: Incorporate network access control policies within the network infrastructure = Security: Managing the infrastructure = Human resources: Reporting the network policies to the employees in an organization = Operations: Management of response, procedures, and actions = Management: Decide the priority of the policies, effect of the policies on the organization, and managing the budget issues Examples of NAC: » ForeScout CounterACT (https://www.forescout.com) = ExtremeControl (https://www.extremenetworks.com) » Trustwave's NAC (https://www.trustwave.com) = Cisco NAC Appliance (https://www.cisco.com) Module 07 Page 974 Certified Cybersecurity Technician Copyright © by EC-Council