Recognize an organization's defense must be a layered approach, and there are a variety of mechanisms available to secure an organization. Lisa Bock covers a layered approach at multiple locations to repel all classes of attacks using three basic elements: Technical controls, Administrative policies and procedures, and the people.
- [Voiceover] In order to breach a system,…it is not only as necessary to use advanced attack…techniques and specialized coordinated events.…Many times it's someone is able to penetrate…network defenses by simply taking advantage…of common mistakes such as failure to update…various signatures or sloppy patch…in configuration management.…An attack can occur from multiple points…from outsiders or insiders.…Defense, therefore, must be a layered approach…at multiple locations to repel all classes of attacks.…
The concept of defense in depth encompasses…an overall approach to organizational security.…And there are a variety of mechanisms available…to secure an organization.…The three basic elements are technical controls,…administrative policies and procedures,…and the people.…This triangle represents an organization.…When technology and networks were first implemented,…security generally fell on the shoulders…of the network administrator.…
The theory is that data is either at motion or at rest…and various logical controls can be implemented…
Security expert Lisa Bock starts with an overview of ethical hacking and the role of the ethical hacker. She reviews the kinds of threats networks face, and introduces the five phases of ethical hacking, from reconnaissance to covering your tracks. She also covers penetration-testing techniques and tools. The materials map directly to the "Introduction to Ethical Hacking" competency from the CEH Body of Knowledge, and provide an excellent jumping off point for the next courses in this series.
Note: Our Ethical Hacking series will map to the 18 parts of the EC-Council's certification exam. Find more courses in the series on Lisa's author page.
- Ethical hacking principles
- Managing incidents
- Creating security policies
- Protecting data
- Conducting penetration testing
- Hacking in phases