Chapter 8 - 04 - Discuss Ethical Hacking Concepts - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Module Flow Discuss Threat Hunting Discuss Various Threat Intelligence Feeds and Sources Discuss Vulnerability Assessment Discuss Ethical Hacking Concepts Understand Fundamentals of Penetration Testing and its Benefits Understand the Fundamentals of Configuration Management and Asset Management Discuss Ethical Hacking Concepts An ethical hacker follows processes similar to those of a malicious hacker. The steps to gain and maintain access to a computer system are similar irrespective of the hacker’s intentions. This section provides an overview of ethical hacking, why ethical hacking is necessary, the scope and limitations of ethical hacking, and the skills of an ethical hacker. Module 08 Page 1084 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools What Exam 212-82 is Ethical Hacking? @ Ethical hacking involves the use of hacking tools, tricks, and techniques to identify vulnerabilities and ensure system security @ It focuses on simulating the techniques used by attackers to verify the existence of exploitable vulnerabilities in a system’s security Ethical hackers perform security assessments for an organization with the permission of concerned authorities All Rights Reserved. Reproduction is Strictly Prohibited. What is Ethical Hacking? Ethical hacking is the practice of employing computer and network skills in order to assist organizations in testing their network security for possible loopholes and vulnerabilities. White Hats (also known as security analysts or ethical hackers) are the individuals or experts who perform hacking. ethical Nowadays, most organizations (such as private companies, universities, and government organizations) are hiring White Hats to assist them in enhancing their cybersecurity. They perform hacking in ethical ways, with the permission of the network or system owner vulnerabilities and to the without system the and intention network to owner cause for harm. Ethical remediation, hackers thereby report increasing all the security of an organization’s information system. Ethical hacking involves the use of hacking tools, tricks, and techniques typically used by an attacker to verify the existence of exploitable vulnerabilities in system security. Today, the term hacking is closely associated with illegal and unethical activities. There is continuing debate as to whether hacking can be ethical or not, given the fact that unauthorized access to any system is a crime. Consider the following definitions: * The noun “hacker” refers to a person who systems and stretching their capabilities. = The verb “to hack” describes the rapid development of new programs or the reverse engineering of existing innovative ways. = software to make enjoys learning the details of computer it better or more efficient in new and The terms “cracker” and “attacker” refer to persons who employ their hacking skills for offensive purposes. Module 08 Page 1085 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools = Most Exam 212-82 The term “ethical hacker” refers to security professionals who skills for defensive purposes. companies employ IT professionals to audit their systems Although this is a beneficial practice, crackers are usually more lesser-known vulnerabilities, and so these by-the-numbers for employ their hacking known interested system audits vulnerabilities. in using newer, do not suffice. A company needs someone who can think like a cracker, keep up with the newest vulnerabilities and exploits, and recognize potential vulnerabilities where others cannot. This is the role of the ethical hacker. Ethical hackers usually employ the same tools and techniques as hackers, with the important exception that they do not damage administrators regarding any patching those vulnerabilities. the system. They evaluate system security, update the discovered vulnerabilities, and recommend procedures for The important distinction between ethical hackers and crackers is consent. Crackers attempt to gain unauthorized access to systems, while ethical hackers are always completely open and transparent about what they are doing and how they are doing it. Ethical hacking is, therefore, always legal. Module 08 Page 1086 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Why Ethical Hacking is Necessary To beat a hacker, you need to think like one! @ Ethical hacking is necessary as it allows for counter attacks against malicious hackers through anticipating the methods used to break into the system Reasons why organizations recruit ethical hackers E To prevent hackers from gaining access v To provide adequate preventive measures in order to avoid security breaches to the organization’s information systems 9 To uncover vulnerabilities in systems and explore their potential as a security risk To help safeguard customer data To enhance security awareness at all To analyze and strengthen an organization’s security posture levels in a business Copyright © by L. All Rights Reserved. 0% Reproduction is Strictly Prohibited. Why Ethical Hacking is Necessary (Cont’d) Ethical Hackers Try to Answer the Following Questions 1 2 [ What can an intruder see on the target system? (Reconnaissance and Scanning phases) 4 ) What can an intruder protected, updated, Does anyone at the target organization notice the intruders’ do with that information? (Gaining Access and Maintaining Access phases) 5 ] Are all components of the information system adequately 3 1 — attempts or successes? (Reconnaissance and Covering Tracks phases) 6 | [vs——— How much time, effort, and money are required to obtain Are the information security measures in compliance with legal adequate protection? and industry standards? and patched? Copyright © by E cil. All Rights erved. Reproduction is Strictly Prohibited. Why Ethical Hacking is Necessary As technology is growing at a faster pace, so is the growth beat a hacker, it is necessary to think like one! Ethical hacking is necessary anticipating methods used as it allows by them to counter in the risks associated with it. To attacks to break into a system. from Ethical malicious hacking hackers by helps to predict various possible vulnerabilities well in advance and rectify them without incurring any kind of Module 08 Page 1087 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 outside attack. As hacking involves creative thinking, vulnerability testing, and security audits alone cannot ensure that the network is secure. To achieve security, organizations must implement a “defense-in-depth” strategy by penetrating their networks to estimate and expose vulnerabilities. Reasons why organizations recruit ethical hackers = To prevent hackers from gaining access to the organization’s information systems = To uncover vulnerabilities in systems and explore their potential as a risk = To analyze and strengthen an organization’s security posture, including policies, network protection infrastructure, and end-user practices = To provide adequate preventive measures in order to avoid security breaches = To help safeguard the customer data = To enhance security awareness at all levels in a business An ethical hacker’s evaluation of a client’s information system security seeks to answer three basic questions: 1. What can an attacker see on the target system? Normal security checks by system administrators will often overlook vulnerabilities. The ethical hacker has to think about what an attacker might see during the reconnaissance and scanning phases of an attack. 2. What can an intruder do with that information? The ethical hacker must discern the intent and purpose appropriate countermeasures. behind During the gaining-access and attacks to determine maintaining-access phases of an attack, the ethical hacker needs to be one step ahead of the hacker in order to provide adequate protection. 3. Are the attackers’ attempts being noticed on the target systems? Sometimes attackers will try to breach a system for days, weeks, or even months. Other times they will gain access but will wait before doing anything damaging. Instead, they will take the time to assess the potential use of exposed information. During the reconnaissance and covering tracks phases, the ethical hacker should notice and stop the attack. After carrying out attacks, hackers may clear their tracks by modifying log files and backdoors, or by deploying trojans. Ethical hackers must investigate whether such have been recorded and what preventive measures have been taken. This not only them with an assessment of the attacker’s proficiency but also gives them insight creating activities provides into the existing security measures of the system being evaluated. The entire process of ethical hacking and subsequent patching of discovered vulnerabilities depends on questions such as: = What is the organization trying to protect? = Against whom or what are they trying to protect it? Module 08 Page 1088 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools = Exam 212-82 Are all the components of the information system adequately protected, updated, and patched? = How much time, effort, and money is the client willing to invest to gain adequate protection? = Do the information security measures comply with industry and legal standards? Sometimes, in order to save on resources or prevent further discovery, the client might decide to end the evaluation after the first vulnerability is found; therefore, it is important that the ethical hacker and the client work out a suitable framework for investigation beforehand. The client must be convinced of the importance of these security exercises through concise descriptions of what is happening and what is at stake. The ethical hacker must also remember to convey to the client that it is never possible to guard systems completely, but that they can always be improved. Module 08 Page 1089 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.