Chapter 8 - 02 - Discuss Various Threat Intelligence Feeds and Sources - 05_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
EC Council
Tags
Related
- Network Security Fundamentals Exam 212-82 PDF
- Computer Forensics Investigation Team PDF
- Certified Cybersecurity Technician Network Security Controls — Physical Controls PDF
- Cybersecurity Technician Network Security Controls PDF
- Cybersecurity Foundations PDF
- Introductory Overview-Module 2 & 3- Cybersecurity Domains & Network Security PDF
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Deep and Dark Web Searching Q...
Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Deep and Dark Web Searching Q Itis the surface layer of online cyberspace that allows user to find the web pages and content Surface Web using normal web browsers QO It can be accessed by simple browsers like Google Chrome, Mozilla Firefox, and Opera Deep Web (Not accessible by search engines) Q It consists of web pages and content that are Surface Web hidden and unindexed and cannot be located (accessible by Deep Web using traditional web browser and search engines search engines) Q It can be accessed by search engines like Dark Web (Anonymous) DeeperWeb and Surfwax Q Itis the subset of deep web where it enables anyone to navigate anonymously without being Dark Web or traced Dark Net O It can be accessed by browsers like TOR Browser, Freenet, GNUnet, I2P, OneSwarm, and Retroshare Copyright © by EC til. All Rights Reserved. Reproduction is Strictly Prohibited. Deep and Dark Web Searching Surface web is the surface layer of online cyberspace that allows the user to find the web pages and content using normal web browsers. Search engines use crawlers that are the programmed bots to access and download the web pages. The surface web can be accessed by browsers like Google Chrome, Mozilla Firefox, and Opera. Deep web is a layer of online cyberspace that consists of web pages and content that are hidden and unindexed. The content on the deep web cannot be located using a traditional web browser and search engines. The size of the deep web is incalculable, and it expands to almost the entire World Wide Web. Deep web does not allow the crawling process of basic search engines. The deep web consists of official government or federal databases and other information linking to various organizations. The analyst can look for untraced threat information from the deep web. Deep web can be accessed by using search engines like DeeperWeb, Surfwax, InfoMine, and The WWW Virtual Library. Deep web can be used for both legal and illegal activities. Dark web or Darknet is a deeper layer of online cyberspace, and it is the subset of deep web where the dark web enables anyone to navigate anonymously without being traced. Dark web can be accessed only through specialized tools or darknet browsers. Threat actors primarily use dark web to perform illegal activities and cybercrimes. Dark web can be accessed by using search engines like DeeperWeb, TOR Browser, and so forth. Threat analysts can browse this space to look for data and information related to the attacker resources and other vulnerability scopes. Module 08 Page 1045 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Deep Web (Not accessible by search engines) Surface Web (accessible by search engines) Dark Web (Anonymous) Figure 8.7: Deep and dark web Module 08 Page 1046 Certified Cybersecurity Technician Copyright © by EG-8euneil EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Deep and Dark Web Searching Tools TOR It is used to access the deep and dark web where it acts like a ) B default VPN for the user and bounces the network IP address | b through several servers before interacting with the web ExoneraTor Q https.//metrics.torproject.org Aot Ve x i & ! ® O ¢ Ulnbhime. e q =1 oo 2 =) Freenet @ 10 green s s e A 8 awcanty shder b bebs you st o et bl Check 8 ot Cpen ooty wtiags https://freenetproject.org i§ Welcome to Tor Browser You are now free 10 browse the internet ananymously. Tt Tt Motwork Settngs GNUnet https://gnunet.org e ecueiwh DuconrectTe What Next? You Can Help! 1 Thes mak 1y ars you can belp Hotwork factor and : 12P $ https://geti2p.net sale Tips On Staying Asommous » Q) OneSwarm http://www.oneswarm.org https://www.torproject.org | Copyright © by EC il. All Rights Reserved. Reproductionis Strictly Prohibited. Deep and Dark Web Searching Tools *= Tor Browser Source: https://www.torproject.org TOR Browser is used to access the deep and dark web where it acts like a default VPN for the user and bounces the network IP address through several servers before interacting with the web. This browser is used to access the hidden content, unindexed websites, and encrypted databases present in the deep web. o o x Avout Tor S 2 § @ € Uicbome Search or enter oddre C Qseo = @ The green onion menu now has a secunty slider which lets you adjust your secunity level. Check it cut! Open gecurity settings Tor Browser * 60 You are now free to browse the Internet anonymously, Test Tor Network Settings Search securely with Disconnedt me What Next? You Can Help! Tor is NOT all you need to browse There are many ways you can help anonymously! You may need to make the Tor Network faster and change some of your browsing stronger habits to enswre your identity stays o Run a Tor Relay Node » safe ¢ Volunteer Your Services » * Make a Donation » Tips On Staying Anonymous » Figure 8.8: Tor Browser Module 08 Page 1047 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Security Assessment Techniques and and Tools Some of the additional deep and dark web searching tools are as follows: = ExoneraTor (https.//metrics.torproject.org) (https://metrics.torproject.org) = Freenet (https://freenetproject.org) = GNUnet (https://gnunet.org) = |2P (https://geti2p.net) = OneSwarm (http.//www.oneswarm.org) Module 08 Page 1048 EG-Council Certified Cybersecurity Technician Copyright © by EG-Gouneil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools O Attackers use diverse and distributed mechanisms to evade existing security boundaries O The Al-based correction of cyber threat intelligence, security intelligence, and predictive analysis can help organizations identify threats across every attack surface within their network Artificial Intelligence (AI) and Machine Learning (IML) @ v Al/ML enhances opportunities to respond to security incidents quickly ¥ Using Al and ML for threat hunting can reduce the time required for hunting, analyzing, and responding to threats Al-backed Predictive Analysis @ v By performing predictive analysis through Al-backed intelligence, reactive measures can be taken in advance, enabling security teams to be ahead of attackers All Righ its Reserved. Reproduction is Strictly Prohibited AT and Predictive Analysis for Threat Hunting Mere threat feeds or IT data obtained from different security solutions do not provide complete threat intelligence to proactively hunt threats. Attackers use diverse and distributed mechanisms to evade existing security boundaries. To overcome such incidents, cyber threat intelligence and security intelligence should be combined, analyzed, and processed, which can help in initiating appropriate strategies to identify threats and other security-related issues. By integrating threat intelligence from both the sources, security specialists can analyze the attacker’s TTPs and risk-associated assets and reduce further attack surfaces. The Al-based correction of cyber threat intelligence, security intelligence, and predictive analysis can help organizations identify threats across every attack surface within their network. = Artificial intelligence (Al) and machine learning (ML): Al and ML not only have uses in security operations centers (SOCs) to improve the detection and prevention of threats, but also enhance opportunities to respond to security incidents quickly. Al creates systems with human-like capabilities. ML, a subset of Al, supports security infrastructure by detecting behavioral patterns and mapping real-time attack surfaces through algorithms evolved from earlier statistical analysis and datasets. Using Al and ML for threat hunting can reduce the meantime required for hunting, analyzing, and responding to threats. = Al-backed predictive analysis: Al-backed predictive analysis is an idea that is implemented proactively, instead of waiting for an attack to be launched. Using Al- based threat intelligence, security teams can analyze the signs of previous attacks, examine existing attack tools, and identify breach postures. By performing predictive analysis through Al-backed intelligence, reactive measures can be taken in advance, enabling security teams to be ahead of attackers. Al and ML with risk-sensing Module 08 Page 1049 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools capabilities predict risks or threats ahead of time, which can be difficult for humans and rule-based security systems. Module 08 Page 1050 Certified Cybersecurity Technician Copyright © by EG-Gommeil EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.