4. Devices and Testing Flashcards
MDM (Mobile Device Management Solution)
Set of tools and features that allow an organization to centrally manage its devices under a single system
How do you stop jailbreaking?
You can attach it to an external management solution, which installs its own apps to provide additional security
Vulnerability Assessment Tool Exs (2)
Qualys
Nessus
Mapping Environments
Shows what devices are present in the network by interrogating every IP address in the network
Ex tool: Nmap
Active discovery of new hosts
Goes IP by IP and interrogates each to see whether anything responds
Passive discovery/scanning of new hosts
Placing a device at a network choke point, such as routers or switches, to eavesdrop on traffic flowing through the infrastructure
Unauthenticated scans
Don’t require credentials for the host you’re scanning or any access other than network connectivity to the host in question
Authenticated scans
Uses valid credentials, generally admin
Container
Entirely self contained and ready to run virtual instance designed to allow easy scaling up/down of portions of the environment seeing variable levels of load
Penetration Testing AKAs (2)
Pentesting
Ethical Hacking
Penetration testing steps (5)
↓ Scoping - Rules of engagement (BEFORE)
↓ Recon - Research before attack attempt
↓ Discovery - Run vulnerability
assessments (ACTIVE)
↓ Exploitation - Attack vulnerabilities
(ACTIVE)
↓ Reporting - Document (AFTER)
Black box testing
Tester has no knowledge of the environment other than the testing scope
White box testing
Gives tester all info about the environment - More thorough
Grey box testing
Some info given to the tester - More common penetration testing
Internal vs. External penetration tests
Kinds of access the tester is granted
What kind of person/team is conducting the test
