(5) Active Reconnaissance, Mapping, And Discovery Flashcards
What is host enumeration used for?
Host enumeration is used to make a map of an orgs networks, systems, and other groups of systems
How is host enumeration completed?
It is completed by combining information gathering tools with manual research to ID the network and systems that orgs use.
What is used for asset discovery?
Asset discovery and discovery processes are used as part of asset management. Asset management is important because devices often get added or connected without process and authorization
it is so security professionals know what is on their network
What can active scans provide in terms of network maps?
Active scans can provide information about network design and topology. It can analyze information in the response it receives
What types of data can a pen tester use to estimate in regards to network topology?
A pen tester makes these assumptions based on Time To Live (TTL) of the packets that it gets, traceroute information, and responses from network and security devices.
Does Nmap or Zenmap discover everything about networks?
Nmap or zenmap might not discover all of the devices involved in a network. Firewalls and security devices can stop scan traffic, which means that some part of the network might be missing
What is important about performing network discovery and mapping?
When performing network discovery and mapping, it is important to spread out the systems that are discovered based on network addresses and TTL.
This helps review their relative position in the network.
What are some of the drawbacks of scanning tools?
Topology information of scanning tools is likely to have flaws and might not match actual design of the target network. Security and network devices might have differences in TTL and trace routes, causing incorrect or missing data.
Firewalls can also make devices and systems not show up on scans, providing inaccurate topology results
What variables does one need to be aware of when it comes to challenges created by security devices?
One needs to be aware of differences between wires and wireless networks, virtual networks and virtual environments, etc.
On premises vs cloud based networks need to be considered as well.