Tuesday, 30 June 2020

Network Protocols – Why do you need them?

EC-Council Study Materials, EC-Council Guides, EC-Council Learning, EC-Council Prep

A network protocol includes the pre-defined rules and conventions for communication between network and devices connected. These include identifying and establishing connections among devices. Besides, there are formatting rules specifying packaging, sending, and receiving messages. Additionally, there are protocols for message acknowledgment and data compression too. It also enables the establishment of reliable and high-performing network communication.

In the absence of protocols, devices would not be able to understand the electronic signals that they send while communicating over network connections. Nowadays, protocols use packet switching techniques to send and receive messages in the form of packets. These messages are again divided, collected, and reassembled at their destination. Numerous computer network protocols serve defined purpose and environment.

About Protocols – Ipv4 and IPv6 Explained 


Internet protocols 


Internet Protocols (IP) are popular network protocols. Even other higher-level protocols like TCP, UDP, FTP, and HTTP integrates with IP providing additional capabilities. On the other hand, there are lower-level protocols like ICMP and ARP that again exist with IP. The higher-level protocols interact closely with applications such as web browsers, compared to lower-level protocols. The lower-level protocols, in turn, interact with computer hardware like network adapters. The group of lower and higher levels of network protocols stands as a protocol family.  

Wireless network protocols 

Wireless network protocols are gaining significance due to increasing connectivity with wi-fi, Bluetooth, and LTE. These wireless networks support roaming mobile devices and other electronic devices because they are not directly connected with a wire.  

Network Routing Protocols 

A routing protocol can identify other routers, manage the route between source and destination. It defines the route path to carry network messages and dynamic routing decisions. Examples of routing protocols are OSPF, BGP, and EIGRP. Subsequently, they meet the specific purpose of the network routers on the internet. 

An introduction to the types of network protocols  


1. Transmission Control Protocol (TCP)

It is a popular communication protocol in network communication. TCP protocol divides the message into a series of packets and sends them from source to destination that reassembles at the destination. 

2. Internet Protocol (IP)

IP is an addressing protocol and is mostly used with TCP. Originally, TCP/IP is the most common protocol that connects the networks. Henceforth, the IP protocol addresses communication in packets and helps in routing through different nodes in a network until it reaches the destination system. 

3. Post office Protocol (POP)

POP3 is designed to receive incoming e-mails. 

4. User Datagram Protocol (UDP)

It is used as a substitute communication protocol to Transmission Control Protocol (TCP). Primarily, it creates loss-tolerating and low-latency linking between different applications. 

5. Simple mail transport Protocol (SMTP)

SMTP sends and distributes outgoing e-mail. 

6. File Transfer Protocol (FTP)

FTP transfers files from one system to another. Besides, the types of files that FTP support are program files, multimedia files, text files, and documents, etc. 

7. Telnet

Telnet is based on rules designed to connect two systems. In this case, the connecting process is a remote login. The requesting system for connection is the local computer, and the accepting system is the remote computer. 

8. Hyper-Text Transfer Protocol (HTTP)

HTTP transfers hypertext among two or more systems. It follows client-server principles that enable a client system to establish a connection for a request with the server machine. Following this, the server acknowledges the client’s request and responds accordingly. 

9. Hyper-Text Transfer Protocol Secure (HTTPS)

HTTPS stands for HyperText Transfer Protocol Secure. It is a standard protocol that secures the communication between two machines. Hence, the protocol establishes communication by using the browser and fetching data from a webserver. Similar to HTTP, HTTPS also transfers the data in the hypertext format but the encrypted format. Hence, HTTPS ensures data security throughout the transfer of packets. 

10. Gopher

Gopher works on the client/server principle. It is a collection of rules to implement searching, retrieving as well as displaying documents from isolated sites. 

Implementing network protocols 


The latest operating systems come with in-built software services that support network protocols default way. Previously, web browser applications supporting high-level protocols required to function, contain software libraries. Profoundly, the software libraries, in turn, support web application browser in execution. Similarly, the lower-level TCP and routing protocols support hardware including silicon chipsets to enhance network performance. 

Packets with an encrypted binary data are transmitted over a network. Furthermore, to store information about the sender of the message, many of the protocols come with a header. The network protocols add a description in the beginning about the sender as well as the receiver of the message. Additionally, few protocols also add a footer. Herewith, the network protocols work on its way in identifying the headers and footers while moving the data among devices.  

Are you looking to become a Network Defender?


Certified Network Defender (C|ND) is a vendor-neutral certification which is a comprehensive network security program. Identically, it is a hands-on, lab-intensive, and skill-based program that is based on a job task analysis and cybersecurity education framework, in accordance with NICE. Moreover, C|ND has mapped to the Department of Defense (DoD) job roles and is designed after extensive market research and surveys.

Source: eccouncil.org

Saturday, 27 June 2020

How can Cloud Solutions Transform Network Security?

EC-Council Study Materials, EC-Council Guides, EC-Council Certification, EC-Council Learning

When cloud computing was first introduced to the world, it received a lot of scepticism in terms of reliability and security. It even produced a notable meme saying the cloud is just someone else’s computer, which is technically true. But cloud computing today has become an integral part of network security. In fact, cloud computing has benefited businesses in many ways:

EC-Council Study Materials, EC-Council Guides, EC-Council Certification, EC-Council Learning

33% of organizations have a “full steam ahead” attitude toward cloud services and 86% of companies spend at least part of their IT budget on cloud services. But what is cloud adoption doing to network security?

7 Ways Cloud Computing Transforms Network Security


In addition to the business efficiencies, cloud computing brings to an organization, it brings many network security advantages to any organization, big or small. Technically speaking, since the cloud is “someone else’s computer”, there’s an inherent transference of risk for many organizations to the Cloud Service Provider (CSP).

If an organization is transferring a good amount of its IT operations, security, and storage to a CSP, there need to be certified network defenders on site. They are the ones that will make sure the CSP will deliver these advantages to each client:

1. Protection against DDoS attacks

While no CSP is immune to DDoS attacks, there are some that can absorb and disperse these attacks to help minimize the impact.

2. Regulatory compliance

Since many CSPs can have a variety of customers, they often opt to become compliant with many national and international regulations so they are ready should a potential client be in the market of a CSP.

3. Flexibility

It’s more than likely that whatever service level you choose with the CSP, expandability will be included. For example, if you have a surge in storage or processing needs, it will automatically become available to you. Granted, you might get charged for that extra use, but at least you wouldn’t have any crashed servers or downtime.

4. Patches and updates

Again, depending on which service level you choose, the CSP can manage software/hardware patches and updates for you. Even if you managed it yourself, it would still be a much more efficient process.

5. Physical security

Since CSPs host many clients’ data, their physical security needs to be very strong. So much to the degree that a small to medium business most likely wouldn’t be able to have that amount of security. Plus, they would be breaking the basic security principle of having “just enough” security. Essentially, the CSP physical security costs are split between all the tenants.

6. Data security

Just like with physical security, the costs of strong data security are essentially shared between the tenants of a CSP. A great perk of this is implementing multi-factor authentication. A small- to medium-sized business might not have the resources to implement this on-site, so they can certainly take advantage of this via their CSP.

7. High availability and support

Again, a small- to medium-sized business won’t be able to provide the level of availability that can be offered through a CSP.

Difference between Network Security and Cloud Security


Cloud Security 

Cloud security is evolving, and it forms part of network security and information security. Fundamentally, the cloud security refers to a broad set of technologies, controls, and policies. These are used to secure and protect data, applications, and cloud infrastructure. Cloud security covers a broad range of security practices from end-user and cloud service provider (CSP) perspective. Though the end-users are primarily concerned of the security policy of CSP, they are equally concerned of data storage and the access to the data on cloud.

The security to a cloud provider encompasses physical security of the cloud infrastructure and access control mechanism. However, it also extends to the execution and maintenance of security policy. The cloud security provider shares a greater responsibility because it is where the organization fear the cloud.

The Cloud Security Alliance (CSA) is a nonprofit organization that educates organizations and security providers on enforcing security within an operating environment. The platform is developed by industry specialists pooling guidelines and frameworks for cloud computing.

Network security 

Network security is a broader perspective when compared to cloud security. It encompasses policies, technologies, controls, and procedures enforced by the network security team. Moreover, the objective of network security is to track and control unauthorized access to the network and its components. Basically, a well-implemented network security can block cyber attackers to intrude network with malware, viruses, etc.

Initially, the network security follows the signup mechanism allowing access to authorized users under customized privileges. Concurrently, the network firewall enforces accessible services as per defined policies. Even though network firewalls do not always identify and defend malware or harmful content leading to data loss; an anti-malware is installed to serve the purpose. The anti-malware or anti-virus protects the network from malicious actors from entering the network.

As you can see, a certified network defender has a huge responsibility in providing network defense to a CSP. EC-Council’s Certified Network Defender (CND) trains network administrators on protecting, detecting and responding to the threats on the network. Since a network administrator already has networking knowledge, the CND training course provides the candidate with network defense fundamentals, the application of network security controls, protocols, perimeter appliances, secure IDS, VPN and firewall configuration, intricacies of network traffic signature, analysis, and vulnerability scanning.

Source: eccouncil.org

Thursday, 25 June 2020

Everything you need to know about Incident Response Training

EC-Council Study Materials, EC-Council Exam Prep, EC-Council Guides

Incident response training is essential for every organization because even the best defenses can be breached. It’s vital that your cyber incident response team (CIRT) be alert and up-to-date on the latest cyber threats and security techniques, and the incident response training and simulation program is the most effective way to achieve this.

Truth be told, organizations do not encounter severe cyberattacks daily. Many SOC operators and incident responders may spend weeks responding to straightforward cyber incidents without a major cyberattack. But severe attacks are happening more and more, particularly as our interconnectivity grows. Now more than ever, it is important to be prepared.

Who is an Incident Responder? What are their duties and responsibilities?


The job responsibility of a cyber incident responder can vary from one organization or employer to the next. Based on the NIST Cybersecurity Workforce Framework outlined in NIST Special Publication 800-181, the following are the general duties and responsibilities of an incident response analyst:

◉ Investigate and report on cybersecurity issues and trends.

◉ Conduct forensic collections, threat analysis and intrusion correlation, as well as track direct system remediation as incidents occur.

◉ Offer constant examination of possible incidents and threats, and train shareholders and workers.

◉ Evaluate incidents in terms of urgency, possibilities and potential impacts, as well as organize and improve remediation tasks.

◉ Manage business cyber-defense incident response endeavors.

◉ Employ incident data to detect exposures and recommend speedy remediation.

◉ Evaluate logs to trace and remediate likely network security risks.

◉ Function as a technical liaison with law enforcement to provide incident particulars as required.


What Is an Incident Response Plan?



An incident response plan is a set of standards that assist a certified incident handler or incident response analyst in identifying, responding to, mitigating and recovering an organization’s data from cybersecurity incidents. Cybersecurity plans address issues such as cybercrime, reputation damage, data loss and service outages that endanger day-to-day office activities. It is vital for a business to have a well-defined incident response process to alleviate the likelihood of falling victim to the latest cyberattacks and severe security breaches,

Having a detailed incident response plan is effective cyber hygiene, allowing you to analyze your systems and networks for possible weaknesses and implement the latest cybersecurity best practices. An adequate incident response plan provides you with a practicable course of action for both severe and simple incidents that could otherwise affect your organization for weeks or months to come.

When major cybersecurity incidents occur, your organization will draft a comprehensive incident response plan, so your CIRT can contain, eradicate, and recover from the incident more quickly and efficiently. In cases where physical disruptors occur, including flooding and other natural disasters, a disaster recovery plan is needed.

How Do I Become an Incident Responder?


You may be wondering what does it take to become an incident responder (if you aren’t already, of course)? Incident responders are greatly needed within the industry. With the growth of hacking and other cybercrime regularly targeted at organizations, more CIRTs are busy with incident handling, responding to cyberattacks, and prioritizing responses. These IT professionals are trained in assessing and successfully responding to cyberattacks to minimize damages to their employers.

If you are interested in information security and love the thrill of technical challenges, you might be a great candidate to learn to become an incident responder. But it’s about more than passion, security incident response also takes deft skills, which can be gained via incident response training. With a current shortage of skills in the lucrative cybersecurity field, it is time to become a certified security incident responder.

According to a recent article by Forbes, many of the half-million cybersecurity job openings go unfilled, partly because college computer science graduates often lack skills and hands-on experience needed for the job. The article suggests that certification programs and internships are vital pathways to fulfilling careers in cybersecurity, as most of the available positions require technical knowledge and expertise.

Steps to Become an Incident Response Analyst


You will need a Bachelor’s or Master’s degree in cybersecurity, computer forensics, or related field, and you may also be required to become certified. Many experts in cybersecurity acquire their incident response training by earning the appropriate professional certifications, including certified intrusion analyst, certified incident handler, or certified forensic analyst. Regardless of requirements for your cybersecurity educational program, most incident responder professions necessitate one or more of these certifications, which may differ based on the industry, the position, or the employer.

The majority of incident responder positions also require a minimum of 2-3 years of relevant work experience in sectors such as network administration, computer forensics and cybersecurity. You may take online courses, obtain training, or attend boot camps to boost your resume. Earning cybersecurity incident response training can assist you in qualifying for a role with the CSIR teams, by learning from CSIRT leaders and other cybersecurity experts.

Why is security incident response training important?


An incident is any disruption of security measures or policies of an organization, which compromises or tries to compromise the organization’s integrity, privacy, or availability of information (also known as CIA triangle). Incident response training is a program designed to educate IT professionals and members of the CIRT on preparing to handle and respond to security incidents in real-world scenarios. Getting certified ensures that you as a professional will receive hands-on learning delivered through learning labs and core curricula training that is mapped to and in compliance with government and industry-published incident and response frameworks.

Most large organizations spend huge amounts and time authenticating the efficiency of their security controls and formulating a cyber incident plan, however only a few actually spend enough time training their staff on how to tackle an incident when it occurs. The penalties of not having a well-trained incident responder could range from loss of sensitive data, business downtime, expensive fines, to a bad reputation and loss of consumer trust. Whether you are an IT professional, IT and cybersecurity team leader, cybersecurity professional (entry to senior-level), cybersecurity enthusiast (entry-level), small-mid enterprise leaders, or mid-large enterprise leaders, whenever you invest in incident training you make intelligent use of resources. Without training, bear in mind that:

◉ You may not be conversant with the new threat and may not know how to defend your organization.

◉ Your lack of knowledge may be detrimental to your organization since human errors are mostly responsible for security incidents.

◉ Most incidents can be avoided and mitigated.

◉ Even those who are renowned experts in the incident response field may sometimes have lapses when handling incidents and need further incident response training.

◉ You may not have the money to employ a security consultant, incident response analyst, or CIRT, nor the time to afford satisfactory preventive defenses. However, with well-defined incident response training, you eliminate undue costs and invest in your knowledge or the knowledge of your staff.

Source: eccouncil.org

Tuesday, 23 June 2020

The role of an Incident Response Analyst in SMBs

EC-Council Study Materials, EC-Council Certification, EC-Council Learning, EC-Council Cert Exam

An incident response analyst can be extremely beneficial for SMBs with the incessant rise of cybercrimes. Every year, the Internet is swamped with cybersecurity threats and cybercrime predictions. However, SMBs and consumers often fail to keep up with these trends, which can result in much handwringing in the boardroom. When the income, reputation, and trust of consumers is at stake, it is essential that organizations quickly detect and respond to security incidents.

What does an Incident Response Analyst do?


An incident response analyst explores computer-related crimes within an organization. Incident response analysts attempt to shield and improve the security of an organization’s security by avoiding, forestalling and mitigating security breaches. An incident responder’s job involves system checking, valuation, testing and investigations targeted at detecting and amending probable security threats. Also, an incident responder often formulates security plans, protocols, strategies and training that help organizations be ever ready to respond competently and efficiently to live incidents or events.

The incident response field is large with different job opportunities ranging from cyber incident responder, incidence response engineer, computer network defense incident responder, to network intrusion analyst, forensics intrusion analyst and intrusion detection expert. Most organizations hire incident response analysts to protect their reputation and revenue from losses arising from cybercrimes.

What Is the Purpose of an Incident Response Plan?


Regardless of the size of a security breach, it is essential for organizations to have a well-prepared incident response plan to mitigate the possibility of becoming a victim of the newest cyberattack. To draft a well-defined incident response plan, you must be able to efficiently detect, reduce the damage and eradicate the cost of a cyberattack, while discovering and mending the cause to avert further attacks. All through the incident response process, members of the security team will encounter several unknowns and a whirl of commotion. In such scenarios, they may fail to adhere to appropriate incident response methodology to efficiently minimize the threat. The following are the three essential goals of an incident response plan:

To Protect Your Finances 

A detailed incident response plan defends your company from potential financial losses. According to a 2019 survey, the global average cost of a data breach was estimated to be $3.92 million US Dollars, a 1.5 percent increase from the 2018 survey. The U.S. suffered the most severe data breaches in the world costing about $8.19 million, which is more than the global average. A cybersecurity plan is important as it can take up to 279 days for organizations to detect and moderate a data breach life cycle. The finances of your SMB business can be greatly affected by a data breach. 

To Guard Your Data 

The security of your data is crucial both for personal and professional reasons. When your data gets into the wrong hands your propriety information can be leaked and used for malicious purposes. However, with a detailed incident response process, your incident response analyst or CIRT can proactively protect your data from cyberattacks.

To Defend Your Reputation and Enhance Your Consumer Trust 

A detailed response and reputation management program will help your company survive any security breach. Even though most consumers are ready to forgive companies that have experienced major data breaches, it is often difficult to regain their trust. A survey suggests that only about half of medium and large companies are developing resistance against cyberthreats and other live incidents. This can prove dangerous for the reputation of a company. Without solid consumer trust, an organization is well on its way to experiencing a business death. Thus, reputation management is an indispensable aspect of an effective incident response plan.

What Are the Three Steps for Responding to a Cybersecurity Threat? 


A cybersecurity plan or incidence response plan is an organized procedure for tackling cyber threats, insider threats, external attacks, breaches, policy violations and security incidents. At EC-Council’s Certified Incident Handler (ECIH) program, we’ve identified three tested steps for responding to a cybersecurity threat:

Step One – Confront Your Security Issues 

The first step in responding to a cybersecurity threat is to confront your security issues. You will need to create and implement proper security measures to protect your business assets. The most effective way to do this is to make a list of your assets and then assign asset owners. The purpose of this is to recognize your core business assets and authenticate who is accountable for their upkeep and security. You should also examine and record all of your business assets based on their functions, including the type of data it stockpiles, who can assess the data, how significant the data is to your company, and what level of protection is presently available to defend it from cyberattacks.

Step Two – Create an Incident Response Plan 

The second step is to create a comprehensive incident response plan. Regardless of the current strength of your cyber security mechanisms, you need an incident response plan. With a well-crafted incident response methodologies, you can mitigate losses and minimize damages by formulating a solid incident response process that best suits the size of your company. You need to hire a cyber incident response team (CIRT), incident recovery team (IRT), incident response analyst, or alternatively you can train your IT staff about incident response processes. Their role is to gather, preserve and examine incident-related data. You will also need an effective communication platform, such as a centralized communication forum where your IRT or CIRT can evaluate and systematically document live incidents.

Step Three – Communicate Cyber Incident Responsibilities 

The last, but certainly not least, step is to effectively convey cyber incident duties at all levels. Although every member of your staff has a duty to ensure that your company is safe and secure, not everyone will be responsible for incident recovery, encryption or network segmentation in their daily responsibilities. Nevertheless, you must ensure that everyone in your company knows their roles and what is required of them. You may have to provide regular training to substitute skill gaps, monitor security improvements, and provide incentives to your CIRT for excellent security accomplishments.

What Are the Five Steps of Incident Response? 


There are five essential steps you must take during the incident response lifecycle. Note that, incident response is a unified process and not an isolated occurrence. Your incident response analyst or CIRT must apply an organized and harmonized approach to this plan. These five steps must align with the NIST Computer Security Incident Handling Guide (SP 800-61).

1. Preparation The first step is to prepare in advance how to avert security breaches by developing a solid incident response plan.

<iframe width=”560″ height=”315″ src=”https://www.youtube.com/embed/WpGWSAPZqrA” frameborder=”0″ allow=”accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture” allowfullscreen></iframe>

Your incident response analyst should create a well-tested plan before a major data breach or cyberattack occurs. This plan will support the efforts of your IRT. An effective incident response plan must include the following:

◉ Assign a team leader whose general responsibility is to respond to cyber incidents. Your incident response analyst may be able to handle this threat depending on the size of your SMB business.

◉ Create strategies, procedures and contracts for the incident response analyst or team.

◉ Evaluate your existing threat recognition competence, and renew your risk assessment and improvement programs.

◉ Carryout unending assemblage, investigation and harmonization of your threat intelligence feeds.

◉ Articulate communication guidelines to allow continuous communication throughout and after the incident.

◉ Perform operational threat hunting drills or simulations to detect incidents happening within your environment, for a more proactive incident response.

2. Detection & Analysis  The incidence response analyst you’ve hired should first determine the cause of the incident before she/he can attempt to contain it. The incident responder, together with the CIRT team will monitor possible attack trajectories, detect signs of an incident, document initial incidence, assign incident classification, report incidences, and prioritize responses. An incident response analyst can detect and analyze incidents through a number of indicators including:

◉ Anti-malware programs.

◉ SIEMs and other security products that produce warnings based on examination of log data.

◉ Logs and audit-related data for detecting anomalous activities with applications, cloud services, users, external storage, real-time memory, etc.

◉ System administrators, security staff, users, network administrators, and others.

◉ Document reliability inspecting software.

3. Triage & Analysis  

This phase is crucial because all efforts to adequately understand the cause of the incidence are evaluated. The incident responder collects data from systems and machines for additional examination and determines your points of breach. The incident response analyst must have comprehensive proficiencies and a thorough understanding of live incident responses, digital forensics, malware analysis and memory analysis. The incident analyst must focus on three essential aspects including Binary Analysis, Endpoint Analysis and Enterprise Hunting.

4. Containment, Eradication, & Recovery  Once the incident has been detected and the cause ascertained, the incident responder must endeavor to contain the damage. Once the incident analyst has identified the cause of the incident, she/he must disable network access for systems that have been compromised by viruses or other malware, wipe the infected devices, and mount security reinforcements to resolve network exposures and malware issues. Your team may also have to create new passwords for users with compromised data or disable the accounts of insiders responsible for the incident. Your CIRT should create a backup for all devices that were breached to reserve their present condition for future forensics.

5. Post Incident Activity 

Once the incident has been contained and eradicated, you should review the lessons learned to avoid experiencing the same occurrence in the future. You will then apply appropriate changes to your security procedures and training for your employees. The incident response plan must be reviewed and updated to reflect any new precautionary procedures.

Final Thoughts

Every company will have a diverse incident response process based on its distinctive IT setting and business requirements. However, It’s vital to follow the NIST incident handling guide for mandatory processes.

Source: eccouncil.org

Sunday, 21 June 2020

EC-Council Masterclass and Inspire Academy Partner to Impart Cybersecurity Education in Europe

EC-Council Study Materials, EC-Council Certification, EC-Council Exam Prep

Europe, June 2020: Learning is an ongoing process, and even the rise of the pandemic crisis could not stop the zeal of it. Educational institutions around the world have shifted to the online space to continue imparting training programs to their students remotely. EC-Council’s MCEHP is a live online ethical hacking course to be conducted with collaboration with Inspire Academy in Europe.

The emergency brought by COVID-19 has substantially increased the dependence of business on the internet. In this context, a cyberattack denying access to businesses and families to their devices or data could be catastrophic. Worst case, a couple of cyberattacks could affect the infrastructure severely, making it difficult to survive and resume their businesses. Therefore, the role of cybersecurity expert becomes crucial. The MCEHP program is delivered online to help infosec professionals from Europe upskill with the latest ethical hacking methodologies.

Jay Bavisi, the President and Chairman of EC-Council Group, further adds that “Ethical hacking is the need of an hour. It is the best opportunity for cybersecurity professionals to upskill themselves with the latest ethical hacking methodologies and evolve as leaders in cybersecurity.”

The MCEH program from EC-Council is the most sought-after cybersecurity certification around the globe. This program incorporates instruction and practice to get students ready to take the CEH certification exam as well as the CEH Practical Exam, making them CEH Master. By imparting ethical hacking training via masterclasses in collaboration with Inspire Academy, EC-Council Masterclass creates a wider scope for cybersecurity professionals to learn and upskill.    

About EC-Council:


EC-Council’s sole purpose is to build and refine the cybersecurity profession globally. We help individuals, organizations, educators, and governments address global workforce problems through the development and curation of world-class cybersecurity education programs and their corresponding certifications and provide cybersecurity services to some of the largest businesses globally.     

Trusted by 7 of the Fortune 10, 47 of the Fortune 100, the Department of Defense, Intelligence Community, NATO, and over 2000 of the best Universities, Colleges, and Training Companies, our programs have proliferated through over 140 Countries and have set the bar in cybersecurity education.     

Best known for the Certified Ethical Hacker program, we are dedicated to equipping over 230,000 information age soldiers with the knowledge, skills, and abilities required to fight and win against the black hat adversaries. EC-Council builds individual and team/organization cyber capabilities through the Certified Ethical Hacker Program, followed by a variety of other cyber programs including Certified Secure Computer User, Computer Hacking Forensic Investigator, Certified Security Analyst, Certified Network Defender, Certified SOC Analyst, Certified Threat Intelligence Analyst, Certified Incident Handler, as well as the Certified Chief Information Security Officer.     

We are an ANSI 17024 accredited organization and have earned recognition by the DoD under Directive 8140/8570, in the U.K. by the GCHQ, and a variety of other authoritative bodies that influence the entire profession. Founded in 2001, EC-Council employs over 400 people worldwide with 10 global offices in the USA, U.K., Malaysia, Singapore, India, and Indonesia. Its U.S. offices are in Albuquerque, NM, and Tampa, FL.  

About Inspire Academy: 


Inspire Training Academy is one of the premier professional training institutes in Doha, Qatar, with the state-of-the-art training facility. The academy standards are top-notch, offering premium training and consultancy services with a unique curriculum, education, and innovative training programs.  

Inspire Training Academy is impart training in vast areas including aviation, hospitality, travel and tourism, fashion designing, human resources management, corporate leadership development, soft skills, project management, disaster management and resilience, cargo, food safety, languages, accounts and finance. The institute has a team of professionals with deep-rooted expertise in delivering top class training, which eyes the country’s paramount job opportunities rising in this industry. 

Source: eccouncil.org

Thursday, 18 June 2020

How to use Kali Linux & Raspberry Pi for Wireless Penetration Testing

EC-Council Study Material, EC-Council Guides, EC-Council Exam Prep

Why Kali Linux?


If you’ve ever searched penetration testing, you’ve most likely stumbled upon a piece of software called Kali Linux, or more commonly called “Kali”. It is one of the most common and open-source programs that is used for pentesting nowadays.

Kali Linux is one of the many Linux systems that is based on Debian. It is created and overseen by Offensive Security as the successor of the fiercely well-known Backtrack Linux program. In brief, Kali could be a write testing tool compartment. Kali incorporates over 600 computer programs and utilities that write analyzers commonly utilize. The tremendous larger part of these is free and open source. The Kali Tools page records the apparatuses included within the current conveyance.

How to Use Kali Linux for Penetration Testing


Kali Linux consists of 100 security testing tools such as SQL map, Metasploit, hydra, etc. Further, Kali Linux is also equipped with wireless security testing rules. “Aircrack-ng” and “Kismet” are the major tools of them.

Aircrack-ng

This is a wireless security testing software suite. It comprises of an organized packet analyzer, a WEP organizes saltine, and WPA/WPA2-PSK among other sets of wireless auditing apparatuses. Here are the foremost well-known apparatuses included within the Aircrack-ng suite:

◉ Airmon-Ng: converts your wireless card into a promiscuous wireless card
◉ Airmon-Ng: captures packages of desired specification, and it is particularly useful in deciphering passwords
◉ Aircrack-Ng: used to decrypt passwords. It is also able to use statistical techniques to decipher WEP and dictionaries for WPA and WPA2 after capturing the WPA handshake
◉ Aireplay-Ng: can be used to generate or accelerate traffic in an access point
◉ Airdecap-Ng: decrypts wireless traffic once the key is deciphered

Main features that are supported:

◉ Support for WEP, WPA/WPA2-PSK passwords
◉ Fast WEP and WPA password decryption
◉ Packet sniffer and injector
◉ Ability to create a virtual tunnel
◉ Automated WEP key password recovery
◉ Password list management

Kismet Wireless

This is a multi-platform free Wireless LAN analyzer, sniffer, and IDS (intrusion detection system). It is compatible with almost any kind of wireless card. Using it in sniffing mode allows you to work with wireless networks such as 802.11a, 802.11b, 802.11g, and 802.11n.

Main features:

◉ Ability to run in passive mode
◉ Easy detection of wireless clients and access points
◉ Wireless intrusion detection system
◉ Scans wireless encryption levels for a given AP
◉ Supports channel hopping
◉ Network logging

Next Level of Kali Linux

Raspberry Pi has continuously been showcased as a little, reasonable, credit card-sized, turn-key microcomputer. Their generally low profile and well-supported equipment adornments have made it an incredible choice for versatile infiltration testing. Luckily, Kali Linux is one of those frameworks and an incredible choice for setting up not as it were a versatile pen-testing framework but moreover one at your work area if you can’t manage a more costly PC.

A Raspberry Pi is a fantastically reasonable and simple way to get started with pentesting that’s reasonable and reasonably direct, but not without impediments. A need for direct Burp Suite installation can be an issue in case you are doing web entrance testing but can be overcome with OWASP Destroy, netcat, etc. The need for a graphics card can restrain a few resource-intensive forms, as can the nature of the Raspberry Pi itself.

How to Become a Certified Security Analyst


Once you become a Certified Ethical Hacker, obtaining the EC-Council Certified Security Analyst (ECSA) certification will take your pentesting skills to the next level. Unlike most other pen-testing programs that only follow a generic kill chain methodology, the ECSA presents a set of distinguishable comprehensive methodologies that can cover different pentesting requirements across different verticals.With this knowledge, you can bring peace of mind to an organization knowing their network is more secure from today’s biggest and toughest cybercriminals.

Source: eccouncil.org

Wednesday, 17 June 2020

Advanced Penetration Testing for Safe Healthcare Systems

EC-Council Study Material, EC-Council Exam Prep, EC-Council Study Materials

Advanced penetration testing is performing assessments against known or unknown applications, systems, and networks that are fully patched and hardened. In this case, network and software-based intrusion detection and prevention systems are put in place. With the recent pandemic, the healthcare industry is facing a large array of challenges, including those that cybercriminals pose. The World Health Organization (WHO), the Department of Health and Human Services (HHS), and a large coronavirus testing facility in the Czech Republic were all successfully attacked in recent weeks. Ever ruthless, cyber criminals are viewing the current grave situation as a golden opportunity to target the healthcare industry.

For a brief look at what a cyber-attack can do to a healthcare system, watch this video:


What does advanced penetration testing involve?


Since healthcare systems are hubs of data, we will use three advanced penetration techniques to exploit vulnerabilities in this system.

1. Wireshark

First, we will use a packet sniffing tool known as Wireshark. What Wireshark will do is that it will provide us with all the data traffic passing through this healthcare network. As long as we are connected to the network, Wireshark gives us the ability to eavesdrop on all the networks’ communications and capture data such as usernames and passwords. Wireshark will capture this data in a form of strings that we can now retrieve and use it to exploit the system and access sensitive information like usernames, passwords, and credit card details.

2. Metasploit

The second way we will try to penetrate the system is by scanning for vulnerabilities using Metasploit. What we’ll simply do is perform a Nmap scan from within Metasploit. Below are sample results we may obtain:

Nmap: Nmap scan report for 192.168.75.14
[*] Nmap: Host is up (0.00059s latency).
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http

From the above results, we can deduce that two TCP ports, 22 and 80, are open. We can then exploit one of these ports, say port 22, via SSH port forwarding. What this does is that it simply creates a secure SSH tunnel to the server and therefore allows us to exchange information with the systems’ servers. We could use this to extract patient data.

3. SQL Injection

The third way in which we can penetrate the system is via a SQL injection attack. We will use SQL injection to manipulate database queries by injecting them with malicious strings. In our case, the healthcare system uses a web application to communicate with the server. For the injection, we will write a simple code known as the All function which will create an All logic gate in the server. This function will manipulate the SQL query to always return true. This will allow us to log into the server without true credentials.

If by any chance the healthcare systems’ web application does not use SSL, secure socket layer, we could penetrate it by launching an XSS attack. XSS, cross-site scripting, enables us to inject malicious script into the users’ web browser which affects the web application by stealing cookies, session tokens, and personal information. This script can also be used to modify the contents of a website like the addition of fake links that redirect users to malicious websites.

How long does a penetration test take?

The length of the penetration test largely depends on the type of testing done, what type of devices/ networks are tested, and the number of systems.

How to Become a Penetration Tester


As seen from above, and with the increased demand for cyber security in healthcare, a penetration tester needs to have real-world knowledge of advanced penetration testing techniques to provide their client with the best results. These techniques need to be as real as possible to mimic what the bad guys are doing so the organization can implement steps to help prevent these kinds of attacks.

According to EC-Council President Jay Bavisi, “With the recent Equifax incident and the multitude of other data security breaches in recent years, the need for skilled, vetted penetration testers has increased for the world’s organizations. The LPT (Master) exam simulates a real-world environment and requires candidates to correctly identify any security threats and weaknesses against social, physical, network, and application attacks.”

How much do penetration testers get paid?


According to PayScale, the average Penetration Tester salary in the U.S. is $84,165. However, the average salary of a Licensed Penetration Tester in the U.S. is $109,000.

What is the best penetration testing certification?


Obtaining the Licensed Penetration Tester Master (L|PT Master) proves that you have the real-world know-how of advanced penetration testing. One of the main goals of the L|PT (Master) program is to not just test your knowledge of penetration testing but to put the pressure of being watched on you as you’re trying to complete one of the challenges. The L|PT (Master) exam is built on EC-Council’s Advanced Penetration Testing Cyber Range (ECCAPT), which consists of the following:

◉ 100% hands-on
◉ 180 machines
◉ 250 GB of RAM
◉ Over 4TB of storage
◉ 5 to 8 subnets in every range
◉ Over 15 Windows and Linux flavors

Source: eccouncil.org

Tuesday, 16 June 2020

What does an incident response analyst do?

EC-Council Study Materials, EC-Council Guides, EC-Council Exam Prep

Have you ever wondered what happens when a security incident occurs? How do they figure out what exactly happened, what data (if any) was compromised, and what the follow-up actions are? An incident response analyst’s job is to address all of these issues.

What are cybersecurity incidents?


A cybersecurity incident is a general term that includes security breaches, insider threats, policy violations, external attacks, or a combination of these. They can be either inadvertent or intentional. Either way, proper security incident management needs to be in place. Cybersecurity management is the process of identifying, managing, recording, and analyzing security threats or incidents in real-time.

What is the role of an incident response analyst?


An Incident Response Analyst’s job is to actively monitor systems and networks for intrusions. They identify security flaws and vulnerabilities, perform security audits, risk analyses, network forensics, and penetration tests. They also perform malware analysis and reverse engineering.

Another important role of an incident response analyst is crafting the incident response plan. The incident response plan is a crucial part of any security program. It helps establish and test strategies put in place in the event of a cyber incident to ensure minimal impact. The demand for incident response analysts has been steadily increasing due to the potential vulnerability that cloud services introduce to a system. Because of the world’s increased device usage and storage needs, cloud services are a huge part of how our data is managed. This, unfortunately, increases the threat surface, which invites more computer security incidents, making effective incident response plans mandatory for most organizations.

Drafting an effective incident response plan


When implementing good incident management, you need to be sure to cover all of your bases in terms of prevention, detection, eradication, and recovery. Following the NIST SP 800-61 is a good foundation and the main document that needs to be created is the incident response plan. An incident response plan, or IRP, is a document that outlines what an organization must do in the event of a computer security incident. An IRP also contains a RACI Chart dictating who is responsible for what, who is accountable, who is consulted, and who is informed. Generally, the Computer Emergency Response Team (CERT) is the group that executes the IRP.

But what exactly does the IRP entail? There is a general ruleset that every organization should follow, and then there’s a more in-depth process.

The OODA Loop


The OODA Loop, when broken down, means to Observe, Orient, Decide, and Act. This was created by USAF Colonel John Boyd and can be used by an incident responder to handle live computer security incident handling. The following video gives a brief description:


4 Phases of the Incident Response Life Cycle


According to NIST, the incident response lifecycle, or in other words, the incident response process, comprises four phases: preparation, detection and analysis, containment, eradication and recovery, and post-incident activity.

EC-Council Study Materials, EC-Council Guides, EC-Council Exam Prep

6 Steps in the incident response methodology


The following 6 steps are crucial for a thorough incident response methodology. They cover everything that an incident response analyst should do from preparation and detection to recovery and lessons learned:

1. Preparation

This phase is the workhorse of an incident response plan, and in the end, the most crucial phase to protect the business. This is the phase in which the plan is written and tested.

2. Identification

This is the process where the incident response analyst determines whether the organization has been breached.

3. Containment

Contain the breach so it doesn’t spread and cause further damage to the business. If possible, disconnect affected devices from the Internet. Have short-term and long-term containment strategies ready. It’s also good to have a redundant system back-up to help restore business operations. That way, any compromised data isn’t lost forever.

4. Eradication

Once contained, the incident response analyst must find and eliminate the root cause of the breach. This means all malware should be securely removed, systems should again be hardened and patched, and updates should be applied.

5. Recovery

This is the process of restoring and returning affected systems and devices into the business environment. During this time, it’s important to get all systems and business operations up and running without the fear of another breach.

6. Lessons Learned

Once the investigation is complete, hold an after-action meeting with all Incident Response Team members and discuss what was learned from the data breach by analyzing and documenting everything about the breach. Finally, determine what worked well in the response plan and where there were some holes. Lessons learned from both mock and real events help strengthen systems against future attacks.

How to Become a Certified Incident Handler


“Organizations are looking for professional incident handlers and response personnel who can prepare security policies and plans to tackle incidents with efficacy in time-constrained scenarios in order to reduce the impact of incidents.” -Jay Bavisi, President of EC-Council Group.

Becoming an EC-Council Certified Incident Handler (ECIH) will accomplish just that. The ECIH will teach you the most current techniques in handling attacks; whether it’s as small as a single computer or across an entire network, you will be prepared to stop the attack and prevent future ones. Not only that, but candidates with proper incident response training are more equipped to understand the importance of a timely response and business continuity.

Source: eccouncil.org

Saturday, 13 June 2020

What is session hijacking and how to prevent it?

EC-Council Study Material, EC-Council Exam Prep, EC-Council Certification, EC-Council Guides

Sessions are an essential part of internet communication and are mostly web-based. Session hijacking is a web attack carried out by exploiting active web sessions. A session is a period of communication between two computer systems. A web server needs authentication since every user communication via websites uses multiple TCP/IP channels.

A common form of authentication is always the use of a username and password, which are usually predefined. After successful authentication, the webserver sends a session token to the user, which is then stored in the user’s machine enabling a session. The session ID can be stored as a cookie in the HTTP header or the URL.

How does session hijacking work?


Session hijacking happens when an intruder takes advantage of a compromised active session by hijacking or stealing the HTTP cookies used to maintain a session on most websites. Another way is by predicting an active session to gain unauthorized access to information in a remote webserver without detection as the intruder uses the credentials of the particular user. The session token or HTTP header can be compromised and manipulated in many ways, including:

◉ Session Sniffing: Sniffing can be used to hijack a session when there is non-encrypted communication between the web server and the user, and the session ID is being sent in plain text. Hence, if an intruder is monitoring the network, he or she can get the session ID, which they can then use to be automatically authenticated to the webserver. In monitoring the network, ethical hacking tools such as Wireshark and Kismet can be used to capture sensitive data packets such as the session ID from the network.

◉ Cross-site scripting (XSS): OWASP names cross-site scripting as among the top ten web application security risks. A server can be vulnerable to a cross-site scripting exploit, which enables an attacker to execute malicious code from the user’s side, gathering session information. An attacker can target a victim’s browser and send a scripted JavaScript link, which upon opening by the user, runs the malicious code in the browser hijacking sessions.

Session Hijacking Countermeasures


End-to-end encryption between the user’s browser and the web server using secure HTTP or SSL, which prevents unauthorized access to the session ID. VPNs can also be used to encrypt everything, not just the traffic to the webserver using personal VPN solution tools.

Web servers can generate long and random session cookies, which reduces the chances of an adversary guessing or predicting what a session cookie could be.

Session ID monitors can also be used to monitor if these IDs are being used, and utilities such as Blacksheep can be used to send fake session IDs to the network and monitor if an intruder is trying to use the session ID.

There should be an automatic log off if a session ends in use, and the client should be required to re-authenticate using a different session ID. Additionally, a server can be directed to delete a session cookie from the client’s computer to minimize the amount of time a session cookie is being exposed in the network.

How to Become an Ethical Hacker


Becoming a Certified Ethical Hacker (CEH) is certainly nothing to take lightly. This course will immerse you into the Hacker Mindset so that you will be able to defend against future attacks. Upon completion of the Certified Ethical Hacker training, you will have scanned, tested, hacked, and secured your own networks and systems. With this knowledge, you can bring peace of mind to an organization knowing their network is more secure from today’s biggest and toughest cybercriminals.

Source: eccouncil.org

Thursday, 11 June 2020

Incident Response Guidebook: All you need to know

EC-Council Study Materials, EC-Council Exam Prep, EC-Council Tutorial and Material

Cybercrime has been gaining track over recent years and is becoming the new reality in business enterprises all over the world. It is, therefore, not a matter of if a company will be targeted by cybercriminals, but when the attack will occur. Hence, it is prudent for all organizations to have a pre-emptive approach to handling and responding to cybercrime incidents for them to minimize downtime and damage costs. A cybercrime incident response, therefore, is a set of guidelines to be followed in the event of a security incident such as a breach to ensure data protection, privacy, and to ensure business continuity.

5 Things that make up an Incident Response Plan


Many organizations have an incident response team that is responsible for coming up with an incident response plan and executing it. A proper incident response plan will:

◉ Define controls involved in the mitigation of breaches and incidents and the reduction of their impact.

◉ Ensure the organization has the ability and resources needed to combat security incidents such as a specialized and professional team, or Cyber Incident Response Team (CIRT).

◉ At the occurrence of a security incident, the response team needs to prioritize what needs to be addressed immediately and what can be delayed.

◉ The scope of the response plan, as well as the response policy and roles of all members of the response team.

◉ Include all necessary procedures defining appropriate responses to incidents as well as strategies for incident reporting in case the need arises to report incidences to authorities depending on the industry regulations.

4 Phases of an Incident Response Plan


When an incident occurs, it is crucial to follow an incident response plan which helps guide all pre–defined processes and phases to follow. These phases ensure order in execution since, during a live incident, a frenzy of activities can occur which can reduce the productivity of the response procedure. NIST modeled an incident response plan in four main phases which include: Scoping, Incident Response, Recovery, and Post Incident Review:

EC-Council Study Materials, EC-Council Exam Prep, EC-Council Tutorial and Material

◉ Phase I: PLANNING – this is planning the procedures in response to and mitigation of security incidents.                        

◉ Phase II: DETECTION AND ANALYSIS – this encompasses scoping of the initial threat detection and monitoring of potential malicious activities, and analysis of the threat. Threat detection forms one of the most critical phases in the response plan as analysis on the type of response plan needed is undertaken as well as accounting for the necessary prioritization.  

◉ Phase III: CONTAINMENT, ERADICATION, AND RECOVERY – this will entail the development of attack containment strategy, identifying all affected systems, and mitigating the attack, proper documentation, and evidence collection, and developing a remediation and recovery procedure to enable the return of normal operations hence ensuring business continuity. 

◉ Phase IV: POST- INCIDENT ACTIVITY – this involves reviewing actions and lessons learned for improved security measures and also having a plan for evidence retention. 

How to Become a Certified Incident Handler 


“Organizations are looking for professional incident handlers and response personnel who can prepare security policies and plans to tackle incidents with efficacy in time-constrained scenarios in order to reduce the impact of incidents.” –Jay Bavisi, President of EC-Council Group. 

Source: eccouncil.org

Tuesday, 9 June 2020

What are Sniffing Attacks and their types?

EC-Council Tutorial and Materials, EC-Council Learning, EC-Council Exam Prep, EC-Council Guides

Sniffing is the process of monitoring and capturing all data packets that are passing through a computer network using packet sniffers. Packet Sniffers are used by network administrators to keep track of data traffic passing through their network. These are called network protocol analyzers. In the same way, malicious attackers employ the use of these packet sniffing tools to capture data packets in a network. 

Data packets captured from a network are used to extract and steal sensitive information such as passwords, usernames, credit card information, etc. Attackers install these sniffers in the system in the form of software or hardware. There are different types of sniffing tools used and they include Wireshark, Ettercap, BetterCAP, Tcpdump, WinDump, etc.

The Difference Between Sniffing and Spoofing 


In sniffing, the attacker listens into a networks’ data traffic and captures data packets using packet sniffers. In spoofing, the attacker steals the credentials of a user and uses them in a system as a legitimate user. Spoofing attacks are also referred to as man-in-the–middle attacks since the attacker gets in the middle of a user and a system.

Types of Sniffing 


There are two types of sniffing attacks, active sniffing and passive sniffing.

◉ Active sniffing – this is sniffing that is conducted on a switched network. A switch is a device that connects two network devices together. Switches use the media access control (MAC) address to forward information to their intended destination ports. Attackers take advantage of this by injecting traffic into the LAN to enable sniffing.

◉ Passive sniffing – passive sniffing uses hubs instead of switches. Hubs perform the same way as switches only that they do use MAC address to read the destination ports of data. All an attacker needs to do is to simply connect to LAN and they are able to sniff data traffic in that network.

Sniffing is detrimental to the user or a network system since a hacker can sniff the following information: email traffic, FTP passwords, web traffics, telnet passwords, router configuration, chat sessions, DNS traffic, etc.

How to Prevent Sniffing Attacks 


Untrusted networks: users should avoid connecting to unsecured networks, which includes free public Wi-Fi. These unsecured networks are dangerous since an attacker can deploy a packet sniffer that can sniff the entire network. Another way an attacker can sniff network traffic is by creating their own fake–free public Wi-Fi.

Encryption: Encryption is the process of converting plaintext into gibberish in order to protect the message from attackers. Before leaving the network, the information should be encrypted to protect it from hackers who sniff into networks. This is achieved through the use of a virtual private network (VPN).

Network scanning and monitoring: Network administrators should scan and monitor their networks to detect any suspicious traffic. This can be achieved by bandwidth monitoring or device auditing. 

In information security, ethical hackers also use sniffing techniques to acquire information that could help them penetrate a system. If used by professionals like ethical hackers, packet sniffers could help in identifying a system’s vulnerabilities.

Becoming a Certified Ethical Hacker (CEH) would put you on the front lines of being able to detect and mitigate these sniffing attacks, thereby keeping the network safe. You would learn all the techniques and tools hackers use to compromise systems, then use those same tools and techniques against the bad guys to help protect your clients.

Source: eccouncil.org

Saturday, 6 June 2020

How to use Kali Linux & Raspberry Pi for Wireless Penetration Testing

EC-Council Study Material, EC-Council Guides, EC-Council Learning, EC-Council Exam Prep

Why Kali Linux?


If you’ve ever searched penetration testing, you’ve most likely stumbled upon a piece of software called Kali Linux, or more commonly called “Kali”. It is one of the most common and open-source programs that is used for pentesting nowadays.

Kali Linux is one of the many Linux systems that is based on Debian. It is created and overseen by Offensive Security as the successor of the fiercely well-known Backtrack Linux program. In brief, Kali could be a write testing tool compartment. Kali incorporates over 600 computer programs and utilities that write analyzers commonly utilize. The tremendous larger part of these is free and open source. The Kali Tools page records the apparatuses included within the current conveyance.

How to Use Kali Linux for Penetration Testing


Kali Linux consists of 100 security testing tools such as SQL map, Metasploit, hydra, etc. Further, Kali Linux is also equipped with wireless security testing rules. “Aircrack-ng” and “Kismet” are the major tools of them.

Aircrack-ng

This is a wireless security testing software suite. It comprises of an organized packet analyzer, a WEP organizes saltine, and WPA/WPA2-PSK among other sets of wireless auditing apparatuses. Here are the foremost well-known apparatuses included within the Aircrack-ng suite:

◉ Airmon-Ng: converts your wireless card into a promiscuous wireless card
◉ Airmon-Ng: captures packages of desired specification, and it is particularly useful in deciphering passwords
◉ Aircrack-Ng: used to decrypt passwords. It is also able to use statistical techniques to decipher WEP and dictionaries for WPA and WPA2 after capturing the WPA handshake
◉ Aireplay-Ng: can be used to generate or accelerate traffic in an access point
◉ Airdecap-Ng: decrypts wireless traffic once the key is deciphered

Main features that are supported:

◉ Support for WEP, WPA/WPA2-PSK passwords
◉ Fast WEP and WPA password decryption
◉ Packet sniffer and injector
◉ Ability to create a virtual tunnel
◉ Automated WEP key password recovery
◉ Password list management

Kismet Wireless

This is a multi-platform free Wireless LAN analyzer, sniffer, and IDS (intrusion detection system). It is compatible with almost any kind of wireless card. Using it in sniffing mode allows you to work with wireless networks such as 802.11a, 802.11b, 802.11g, and 802.11n.

Main features:

◉ Ability to run in passive mode
◉ Easy detection of wireless clients and access points
◉ Wireless intrusion detection system
◉ Scans wireless encryption levels for a given AP
◉ Supports channel hopping
◉ Network logging

Next Level of Kali Linux


Raspberry Pi has continuously been showcased as a little, reasonable, credit card-sized, turn-key microcomputer. Their generally low profile and well-supported equipment adornments have made it an incredible choice for versatile infiltration testing. Luckily, Kali Linux is one of those frameworks and an incredible choice for setting up not as it were a versatile pen-testing framework but moreover one at your work area if you can’t manage a more costly PC.

A Raspberry Pi is a fantastically reasonable and simple way to get started with pentesting that’s reasonable and reasonably direct, but not without impediments. A need for direct Burp Suite installation can be an issue in case you are doing web entrance testing but can be overcome with OWASP Destroy, netcat, etc. The need for a graphics card can restrain a few resource-intensive forms, as can the nature of the Raspberry Pi itself.

How to Become a Certified Security Analyst


Once you become a Certified Ethical Hacker, obtaining the EC-Council Certified Security Analyst (ECSA) certification will take your pentesting skills to the next level. Unlike most other pen-testing programs that only follow a generic kill chain methodology, the ECSA presents a set of distinguishable comprehensive methodologies that can cover different pentesting requirements across different verticals.With this knowledge, you can bring peace of mind to an organization knowing their network is more secure from today’s biggest and toughest cybercriminals.

Source: eccouncil.org

Thursday, 4 June 2020

The benefits of using SIEM in a SOC

EC-Council Study Materials, EC-Council Guides, EC-Council Learning, EC-Council Exam Prep

What is SIEM and how does it work?


A SIEM (Security Information Event Management) is a security log management system that collects log files, security alerts, and security events into one centralized location, which enables security analysts and teams to efficiently analyze data. Hence, SIEM technology aids security incident and event management through logging of real–time and historical data of security events. In addition, a SIEM generally creates reports via a main dashboard.

2 Types of SIEM Technologies 


Gartner, in 2017, updated the definition of a SIEM to include two other technologies:

◉ UEBA: User Entity Behavior Analytics, which is an analytics technology layer, tracks normal and abnormal user behavior for users and entities such as servers, databases, and devices. UEBA helps in analyzing abnormal device behavior such as computers uploading huge amounts of data for the first time or logins from unusual points in the network. Such incidents get flagged for further investigation.

◉ SOAR: Security Orchestration Animation Response automates procedures undertaken by security analysts in incident response, improving efficiency in the SOC and reducing overall risk. 


What is the Benefit of a SIEM in a SOC? 



The central collection of incident data from all devices on the network provides one dataset for security analysts to conduct their investigation instead of going through each individual system. In the event of a security incident, SIEMs make for a foundational entity in the Security Operations Centers (SOC) in conducting forensic analysis. A SOC compliments the SIEM system by providing the resources needed, such as security operational analysts who perform forensic investigations, which entail analyzing real–time network events, investigation of security incidents, response to security events and prevention, and updating post the cybersecurity incidents.

When logging data from network devices, it is important to synchronize the time on all devices in case the need arises to investigate the occurrence of an event at a certain time. For instance, a forensic investigation on the events which occurred between the router and the webserver at a specific period can provide accurate insight on how an attack was carried out. The Network Time Protocol (NTP) is a widely used standardized protocol that enables the synchronization of all devices on the network to a single clock source, which provides an accurate time synchronization as well as flexibility.

After the collection of log data, a SIEM requires a way to transfer that data from devices and a way to store the data. The most common way of transferring log data to SIEMs is through the Syslog standard transfer method. The SIEM will use a central receiver to receive logs and store them; therefore, SIEMs also need large storage capabilities.

SolarWinds is an example of a SIEM tool that strengthens an organization’s security posture by providing automated incident response and threat detection. It provides an easy–to–use dashboard that visualizes event data for analysis and pattern recognition. SolarWinds also provides active response actions such as blocking of untrustworthy IPs, automatically logging off users, and terminating inactive sessions. SolarWinds will also provide customizable reporting templates for easy demonstration of compliance to standardization bodies such as ISO 27001 and SOX.


How to Become a SOC Analyst 


Being a SOC analyst can be an intense job, but it is certainly a very rewarding career. Imagine being in a SOC at a healthcare organization and you start to see indicators that an attack is happening on the network. You follow the proper procedure and eventually thwart the attack. After an analysis, you find that the attack you thwarted would have caused enough damage to cripple the entire hospital. Some might call that being a modern-day hero; others might call it just doing their job. Either way, getting the EC-Council CSA Certification is the first step to take.

Source: eccouncil.org

Tuesday, 2 June 2020

What is VoIP and VPN Footprinting?

EC-Council Study Material, EC-Council Guides, EC-Council Exam Prep, EC-Council Pre

What is digital footprinting and why is it important?


Digital footprinting refers to information gathering procedures and methodologies used by hackers aimed at gaining insightful information and learning as much as possible about the targeted systems. Footprinting, also known as reconnaissance (one of the five phases of ethical hacking), is done to invade systems by gathering all relevant data and exposing its vulnerabilities. In the same way that those vulnerabilities could be exploited, organizations are hiring ethical hackers to protect their systems by uncovering such vulnerabilities.

The reconnaissance stage is crucial,as all relevant information about the target organization is collected. This information may be online without the organization’s knowledge either through accidental indexing of back-end online web pages or through an internet-connected Industrial Control Systems (ICS) device. Some FAQ websites may also contain information that can reveal sensitive information once aggregated.

What are the two types of digital footprints?


There are two types of footprints – active and passive.

Active footprint: This type of digital footprint is often created with an intent. This is often done by posting online via social media accounts, sending emails, etc.

Pass footprint: This type of digital footprint is often created unintentionally. This type of information is generally collected via cookies stored on your system as you browse or through your IP address.

How is a digital footprint used?

Footprinting is used to discover the organization’s network stance, such as its remote network access capabilities and the organizations’ ports and services. It can also be used to attain information such as demographics, religion, political affiliations, or interests using cookiesstored on your computer.

Online reconnaissance methods are known as open-source intelligence tools (OSINT) and can include metadata searches, code searches, and image analysis. But the two that we will highlight in this article are:

◉ Google hacking database: footprinting for information through querying search engines using advanced string methods to enable Google to return a specific result such as website indexes and specific file types. For instance, “inurl:view_items.php?id=” means that listed websites have a SQL injection attack

◉ Shodan: a search engine providing data on all connected IoT devices

Footprintingwith VoIP & VPN


VoIP (Voice over Internet Protocol) is an internet protocol that allows the transmission of voice calls over the internet. It does so by converting the regular phone signals into digital signals. Virtual Private Networks(VPN) provide a secure connection to an organizations’ network. Therefore, VoIP traffic can pass over an SSL-based VPN, effectively encrypting VoIP services.

When conducting reconnaissance, in the initial stages of VoIP footprinting, the following publicly available information can be expected:

◉ All open ports and services of the devices connected to the VoIP network
◉ The public VoIP server IP address
◉ The operating system of the server running VoIP
◉ The network infrastructure

EC-Council Study Material, EC-Council Guides, EC-Council Exam Prep, EC-Council Pre

The highlighted search above, for instance, returns network configurations and device information.

EC-Council Study Material, EC-Council Guides, EC-Council Exam Prep, EC-Council Pre

The results then provide the following information on the targeted network:

EC-Council Study Material, EC-Council Guides, EC-Council Exam Prep, EC-Council Pre

A search on Shodan displays servers running VoIP in the targeted network, and focus can be on a specific server with UDP port 5060, which is used by SIP VoIP service providers.

EC-Council Study Material, EC-Council Guides, EC-Council Exam Prep, EC-Council Pre

The Shodan scan also provides the internal and external IP addresses, which afterward is used to delve into the next phase, which entails the scanning of internal networks for additional information.

Source: eccouncil.org