Domain 4 Of CEH V11 Network And Perimeter Hacking

Domain 4 of CEH V11 Network and Perimeter Hacking

132 views

Embed
Email

From

Username or Email (please add comma after each username or email)

Name	Email

Back

Menu 3

Eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.

Infosectrain

Uploaded on Feb 7, 2022

Category Education

Networks are composed of two or more computers that share resources (such as printers and CDs), exchange files, and allow electronic communications. A network of computers may be connected by cables, telephone lines, radio waves, satellites, or infrared beams.

Category Education

Comments

Domain 4 of CEH V11 Network and Perimeter Hacking
Domain 4 of CEH V11: Network and
Perimeter Hacking
www.infosectrain.com | [email protected]
www.infosectrain.com | [email protected]
Domains of CEH
1.Information Security and Ethical Hacking Overview-6%
2.Reconnaissance Techniques-21%
3.System hacking phases and Attack Techniques-17%
4.Network and perimeter hacking-14%
5.Web application hacking-16%
6.Wireless network hacking-6%
7.Mobile platform, IoT, and OT hacking-8%
8.Cloud Computing-6%
9.Cryptography-6%
www.infosectrain.com | [email protected]
www.infosectrain.com | [email protected]
We will discuss the fourth domain of CEH, which is ‘Network and perimeter
hacking’.
Network
Networks are composed of two or more computers that share resources
(such as printers and CDs), exchange files, and allow electronic
communications. A network of computers may be connected by cables,
telephone lines, radio waves, satellites, or infrared beams.
In simple terms, a network is a cluster of devices connected to each other by
a physical communication medium.
What is network hacking?
As I have mentioned above, a network is a collection of devices. Hence,
network hacking is nothing but gaining access to the information present on
all network devices over the internet.
www.infosectrain.com | [email protected]
How are networks compromised?
As every big plan starts with a simple step, likewise, large-scale cyber attacks also start
by attacking or infecting a lower-end device and increasing the level of privileges
required to go forward inside the same network. While attacking the networks, ethical
hackers will have to think exactly like malicious hackers. Only then the organizations can
have a clear idea of their security vulnerabilities.
Attackers first start with the traditional methods. One of the most common traditional
methods is sending a false email. An attacker usually creates an incorrect email by
replicating it like an original one. For example, an attacker can create an Amazon Big
Billion day email asking you to click the links to get the 50% offer. Once you click on the
link, you’ll be redirected to a malicious webpage from where an attacker can install the
viruses on your network’s device.
Once the attacker enters your network, he will start escalating his privileges to the
administrator level because they are the ones who maintain the whole network.
In simple terms, privilege escalation can be described as exploiting a bug or
vulnerability in an application or operating system to gain access to resources that
would otherwise be protected from an average user.
www.infosectrain.com | [email protected]
Tools used for network perimeter hacking
ARP Scan: ARP-Scan is used to scan internal networks. Compared to
netdiscover arp-scanning, it is much faster. With the assistance of the
ARP Scan tool, you can collect data about the internal networks in a
noisy way. By noisy, I mean that the tool will be caught by the IDS and
IPS sensors and leave traces behind.
The four general ARP Scan usage scenarios are:
1.We can identify all the IPv4 network devices.
2.We can identify the false IP addresses.
3.We can easily identify and map IP addresses to MAC addresses.
4.We can locate and isolate malicious devices.
www.infosectrain.com | [email protected]
PivotSuite: With PivotSuite, penetration testers and red teams can move
around inside a network by using compromised systems. It is portable,
platform-independent, and powerful. It is a stand-alone application that
can be used as a client or a server.
Nmap: Nmap is a port scanner. Port scanning is a phase where hackers scan
the target system for data like live systems, open ports, and different
services running over the host.
In addition to port scanning, Nmap can identify various operating systems,
version numbers of services running, firewall configuration, and many more
features.
www.infosectrain.com | [email protected]
Network attack techniques
Spoofing: In network security, a spoofing attack is a scenario in which an
individual successfully pretends as another data source, thereby gaining an
illegitimate advantage.
For example, an attacker can buy advertising space on any site and can post
some exciting advertisements that attract users to click on them. And if the
user clicks on that advertisement, he will be redirected to a malicious page
from where an attacker can install the viruses into the user’s system.
Sniffing: An attacker can capture data while it is cycling across an insecure
network by using packet sniffing. Data on travel is generally captured by
sniffer software running on any network layer. Putting the sniffer at an
aggregation point would allow it to observe the entire traffic.
www.infosectrain.com | [email protected]
Phishing: While the spelling is Phishing, we utter it as fishing.
They are not just phonetic but also somewhat comparable, since
we use a worm to capture a fish known as fishing. On the contrary,
an attacker can email, send a message, a web link, or a voice call to
seek our private data called “phishing.”
The main aim of phishing attackers is to steal your sensitive and
personal data like login credentials, credit card information, etc.
They may also try to install malware on your system.
www.infosectrain.com | [email protected]
CEH with InfosecTrain
InfosecTrain is one of the leading training providers with a pocket-friendly
budget. We invite you to join us for an unforgettable journey with industry
experts to gain a better understanding of the Certified Ethical Hacker course.
Courses can be taken as live instructor-led sessions or as self-paced courses,
allowing you to complete your training journey at your convenience.
www.infosectrain.com | [email protected]
About InfosecTrain
• Established in 2016, we are one of the finest
Security and Technology Training and
Consulting company
• Wide range of professional training programs,
certifications & consulting services in the IT
and Cyber Security domain
• High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com | [email protected]
Our Endorsements
www.infosectrain.com | [email protected]
Why InfosecTrain Global Learning Partners
Certified and Flexible modes Access to the
Experienced Instructors of Training recorded
sessions
Post training Tailor Made
completion Training
www.infosectrain.com | [email protected]
Our Trusted Clients
www.infosectrain.com | [email protected]

Contact us
Get your workforce reskilled
by our certified and
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-
1127 / UK : +44 7451 208413
[email protected]
www.infosectrain.com