The Business Aspects of Penetration Testing

Physical Security and Social Engineering

This Chapter helps you prepare for the Certified Ethical Hacker (CEH) Exam by covering the following EC-Council objectives, which include understanding the business aspects of penetration testing. This includes items such as

Understand the role of physical security

  • Physical security plays a key role in securing IT networks. Without physical controls, real security is not possible.

Know how items such as locks, alarms, and guards can be used to enhance physical security

  • Locks, alarms, and guards are three potential physical security controls. Locks help deter security violations; alarms detect security violations; and guards can help prevent, deter, and detect security violations.

Define the role of biometrics in the authentication process

  • Biometrics offer a strong form of authentication and make a good replacement for passwords.

Describe the different types of access controls

  • Something you know, something you have, and something you are form the three basic types of access control.

Describe the principle of defense in depth

  • Defense in depth is the concept that multiple layers of security are much better than one. It relies on the integration of physical, logical, technical, and administrative controls to establish multilayer, multidimensional protection.

State the primary types of perimeter controls

  • Perimeter controls can include fences, gates, turnstiles, man traps, and access controls to control access to the grounds, facilities, and locations inside organizations.

Know the importance of fire prevention and detection

  • Security is ultimately about the protection of employees and people. Fire prevention and detection play a critical role in their security and protection.

Describe basic social engineering techniques

  • Social engineering techniques include person-to-person or human social engineering, computer-based social engineering, and reverse social engineering.

Outline

Part I: Exam Preparation

The Business Aspects of Penetration Testing

The Technical Foundations of Hacking

Footprinting and Scanning

Enumeration and System Hacking

Linux and Automated Security Assessment Tools

Trojans and Backdoors

Sniffers, Session Hijacking, and Denial of Service

Web Server Hacking, Web Applications, and Database Attacks

Wireless Technologies, Security, and Attacks

IDS, Firewalls, and Honeypots

Buffer Overflows, Viruses, and Worms

Cryptographic Attacks and Defenses

Physical Security and Social Engineering

Part II: Final Review

Part III: Appendixes

Appendix A. Using the ExamGear Special Edition Software



Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net