Domain 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization. Flashcards
Wireshark
Protocol Analyzer - essentially the only one people use.
look at the current traffic on a network and allow you to view that traffic and capture a copy of the traffic for later analysis. •
pwdump
used to crack Microsoft passwords
Microsoft Baseline Security Analyzer (MBSA)
Active scanner that will interact directly with the target network
Nessus
1 vulnerability scanner in the world
exploitation framework
metasploit
obfuscate
to hide
honeypot
a single server used to entice an attacker
honeynet
an entire network or section of your network used to entice an attacker
SAN stands for
Storage Area Network
iSCSI
Slowest (7Gbps) and least expensive backup transport method
FCOE
fiber channel over ethernet (10Gbps) (backup transport method)
Fiber Channel
speed greater than 16Gbps (backup transport method)
NAS
Network attached storage. A drive that appears as one drive, but is composed of multiple drives. Each user has a disk quota, or space limit on the NAS.
DAS
Direct Attached Storage. A storage device directly connected to a server or computer. (ie. The harddrives in a server)
Grandfather
Monthly full backup with Taps. Stored off site.
Father
A weekly full backup with tapes. Stored off site,
Son
A Daily incremental/differential backup. Stored on site.
Tower of Hanoi
Complicated backup scheme, just know it is a bbackup tape scheme.
Incremental backup
backs up everything that has changed since the last incremental backup. for example. Friday you did a full backup, monday gets the changes since then. Tuesdays gets the changes since monday. Wednesdays gets the changes since tuesday. etc etc
so if you have to restore on Thursday you need every days tape (full backup(friday), Mon, Tues, and Wed)
Differential Backup
backs up everything that has changed since the last FULL backup. for example: full backup Friday, Mondays backup will have anything that has changed on monday. Tuesdays will contain changes from Monday and Tuesday. Wednesdays will include Monday, Tuesday, and Wednesday. etc if you have to restore on Thursday you need only the full backup, and the night before (full backup (Friday), and Wednesday)
Ten Tape Rotation
backup scheme that is exactly what it sounds like. Used by small businesses exclusively. Stores data for two weeks. one backup tape for each week day.
Banner Grabbing
A technique used to glean information about a computer system on a network and the services running on its open ports.
The victim SHOULD KNOW you are acquiring data regarding their network.
PING
Verifies that a path exists between to devices on a network. Used to test if a device is active on the network
Microsoft - 4 replies (if you used ‘ping -t’ it will continue to ping until cancelled)
Cisco - 5 replies
Linux - keeps pinging until you stop
traceroute/tracert
Displays a list of hops between to devices on the network.
Tracert – Microsoft
Traceroute - Linux & Cisco
netstat
It displays current network connections both incoming and outgoing.
Both Microsoft and Linux
nslookup/dig
Used to perform manual DNS Queries
nslookup -Microsoft
dig - Linux
ARP
Address Resolution Protocol
ties an FQDN to an IP address.
ipconfig / ifconfig
Used to display and modify IP configuration information on your network interfaces
ipconfig - Microsoft
ifconfig - Linux
tcpdump
a common packet sniffer for Linux
nmap
An application that is used as a network mapper or port scanner.
There is a GUI version called Zenmap
what are the flags used in this command?
- nmap -O -PT -T1 192.168.1.1
Scan to detect operating system (-O)
Scan TCP (-PT)
Scan sneeky speed (-T1)
netcat
A network utility allows you to read and write to network connections using either TCP or UDP.
what are the flags used in this command?
nc -l -p 12345
nc - netcat
- l = listen
- p = port number
Which of the following tools would Matt, a security administrator, MOST likely use to analyze a malicious payload?
A. Vulnerability scanner
B. Fuzzer
C. Port scanner
D. Protocol analyzer
D. Protocol analyzer
There have been recent cases of people connecting their own personal Wireless Access Points to the corporate network. What can you deploy to identify these Rouge Aps and stop them from accessing the network?
A. IDS
B. NAC
C. WIPS
D. Protocol Analyzer
C. WIPS
Which of the following commands can be used in Linux to see what ports are being used on an interface?
A. ifconfig
B. nslookup
C. ping
D. tcpdump
D. tcpdump
Fuzzing
a method to make a system crash, using SEMI-RANDOM DATA.
Sandbox
a Test environment isolated from your production network.