Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ SY0-501 by Glen E. Clarke > Ch18 - 18.02 - Performing a Security Assessment > Flashcards

Ch18 - 18.02 - Performing a Security Assessment Flashcards

1
Q

Open Vulnerability and Assessment Language (OVAL)

A

Open Vulnerability and Assessment Language is an
international standard for assessing vulnerabilities to a system. OVAL has three stages to the assessment: represent system information, assess vulnerabilities, and report on the vulnerabilities.

Learn more about OVAL from http://oval.mitre.org/about/index.html.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Operationally Critical Threat, Asset, and Vulnerability

Evaluation (OCTAVE)

A

Operationally Critical Threat, Asset, and Vulnerability
Evaluation is a self-directed security assessment methodology. “Selfdirected” means that an organization chooses a team from its own employees to do the security assessment. OCTAVE has four phases:
(1) Develop risk management criteria consistent with the goals of the business,
(2) Create a profile for each information asset that identifies the security requirements,
(3) Identify threats to each of those assets, and
(4) Identify and analyze risks and begin mitigation approaches.

Learn more about OCTAVE at www.cert.org/octave/.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Open Web Application Security Project (OWASP)

A

Open Web Application Security Project is a project that
standardizes web application security-testing procedures. You can learn more about OWASP from www.owasp.org/index.php. They have some great guides published on web application testing and code review.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Pivoting

A

Before looking at the hacking process, which many pen-testers follow, you should be aware of the term pivot, or pivoting, in the context of penetration testing. Pivoting is when the tester compromises a server, such as a web server, and then uses that system to gain access to other systems on the network being attacked. It is important to note that penetration testing is a long-drawn-out process, like hacking, and may take time before the final system is attacked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Hacking Process

A
  1. Profiling
  2. Scanning and Enumeration
  3. Gaining Access/Initial Exploitation
  4. Maintaining Access/Persistence
  5. Covering Tracks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Hacking Process - 1. Profiling (Reconnaissance) Phase

A

The first phase of the hacking process is known as the
reconnaissance phase or the profiling phase. In this phase, the hacker uses Internet resources to discover information about your organization.

Note that 85 percent of the hacking process is spent on the profiling phase and on collecting information that the hacker can use in an attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Hacking Process - 2. Scanning and Enumeration

A

After the hacker has collected the IP addresses
in the profiling phase, the hacker moves into the scanning phase. The hacker is now doing reconnaissance, but it is considered active reconnaissance because the hacker is actually sending traffic to the organization’s systems.

The goal of the scanning phase is to find out what services are running on the system by finding out the port numbers that are open on the system. Once the hacker finds out the port numbers that are open, the hacker will then do a banner grab from the system, which reports the version of the software that is running on that port. The reason the hacker wants to know the version of the software is so that they can then research how to exploit that software.

In this phase of the hacking process, the hacker may also try to enumerate the system, which means collecting more information about the system. The hacker may try to identify computer names, usernames, or even get a list of groups from the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Hacking Process - 3. Gaining Access/Initial Exploitation

A

Once the hacker knows what ports are running on the system and the version of the software that is running on those ports, they will research how to exploit that software. It is amazing how easy it is to find exploits on popular products—just go to Google and type exploit and then add the product name of what you want to exploit.

The hacker could use any attack type for the initial exploitation in order to gain access to the system, but popular methods of gaining access to a system today are buffer overflow attacks and other types of injection attacks.

Once the hacker gains access to the system, they may need to perform an escalation of privilege attack. This attack is required if the hacker compromises a system and does not have administrative access to the system. The hacker could perform a privilege escalation attack to gain administrative access. There are a number of ways that hackers could perform a privilege escalation attack; they could obtain the password hashes from the SAM database of the Windows system, for example, or perform DLL injection by loading a malicious DLL in the same address space as a process with system-level access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Hacking Process - 4. Maintaining Access/Persistence

A

Once the hacker has gained access to the
system, they want to ensure that they can get access again later. To ensure persistence, meaning that the hacker can gain access later, the hacker will plant a back door, such as creating an administrative account or planting a rootkit or Trojan virus on the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Hacking Process - 5. Covering Tracks

A

The final phase in the hacking process is to cover tracks. The hacker knows that most security professionals will implement auditing or logging features on the system and log any activity that is performed. After the hacker creates the suspicious activity, they will then find the log files on the system and either delete the files or delete the entries from the logs that deal with the hacker’s activity. It is critical that you protect the log files to ensure that no one can destroy them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A List of Some of the Common Steps in a Penetration Test:

A

The point to understanding the hacking process is that, as a penetration tester, you should follow that process so that your penetration test (pen-test) is similar to what the hacker would do to gain access. This is important to understand because a lot of security professionals may not spend time performing steps in the profiling phase, which means that you never know what your organization is exposing out on the Internet.

Steps are:

  1. Initial meeting
  2. Draft legal documents
  3. Create a pen-test plan
  4. Test pen-test plan
  5. Perform penetration test
  6. Create a report on findings
  7. Present report results
  8. Destroy any copies of the report
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Penetration Test - 1. Initial meeting

A 
Start the process by meeting with upper-level management to find out the scope of what they would like you to do. At this point, you should find out if it is OK to perform all types of testing such as a denial of service attacks, buffer overflow attacks, and
password attacks (to name a few). Also, at this point, you should reiterate that you cannot guarantee that denial of service will not happen.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Penetration Test - 2. Draft legal documents

A

After the initial meeting, see a lawyer and have a legal document drafted stating that you are allowed to do the penetration test. Be sure to have the document signed by an authorized representative of the organization you are doing the penetration test for.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Penetration Test - 3. Create a pen-test plan

A

Once you have the document signed, plan the types of attacks or testing you will perform. The purpose of building a plan is so that you are disciplined and follow a methodology in your approach and don’t just have a field-day hacking someone’s network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Penetration Test - 4. Test a pen-test plan

A

Test the tools you will use to perform the different types of attacks to ensure they work and to see if they will cause a denial of service when executed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Penetration Test - 5. Perform penetration test

A

At this point, you are at the customer’s site performing the penetration test and following your plan. Be sure to test password cracking, wireless cracking, and buffer overflow attacks. Test physical security elements and social engineering attacks against the organization as well. Be sure to document everything you do, including the start time and end time of each step.

17
Q

Penetration Test - 6. Create a report on findings

A

Once the test is complete, create a report of your findings. You do not have to include your log of all activity, but be sure to have it handy in case you have to refer to it. You should include screenshots of successful and failed attacks on the systems along with recommendations on how to improve security.

18
Q

Penetration Test - 7. Present report results

A

In this phase, you will meet with upper-level
management again to report your findings and give them a copy of the report. Ensure that you have the customer sign off on a completed assessment.

19
Q

Penetration Test - 8. Destroy any copies of the report

A

As a final step, ensure that you do not have additional copies of the assessment in either printed form or electronic form.

20
Q

Protocol Analyzer/Packet Sniffer

A

The first tool to be familiar with is a protocol analyzer, also known as a packet sniffer, or just sniffer. The purpose of a sniffer program is to passively capture traffic traveling the network in order to view or analyze that traffic. The purpose of using a sniffer when performing a security assessment is to see if you can capture sensitive information being sent on the network in clear text. If you find that passwords or other sensitive information is in the packet capture, then you should recommend that the organization encrypt network traffic.

21
Q

Network Scanners and Port Scanners

A

A very important set of tools to security testers and network administrators is a network scanner and a port scanner. A network scanner can help you map out what systems exist on the network, which is known as network mapping. Two common tools that could be used for networking mapping are nmap and Angry IP Scanner. Network mapping software can also be used to identify invalid systems that have been connected to the network. This is known as rogue system detection.

22
Q

Wireless Scanner

A

A common set of tools used on today’s
networks is a wireless scanner and a wireless cracker. A wireless scanner is a
tool that can be used to discover wireless networks within range and their characteristics. For example, with a wireless scanner you can see the SSID name, the channel, the type of encryption being used (WEP/WPA2), and the signal strength. Examples of wireless scanners are Acrylic WiFi for Windows and Kismet for Linux.

23
Q

Wireless Cracker

A

A wireless cracker is a tool used to crack the encryption key on a WEP or WPA2 protected wireless network. There are tools such as Aircrack-ng that can be used to crack the wireless encryption once enough traffic has been captured.

24
Q

Vulnerability Scanner

A

A vulnerability scanner is quite a bit different from a port scanner. The vulnerability scanner will scan the system for known vulnerabilities and then report the problems that have been found. The vulnerability scanner bases the decisions on a vulnerability database that is constantly being updated. When you do the scan, the vulnerability scanner compares the patch level and the configuration of your system(s) against the vulnerability database to see if you are not following best practices (have vulnerabilities).

25
Q

Honeypot

A

Another popular method of assessing security is to have a honeypot set up on the network. A honeypot is a system that is placed on the network to attract the hacker instead of having the hacker hack into one of
your production systems. The main goal of the honeypot is to buy yourself some time if the hacker has gained access to the network.

It is critical that you configure the honeypot like any other system and be sure to follow security best practices to harden and protect the system. Some
IT professionals feel that the honeypot should be easy to break into, but if it is too easy, the hacker will suspect it is a honeypot. You also want the honeypot to be difficult to crack into because it will take the hacker longer to break in and will give you more time to detect the intruder!

Ensure that the honeypot has a high level of auditing and logging enabled so that you can capture all the activities performed by the hacker. To protect the logs, have the logs written to a remote system and have those secured at all times.

26
Q

Honeynet

A

A honeynet is very much like a honeypot in the sense that it is designed to lure the hacker, but a honeynet is a full network of fake systems that will track the hacker’s activity.

27
Q

Banner Grabbing

A

After a port scan is performed and you determine which
ports are open, you would next determine what software opened the port so that you can plan how to exploit that software during your penetration test. To determine what software is running on each open port, you can do a banner grab, which means connecting to each port and collecting the response from the server. When you connect to a server, it typically responds with a ready message indicating the version of the software running on the system.

28
Q

Configuration Compliance Scanner

A

A configuration compliance scanner is a tool that can verify the configuration of a system or area of the system. For example, Nikto is an open-source vulnerability assessment tool for web servers that can identify misconfiguration of the web server and vulnerabilities based on a database of well-known flaws.

29
Q

Exploitation Frameworks

A

A common assessment tool for pen-testers
is exploitation frameworks, which have a number of tools to exploit flaws within different products. Common examples of exploitation frameworks are the Web Application Attack and Audit Framework (w3af) and Metasploit.

30
Q

Data Sanitization Tools

A

You can use data sanitization tools to ensure
that all data is securely erased from drives. This is an important step when disposing of drives or using drives as the target for a forensic image.

31
Q

Steganography Tools

A

Steganography tools are used to hide information inside images or other file types like MP3s.

32
Q

Backup Utilities

A

You should use backup tools to back up the state of a
system before performing a penetration test on that system. This will allow you to recover the system should something go wrong with the pen-test.

33
Q

Command-line Tools

A 
ping
netstat
tracert
nslookup/dig
arp
ipconfig/ifconfig
tcpdump
nmap
netcat
net view /domain
nbtstat
... and many more

CompTIA Security+ SY0-501 by Glen E. Clarke (48 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions