Module 5 - Active Data Gathering and Network Scans I

Question 1

Wireless Network Vulnerabilities

Answer 1

Service Set ID (SSID) (broadcast or not)
can intercept regardless

WEP - easily defeated
WPA - can be defeated

once in - inside LAN

Question 2

Tools for wireless network

Answer 2

Kismet
NetStumbler
Pineapple Router (trick people connect to rogue)

Question 3

Vulnerability Scanners

Answer 3

GFI LanGuard
Microsoft Security Baseline Analyzer
Nessus
NeXpose

Question 4

Web App Tester

Answer 4

Burp Suite
(free version - limited)
Profession - $299 per user per year

Question 5

Sniffers

Answer 5

capture network traffic
info transmitted in clear
hardware (hub, port mirroring, port spanning)
Wireshark

can sniff Fiber Optics (~$1000)

Question 6

Nessus

Answer 6

Tenable
~$1200 per year
HomeFeed is free
46,000 plugins
Server Manager and Client

Question 7

Nessus Tabs

Answer 7

Users
Policies
Scans
Reports

Question 8

Nessus Default Policies

Answer 8

External Network Scan
Internal Network Scan
Prepare for PCI DNS audits
Web App Tests

Question 9

Nessus Port Scanners

Answer 9

TCP
UDP
SYN
SNMP
Netstat SSH Scan
Netstat WMI Scan
Ping

Question 10

Nessus Policy Options

Answer 10

General
Credentials
Plugins
Preferences

Avoid Sequential Scans

Question 11

Nessus Severity levels

Answer 11

High
Medium
Low

Question 12

Nessus download options

Answer 12

.nessus
HTML
RTF

Question 13

Vulnerability Scans

Answer 13

establish connection between an open port and a vulnerable application or configuration setting behind it.

Question 14

NeXpose

Answer 14

Rapid7
Windows 2003 Server
integrates with Metasploit
Community Edition (free)
Express ($3000 per user per year)
Professional ($6999 per user per year)

Question 15

Nexpose Port

Answer 15

3780

Question 16

NeXpose Tabs

Answer 16

Home
Assets
Reports
Vulnerabilities
Administration

Question 17

NeXpose Site Configuration

Answer 17

Devices to scan
Scan Template
New Manual Scan

Question 18

NeXpose Severity Levels

Answer 18

Critical
Severe
Moderate

Question 19

MS Security Baseline Analyzer

Answer 19

Severe - Check failed (critical)
Check failed (non-critical)
Check passed