You're reading from Hands-On Ethical Hacking Tactics Strategies, tools, and techniques for effective cyber defense

Product type Paperback

Published in May 2024

Publisher Packt

ISBN-13 9781801810081

Length 464 pages

Edition 1st Edition

Concepts

Ethical Hacking

Author (1):

Shane Hartman

View More author details

Table of Contents (20) Chapters

Preface

1. Part 1:Information Gathering and Reconnaissance

2. Chapter 1: Ethical Hacking Concepts FREE CHAPTER

3. Chapter 2: Ethical Hacking Footprinting and Reconnaissance

4. Chapter 3: Ethical Hacking Scanning and Enumeration

5. Chapter 4: Ethical Hacking Vulnerability Assessments and Threat Modeling

6. Part 2:Hacking Tools and Techniques

7. Chapter 5: Hacking the Windows Operating System

8. Chapter 6: Hacking the Linux Operating System

9. Chapter 7: Ethical Hacking of Web Servers

10. Chapter 8: Hacking Databases

11. Chapter 9: Ethical Hacking Protocol Review

12. Chapter 10: Ethical Hacking for Malware Analysis

13. Part 3:Defense, Social Engineering, IoT, and Cloud

14. Chapter 11: Incident Response and Threat Hunting

15. Chapter 12: Social Engineering

16. Chapter 13: Ethical Hacking of the Internet of Things

17. Chapter 14: Ethical Hacking in the Cloud

18. Index

Why subscribe?

19. Other Books You May Enjoy

Defensive technologies

Defensive technologies include software and devices used to thwart attackers. Some of these technologies are passive, presenting detections and alerts requiring intervention by any analyst. Other technologies are active, using workflows or rules to determine actions to take and act upon them. Antivirus software is an example of an active technology that acts upon a detection and then processes a rule. In this case, it would either be quarantine or delete. The following is a brief list of defensive technologies defenders can employ in the networks they are tasked to protect:

Firewalls: Often considered the first line of defense, firewalls, like other security technologies, have advanced over the years. They originally started as just smart routers with access control lists (ACLs) on them. Later, they developed the ability to track and maintain state. The latest iteration, the next-generation firewall, goes beyond the previous two generations and incorporates the ability to look at and understand application behavior and apply intrusion prevention.
Antivirus (AV) software: Just like firewalls, this was one of the first technologies to be developed to combat viruses. It, too, has gone through several enhancements over the years. In the beginning, antivirus was simply a set of signature-based rules that, once matched, the system was alerted and could even delete the malicious file(s) for you. As the industry matured, later generations began incorporating heuristic detection and the inspection of applications such as browsers, and merged with larger suites of products to perform multiple security operations. The latest generation has taken the previous lessons and not only applied them but added behavior detection for application and user interactions.
Intrusion detection system (IDS): Intrusion detection systems in this category fall into two classifications. The first is network intrusion detection systems (NIDSs). In this configuration, a device or system is put into place that monitors the network traffic and applies a set of detection rules. Some NIDSs can also interact with network traffic. When this option is implemented, it is referred to as an intrusion prevention system or IPS. The second type is host intrusion detection system (HIDS), and unlike NIDS, these operate at the file system level on the monitored machines. HIDS, just like NIDS, have their limitations in that they only really look at one, or possibly two, elements of activity during transactions between machines. They are still widely implemented; however, other superior technologies such as next-gen firewalls and EDR systems have largely supplanted this category of security systems.
Endpoint detection and response (EDR): EDR systems are some of the latest security tools to be introduced to enterprise security. This technology exists at the endpoint, be it a server or a workstation as an agent install. This agent collects and reports to a central repository where data is recorded and processed, applying and creating behavior profiles for applications and users alike. This can then be used to discover malicious behavior through alerts or hunting.
Security information and event management (SIEM): SIEM can be described as the go-between for network detection and EDR systems. What SIEMs do is collect data from across the network, including logs, telemetry, and device information, to give a more holistic view of the enterprise. One example of the insight a SIEM brings would be if an attacker has gained access to a network and begins downloading tools and performing malicious activities. These activities would be detected by the SIEM based on rules and behaviors, leading to an alert to the appropriate security staff.