Thursday 30 April 2020

6 Essential skills needed for Advanced Penetration Testing

EC-Council Study Material, EC-Council Guides, EC-Council Learning, EC-Council Tutorial and Material

Advanced penetration testing helps identify not just the vulnerabilities and security gaps in the overall IT infrastructure, but also recommends employee training and more importantly, methods to mitigate risks found. The need for ethical hacking and penetration testing arises from the fact that they are considered initial elements of a proactive cybersecurity strategy.

6 advanced pentesting skills that are in-demand by organizations 


Cybercrime is one of the fastest-growing threats with many companies reporting cyberattacks. 12news.com recently reported that a new member joined social media every 15 seconds. The Official Annual Cybercrime Report (ACR) 2019 predicted ransomware attacks on businesses every 14 seconds. Not surprisingly, more companies than before are considering cybersecurity strategies to protect themselves from cyber threats. But with many cybercriminals evolving, responding to attacks is simply not enough. Organizations should become proactive and use strategies such as advanced penetration testing. Few penetration testing skills that are in-demand are as follows –

EC-Council Study Material, EC-Council Guides, EC-Council Learning, EC-Council Tutorial and Material
1. Going beyond tool suites to find vulnerabilities and exploits.
2. Understanding secure web communications. From registering the web domain name to applying the same to a cloud-IP address.
3. Securing web communication by generating secure domain certificates.
4. Understanding web technologies and the need for secure web applications.
5. Ability to script or write a code.
6. Effective report writing skills.

How to acquire these skills? 


Cybersecurity is evolving continuously and with the process of penetration testing. The rising pace of cyberattacks and the enhanced techniques of attackers are demanding new and upgraded penetration testing skills. EC-Council’s Advanced Penetration Testing (APT) course prepares a penetration tester to deal with the most complex and toughest real-life scenarios. The program helps prepare you to challenge and attain the title of Licensed Penetration Tester (Master).

What is APT and why is important to attain the LPT Master:



Unique features of the Advanced Penetration Testing (APT) program of EC-Council: 


1. It is crafted by the finest

The LPT Master exam throws challenges that are based on real–life experiences. The finest penetration testers of the industry have designed the APT program to contain real penetration testing capabilities, prepping you for not just the LPT Master, but to assume real-life roles as well. The cyber ranges are designed for the skills required at a professional level to identify the target surface in a given time frame and then gain access over the machines. The objective is to make you encounter the finest targets that may or may not have a defense, to refine your penetration testing skills. 

2. It leverages industry–standard methodologies 

APT is based on the Advanced Penetration Testing Cyber Range (ECCAPT), which enhances a specific set of real-life penetration testing skills. The ECCAPT has 180 machines, 250 GB RAM, and 4000 GB storage. The entire setup is segregated in complex network ranges with various militarized and demilitarized zones. A typical range is divided into 5 to 8 subnets, and every subnet represents a different business unit and comprises semi-hardened and hardened machines having more than 15 Windows and Linux OS. 

3. It is created for real-life penetration testers

The advanced penetration testing course is created to prepare penetration testers with real-life challenges. The training is meant to encourage you to develop the skills that you have been willing to acquire to attain L|PT Master. Preparing for L|PT Master is not easy, and the exam is even worse. The exam tests your technical, intellectual, and analytical skills at the brink of your exhaustion. It expects you to demonstrate mastery of penetration testing techniques and tools along with multi-level pivoting. APT course helps individuals imbibe the required range of advance and complex penetration skills that enables you to perform at the L|PT Master training profoundly. 

4. It is 100% hands-on 

The APT program covers advanced concepts of scanning against defenses, deploying proxy chains, pivoting between networks, and using web shells. The program provides real-life scenarios concerning firewalls, operating systems, multiple network segments, demilitarized zones, web technologies, security control layers, and access control policies. The last module also includes the scope of work (SOW) for each network developed for the course. Being a combination of various ranges, the course leverages industry recognized penetration testing methodologies.

Source: eccouncil.org

Tuesday 28 April 2020

4 Reasons every CISO should learn Digital Forensics

EC-Council Study Material, EC-Council Guides, EC-Council Exam Prep

The role of Chief Information Security Officer (CISO)  is significant in organizations with sophisticated cybersecurity protocols. A CISO can handle internal and external risk management for the IT landscape. Nowadays, cybersecurity is one of the biggest concerns that every business comes for it to ensure the safety of their data. CISO is a top security executive who should be looking for regulations and compliances that impacts their role too. Therefore, knowledge of digital forensics is extremely critical to any successful CISO.

Why a CISO should know digital forensics


Digital forensics is a branch of forensic science that encompasses identification, preservation, extraction, and documentation of computer evidence to produce in the court of law. It deals with forensic investigations on the computer, mobile phones, and other digital devices.


The CISO is a leader of the cybersecurity team and, therefore, should be aware of crucial cybersecurity subjects. Digital forensics plays an intrinsic role in determining the cause and purpose of a cyberattack. Thus, the findings of an investigation serve a greater purpose to a decision-making authority when reframing security strategies. A CISO with a digital forensic knowledge or certification can justify the duties and responsibilities of the job role.

Why digital forensics is a must


1. Avoid pitfalls


In case of an intrusion by an insider or potential attacker, a team of IT, security, management, and representatives from other departments come into the picture. The frontline staff should be trained on communication channels in case of emergencies. Immediately isolating and shutting off the suspected machine will help too. Also, consider the possibilities of weighing the pros and cons of duplicating everything. Another solution is training the staff on evidence preservation. The staff shall be trained to preserve evidence carefully. The forensic team looks for recent changes and access to study the timeline of events.

A common mistake that the staff members do is turning off or rebooting the machines, which may destroy evidence stored in the memory. Giving a laptop of the previous employees to the new employees without scanning for malicious content could create security issues. These acts will tamper the evidence, and their recovery becomes difficult.

2. Check logs


Digital forensics is not just restricted to laptops and systems. It also involves communication data and network access. Thus, insider conspiracy can impact the employer and the client company. It turns out that the responsibility of a CISO is to remain aware of the logging history and retain it as evidence. During investigations, when a CISO or digital investigator faces a logging issue, they realize that the access is denied, saving the performance of the network. CISOs must consider this a risk management decision as access to the network is critical.

3. Ensure the chain of custody


Safe custody is a crucial part of forensic investigation to present it in the court of law. Without a chain of custody, there can be an allegation of tampering the evidence. For in-house forensic procedures, employees should follow the copying and transfer of evidence process.

Preserving data, documenting, and producing it is just not enough. The CISO’s responsibility is to ensurethe maintenance of the chain of custody. Here are few suggestions to maintain the chain of custody –

◉ Collecting and documenting the evidence.

◉ Keeping evidence in possession of an investigator.

◉ Tracking and documenting the transfer of evidence from one investigator’s custody to another’s.

◉ Ensuring the security to avoid tampering of the evidence.

◉ Creating hash values for every piece of evidence retains the originality of it.

Forensic investigators create copies of the compromised system or evidence and analyze the copied version. It allows keeping the original system under safe storage. The court of law accepts only that evidence produced in its original form.

4. Hire skilled professionals


Though organizations have in-house resources to conduct forensics, they prefer calling experts as consultants. Experts include forensic tool vendors, certification providers, professional associations, etc. There are both vendor and vendor-neutral certifications in the digital forensic field, which adds value to one’s experience.

Forensic consultants use different tools that are opensource, commercial, or custom-made. The investigator uses tools based on the requirement, and therefore, it is not good to assess them based on the tool selection. Instead, assess investigators on network architecture knowledge. Forming an in-house forensics team makes sense for big organizations. Small and medium organizations can hire digital forensics consultants to conduct forensic.

It makes sense to say that to be a successful CISO you should be a certified digital forensic investigator. A recognized program like Certified Hacking and Forensic Investigator (C|HFI) prepares you to conduct computer investigations using groundbreaking digital forensics technologies. The program provides detailed knowledge of laws and regulations that can be considered for a CISO’s profile.

Source: eccouncil.org

Sunday 26 April 2020

Types of Network Security Attacks

Network Security, EC-Council Study Materials, EC-Council Guides, EC-Council Certifications

Internet is today’s bread-giver as many people rely on it for various professional, social, and personal activities. The communication, sharing of data, business transactions, or in short, the entire trade and commerce industry is dependent on the network. Though the internet can network and connect the world-at-large, some people may attempt to damage and disrupt these networks repeatedly for various reasons. These attackers violate privacy and intrude the internet-connected devices either to retrieve information or to make it inoperable.

In the wake of a variety of existing frequent network attacks and the threat of new destructive future attacks, network security has gained prominence in the scope of computer networking.

Common Types of Networking Attacks


1. Virus

A virus is not self-executable; it requires the user’s interaction to infects a computer and spread on the network. An example is an email with a malicious link or malicious attachment. When a recipient opens the attachment or clicks the link, the malicious code gets activated and circumvents the systems security controls and makes they inoperable. In this case, the user inadvertently corrupts the device.

2. Malware

Malware attack is one of the most severe cyberattacks that is specifically designed to destroy or gain unauthorized access over a targeted computer system. Most malware is self-replicating, i.e., when it infects a particular system, it gains entry over the internet and from thereon, infects all the systems connected to the internet in the network. An external endpoint device if connected, will also get infected. It works exceptionally faster than other types of malicious content.

3. Worm

A worm can enter a device without the help of the user. When a user runs a vulnerable network application, an attacker on the same internet connection can send malware to that application. The application may accept the malware from the internet and execute it, thereby creating a worm.

4. Phishing

Phishing is the most common types of network attacks. It stands for sending emails purporting as from known resources or bankers and creating a sense of urgency to excite user to act on it. The email may contain malicious link or attachment or may ask to share confidential information.

5. Botnet

It is a network of private computers which are a victim of malicious software. The attacker controls all the computers on the network without the owner’s knowledge. Each computer on the network is considered as zombies as they serve the purpose of spreading and infecting a large number of devices or as guided by the attacker.

6. DoS (Denial of Service)

A Denial of Service is a crucial attack that destroys fully or partially, victim’s network or the entire IT infrastructure to make it unavailable to the legitimate users.

The DoS attacks can be categorized in the following three parts –

1. Connection flooding:

The attacker bogs down the host by establishing a large number of TCP connections at the targeted host. These fake connections block the network and make it unavailable to legitimate users.

2. Vulnerability attack:

By sending a few well-crafted messages to the vulnerable operating system or application running on the targeted host, stops the service or make it worse to the extent that the host crashes.

3. Bandwidth flooding:

The attacker prevents legitimate packets from reaching the server by sending a deluge of packets. The packets sent are large in number so that the target’s link gets blocked for others to access

7. Distributed Denial of Service (DDoS)

It is a complex version of a DoS attack and is much harder to detect and defend compared to a DoS attack. In this attack, the attacker uses multiple compromised systems to target a single DoS attack targeted system. The DDoS attack also leverages botnets.

8. Man-in-the-middle

A man-in-the-middle attack is someone who stands in between the conversation happening between you and the other person. By being in the middle, the attacker captures, monitors, and controls your communication effectively. For example, when the lower layer of the network sends information, the computers in the layer may not be able to determine the recipient with which they are exchanging information.

9. Packet Sniffer

When a passive receiver placed in the territory of the wireless transmitter, it records a copy of every packet transmitted. These packets can contain confidential information, sensitive and crucial data, trade secrets, etc. which when flew over a packet receiver will get through it. The packet receiver will then work as a packet sniffer, sniffing all the transmitted packets entering the range. The best defense against packet sniffer is cryptography.

10. DNS Spoofing

It is about compromising a computer by corrupting domain name system (DNS) data and then introducing in the resolver’s cache. This causes the name server to return an incorrect IP address.

11. IP Spoofing

It is the process of injecting packets in the internet using a false source address and is one of the ways to masquerade as another user. An end-point authentication that ensures the certainty of a message originating from the place we determined would help in defending from IP spoofing.

12. Compromised Key

An attacker gains unauthorized access to a secured communication using a compromised key. A key refers to a secret number or code required to interpret secured information without any intimation to the sender or receiver. When the key is obtained by the attacker, it is referred to as a compromised key which serves as a tool to retrieve information.

Saturday 25 April 2020

How to bring Networking and Security together

EC-Council Networking, EC-Council Security, EC-Council Study Materials, EC-Council Guides

Surprisingly, networking and security were once upon a time considered different entities; where security solutions like firewalls were applied to the network after their construction. The security team was concerned about the security defense mechanism and threat detection methods based on time and a defined perimeter. On another hand, the networking team was responsible for issues related to latency, reliability, and bandwidth. Eventually, organizations shifting to hybrid networks couldn’t cope with traditional approaches as they sought scalability and automation. As technology at the workplace has evolved, there is more impetus on businesses to ensure network security.

Networking vs. Security



Trends that drive change


Bringing these two functions together is a must due to the fast-growing security threats that have enabled enterprises to implement security measures, and the services that stretch from anti-virus software to intrusion prevention methods. The network latency and increased network traffic due to attached IoT devices is also a concern. It makes sense to not treat networking and security as independent entities.

Additionally, modern networks are now combining the use of physical data centers and cloud storage, which again demand the same level of security. Security approaches like micro-segmentation, policy consideration, etc. ensure the integration of functions into a framework with the holistic contribution of the providers.

Another reason to blur the lines between these two functions is the efforts that an enterprise makes to stay ahead of the competition. Businesses are constantly moving to new geographical markets and exploring new verticals. The process of expansion involves cost-effective reconfiguration and updated network security connections across all locations. It becomes viable to a business integrated with a variety of approaches to have a well-structured and defined network security.

1. Segmenting network security

When an enterprise microsegment its network down to a single server, the top-most switch in the rack becomes a security policy enforcement point. Micro-segmenting of the network is creating more opportunities for businesses, because when the incident happens, they can either shut down the port, encrypt the data, or shift the traffic to a different virtual LAN. This approach should be open and inclusive before it is applied for the long-term.

2. Automating the network security

Most networks are a mix of different vendors’ equipment making them look homogenous. The equipment interacts based on cohesive standards because network intelligence can predict threats. The intelligence can feed this information into a security policy creation function. By automating the security policy creation to a centralized point, network devices can be framed as security policy enforcers getting through the point of connection.

3. Merging network with security

Among the various benefits, and amalgamating network with security helps increase visibility and to reduce operational overhead. The improved visibility also reduces resolution and troubleshooting times. By framing and implementing security policy throughout the organization, meaningful intelligence can be developed with fewer errors. Merging networks with security also facilities migration to cloud services. The approach of merging the network and security will contribute to complying with PCI, GDPR and other regulations. It avoids large-scale upgrades by protecting current investments. 

The rewards could also be in the form of lowered costs, reduced risk, and operational efficiencies. 

Source: eccouncil.org

Thursday 23 April 2020

6 Types of Password Attacks commonly used by Ethical Hackers

Ethical Hackers, EC-Council Guides, EC-Council Tutorial and Materials, EC-Council Exam Prep

Password attacks, when performed by ethical hackers, verifies the probability of being hacked. In other words, the technique secures your accounts by ensuring that they cannot be hacked by cybercriminals.

Changing your password is indeed the best way to ensure the security of your accounts. However, taking necessary precautions to mitigate password theft is also an important step to secure your account. Assuming that your password cannot be hacked is exactly what cybercriminals want you to think.

How to create a strong password?



Scoring the password to an individual account using traditional methods is easier than securing an organization’s account. However, cybercriminals often target business accounts for monetary and non-monetary reasons. They apply advanced techniques to compromise the accounts. Ethical hackers’ role comes in to ensure the security of your accounts. They test the probability of a compromise. They perform various methods of password hacking, which reduce the probability of being hacked.

6 types of password attacks commonly used by ethical hackers


SNo. Types of Password Attacks  Sub-divisions of Password Attacks Process of Password Attacks 
Non-electronic Accounts It is a non-technical attack thatis performed even without sound technical knowledge.  Shoulder surfing
Social engineering
Dumpster diving 
Active Online Attack Password guessing   Attackers create possible passwords by collecting information from social media accounts and other online sources.

Criminals use the default password provided by manufacturers to crack accounts. 
Brute forcing attack Attackers make multiple attempts with possible combinations until they crack the account.
Dictionary attack   Attackers load dictionary files of passwords and runs it against user attacks. 
Rule-based attack   The attack is performed only after receiving information about the password. 
Trojans/ Keylogger/ Spyware   Either of these viruses or malware are run in the background to track the passwords. 
Hash injection attack   The attacker injects a compromised hash into a local session and uses it to retrieve the domain admin account hash. To log on to the domain controller, use the extracted hash. 
3 Passive Online Attack   Man-in-the-middle   The attacker gains access to the communication channel to extract confidential information.
Wire-sniffing   Packet sniffer tools on the local area network are used to access and track the network traffic.
Replay attack Packets and authentication captured using a sniffer are used to extract relevant information, and then they are placed on the network to gain access. 
4 Offline Attack   Rainbow table Captured password hashes are compared to the precomputed tables to recover passwords.
Distributed network attack The technique is used to recover passwords from hashes using excess power of machines to decrypt passwords. 

Ethical hackers need to be aware of all these and various other password attacks that are commonly used by cybercriminals. It requires getting into the attackers’ shoes and wearing their thinking cap and performing all possible attempts to infiltrate business accounts. Moreover, if ethical hackers can compromise your password, then remember that cybercriminals can easily compromise it too.

Learn and acquire ethical hacking skills


Certified Ethical Hacker (CEH) is a recognized ethical hacking program and is a must credential to all the information security professionals to learn ethical hacking from its fundaments. The CEH trains you on the latest hacking tools and techniques used by information security professionals to secure and defend the organizations from future attacks.

Source: eccouncil.org

Tuesday 21 April 2020

How to Hack Social Media Accounts

EC-Council Study Materials, EC-Council Guides, EC-Council Learning, EC-Council Exam Prep

Hacking into social media accounts is popular, as it requires very little technical skill. The method does not usually don’t refer to high-end hacking, i.e., creating backdoors or injecting malicious code. These platforms witness more of a psychological attack. This form of attack is generally known as social engineering. It is a method of manipulating targets into performing mischievous activities. Common examples of social engineering scams could be – posing as a bank employee asking for credit card details or pretending to lose a key to an office and tail-gaiting. While setting up a personal account on Facebook or Instagram, people sometimes fail to consider the possible security risks. The more personal information put up online, there are more chances of exploitation. This blog will give you a rough idea on how to hacksocial media accounts.

5-Step Guide to HackSocial Media Accounts


Hacking on social media platforms always starts with the weakest link – humans.

Step 1: Choose your target

The perpetrator starts with choosing a target. Hacking into someone known’s account is easier as compared to playing with the psyche of an unknown individual.

Step 2: Collect information

Once done with target selection, it’s time to gather as much relevant information about the target. For instance, look for family members, hobbies or interests, current relationships, or favorite places.

Step 3: Create a phishing page 

There are several tools available in the market that can help you build a phishing page. It is a recommendation not to go for free hosting websites for creating a phishing page. Otherwise, you will end with a suspended account.

Step 4: Set up a trap

Under this step, set up a trap by using the collected data and sending a fake email or SMS. Creating a fake account and messaging would be a better option.

Step 5: Result

The last step is to wait for the target to take the bait (phishing page). After which collect the login credentials from the trap.

Source: eccouncil.org

Sunday 19 April 2020

5 Must-have components for every Business Continuity Plan in a Coronavirus World

EC-Council Guides, EC-Council Learning, EC-Council Prep, EC-Council COVID-19

Businesses have had a rough start to the beginning of the new year, 2020, and new decade. From COVID-19 to Puerto Rican earthquakes, from volcanic eruptions in Alaska to powerful tornadoes of Tennessee, enterprises have faced several challenges. During such unanticipated situations, organizations need a contingency plan to continue their business operations. Moreover, a dedicated team of security professionals is needed to build a robust business continuity and disaster recovery (BC/DR) plan. It would be the team’s responsibility to keep the business afloat during the tough times, i.e., unexpected events, including coronavirus. 

The Key Elements of a Business Continuity Plan in a COVID-19 Coronavirus World   


Disaster recovery professionals should be able to predict potential interruptions. Check out this detailed coverage by Tim Foley, Director of Information Security for the CYBER division at Dataprise. In the video, he comprehensively covers whether the organizations are ready to combat cyber threats:


Here’s a list that you can refer to while drafting a business continuity (BC) plan –   

1. Risk Assessment – Conduct BIA (Business Impact Analysis)  

The Business Impact Analysis (BIA) anticipates the possible repercussion of disrupts on regular business operations. It analyzes and gathers details to draft a recovery strategy. In other words, BIA is an assessment of potential loss during a disaster. Using BIA, staff identify mission-critical activities and suggest an optimal recovery time.   

2. Risk Mitigation   

Mitigating cyber risks is a must. Eliminate the loopholes risking the safety of company assets and business operations. The professionals should draft a comprehensive module dealing with the minimization of the risks. To serve the purpose, the team can incorporate the following in the plan –   

◉ Either cut or drop points of dependency   

◉ Check third-party readiness    

◉ Detailed IT backup strategies    

◉ Maintain stock of critical equipment or tools to repair 

◉ Split functions and resources at multiple sites    

◉ Keep substitutes handy    

◉ Build preventive maintenance and testing programs    

◉ Cross-functional training for the team   

3. Be Ready with Business Continuity Strategies  

It is a must that organizations should have the listed strategies in place –   

◉ Alternate practices to continue daily operations    

◉ Outsourcing or third-party service providers    

◉ Secondary or backup suppliers    

◉ Prioritizing business operations and demand of customers    

◉ Work from home strategies    

◉ Availability of mobile offices   

4. Establish Clear Roles and Responsibilities  

Depending on the size of the organization, build a planning team that is clear about their roles and responsibilities. If it is a small-scale enterprise, then involving all the employees would be a great idea.   

5. Implementation and Testing  

The involved professionals should undergo regular training sessions and simulation exercises. Based on the outcomes of these “fire drills,” organizations adopt the required changes. After this, enterprises are free to put the drafted business continuity plan in place.  

In conclusion, the team should consider the listed elements for prioritizing key business processes. A detailed program can spot potential cyber threats and include mitigation strategies. For this, businesses need a disaster recovery professional with skills in business continuity.

Source: eccouncil.org

Saturday 18 April 2020

How to Write a Vulnerability Assessment Report

EC-Council Study Materials, EC-Council Guides, EC-Council Certifications, EC-Council Prep

Cybersecurity is an ever-expanding industry with specialized domains. At times, it challenges seasoned security professionals while identifying vulnerabilities. The report carries information on the network, system, and application vulnerabilities. If one is not into penetration testing, then it gets tough to decode a vulnerability assessment report.

The vulnerability scanning and assessment report guides security professionals on how to address security issues. A vulnerability scan works in two phases – scanning and reporting. Regardless of the type of vulnerability reports, it demands immediate action.

All about a vulnerability scanning report


A vulnerability assessment report offers detailed information on existing vulnerabilities. With the help of this report, companies can assess their security posture and find appropriate solutions to eliminate the vulnerabilities.

7 Critical Elements of a Vulnerability Assessment Report


Every vulnerability scanning and assessment report should cover the following elements

Element Description 
Scan Information   It carries information like the name of the scanning tool, its version, and the network ports to be scanned.
Target Information  Under this section, the report carries details on the targeted system – its name and address.
Results  This is the part where a reader would find the complete scanning report. 
Target  This sub-section of ‘Results’ comes with the detailed information of all the involved hosts, which includes –

◓ This element contains the name and address of the host.
◓ This will give the details of the operating system and its type.
◓ It will show the date of the test. 
Services  The subtopic covers the names and ports of the network services. 
Classification  With this element, the system administrator can find out the additional details about scanning, like the origin of the scan. 
Assessment The part covers the information on the scanner’s vulnerability assessment.

Source: eccouncil.org

Thursday 16 April 2020

Checking Your VPN for Data Leaks

EC-Council Study Materials, EC-Council Guides, EC-Council Tutorial and Materials

It’s hard to travel far online without running into an article or advertisement for a virtual private network (VPN). As internet security concerns have grown, so has the demand for tools and services to fight back against hackers and their malware attacks.

While coming up with hard numbers is difficult, thanks to the VPN industry’s reluctance to share stats, it appears that about one in four people use this service presently and that number is expected to rise.

One of the big advantages of VPNs is the anonymity provided. Normally, when you connect to the internet from your home or office internet service provider (ISP), your device will be assigned a unique internet protocol (IP) address for managing all incoming and outgoing traffic.

Although IP addresses may seem like random sequences of numbers, they are actually easy to look up and correlate to your geographic location. In contrast, a VPN client operates its own separate network and distributes anonymous IP addresses, which are harder for external entities to track.

But how can you be sure that your VPN service is actually anonymous? Experts have discovered that some tools and providers actually have leaks that may allow your local IP address to be exposed, which sort of defeats the whole concept of privacy.

Read on to learn more about this issue and how to handle it.

Basics of VPN


EC-Council Study Materials, EC-Council Guides, EC-Council Tutorial and Materials

A complete VPN solution requires two parts: the endpoint server and the client application. The VPN provider is responsible for running the endpoint server, which is typically cloud-based and hosted across virtualized infrastructure. The client application is a software tool that individual users can install on all types of devices, including PCs and smartphones.

After installing the client application, a user will initiate the connection to the endpoint server and be prompted for authentication. At that point, the user’s device is assigned a new IP address by the endpoint server and a secure tunnel is formed between the two locations.

Winning the geolocation game: Outgoing requests to the internet will still originate with your ISP, but because your IP address is being managed by the VPN provider, your traffic will be anonymous. In a corporate environment, your VPN’s IP address will usually match the company’s local network.

If someone does try to look up your IP address, it will likely show as being linked to the VPN provider and that company’s hosting location. Some individuals use VPN clients to specifically route their internet traffic through a different country or geographic location for the purpose of downloading or streaming content.

All data passed between the client application and the endpoint server will be encrypted, which means that only the VPN provider is capable of decoding the traffic. Even if you are connected to a public Wi-Fi network, hackers will be unable to infiltrate the router and intercept your data.

WebRTC Leaks


Most modern web browsers, including Google Chrome and Mozilla Firefox, come preinstalled with a feature known as real-time communication (RTC). RTC is the protocol that allows websites to display dynamic content and update a page without the visitor needing to manually reload it.

For example, social networks such as Facebook and Twitter make heavy use of the RTC protocol. That’s how they are able to show you updates on posts and comments without you needing to navigate to a different web address. Your browser maintains a consistent connection with the site.

Unfortunately, a bug was discovered with RTC in 2015 that can affect how your IP address is handled by the web browser. Developers discovered that when using browsers with RTC enabled, the original IP address from your ISP will be visible even if you are authenticated with a VPN client.

DNS Hijacking


EC-Council Study Materials, EC-Council Guides, EC-Council Tutorial and Materials

As a result of WebRTC Leaks, there’s a potential risks for hackers being able to infiltrate your local network and reroute your internet traffic. This type of attack is known as domain name system (DNS) hijacking and has become more and more common since the WebRTC bug was first found.

The DNS database contains information about all the website addresses available on the internet. When you navigate to a .com or .net address in your browser, the application first talks to DNS to determine how to route your traffic. But because DNS is based on IP addresses, it is vulnerable to manipulation behind the scenes.

If a hacker is able to hijack your local DNS settings through a VPN leak, then they may be able to reroute your web requests to a malicious webpage. For example, you might click on a familiar bookmark link but actually land on a hacker-built suspicious web page looking to steal private information.

Tools for Protection


You should be aware that not all VPN providers are susceptible to the issues with WebRTC Leaks. Therefore, it is important to research the best VPNs and find one that can guarantee your IP address will remain anonymous. Note that free VPN tools typically have major security holes and should be avoided.

Chrome extension: If you are concerned that your VPN client may be leaking your true IP address, then you should install a third-party extension like WebRTC Control for Google Chrome. With this tool, you will be able to see what IP address is being shared through RTC compared to the address being used for other web protocols.

When you find a disparity between your IP addresses in the tool, you should use the extension option to automatically disable all RTC-based components in your browser. Once that is complete, you can refresh the page and you should receive confirmation that your VPN address is being used for all requests.

To check for potential DNS hijacking, use a website like DNSLeak.com to pull up a record of the current DNS database that your device is using. In most cases, the DNS database should be linked to your ISP or the VPN provider. If you do not recognize the owner of the DNS database, it could be a sign that your device is compromised and is rerouting your network traffic.

The Bottom Line


While the average internet user might not want to spend time and effort considering the data leak issue, there’s not much point in using a VPN unless it functions as advertised and creates actual online anonymity for you. Reread the issues and solutions we’ve just discussed and then roll up your sleeves and get to work frustrating as many hackers as possible.

Source: eccouncil.org

Tuesday 14 April 2020

How to Build a Strategic Business Continuity Plan beyond COVID-19

EC-Council Study Materials, EC-Council Guides, EC-Council Learning, EC-Council Prep

After the rapid spread of COVID–19, arguably, every organization around the world shifted its primary priorities dramatically. As a result, several concerns surfaced, such as disruption in the workforce, daily business operations, and supply chain. A recent report on “business responses to the COVID–19 outbreak” suggests, 51% of enterprises around the globe do not have a business continuity plan. Out of more than 300 businesses, half of the organizations are not ready to combat disasters. Well, with employees working remotely in the wake of coronavirus-themed attacks, companies need a sound IT disaster recovery and business continuity plan.

As the updates on the disease fill the news, business leaders are struggling to keep up. Moreover, the traditional disaster recovery plan steps focus on recovering utilities and physical resources. Yet, they fail to cover the sustenance of daily activities during such tough times.   

In this blog, we have put together the crucial steps to shape a pandemic response plan.

3 Elements of a Business Continuity Plan during the COVID-19 pandemic  


The following components will address the ways to keep the business operations running at the time of unforeseen events.   

1. Business resilience

A healthy business continuity plan should focus on business resilience. Today, companies are fighting an unexpected war to keep their daily activities going. To summarize, they need an evolution in protocols to keep their businesses running.   

Furthermore, business resilience needs the evaluation of core business systems. Enterprises rely on hybrid infrastructure, the right blend of on-premise and cloud-based infrastructure. The arrangement is perfect for leveraging new technologies while managing financial burden within an acceptable limit.

Thus, generating the need for a better business continuity plan. It should ensure smooth access to company tools and resources when working from home. 

2. Licensing requirements 

Another factor to consider is licensing requirements for the entire staff. For instance, a firm has 500 employees but owns only 300 VPN licenses. Organizations must have a policy dealing with such a situation in the time of need. Meanwhile, configure the firewall architecture to accommodate the sudden increase in network traffic. Even other network security solutions, including Intrusion Prevention System (IPS), needs to work accordingly.

3. Address themed attacks 

Unfortunately, cybercriminals are using the impacts of the pandemic to their advantage. They are carrying out phishing scams to target vulnerable individuals and organizations. Employees eagerly waiting for updates on COVID-19 are most likely to fall prey to these scams. The plan should incorporate an efficient system to stop phishing campaigns. It will also help in shutting down a potential cyberattack.

Source: eccouncil.org

Saturday 11 April 2020

5 Emerging cyber threats to watch in 2020

EC-Council Study Materials, EC-Council Guides, EC-Council Learning, EC-Council Prep

Throughout 2019, ransomware continued making headlines and it is highly likely that this trend will continue in the coming year. Here are some popular emerging cyber threats for 2020:

Cybersecurity threats of higher-order


Earlier, “top threats” were based on the perspective of targets. For example, ‘ransomware’ or ‘AI malware’ were considered to be the most severe threats. But over time, we have become cyber-mature, and the understanding of what a top threat is has changed.

A threat that is crucial to one industry may not be of the same significance to another. Where ‘ransomware’ tops the threat-list among industries like healthcare or manufacturing, ‘insider’ is a potential cyber threat in the IT or corporate industry. The classification of threats and dealing with higher-order threats in respective industries could be challenging in 2020.

Insider threats

An insider is considered a potential threat vector. Last year 64 percent of total incidents occurred due to insider threats, making it one of the top five cyber threats of 2019. We have seen the adversity that an inadvertent insider can cause to an organization. Even more dangerous incidents occur when insiders pass data to other nations or terrorist groups.

The best example of such insiders comes from the recent incident of Prefecture of Police in central Paris. Michael Harpon, from the police department, who exfiltrated lots of classified information via USB for several years, ended up stabbing six colleagues, killing four. He was working for the intelligence unit of the prefecture from the last 16 years and had military secrecy security clearance. Investigators still cannot decipher who was receiving this information. Cyberthreats leading to national security risk will be among the top threats in 2020.

Disinformation

When hostile governments engage in massive disinformation campaigns, more often than not the outcome is instability during adversaries. 2020, which is going to be a U.S. presidential election year, disinformation of any sort would be the biggest cybersecurity threat. To avoid the risk of such massive attacks, the nation would require a large number of analysts who can eliminate and clarify those disinformation campaigns. The campaigns can also misguide patriotism and make individuals sympathetic to foreign governments. This, in turn, may lead to the development of a radicalized insider.

Privacy

Having your data online is a threat to privacy. Earlier it was ID cards, bank account details, medical history, etc. which used to be the preferred target of the criminals. Now, due to the digitalization of government processes, personally identifiable information (PII) can be largely found dumped in government and commercial businesses. The information that we choose to offer and the one that has been collected for various reasons adds to the database. If any of this information is stolen, it becomes easy for the attackers to steal our identity and gain access to our personal IT assets or business networks. The threat of privacy will continue to be on the top in 2020.

In a gist, the biggest threat for the year 2020 is not malware or ransomware attacks. The risks are expected to be from high-order campaigns allowing access to the attackers to commit crime quickly.

Beware of Smishing rather phishing


In the coming year, due to online interactions, attackers may switch from traditional email phishing to interactive platforms like WhatsApp, Slack, LinkedIn, Signal, etc. which are commonly used as an alternative to email.

Technology upgrades


In spite of growing sophistication in the cyberattacks, technology up-gradation will continue at its pace and sometimes, more rapidly.

Moving to 5G

The advent of 5G will definitely increase the speed and which would again demand more security. The deployment of 5G may reveal more security issues and accordingly, it has to be dealt with.

Supply chain security

As earlier, the security issue of the supply chain may continue to prevail due to the custody of equipment and underlying components falls under more scrutiny.

IoT

Something cannot be ignored in 2020 is “IoT”. The introduction of smart devices at home and the workplace will continue to throw new challenges to our data security.

Security tools to be prioritized


In the big picture, the particular attack is not expected to be a real threat in 2020. It is the unwillingness of companies to adopt or improve security tools and not equipped to counter new threats that can be a major threat. Having more advanced tools in the absence of integration can also be a severe threat to any business.

CTIA for future prospects


Certified Threat Intelligence Analyst program has been doing a great roundabout among security threat analysts to learn and acquire skills in identifying, analyzing and combating various threats. As we are entering a year that is expected to gift us a completely new form of cyber threats, the skills of threat analysts will be definitely questioned. C|TIA is a method-driven program that uses a holistic approach, covering concepts from planning to building an effective threat report, when used properly, can secure organizations from future threats. The program addresses all the stages involved in the threat intelligence life cycle.

Source: eccouncil.org

Thursday 9 April 2020

3 Challenges to SAP Penetration Testing

EC-Council Study Materials, EC-Council Guides, EC-Council Tutorials and Material


The security of SAP is a balancing act involving processes, controls, and tools to restrict users’ access within the SAP landscape. This helps to ensure that the access to the functionality is legitimate. That means the users share restricted access based on their job needs. To avoid damage to the data, it is prevented from unauthorized access. Meanwhile, the access should not lock out staff members in their workflows. Probably, the requirement is to restrict the employees from spending unproductive time getting back to work. In order to ensure SAP security, cybersecurity should be in place. Penetration testing plays a significant role in achieving SAP security.

SAP security focuses mainly on internal threats, whereas cybersecurity focuses on internal and external threats. Hence, cybersecurity is a bigger landscape where SAP joins as an entity. A capable security services manager can help in eliminating the potential risks involved in SAP security. An information security expert can help monitor, revamp, and remediate the security risks of SAP. Government regulation and control (GRC) frames policies to examine and regulate users’ capabilities. The GRC regulates new users’ provisions and identifies gaps that are not in alignment with the compliance.

Challenges to run an SAP Penetration Test 


1. Implementing security patching

The downwards compatible policy dictates the SAP security patches. This stands for manual post-installation activities to apply security patches. In the absence of these activities, the patch is not active. It, therefore, remains vulnerable. The penetration tester defines the post-installation activities enabling the successful implementation of security patching in the SAP environment.

2. Establishing, monitoring and implementing SAP security baseline

The security guidance using the SAP security baseline template will help before conducting a penetration test. As a matter of fact, it helps in detecting simple and popular issues of critical basis authorizations, standard passwords, remote function calls, call back security, insecure profile parameters, etc.

3. Finding the right person to perform penetration testing

A general penetration tester may not be competent to perform penetration testing in the SAP environment. A specialist having exposed this methodology during the certification program will be able to penetrate the SAP platform. For that reason, a certification that assesses the performance of the professional testers helps them with the knowledge of security architecture to cover the best project scope in the organization.

How does ECSA contribute to SAP penetration testing? 


EC-Council Certified Security Analyst certification is a comprehensive program on penetration testing. The program covers a set of distinguishable comprehensive methodologies that are able to cover different penetration testing requirements across different verticals. It comes with an effective iLabs cyber range that gives hands-on learning in penetration testing. The new ECSA v10 focuses on penetration testing tools and methodologies that improve upon the best from ISO 27001, OSSTM, and NIST standards. The skills acquired during the ECSA program can be challenged and tested by another incredible certification ECSA Practical. The assessment test requires you to demonstrate the incomparable penetration testing methodologies that are often raised in real-time scenarios

Source: eccouncil.org

Tuesday 7 April 2020

Why, When, and How Often Should You Conduct a Penetration Test

Penetration Test, EC-Council Study Materials, EC-Council Guides, EC-Council Learning, EC-Council Exam Prep

Penetration testing (pen testing) is a simulation of possible cyberattacks performed by penetration testers (pen testers) with no malicious intention. The main objective of pen testing is to examine the security defenses of the IT infrastructure. Pen testing is performed to find exploitable vulnerable activity or content in a network and address the same with the cybersecurity team. The cybersecurity team mitigates vulnerabilities before an intruder exploits them, causing severe damage to the company. The penetration test (pen test) ends when the pen tester submits a detailed report on all the findings. This report shall broadly include two sections—executive summary of the pen testing process and listing the vulnerabilities by explaining the severity of their impact, if not mitigated on time. A poor pen test or unprofessional reporting can cause severe damage to the business. Hence, authenticity and efficacy along with a holistic approach are the key to a successful pen test.

Why Pen Test: Benefits of Pen Testing


1. Detect Security Threats

A pen test determines the potential of an organization to defend its IT infrastructure such as applications, network, server, endpoints, etc. The test detects the security threats by performing internal and external intrusion and achieves privileged and unapproved access to protected assets. The test reveals the faults in the existing security process so that they can be fixed by technicians and experts before any outsider intrudes the system.

2. Protects Financial and Reputational Loss

A breach may result in database compromise, financial loss, or loss of reputation. Even a single incident of compromised customer data negatively impacts the company’s image in the industry. An effective pen testing supports an organization by proactively detecting the threats before the breach take place. The tests can help in avoiding data breaches that can place the company’s reputation and reliability at stake.

3. Saves Recuperation Downtime

Recuperation from a security flaw includes retention programs, legal advice, IT remediation efforts, reduced revenues, and regaining customer confidence. This process involves a lot of effort, time, resources, and finance. In a research conducted by an IT company, Alvarez Technology Group, 39% of the companies report operational capacity downtime as the main effect of a cyberattack. For 37% of companies, downtime in business reporting was the biggest problem.

4. Comply with Regulation or Security Certification

IT departments have to comply with the auditing or compliance procedures of legal authorities like Health Insurance Portability and Accountability Act, The Gramm–Leach–Bliley Act, and Sarbanes–Oxley. Besides, the company shall also comply with the report testing requirements as recognized in the Federal National Institute of Standards and Technology, Federal Information Security Management Act, and Payment Card Industry Data Security Standard commands. The reports submitted by pen testers assist organization in evading penalties for noncompliance and provide required secured control to auditors.

5. Increases Business Continuity

Business continuity is the main objective for any business to measure its success. A break in business continuity can be for many reasons, one of the major reasons being a security breach. According to National Cybersecurity Alliance, 60% of medium- and small-sized organizations that have experienced a cyberattack have gone out of business within 6 months. Pen testers are hired to perform different types of attacks like denial of service, which can ultimately result in the closure of the business. This is done to find the loopholes and patch them to avoid any real damage from a malicious attack.

When to Pen Test?


Many businesses are not sure of the right time to perform the pen testing. Three best times to perform a pen test are:

◉ Before the deployment of the system or network or application.

◉ When the system is no longer in a state of constant change.

◉ Before the system is involved in the production process or is made live.

Most companies do not understand the significance of pre-deployment pen testing, simply concentrating on their return of investment. The IT team is often burdened with impractical project deadlines forcing them to deliver without proper security assessments. When the system or application is new, there are often loopholes in the security layer that can be discovered by performing pen testing. In the absence of pen testing at this level, you will not be able to catch and address these issues and, when released, they may be a potential source of intrusion for the intruders.

How Often Should You Pen Test?


Organizations don’t prioritize a pen test until they experience a breach or realize that a hacker has already intruded and planted a virus in their application or system. At this time, organizations make all the attempts to trace the intrusion, impact of the breach, and learn how it was implanted. But the entire process would have been avoided if the business would have conducted a pen test on time.

A pen testing is not a one-time activity. As networks or computer systems are exposed to large amount of vulnerabilities, there is a constant change in their performance. How often a company should pen test depends on several factors:

Size of the company — No doubt, companies that deal with an online business might be prone to frequent cyberattacks. The higher the online presence, the juicier targets they are for threat vectors.

Compliance with regulatory laws — The regulations, laws, and compliance mostly define the frequency of a pen test. Depending on the type of industry, one must comply with the rules.

Infrastructure — Pen testing on the data depends on its placement in the company. If the data and applications are kept in the cloud server, then the cloud service provider would not allow a test through an external source but would opt to hire a pen tester internally.

The process of pen testing should not be ignored as it has higher potential to offer critical security service to the businesses. For few organizations, pen test may be mandatory also, but one size doesn’t fit all. It is the company’s life of business that determines why, when, and how to pen test.

Source: eccouncil.org

Saturday 4 April 2020

5 Penetration Testing Methodologies and Standards for Better ROI

EC-Council Study Material, EC-Council Certifications, EC-Council Guides, EC-Council Cert Exam

The results of the penetration tests differ according to the standards and methodologies they leverage. While organizations are looking to secure their IT infrastructure and fix vulnerabilities, they are also looking for the latest, relevant, and most popular penetration tools and methodologies to fight the new types of cyberattacks.

Popular penetration testing methodologies and standards

1. OSSTMM


The OSSTMM (Open Source Security Testing Methodology Manual) is a recognized framework that details industry standards. The framework provides a scientific methodology for network penetration testing and vulnerability assessment. It is a comprehensive guide to the network development team and penetration testers to identify security vulnerabilities present in the network.

The OSSTMM methodology enables penetration testers to perform customized testing that fits the technological and specific needs of the organization. A customized assessment gives an overview of the network’s security, along with reliable solutions to make appropriate decisions to secure an organization’s network.

2. OWASP


The OWASP (Open Web Application Security Project) is another recognized standard that powers organizations to control application vulnerabilities. This framework helps identify vulnerabilities in web and mobile applications. At the same time, the OWASP also complicates logical flaws arising in unsafe development practices.

The updated guide of OWASP provides over 66 controls to identify and assess vulnerabilities with numerous functionalities found in the latest applications today. However, it equips organizations with the resources to secure their applications and potential business losses. By leveraging the OWASP standard in security assessment, the penetration tester ensures almost nil vulnerabilities. Besides, it also enhances realistic recommendations to specific features and technologies in the applications.

3. NIST


The NIST (National Institute of Standards and Technology) varies information security manuals that differ from other information security manuals. In a way, NIST offers more specific guidelines intrinsic to penetration testing to improve the overall cybersecurity of an organization. Most American-based organizations and partners must comply with the regulatory compliance of the NIST framework. Moreover, the framework guarantees information security in industries like banking, communications, and energy. There is a probability of customizing the standards to meet their specific needs. Significantly, NIST contributes to security innovation in the American industries.

In order to comply with the NIST standards, organizations must conduct penetration testing on their applications and networks. However, organizations should follow pre-established guidelines. These guidelines ensure that the organizations fulfill their cybersecurity obligations and mitigate risks of possible cyberattacks.

4. PTES


The PTES (Penetration Testing Methodologies and Standards) recommends a structured approach to a penetration test. On one side, the PTES guides you through the phases of penetration testing, beginning with communication, information gathering, and threat modeling phases. On the other hand, penetration testers acquaint themselves with the organization’s processes, which helps them identify the most vulnerable areas that are prone to attacks.

PTES provides guidelines to the testers for post-exploitation testing. If required, they can validate the successful fixing of previously identified vulnerabilities. The standard has seven phases that guarantee successful penetration testing with recommendations to rely on.

5. ISSAF


The ISSAF (Information System Security Assessment Framework) is a specialized and structured approach to penetration testing. More importantly, the framework provides advanced methodologies that are personalized to the context. These standards allow a tester to plan and execute every step of the penetration testing process. Thus, it caters to all the requirements of the penetration testing process. As a penetration tester, if you are using different tools, then ISSAF is a crucial framework. For instance, it ties each step to a specific tool and thus reduces complexity.

ISSAF offers additional information concerning various attack vectors, as well as vulnerability outcome after exploitation. All this information allows testers to plan an advanced attack that guarantees a return on investment while securing systems from cyberattacks.

Source: eccouncil.org

Thursday 2 April 2020

4 Reliable Vulnerability Assessment Tools to Protect Your Security Infrastructure

EC-Council Study Materials, EC-Council Cert Exam, EC-Council Tutorial and Material, EC-Council Guides

Organizations with information assets are vulnerable to multiple forms of cyber threats. These potential threats need to be identified by the security professionals before they could harm the computer systems, applications, software, and other network interfaces of the firm. The team starts with the classification of the threats in different types, followed by prioritizing them based on their scope, and finally, resolving the issue, creating a safe cyber environment. To carry out these operations, cybersecurity experts need tools, accurately, vulnerability assessment tools, which can efficiently spot the threats before they can get to the security infrastructure.

What is a vulnerability assessment and what tools do you need? 


Vulnerability assessment is the process of identifying, quantifying, and prioritizing all the possible cyber threats on the security infrastructure. In brief, here is a list of the best vulnerability assessment tools –

EC-Council Study Materials, EC-Council Cert Exam, EC-Council Tutorial and Material, EC-Council Guides

1. Nikto


Nikto is a widely popular free, open-source web server scanner deployed to scan through web servers for outdated software, malicious files/CGIs, and other possible vulnerabilities.

◉ It also checks for problems affecting the server functioning.

◉ The tool conducts various tests on the targeted web servers to identify suspicious files and programs.

◉ It scans the web servers in the least possible time.

◉ Nikto allows scanning through multiple ports of a web server.

◉ This tool examines various network protocols, including HTTPS, HTTP, and numerous others.

2. Nessus Professional


Nessus Professional is a Tenable, Inc. developed tool that raises an alert whenever it encounters a vulnerability connected to a network. It also ensures to reduce the attack surface of an organization.

◉ With the help of this tool, professionals can perform high-speed asset discovery.

◉ Nessus Professional is capable of scanning vulnerabilities that can be hacked remotely.

◉ The tool can find loopholes in an extended range of operating systems, databases, applications, cloud infrastructure as well as virtual and physical networks.

◉ This tool can also perform configuration auditing.

3. Retina CS Community


This is a free vulnerability management tool that offers a centralized environment through a web-based console.

◉ A few of the critical features of the Retina CS Community are compliance reporting, application patching, and checking configuration compliance.

◉ This is a time- and cost-saving tool that helps the professionals to manage network security effortlessly.

◉ It is an open-source application that offers automated vulnerability assessment for databases, web applications, workstations, and servers.

◉ The tool also supports multiple virtual environments like vCenter integration and others.

4. OpenVAS


OpenVas (Open Vulnerability Assessment System) is a free software framework that offers features like vulnerability scanning and vulnerability management.

◉ It supports multiple operating systems with an intelligent custom scan.

◉ Most of its components are licensed under the GNU General Public License (GPL).

◉ OpenVAS keep updating its scan engine with network vulnerability tests.

◉ This tool offers three scanning options, which are – full scan, web server scan, and WordPress scan.

Source: eccouncil.org