Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Certified Ethical Hacker (CEH) v12 312-50 Exam Guide

You're reading from   Certified Ethical Hacker (CEH) v12 312-50 Exam Guide Keep up to date with ethical hacking trends and hone your skills with hands-on activities

Arrow left icon
Product type Paperback
Published in Jul 2022
Publisher Packt
ISBN-13 9781801813099
Length 664 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Dale Meredith Dale Meredith
Author Profile Icon Dale Meredith
Dale Meredith
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. Section 1: Where Every Hacker Starts
2. Chapter 1: Understanding Ethical Hacking FREE CHAPTER 3. Chapter 2: Introduction to Reconnaissance 4. Chapter 3: Reconnaissance – A Deeper Dive 5. Chapter 4: Scanning Networks 6. Chapter 5: Enumeration 7. Chapter 6: Vulnerability Analysis 8. Chapter 7: System Hacking 9. Chapter 8: Social Engineering 10. Section 2: A Plethora of Attack Vectors
11. Chapter 9: Malware and Other Digital Attacks 12. Chapter 10: Sniffing and Evading IDS, Firewalls, and Honeypots 13. Chapter 11: Hacking Wireless Networks 14. Chapter 12: Hacking Mobile Platforms 15. Section 3: Cloud, Apps, and IoT Attacks
16. Chapter 13: Hacking Web Servers and Web Apps 17. Chapter 14: Hacking IoT and OT 18. Chapter 15: Cloud Computing 19. Chapter 16: Using Cryptography 20. Chapter 17: CEH Exam Practice Questions 21. Assessments 22. Other Books You May Enjoy

Information security controls

"I don't even call it violence when it's self-defense. I call it intelligence," Malcolm X said.

These words capture the essence of information security controls – designed to help us protect networks.

Enter ethical hacking

So, what is the necessity of ethical hacking? Why do we need to do this? Well, we hear – almost daily – about how fast technology is moving. Because it's moving and growing so fast, it adds complexity. And because of rapid growth, and complexity, it creates issues for us.

So, with ethical hacking, we are going to try to accomplish the following:

  1. First of all, you need to review systems and infrastructure, such as hardware, copy machines, switches, and Wi-Fi access points.
  2. The next step is to test the current security, and you can do that via a pentest. After testing the current security, you will know how bad your system is, and by looking into that, you will be able to create solutions to cover the loopholes when it comes to the security of your system/computer.

    Pen Test

    A pen test is also known as a penetration test. It is a simulated cyberattack on your computer system to monitor for exploitable vulnerabilities.

  3. The next thing you need to do is retest the solutions to ensure that the created solutions are helpful.
  4. Now, when we're looking at this, we typically also need to be aware of both scope and limitation. The scope of ethical hacking is part of the risk assessment, auditing, as well as fraud. There are also best practices and a really good look at governance.

    Ethical Hacking

    Ethical hacking is commonly used as a penetration test to identify vulnerabilities and risk, identify the loopholes in a security system, and take corrective measures against those attacks.

The importance of ethical hacking

Ethical hacking is practiced to guard sensitive data from attackers. It works to protect your resources from attackers who want to exploit the vulnerability. Using ethical hacking, a company or organization can discover security vulnerabilities and risks.

Attackers keep themselves updated, figure out new mechanisms, and take advantage of new technologies to steal your data by gaining unauthorized access to your system/data.

In this scenario, you need somebody who can help to counteract these types of attacks, that is, an ethical hacker.

Ethical Hackers

They are security specialists who conduct these assessments. The proactive work that they do supports improving the security posture of an organization.

Understanding defense-in-depth strategies

Earlier on, we mentioned that information security controls work as self-defense or a safeguard for the cybersecurity of your computer. One of the baselines for securing your networks is using a defense-in-depth strategy (Figure 1.2). This means deploying different protections at different levels.

Layered protection

To understand the layer protection strategy, we'll take a look at banks and how bank robbers look at them. So, how does a skilled bank robber look at the bank they are planning to rob? They plan the robbery following these steps:

  1. First, they'll case the joint. In this step, they look at things such as the parking lot area to ensure successful entry and exit, marking where the doors are, how to access which section of the bank, and where the safe is.
  2. The robber then looks at the bank's security measures, such as CCTV cameras, the security alarm, security guards, and so on.
  3. Lastly, they go inside and interact with the bank staff. This presents them with the opportunity to familiarize themselves with the bank's processes and procedures.

Banks invest in the best security equipment and personnel, but we still read about robberies. Banks improve their security by putting in place various security measures. In our world, we call that layered protection. We come up with different security layers for separate components.

Figure 1.2 – A defense-in-depth strategy is designed to put "roadblocks" at each level to slow attackers

Figure 1.2 – A defense-in-depth strategy is designed to put "roadblocks" at each level to slow attackers

Layered protection is used in the protection of data that travels between various servers and components in the enterprise. Most organizations will deploy a corporate firewall in order to keep attackers out. The companies think that the firewall is good enough, but they let their application server talk to their database server without any security measures between them. While this approach is a good start, encrypting the data streaming between the two servers would be better in case an attacker penetrates the firewall. We can protect the resource by isolating the application server behind another firewall, effectively adding another layer to our defenses.

A single layer of protection can never adequately safeguard any company. Even if one door is closed, hackers will immediately locate another wide open, and they will exploit any weaknesses. On the other hand, you may fix the gaps in your security by using a variety of defenses simultaneously, such as firewalls, malware scanners, IDSes, data encryption, and integrity auditing solutions.

Important Note

We can't stop attackers. Our job is to slow them down or at least discourage them.

You have been reading a chapter from
Certified Ethical Hacker (CEH) v12 312-50 Exam Guide
Published in: Jul 2022
Publisher: Packt
ISBN-13: 9781801813099
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image