As a defender, which of these attack phases is most important to understand and be able to defend against? Why

Discussion boards are collaborative learning experiences. Therefore, students will participate in eight Discussion Board Forums. Threads must be at least 300 words integrating two biblical principles.

Our text describes phases of an attack (we will visit more specifically in module 5), and we’ll be discussing all those phases in this course. Although the phases from the text represent a generalized attack framework, any sophisticated attacker that wants to remain successful will have to follow, basically, these steps. As a defender, which of these attack phases is most important to understand and be able to defend against? Why?

You must include at least one scholarly citation. This is not a “book report”, so please use your citation to underpin your understanding of the subject matter but do not simply summarize your source. You are also not allowed to use quotations from your source, nor are you allowed to plagiarize.

The Textbook is CEH v10 Certified Ethical Hacker Study Guide

Author:

Ric Messier

(From The Text Book) Getting into a system is not the end of the road in the real world. As more organizations get a handle on the modern attack space, many talks about an attack life cycle that helps to understand what phase an attacker is in. The life cycle is primarily about knowing how to respond once the attack has been detected. It also helps to plan and prepare. One approach to the life cycle uses the following phases:

1. Initial Reconnaissance. The attacker is performing recon on the target to determine best methods of attack and what may be available at the target worth gaining access to.

2. Initial Compromise. The attacker has gained access in the organization, whether through a phishing attack or an application compromise. They are in the network.

3. Establish Foothold. The attacker will have gained access previously, but here they strengthen their position. This may come from installing a means to get back in anytime they want without having to rely on the initial compromise vector. This may also involve establishing a command-and-control mechanism.

4. Escalate Privileges. The attacker will start harvesting credentials at this point. They will also try to gain higher-level privileges where they can.

5. Internal Reconnaissance. The attacker will get the lay of the land internally and identify other systems that they may be able to compromise.

6. Move Laterally. The attacker will compromise other systems in the environment in order to acquire more systems, credentials, and data.

7. Maintain Presence. The attacker will continue to establish the means to gain access to systems in the environment.

8. Complete Mission. The attacker will take data out of the environment.