CEH v11 Domain 4: Network And Perimeter Hacking
EC-Council has released the latest version of CEH: CEH v11, following their strategy of thinking like a hacker. This will incorporate the most recent breakthroughs in the world of cybersecurity into the curriculum. The domains have been preserved, but new segments have been created by adding and removing a few themes. OT Technology, Serverless Computing, WPA3 Encryption, APT, File Less Malware, Web API, and Web Shell are included in the next edition. On the practical side, Windows 10, Windows Server2016, Parrot Security, Windows Server2019, Android, and Ubuntu Linux are among the operating systems utilized in labs.
Network and Perimeter Hacking:
Domain 4 of CEH is titled “Network and Perimeter Hacking” which includes the subdomains as:
- Social Engineering
- Session Hijacking
- Evading IDS, Firewalls, and Honeypots
CEH v11 has a number of labs for practice as well as new labs for the new topics. New attack techniques are introduced and have shown a variety of new tools to practice with. Certification provides you with a deep understanding of all domain-4 including:
- Packet sniffing concepts, techniques, and protection against the same.
- Social engineering concepts and related terminologies like identity theft, impersonation, insider threats, social engineering techniques, and countermeasures
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, use cases, and attack and defense tools
- Security solutions like firewall, IPS, honeypots, their evasion, and protection
What is a Network:
A network is a collection of devices that are linked together so that they can exchange information and resources. A variety of basic components are required to build a network, including network devices, network media, network interfaces, and the network protocol. When the devices are connected, they can share information. Sending a print job to a printer, sending an email, or streaming a video are all examples of this. This can be used to share an internet connection as well. A network can have communicating devices such as computers, laptops, tablets, cellphones, printers or any other device which has built-in technology to connect to another device like Wi-Fi or Bluetooth. The network also has some networking devices like routers, switches, and firewalls. All these communicating and networking devices are collectively called nodes.
Type of Network Attacks:
- DDOS Attack:
DDoS (Distributed Denial of Service) attacks are a type of distributed network attack. This form of attack takes advantage of network resource capacity restrictions, such as the infrastructure that supports a company's website. The DDOS attack will flood the targeting web resource with requests in order to overwhelm the website's capability to handle numerous requests and prohibit it from functioning correctly.
- Man-in-the-Middle Attack:
Three players are required for a man-in-the-middle attack. The victim, the entity with which the victim is attempting to communicate, and the "man in the middle" who is intercepting the victim's conversations. The fact that the victim is unaware of the man in the middle is crucial to the scenario. The man in the middle (MITM) sent you the email, trying to make it look legitimate. (Phishing is used in this approach to get you to click on an email that appears to come from your bank.) He also built a website that appears exactly like your bank’s website, so you won't hesitate to enter your login details after clicking the email's link. However, you are passing up your credentials to the attacker rather than logging into your bank account.
- Sniffing Attack:
The technique of illegally capturing and decoding data packets that transit over a network is known as a sniffing attack. This type of attack is typically used to steal bank account information, login credentials, and perform identity theft. Sniffing is a typical network troubleshooting or analysis technique used by system administrators. Hackers take advantage of this technology to launch cyber-attacks. Active and passive sniffing are the two types of sniffing.
- Active sniffing comprises flooding the switch content address memory (CAM) table with address resolution protocols (ARPs). As a result, authorized traffic will be redirected to other ports, allowing the attacker to sniff traffic from the switch.
- Spoofing attacks, DHCP attacks, and DNS poisoning are examples of active sniffing tactics.
- Passive sniffing includes mainly listening and is typically used in networks with hubs. The traffic is visible to all hosts in this form of network.
- Spoofing Attack:
Spoofing is the act of faking a communication or identity so that it appears to come from a legitimate, trustworthy source. Spoofing attacks can take a variety of forms, ranging from basic email spoofing attacks used in phishing operations to caller ID spoofing attacks used to commit fraud. Threat actors may aim for more technical aspects of an infected system, such as an IP address, Domain controller, or Address Determination, as part of a spoofing.
Tools Used in Network and Perimeter Hacking:
Any hacking operation must include network reconnaissance. Any knowledge a hacker can get about the target environment can aid in the discovery of prospective attack vectors and the targeting of exploits to potential flaws. A hacker can increase the amount of information obtained while lowering their chances of being detected by combining passive and active reconnaissance tools and tactics.
Wireshark is a packet sniffer utility that catches data sent over a connection, or from your machine to your house or the web. In a typical Ethernet network, a discrete unit of data is referred to as a packet. Wireshark monitors a communication link in actual time and then extracts entire streams of data - possibly huge numbers of frames at a period. It allows you to go straight into the center of a network packet. It also lets you see full chats and network feeds in real-time.
It's a Linux command-line utility that scans a network for IP addresses and ports, as well as detects installed software. Nmap enables system managers to see what people have access to their connection, detect open servers and ports, and test for security flaws. Zenmap is the name of Nmap's GUI. It supports the design of network visual mappings for improved usability and reporting.
Ettercap is a tool that analyses network data as it passes via a computer interface, but it also has other features. The tool allows you to use "Man in the Middle" attacks to force another machine to send packets to you rather than the router. With Ettercap, you can assess your network's security and see how vulnerable it is to this form of attack, as well as analyze and change traffic from several machines on the fly.
Hping is a TCP/IP packet generator and analyzer that is available for free. It can do more than just issue a simple ICMP echo request, which is what ping is normally used for. Hping can be used to deliver massive amounts of TCP traffic to a target while spoofing the source IP address to make it appear random or even come from a user-defined source.
How to Prevent Network Attacks:
- Make sure all of your software is up to date:
The updates are very critical to the health of your network. Ensure that each of your programs, from anti-virus to Linux distributions, is constantly updated. When a new version of software is released, it usually contains patches to address security flaws It can take quite a long time to manually install updates. Use fully automated OS updates for as many applications as possible.
- Strengthen access control:
Controlling access is an important part of security. Due to a lack of network access, your information assets are vulnerable to unauthorized access. To increase security measures, use a rigorous passcode lock. Use a combination of upper or lowercase symbols, digits, asterisks and hyphens. Develop a routine to change all default credentials as well. As an end of the process, create a good access control mechanism.
- Take Network Security Measures:
It is critical to safeguard your network. Set up a firewall to keep your network and its traffic safety and ensure that suitable access controls are in place. IDS/IPS can be utilized to monitor possible frame floods. Segment your network and make use of a virtual private network (VPN) Carry out regular maintenance to prevent network security attacks.
- Create a software standard
You can secure your network secure by standardizing technology. Make sure that clients can't install applications on the machine unless they have authorization. A big security risk is not verifying what server is running on your system. Ensure that all computers are using the same software. Modifications are also made easier as a consequence of standardization.