You're reading from Hands-On Ethical Hacking Tactics Strategies, tools, and techniques for effective cyber defense

Product type Paperback

Published in May 2024

Publisher Packt

ISBN-13 9781801810081

Length 464 pages

Edition 1st Edition

Concepts

Ethical Hacking

Author (1):

Shane Hartman

View More author details

Table of Contents (20) Chapters

Preface

1. Part 1:Information Gathering and Reconnaissance

2. Chapter 1: Ethical Hacking Concepts FREE CHAPTER

3. Chapter 2: Ethical Hacking Footprinting and Reconnaissance

4. Chapter 3: Ethical Hacking Scanning and Enumeration

5. Chapter 4: Ethical Hacking Vulnerability Assessments and Threat Modeling

6. Part 2:Hacking Tools and Techniques

7. Chapter 5: Hacking the Windows Operating System

8. Chapter 6: Hacking the Linux Operating System

9. Chapter 7: Ethical Hacking of Web Servers

10. Chapter 8: Hacking Databases

11. Chapter 9: Ethical Hacking Protocol Review

12. Chapter 10: Ethical Hacking for Malware Analysis

13. Part 3:Defense, Social Engineering, IoT, and Cloud

14. Chapter 11: Incident Response and Threat Hunting

15. Chapter 12: Social Engineering

16. Chapter 13: Ethical Hacking of the Internet of Things

17. Chapter 14: Ethical Hacking in the Cloud

18. Index

Why subscribe?

19. Other Books You May Enjoy

Elements of information security

Information security and, subsequently, ethical hacking methodologies revolve around three core principles: Confidentiality, Integrity, and Availability (CIA). These core principles provide the framework for information security and are used by ethical hackers and security professionals to test security and security solutions. These principles can be described as follows:

Confidentiality: Data stored on networks in the form of databases, files, and so on carries a certain level of restriction. Access to information must be given only to authorized personnel. Some examples include nonpublic financial information that could be used to make investment decisions; this is also known as insider trading. Another example would be company patents or trade secrets.
Ensuring this information is reserved for only those who need to know about it can be addressed through techniques such as encryption, network segmentation, and access restrictions, as well as practicing the principle of least privilege. These are the things ethical hackers check and test to make sure there are no gaps or exposure of information beyond what is authorized.
Integrity: Data that is accessed and viewed, whether part of an email or viewed through a web portal, must be trustworthy. Ethical hackers and security personnel ensure that data has not been modified or altered in any way; this includes data at rest as well as data in transit. Examples of integrity checks include showing and storing hash values and the use of techniques, including digital signatures and certificates.
Availability: The last principle is that of availability. Information that is locked down to a level where no one can access it not only defeats the purpose of having data but affects the efficiency of those who are authorized to access it. However, just like the other principles, there is a fine line between availability by authorized personnel and confidentiality. An ethical hacker tests availability in a number of ways. Some examples include remote access for employees, establishing hours of operation for personnel, and what devices can have access.

The concepts of CIA will be covered throughout the chapters as attack techniques are discussed and the principle(s) that are violated as part of an attack, as well as what practice (or practices) could be implemented to prevent/detect an attack. Next, let’s take a look at attackers and why they attack.

You're reading from Hands-On Ethical Hacking Tactics Strategies, tools, and techniques for effective cyber defense

Table of Contents (20) Chapters

Elements of information security

Authors (1)

Personalised recommendations for you