The Business Aspects of Penetration Testing

Physical Security and Social Engineering

This Chapter helps you prepare for the Certified Ethical Hacker (CEH) Exam by covering the following EC-Council objectives, which include understanding the business aspects of penetration testing. This includes items such as

Understand the role of physical security

• Physical security plays a key role in securing IT networks. Without physical controls, real security is not possible.

Know how items such as locks, alarms, and guards can be used to enhance physical security

• Locks, alarms, and guards are three potential physical security controls. Locks help deter security violations; alarms detect security violations; and guards can help prevent, deter, and detect security violations.

Define the role of biometrics in the authentication process

• Biometrics offer a strong form of authentication and make a good replacement for passwords.

Describe the different types of access controls

• Something you know, something you have, and something you are form the three basic types of access control.

Describe the principle of defense in depth

• Defense in depth is the concept that multiple layers of security are much better than one. It relies on the integration of physical, logical, technical, and administrative controls to establish multilayer, multidimensional protection.

State the primary types of perimeter controls

• Perimeter controls can include fences, gates, turnstiles, man traps, and access controls to control access to the grounds, facilities, and locations inside organizations.

Know the importance of fire prevention and detection

• Security is ultimately about the protection of employees and people. Fire prevention and detection play a critical role in their security and protection.

Describe basic social engineering techniques

• Social engineering techniques include person-to-person or human social engineering, computer-based social engineering, and reverse social engineering.