Software Security Tools 2.2 Flashcards
Passive Tools
Passive security is observing packets and learning. Observing frequent talkers, servers, clients, apps, OS’s, services.
Active Tools
Sending traffic to a device and observing the results. Query a login page, try a known vulnerability, actively checking for vulnerabilities.
Protocol Analyzer
Helps solve complex issues by getting details. Gathers packets on the wired network or wirelessly. Sometimes the ability to capture the packets are built into the device. Views traffic patterns and identifies unknown or unusual traffic. Stores large amounts of data to create big data analytics.
Network Scanners
Commonly used to determine what services or OS are running on a remote device. These are commonly told to scan a range of IP addresses in order to find what’s out there. It can then visually map the network based on what it’s found.
Wireless Scanners and Crackers
You need tools to find out what kind of traffic is traversing your wireless network. You also need tools to see if your wireless access points are vulnerable to attacks. Additional tools to see if it easy to crack a password on your network.
Password Crackers
Passwords are stored as hashes in most cases. You can turn a pass and turn it into a hash but no way to take a hash and turn it back into a pass. If a hash is stored without and protection such as salting or using a weak hashing algorithm, these hash’s can be brute forced or compared with rainbow tables.
Vulnerability Scanners
Used to check if you are up to date on security patches. Minimally invasive unlike a penetration test. Gathers as much info as possible and sort information out later.
Configuration Compliance Scanners
Does your device meet minimum security configs? Helpful if you need to comply with internal requirements ore industry regulations. Checks devices for detailed information about your OS versions, installed apps, network setting, anti-virus settings and versions, server configs, etc. Information about all devices are stored on a database and its able to detect if a certain login is coming from a new or updated device.
Exploit Framework
Attackers keep blueprints of previously used or commonly used exploits. They take the blueprint, add code and test the waters. For example, RouterSploit is a router exploitation framework.
Data Sanitization Tools
Generally if you overwrite the data on a hard drive, its gone forever. There is software to assist with ensuring this occurs.
Steganography Tools
Finding an invisible message concealed into an image. Data can also be hidden in network packets.
Honeypots
Traps designed to entice attackers to waste time. The honeypots can be very elaborate such as creating a large server farm that exists only in a virtual world. Bad guys are aware of these and actively try to avoid them.
Backup Tools
Real-time file sync, hourly backups, full complete backups. Make sure every device is covered.
Banner Grabbing
Applications provide information about themselves when you first connect to it. Some give too much information. They sometimes give information about the server they are running on. This data can be captured and used for intel.