Module01 introductions

Page 1

  • Title: EC-Council Certified Ethical Hacker

  • Subject: Ethical Hacking and Countermeasures Professional Series

Page 2

  • Version: Ethical Hacking and Countermeasures Version 12

Page 3

  • Copyright Notice:

    • © 2022 by EC-Council. All rights reserved.

    • Prohibits reproduction and distribution without permission. Program listings may be stored and executed but not reproduced in publication.

  • Content Accuracy: Information believed to be reliable but without guarantee by EC-Council.

Page 4

Foreword

  • Significance of Security: Importance of information systems security

  • Course Objectives: Provides a broad overview of ethical hacking and security mechanisms.

  • Course Features:

    • Covers multiple domains of information security.

    • Emphasizes practical knowledge and accessible tools.

    • Intended for various methodologies depending on the client.

    • Open to feedback for ongoing improvement.

Page 5

About the EC-Council CEH Program

  • Purpose: To train ethical hackers to defend against malicious attacks lawfully.

  • Philosophy: Think like a hacker to anticipate attacks.

  • Defense in Depth: Emphasizes multifaceted security approaches.

  • Certification Process: Requires passing CEH exam 312-50 to validate skills.

Course Prerequisites

  • Recommendation for fundamental knowledge in:

    • Operating systems.

    • Network protocols.

    • Risk management.

Page 6

About EC-Council

  • Founded: 2001.

  • Aim: To enhance education and certification in information security.

  • Global Reach: Programs delivered in 145+ countries.

Page 7

EC-Council Programs Overview

  1. Certified Secure Computer User (CSCU): Basic knowledge for protecting information assets.

  2. Certified Cybersecurity Technician (CCT): Skills to identify cybersecurity threats and protect infrastructure.

  3. Certified Network Defender (CND): Hands-on expertise in network defense.

  4. Certified Cloud Security Engineer (CCSE): Ensures cloud security practices.

  5. Certified Penetration Testing Professional (CPENT): Advanced methodologies for penetration testing.

Page 8

Certification Framework

  • Description of various certifications aimed at equipping professionals with specific skills.

Page 10

Core Learning Objectives for CEH Exam

  1. Explain information security concepts.

  2. Elaborate on different hacking methodologies.

  3. Understand and explain legal controls.

Page 20

Motives Behind Hacking

  • Attack Logistics: Attacks stem from valuable targets, include disrupting operations, theft, revenge, etc.

Page 25

Classification of Attacks

  • Categorize into five types:

    1. Passive: Non-intrusive, surveillance methods.

    2. Active: Involve direct interaction (e.g., DoS).

    3. Close-in: Physical presence required.

    4. Insider: Trust-based exploitation.

    5. Distribution: Tampering with hardware.

Page 30

Hacking Methodologies

  • CEH Methodology (CHM): Framework followed by ethical hackers reflecting attacker methodologies across various phases (footprinting to covering tracks).

Page 31-32

Cyber Kill Chain Methodology

  • Describes stages of the attack from reconnaissance to objective achievement, essential for integrating security controls at different points.

Page 47

Threat Intelligence Lifecycle

  • Phases of Intelligence Gathering:

    1. Planning and Direction

    2. Collection

    3. Processing and Exploitation

    4. Analysis and Production

    5. Dissemination and Integration

Page 68

Information Security Controls

  • Definition: Mechanisms that prevent unwanted security events.

  • Core Principles: Confidentiality, integrity, and availability.

Page 100

Payment Card Industry Data Security Standard (PCI DSS)

  • Overview: Framework addressing the handling of cardholder information.

  • Key Areas:

    • Network security.

    • Access control measures.

Page 102

ISO/IEC 27001:2013

  • Purpose: Framework for establishing information security management systems (ISMS).

Page 104

Health Insurance Portability and Accountability Act (HIPAA)

  • Focus: Protects personal health information, requiring secure handling by entities.

Page 106

Sarbanes Oxley Act (SOX)

  • Goal: Protect investors through accuracy and reliability in disclosures.

Page 108

Digital Millennium Copyright Act (DMCA)

  • Aim: Addresses copyright protection in digital media.

Page 110

General Data Protection Regulation (GDPR)

  • Significance: Protects personal data of individuals within the EU, imposing strict compliance regulations on organizations.