2.2 Use appropriate software tools to assess the security posture of an organization Flashcards
Protocol analyzer
Also known as a packet analyzer. Works in conjunction with a sniffer to perform TRAFFIC ANALYSIS. Decodes a frame. Can provide more detailed information on the OSI layer, protocol, function and data.
ex. Wireshark
Network Scanners
A software tool used for diagnostic and investigative purposes to find and categorize what devices are running on a network.
Rogue system detection
Using TOPOLOGY DISCOVERY as an auditing technique to build an asset database and identify non-authorized hosts.
Network mapping
A tool which performs host discovery and identifies how the host are connected together on the network.
Wireless scanners/cracker
A tool used to detect the presence of networks and report the network name (SSID), the MAC address of the access point (BSSID), the frequency band (2.4 or 5 GHZ) and the radio channel used by the network, and the security mode.
Password cracker
Software which exploits known vulnerabilities in password transmission and storage. Can perform brute force attacks and use precompilied dictionaries and rainbow tables to break naïve passwords. Works on a database of hashed passwords.
Vulnerability scanner
A computer program designed to assess computers, networks or applications for known weaknesses.
The first phase of scanning might be to run a detection scan to discover hosts on a particular IP subnet. Each scanner is configured with a database of known vulnerabilities. In the next phase of scanning, a target range of hosts is probed to detect running services, patch level, security configuration and policies, network shares, unused accounts, weak passwords, rogue access points and servers, anti-virus configuration, and so on.
The tool then compiles a report about each vulnerability in its database that was found to be present on each host. Each identified vulnerability is categorized and assigned an impact warning. Most tools also suggest current and ongoing remediation techniques. This information is highly sensitive, so use of these tools and the distribution of the reports produced should be restricted to authorized hosts and user accounts.
Configuration compliance scanner
Measure systems against best compliance practices.
Exploitation frameworks
A means of running intrusive scanning. Uses the vulnerabilities identified by a scanner and launches scripts or software to attempt to exploit selected vulnerabilities.
Data sanitization tools
Tools that ensure old data is PURGED by writing zeroes to each location on the media.
Steganography tools
(“Hidden writing”) A technique for obscuring the presence of a message. ex. watermarks
Honeypot
A computer system set up to attract attackers, with the intention of analyzing strategies and tools. Another use is to detect internal fraud, snooping and malpractice. It’s a decoy network.
Backup utilities
Full: all data
Incremental: new files and files modifies since the last backup
Differential: all data modified since the last full backup
Banner grabbing
Refers to probing a server to try to elicit a response that will identify the server application and version number or any other interesting information about the server configuration.
To avoid banner grabbing, it is possible to modify information returned.
Passive scans vs. active scans
Passive: sniffing network traffic to identify service ports and/or vulnerabilities.
Active: involves making a connection to the target host. May involve authenticating and establishing a session with the host or running an agent on the host. It’s best to schedule active scans during periods of network downtime.
