Risk Management Tools Flashcards
1
Q
Quantitative Risk Assessment Equation
A
Quantitative Risk Assessment Equation
Annual Loss Expectancy (ALE) = Single Loss Expectancy (SLE) x Annual Rate of Occurrence (ARO)
2
Q
Ping Scan
A
Ping Scan
- Network scanning method
- Send ICMP pings to range of IP addresses
3
Q
ARP Ping Scan
A
ARP Ping Scan
- Network scanning method
- A host receiving an ARP packet with its IP address responds with MAC address
- If host responds, scanner learns host is operational with that IP address
4
Q
SYN Stealth Scan
A
SYN Stealth Scan
- Network scanning method
- TCP three-way handshake
- Send SYN to each IP address
- If host responds, scanner learns host is operational with that IP address
- Sends RST to close connection instead of ACK
5
Q
Port Scan
A
Port Scan
- Network scanning method
- Check open ports
- Identifies protocols running
6
Q
Service Scan
A
Service Scan
- Network scanning method
- Like port scan, but verifies protocols/services
- Ie, if port 80 open, send HTTP command
7
Q
OS Detection
A
OS Detection
- Network scanning method
- TCP/IP fingerprinting
- Analyze packets from IP address to identify OS
8
Q
Network Mapping
A
Network Mapping
- Network scanning method
- Discover devices and how connected
- Graphical representation
9
Q
Wireless Scanners
-Two types
A
Wireless Scanners
- Network scanning method
- Passive: Listen to traffic broadcast on known channels to detect SSID, MAC, signal strength, channels, security
- Active: Scanner/cracker - sends queries to APs, crack passwords, WPS attack
10
Q
Rogue System Detection
A
Rogue System Detection
- Network scanning method
- Detect rogue APs, unknown SSIDs
11
Q
Banner Grabbing
-Tools
A
Banner Grabbing
- Network scanning method
- Get info on server OS and apps from HTTP, FTP, SMTP banners
- Netcat
- telnet
- Nmap
12
Q
Vulnerability Scan
A
Vulnerability Scan
- Identify systems susceptible to attack
- Passively test security controls
- Identify misconfigurations (DB of known vulns: open ports, weak passwords, default accounts and passwords, sensitive data)
- Do not actively exploit -> no impact on system
- Identify lack of security controls (old patches, no antivirus)
13
Q
Configuration Compliance Scanner
A
Configuration Compliance Scanner
- File identifies proper config
- Verifies system has same config
- Credentialed scan
14
Q
Penetration Testing
A
Penetration Testing
- Actively assess security controls
- Determine extent of damage attacker could inflict
- Test how org will respond
- Can disrupt operations and cause system instability
- Must define boundaries of test
15
Q
Penetration Testing Activities
A
Penetration Testing Activities
- Passive recon - info from open-source (social media, websites, whois, DNS queries, passive wifi recon (SSIDs). Not illegal. Does not send info to targets and analyze responses
- Active recon - Use tools to send info and analyze responses. Network scanners (Nmap, Nessus) and vulnerability scanners. Illegal. Can identify IP addresses, active ports/services, OS’s
- Escalation of privilege - gain access to low-level accounts; increase privileges. APTs use RATs
- Pivot - Use exploited system to target other systems. Use tools to gain additional info: user password databases, email, info on other computers
- Persistence - Backdoor: alternate accounts that can be accessed remotely; install/modify services to connect, like ssh