Chapter 7 - 08 - Discuss Other Network Security Controls - 01_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Module Flow

Discuss Essential Network Understand Different Types of
Security Protocols Proxy Servers and their Benefits

Discuss Fundamentals of VPN
Discuss Security Benefits -
o
e and its importance in Network

o’
of Network Segmentation - {,‘.
’ Security

o
Understand Different
Different Types
Types @ \
/\ Discuss Other Network Security
of Firewalls and their Role Controls

Understand Different
Different Types
Types Discuss Importance of Load
of IDS/IPS and their Role E‘
E\ Balancing in Network Security

Understand Different Types Understand Various
Understand Various
of Honeypots Antivirus/Anti-malware Software

Copyright ©© byby
Copyright All Rights
All Rights Reserved.
Reserved. Reproduction
Reproductionis Strictly
Strictly Prohibited.
Prohibited.

Discuss Other Network Security Controls
The objective of this section is to explain the various essential network security solutions. It
describes the security solutions such as user behavior analytics (UBA), network access control
(NAC), web content filter, unified threat management (UTM), and security orchestration,
automation, and response (SOAR).

Module 07 Page 969 Certified Cybersecurity Technician Copyright © by EC-Council
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

User Behavior Analytics (UBA)

@ UBA is the process of tracking user behavior to detect
malicious attacks, potential threats, and financial
fraud

It provides advanced threat detection in an <
||.4] organization to monitor specific behavioral
characteristics of employees

UBA technologies are designed to identify variations
in traffic patterns caused by user behaviors which can
be either disgruntled employees or malicious
attackers

Copyright © by | L. All Rights Reserved. Reproduction Is Strictly Prohibited

User Behavior Analytics (UBA)
UBA is the process of tracking user behavior to detect malicious attacks, potential threats, and
financial frauds. It provides advanced threat detection in an organization to monitor specific
behavioral characteristics of the employees. UBA technologies are designed to identify any
unusual variations in traffic patterns caused by users, who can be either disgruntled employees
or malicious attackers. UBA is used as a defense mechanism to address anomalous user
behavior to overcome the most complicated issues faced by security professionals today.
The employees working in a company access different websites, tools, and applications. All
their activities are logged and monitored. While these applications are running, there is a
possibility of an intruder gaining access to the IT system and stealing credentials without the
knowledge of the user. When an intruder (external attacker or an insider) stays on the
company’s network as a legitimate user, UBA distinguishes this unusual behavior of the account
by comparing the behavior baselines of both the user and the attacker; it then issues an alert
on its database and highlights the risk scores. When an alert is issued, a notification is sent to
the user’s personal device for confirmation. In case the user does not confirm this activity, it is
considered a major security breach. Through UBA, the user’s account can be disabled by the
security teams depending on the severity of the incident and the risk level.

Module 07 Page 970 Certified Cybersecurity Technician Copyright © by EC-Council
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Why User Behavior Analytics is Effective?

1 2 3 4
|e
S — — | [
e ]— [ 1] —
)
Detects malicious Identifies possible risk Analyzes different Monitors geo-location
insiders and outsiders events in the IT patterns of human for each login attempt
at an early stage infrastructure behavior and large
volumes of user’s data

S 6 1{ 8
Detects malicious Monitors privileged Provides insights to Produces results soon
behavior and reduces accounts and provides security teams after deployment
risk real time alerts for
suspicious behavior

Copyright
Copyright ©© by
by E EC-L: II.. AllAll Rights
Rights Reserved.
Reserved. Reproduction
ReproductionIsis Strictly
Strictly Prohibited
Prohibited.

Why User Behavior Analytics is Effective?
= Detects malicious insiders and outsiders at an early stage
= Identifies possible risk events in the IT infrastructure
|dentifies
= Analyzes different patterns of human behavior and large volumes of user data
= Monitors geo-location for each login attempt
= Detects malicious behavior and reduces risk
= Monitors privileged accounts and issues real-time alerts for suspicious behavior insights
to security teams

= Provides insights to security teams

* Produces results soon after deployment

Module 07 Page 971 Certified Cybersecurity Technician Copyright ©© by EC-Council
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

UBA/UEBA Tools
[
|
Q Exabeam Advanced Analytics
https://www.exabeam.com
OQ User Behavior Analytics
(UBA)/User and Entity
Behavior
Behavior (UEBA) Tools
(UEBA) Tools
20
7
RY
o
D
a
@
@’ o") | LogRhythm UEBA
collect user activity details https://logrhythm.com
https://logrhythm.com
from multiple sources and @ D
use artificial intelligence @ \
and machine learning
learning of Dtex Systems
(A1/ML)
(A1/ML) algorithms to
algorithms to e/ aystams.con
https://dtexsystems.com

perform user behavior
analysis to prevent
prevent and ".
deteZ:t varigus S nm
l\ 0
* Gur/tlncul Risk Analytics (GRA)
Gurucul
detect various threats
before the fraud is
e——
N »
!
|
e
https://qurucul.com
https://gurucul.

perpetrated
(l)
Q) Securonix UEBA
https://www.securonix.com

UBA/UEBA Tools

User Behavior Analytics (UBA)/User and Entity Behavior (UEBA) Tools collect user activity
details from multiple sources and use artificial intelligence and machine learning algorithms to
perform user behavior analysis to prevent and detect various threats before the fraud is
perpetrated User accounts are not the only entities in UEBA; entities also include system
accounts such as virtual servers, workstations, 10T,
|oT, and OT devices connected to the network.

Listed below are some of the important UBA/UEBA tools:

= (https://www.exabeam.com)
Exabeam Advanced Analytics (https.//www.exabeam.com)

* LogRhythm UEBA (https://logrhythm.com)
= Dtex Systems (https.//dtexsystems.com)
(https://dtexsystems.com)
= Gurucul
Gurucul Risk Analytics (GRA) (https://gurucul.com)
= Securonix UEBA (https://www.securonix.com)

Module 07 Page 972 Certified Cybersecurity Technician Copyright © by EC-Council
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Network Access Control (NAC)
O
QO Network access control, also known as the network admission
control (NAC) are appliances or solutions that attempt to
protect the network by restricting the connection of an end
user to a network on the basis of a security policy
O The preinstalled software agent might inspect several items
before admitting the device and might restrict where the device
might be connected B 8 e g8

Examples of NAC
@ What does NAC do?
ForeScout CounterACT
hittps://www.forescout.com
@ Authentication of users connected to network resources
ExtremeControl
https://www.extremenetworks.com
@ Identification of devices, platforms, and operating systems
T>
(;GD TTrustwave's
rustwave's's NAC
NA NAC
@ Defining a connection point of network devices ) https://www.trustwave.com
https://www.trustwave.com

@ Development and application of security policies Cisco NAC Appliance
https.//www.cisco.com
hitps.//www.cisco.com

Copyright © byby E I. All Rights Reserved. Reproductions Strictly Prohibited

Network Access Control (NAC)
Network access control (NAC), also known as network administration control, restricts the
availability of a network to the end user depending on the security policy. It mainly restricts
systems without antivirus and intrusion prevention software from accessing the network. NAC
allows a user to create policies for each user or systems and define policies for networks in
terms of the IP addresses. The preinstalled software agent might inspect several items before
admitting the device and might restrict where the device might be connected.
= NAC implements detection programs using the following points:
NACimplements
o It searches for an antivirus program and examines whether it has been updated or
not.

o It checks if the end system has a configured firewall or intrusion prevention
software.
o It searches for any viruses on the network and checks if the operating system has
been updated or not.
= NAC performs the following actions:
o It evaluates unauthorized users, devices, or behaviors in the network. It provides
access to authorized users and other entities.

o It helps in identifying users and devices on a network. It also determines whether
these users and devices are secure or not.
o It examines the system integration with the network according to the security
policies of the organization.

Module 07 Page 973 EC-Council
Certified Cybersecurity Technician Copyright © by EG-Council
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

NAC helps in maintaining security policies for an increased control of the network. An
organization must look into the threats to its network while considering the cost of
implementing NAC. Organizations need to have plans to rectify the faults in the policies while
implementing NAC. They should consider the following points:
= Do the NAC policies authenticate users?
= How well has the NAC been implemented?
= Has the NAC been properly integrated with the device?

* Does the NAC tool check if the end user is blocked?
Organizations need to consider the following resources while implementing NAC:
* Network infrastructure: Incorporate network access control policies within the network
infrastructure
= Security: Managing the infrastructure

= Human resources: Reporting the network policies to the employees in an organization

= Operations: Management of response, procedures, and actions
= Management: Decide the priority of the policies, effect of the policies on the
organization, and managing the budget issues
Examples of NAC:
» ForeScout CounterACT (https://www.forescout.com)
= ExtremeControl (https://www.extremenetworks.com)

» Trustwave's NAC (https://www.trustwave.com)
= Cisco NAC Appliance (https://www.cisco.com)

Module 07 Page 974 Certified Cybersecurity Technician Copyright © by EC-Council