V3nom's
  • Welcome
  • Getting Started
    • CEH v13
    • Basics of Networking
      • Network Models
        • Application Layer in OSI ->
        • Presentation Layer in OSI ->
          • Comprehensive list of character encoding formats
        • Session Layer in OSI ->
        • Transport Layer in OSI ->
        • Network Layer in OSI ->
        • Data Link Layer in OSI ->
        • Physical Layer ->
    • Arch Linux Installation Guide
    • How to add VBoxLinuxAdditions.run in Debian Based Linux Distros
    • C# Programming Language
  • Research Papers
    • Word Embedding for Anomaly Detection
    • Build your own Redis
    • Blockchain Technology
    • Interactive blocks
    • OpenAPI
    • Integrations
  • Risk Analysis & Mitigation Notes
    • Risk Analysis & Mitigation
      • Unit 1: An Introduction to Risk Management
      • Unit 2: The Threat Assessment Process
      • Unit 3: Vulnerability Issues
      • Unit 4 ( Risk Analysis & Mitigation )
      • Unit 5 ( Risk Analysis & Mitigation )
  • Ethical Hacking
    • Ethical Hacking Syllabus
      • Unit I: Introduction ( English )
      • Unit I: Introduction ( Hinglish )
      • Unit II: The Business Perspective ( English )
      • Unit II: The Business Perspective ( Hinglish )
      • Unit III: Preparing for a Hack ( English )
      • Unit III: Preparing for a Hack ( Hinglish )
      • Unit IV: Enumeration ( English )
      • Unit IV: Enumeration ( Hinglish )
      • Unit V: Deliverables ( English )
      • Unit V: Deliverables ( Hinglish )
  • .NET Framework Notes
    • .NET Framework Syllabus
      • Unit - I ( Hinglish Version )
      • Unit - I ( English - Version for exams )
      • Unit - II ( Hinglish Version - For Understanding )
      • Unit - II (English Version - for papers)
      • Unit - III ( Hinghlish Version )
      • Unit - III ( English - Version )
      • Unit - IV ( Hinglish Version )
      • Unit - IV ( English Version )
      • Unit - V ( Hinglish Version )
      • Unit - V ( English Version )
  • IOT
    • unit 1
    • unit 2
    • unit 3
    • unit 4
    • unit 5
  • AD-Hoc and Wireless Networks
    • Unit 1 ( Hinglish )
    • unit 2 Hinglish
    • All assignments answers with questions
    • Mind Maps for All Questions
    • Page
  • Distributed Systems
    • Unit 1
    • Unit 2
    • Unit 3
    • Unit 4
    • Unit 5
  • Group 1
    • 1’s and 2’s Complement
    • Direct Memory Access
    • Register Transfer Level
    • Interrupt-Based Input/Output (I/O)
    • Memory and CPU Design
    • Instruction Cycle
    • Addressing Modes
    • Pipelining
    • Three Types of Hazards
    • All Types of Differences Tables
    • Parallel Processing
    • Addition/Subtraction Conversion
    • Data Representation
    • Page 1
Powered by GitBook
On this page
  • Topic 1: Business Objectives and Security Policy
  • Topic 2: Reviewing Previous Test Results
  • Topic 3: Business Challenges in Planning a Controlled Attack
  • Topic 4: Engagement Planning
  • Topic 5: Multi-Phased Attacks and Teaming Structure
  1. Ethical Hacking
  2. Ethical Hacking Syllabus

Unit II: The Business Perspective ( Hinglish )

Topic 1: Business Objectives and Security Policy

Definition: Business objectives woh goals hote hain jo ek organization achieve karna chahti hai, jabki security policy woh rules aur procedures hain jo uske assets aur data ko protect karne ke liye banaye jate hain.

Subtopics:

  1. Business Objectives:

    • Goals jaise revenue badhana, customer satisfaction improve karna, ya market share expand karna.

    • Security measures ko business objectives ke saath align karna zaroori hai taaki business continuity ho sake.

    • Example: Ek bank ka objective secure online banking dena hai, isliye security policy customer data ko encrypt karne ka rule banati hai.

  2. Security Policy:

    • Yeh ek document hota hai jo define karta hai ki organization apne physical aur digital assets ko kaise protect karegi.

    • Access control, data protection, incident response, aur employee training ke rules include hote hain.

    • Example: Ek company ki security policy yeh ho sakti hai ki sabhi employees ko sensitive systems access karne ke liye two-factor authentication (2FA) karna pade.

  3. Security with Business Goals ka Alignment:

    • Security measures aise hone chahiye jo business objectives ko support karein bina productivity ko hinder kiye.

    • Example: Secure payment gateway implement karna jo customer transactions ko protect karein, lekin checkout process ko smooth banaye rakhe.

Mind Map/Crux Line: Business Objectives → Security Policy → Access Control, Data Protection, Incident Response → Align Security with Business Goals.

Topic 2: Reviewing Previous Test Results

Definition: Pichle security tests ke outcomes ko analyze karna taaki recurring vulnerabilities identify ho sakein aur future security measures ko improve kiya ja sake.

Subtopics:

  1. Importance of Reviewing Test Results:

    • Yeh help karta hai vulnerabilities ke patterns identify karne mein aur areas ko improve karne mein.

    • Ensure karta hai ki jo issues pichle tests mein aaye the unhe resolve kar diya gaya ho aur naye risks ko address kiya gaya ho.

    • Example: Ek company apne pichle penetration test results review karti hai aur dekhti hai ki weak passwords ek recurring issue the, toh woh stronger password policies implement karti hai.

  2. Steps to Review Test Results:

    • Pichle tests mein jo vulnerabilities identify hui thi unhe analyze karna.

    • Verify karna ki remediation efforts effective the ya nahi.

    • Findings ke basis par security policies aur procedures ko update karna.

    • Example: Test results review karne ke baad ek company dekhti hai ki outdated software ek common vulnerability thi, toh woh regular patch updates schedule karti hai.

  3. Tools for Reviewing Test Results:

    • Vulnerability Management Tools: Nessus, Qualys, OpenVAS.

    • Reporting Tools: Microsoft Excel, Tableau, ya custom dashboards.

    • Example: Nessus ka use karke ek report generate karna jo pichle identified vulnerabilities ki status show kare.

Mind Map/Crux Line: Review Test Results → Identify Patterns → Verify Remediation → Update Policies → Improve Security.

Topic 3: Business Challenges in Planning a Controlled Attack

Definition: Organizations ko controlled attacks (penetration tests) plan aur execute karte waqt kai challenges face karne padte hain taaki unki security posture assess ki ja sake.

Subtopics:

  1. Resource Constraints:

    • Limited budget, time, ya skilled personnel se penetration test ki effectiveness pe impact padta hai.

    • Example: Ek small business ko experience ethical hackers hire karne ke liye budget nahi hota, toh woh comprehensive test nahi karwa pati.

  2. Scope Definition:

    • Test ka scope define karna mushkil ho sakta hai, kyunki yeh thoroughness ko balance karta hai with minimal disruption to business operations.

    • Example: Ek company ko yeh decide karna mushkil hota hai ki uska internal network test mein include karna chahiye ya nahi, kyunki downtime ka risk hota hai.

  3. Legal and Compliance Issues:

    • Yeh ensure karna zaroori hota hai ki test laws aur regulations (jaise GDPR, HIPAA) ke saath compliant ho.

    • Example: Ek healthcare provider ko ensure karna padta hai ki penetration test patient privacy laws ko violate na kare.

  4. Stakeholder Buy-In:

    • Management aur stakeholders se support lena mushkil ho sakta hai, especially agar woh test ko risky ya unnecessary samajhte hain.

    • Example: Ek CEO penetration test ko resist karta hai kyunki usse customer services mein disruption ka dar hota hai.

Mind Map/Crux Line: Business Challenges → Resource Constraints, Scope Definition, Legal Issues, Stakeholder Buy-In → Plan Controlled Attack Effectively.

Topic 4: Engagement Planning

Definition: Penetration test ko organize aur schedule karna, jisme attack type, source point, aur required knowledge define kiye jaate hain.

Subtopics:

  1. Time Management:

    • Test ke har phase (reconnaissance, scanning, exploitation, etc.) ke liye sufficient time allocate karna.

    • Example: Ek company 2 weeks allocate karti hai ek comprehensive penetration test ke liye, jisme har phase ke liye specific deadlines hoti hain.

  2. Attack Type:

    • Yeh decide karna ki test external attack simulate karega, internal attack, ya dono.

    • Example: Ek bank external attack simulation karta hai apni public-facing website ko test karne ke liye aur internal attack simulation karta hai employee access controls ko assess karne ke liye.

  3. Source Point:

    • Yeh determine karna ki attack kis source se hoga (jaise internet, ek specific IP range, ya organization ke andar se).

    • Example: Ek company specific IP range se attack simulate karti hai taaki apne firewall rules ko test kar sake.

  4. Required Knowledge:

    • Yeh ensure karna ki ethical hacking team ke paas test ko effectively conduct karne ke liye necessary skills aur tools ho.

    • Example: Ek team Metasploit ka use karti hai exploitation ke liye aur Nessus ka use karti hai vulnerability scanning ke liye.

Mind Map/Crux Line: Engagement Planning → Time Management, Attack Type, Source Point, Required Knowledge → Organize Penetration Test.

Topic 5: Multi-Phased Attacks and Teaming Structure

Definition: Multi-phased attack mein penetration test ko stages mein divide kiya jata hai, jabki teaming structure testers ke roles aur responsibilities ko define karta hai.

Subtopics:

  1. Multi-Phased Attacks:

    • Test ko phases mein divide karna jaise reconnaissance, scanning, exploitation, aur reporting.

    • Example: Ek company reconnaissance phase conduct karti hai information gather karne ke liye, phir scanning phase karti hai vulnerabilities identify karne ke liye.

  2. Teaming Structure:

    • Roles define karna jaise lead tester, network analyst, aur report writer.

    • Example: Ek team mein lead tester hota hai jo test ko oversee karta hai, network analyst scanning perform karta hai, aur report writer findings document karta hai.

  3. Law Enforcement Involvement:

    • Kuch cases mein law enforcement bhi involved hota hai taaki test legal requirements ke saath comply kare.

    • Example: Ek government agency penetration test conduct karti hai law enforcement oversight ke saath taaki national security laws ke compliance ko ensure kiya ja sake.

Mind Map/Crux Line: Multi-Phased Attacks → Recon, Scan, Exploit, Report → Teaming Structure → Roles, Responsibilities, Law Enforcement.

PreviousUnit II: The Business Perspective ( English )NextUnit III: Preparing for a Hack ( English )

Last updated 4 months ago