Cybersecurity Technician Network Security Controls PDF

Summary

This document is a module covering network security controls, including user behavior analytics (UBA), network access control (NAC), web content filters, unified threat management (UTM), and security orchestration, automation, and response (SOAR). The document also has a module flow and various sections.

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Module Flow Discuss Essential Network Security Protocols Discuss Security Benefits of Network Segmentation Understand Different Types of Proxy Servers and their Benefits - {,‘. Understand Different Types of Firewalls and their Role Understand Different Types of IDS/IPS and their Role o ’ o @ \ Discuss Fundamentals of VPN and its importance in Network Security Discuss Other Network Security Controls Discuss Importance of Load Balancing in Network Security E‘ Understand Different Types of Honeypots Understand Various Antivirus/Anti-malware Software Copyright © by All Rights Reserved. Reproductionis Strictly Prohibited. Discuss Other Network Security Controls The objective of this section is to explain the various essential network security solutions. It describes the security solutions such as user behavior analytics (UBA), network access control (NAC), web content filter, unified threat management (UTM), and security orchestration, automation, and response (SOAR). Module 07 Page 969 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 User Behavior Analytics (UBA) @ UBA is the process of tracking user behavior to detect malicious attacks, potential threats, and financial fraud ||.4] It provides advanced threat detection in an organization to monitor specific behavioral < characteristics of employees UBA technologies are designed to identify variations in traffic patterns caused by user behaviors which can be either disgruntled employees or malicious attackers Copyright © by | L. All Rights Reserved. Reproduction Is Strictly Prohibited User Behavior Analytics (UBA) UBA is the process of tracking user behavior to detect malicious attacks, potential threats, and financial frauds. It provides advanced threat detection in an organization to monitor specific behavioral characteristics of the employees. UBA technologies are designed to identify any unusual variations in traffic patterns caused by users, who can be either disgruntled employees or malicious attackers. UBA is used as a defense mechanism to address anomalous user behavior to overcome the most complicated issues faced by security professionals today. The employees working in a company access different websites, tools, and applications. All their activities are logged and monitored. While these applications are running, there is a possibility of an intruder gaining access to the IT system and stealing credentials without the knowledge of the user. When an intruder (external attacker or an insider) stays on the company’s network as a legitimate user, UBA distinguishes this unusual behavior of the account by comparing the behavior baselines of both the user and the attacker; it then issues an alert on its database and highlights the risk scores. When an alert is issued, a notification is sent to the user’s personal device for confirmation. In case the user does not confirm this activity, it is considered a major security breach. Through UBA, the user’s account can be disabled by the security teams depending on the severity of the incident and the risk level. Module 07 Page 970 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Why User Behavior Analytics is Effective? |S 1 — Detects malicious insiders and outsiders at an early stage e 2 — 3 [ Identifies possible risk events in the IT infrastructure 1 Analyzes different patterns of human behavior and large 4 ) Monitors geo-location for each login attempt volumes of user’s data S Detects malicious behavior and reduces risk 6 Monitors privileged accounts and provides real time alerts for suspicious behavior { 8 Provides insights to Produces results soon security teams Copyright © by after deployment EC-L: I. All Rights Reserved. Reproductionis Strictly Prohibited. Why User Behavior Analytics is Effective? Detects malicious insiders and outsiders at an early stage Identifies possible risk events in the IT infrastructure Analyzes different patterns of human behavior and large volumes of user data Monitors geo-location for each login attempt Detects malicious behavior and reduces risk Monitors privileged accounts and issues real-time alerts for suspicious behavior insights to security teams Provides insights to security teams Produces results soon after deployment Module 07 Page 971 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 UBA/UEBA Tools [ | Q Q User Behavior Analytics 20 (UBA)/User and Entity Behavior (UEBA) Tools collect user activity details from multiple sources and D @’ use artificial intelligence and machine learning (A1/ML) algorithms to perform user behavior analysis to prevent and detect various threats before the fraud is perpetrated | ") f l\ N » e—— * | (l) Exabeam Advanced Analytics https://www.exabeam.com LogRhythm UEBA https://logrhythm.com Dtex Systems https://dtexsystems.com Gurucul Risk Analytics (GRA) e https://gurucul. Securonix UEBA https://www.securonix.com UBA/UEBA Tools User Behavior Analytics (UBA)/User and Entity Behavior (UEBA) Tools collect user activity details from multiple sources and use artificial intelligence and machine learning algorithms to perform user behavior analysis to prevent and detect various threats before the fraud is perpetrated User accounts are not the only entities in UEBA; entities also include system accounts such as virtual servers, workstations, |oT, and OT devices connected to the network. Listed below are some of the important UBA/UEBA tools: Exabeam Advanced Analytics (https://www.exabeam.com) LogRhythm UEBA (https://logrhythm.com) Dtex Systems (https.//dtexsystems.com) Gurucul Risk Analytics (GRA) (https://gurucul.com) Securonix UEBA (https://www.securonix.com) Module 07 Page 972 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Network Access Control (NAC) O Network access control, also known as the network admission control (NAC) are appliances or solutions that attempt to protect the network by restricting the connection of an end user to a network on the basis of a security policy O The preinstalled software agent might inspect several items before admitting the device and might restrict where the device might be connected @ Examples of NAC What does NAC do? ForeScout CounterACT hittps://www.forescout.com @ Authentication of users connected to network resources @ Identification of devices, platforms, and operating systems @ Defining a connection point of network devices @ Development and application of security policies ExtremeControl https://www.extremenetworks.com > Trustwave's NAC ) https://www.trustwave.com Cisco NAC Appliance https.//www.cisco.com Copyright © by E I. All Rights Reserved. Reproductions Strictly Prohibited Network Access Control (NAC) Network access control (NAC), also known as network administration control, restricts the availability of a network to the end user depending on the security policy. It mainly restricts systems without antivirus and intrusion prevention software from accessing the network. NAC allows a user to create policies for each user or systems and define policies for networks in terms of the IP addresses. The preinstalled software agent might inspect several items before admitting the device and might restrict where the device might be connected. = NAC implements detection programs using the following points: o It searches for an antivirus program and examines whether it has been updated or not. o It checks software. if the end system has a configured firewall or intrusion prevention o It searches for any viruses on the network and checks if the operating system has been updated or not. = NAC performs the following actions: o It evaluates unauthorized users, devices, or behaviors access to authorized users and other entities. o It helps in identifying users and devices on a network. It also determines whether these users and devices are secure or not. o It examines the system integration policies of the organization. Module 07 Page 973 with the network in the network. according It provides to the security Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls NAC helps in maintaining security Exam 212-82 policies for an increased control of the network. An organization must look into the threats to its network while considering the cost of implementing NAC. Organizations need to have plans to rectify the faults in the policies while implementing NAC. They should consider the following points: = Do the NAC policies authenticate users? = How well has the NAC been implemented? = Has the NAC been properly integrated with the device? * Does the NAC tool check if the end user is blocked? Organizations need to consider the following resources while implementing NAC: * Network infrastructure: Incorporate network access control policies within the network infrastructure = Security: Managing the infrastructure = Human resources: Reporting the network policies to the employees in an organization = Operations: Management of response, procedures, and actions = Management: Decide the priority of the policies, organization, and managing the budget issues effect of the policies on the Examples of NAC: » ForeScout CounterACT (https://www.forescout.com) = ExtremeControl (https://www.extremenetworks.com) » Trustwave's NAC (https://www.trustwave.com) = Cisco NAC Appliance (https://www.cisco.com) Module 07 Page 974 Certified Cybersecurity Technician Copyright © by EC-Council