Summary

Table of contents:

In this Chapter, you learned about physical security and social engineering. Physical security is as important as network security. Physical security works best when set up as a defense in depth. This means that you are layering one security mechanism on top of another. Therefore, you might have locked servers in a controlled access room protected by a solid core door. The facility that the servers are located in has controlled access with CCTV cameras throughout the facility. Even the building has good physical security, as it can only be entered through doors with mantraps. These layers make it much harder for someone to penetrate. The building perimeter can also be secured by adding fences, gates, and possibly guards.

Next, we looked at social engineering. Social engineering is a powerful attack tool, as it targets people, not technology. Social engineering can target employees directly or can use the computer to try and trick the employee. Social engineers use a variety of techniques to pry information from their victims. These include scarcity, authority, liking, consistency, social validation, and reciprocation.

Finally, we reviewed policies. After all, without policies, there is no controlling mechanism in place. Policies can reinforce physical security and help prevent social engineering. Policies detail what management expects and provides a general roadmap on how these items will be achieved. Policies also show management's commitment to support employees and what types of controls are put in place to protect sensitive information. Policies outline acceptable and unacceptable behavior and can be used to enhance physical, logical, and administrative controls.

Key Terms

Part I: Exam Preparation

The Business Aspects of Penetration Testing

The Technical Foundations of Hacking

Footprinting and Scanning

Enumeration and System Hacking

Linux and Automated Security Assessment Tools

Trojans and Backdoors

Sniffers, Session Hijacking, and Denial of Service

Web Server Hacking, Web Applications, and Database Attacks

Wireless Technologies, Security, and Attacks

IDS, Firewalls, and Honeypots

Buffer Overflows, Viruses, and Worms

Cryptographic Attacks and Defenses

Physical Security and Social Engineering

Part II: Final Review

Part III: Appendixes

Appendix A. Using the ExamGear Special Edition Software



Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net