Software Tools Flashcards
What is a protocol analyzer?
AKA packet sniffer. Protocol analyzer helps troubleshoot network issues by gathering packet-level info across the network. They can identify individual protocols, specific endpoints, and sequential access attempts. Packets are captured and they can conduct protocol decoding, which turns the info into readable data for analysis.
What do port scanners do?
They scan a range of specific ports to determine what ports are open on a system. It does this by scanning a single machine or a range of IP addresses to check if there’s a response on service ports.
What is a vulnerability scanner?
It’s a software utility that scans a range of IP addresses and tests for the presence of known vulnerabilities in software configuration and accessible services.
What is banner grabbing?
It’s a technique to identify what operating system is running on a machine and the services that are running. It helps narrow the vulnerability signatures to scan for in a vulnerability scan.
What is a network mapper?
It’s a utility used to conduct network assessments over a range of IP addresses. It does this by compiling lists of all systems, devices, and network hardware present within a network segment. Info is then used to identify simple points of failure, conduct a network inventory, and create graphical details suitable for reporting on network configuration.
How can network scanners detect rogue systems?
Network scanners have sensors that listen passively to Layer 2 traffic and report newly connected network devices or system information to the policy server (it doesn’t specifically identify it as a rogue system).
What do configuration compliance scanners do?
They work as an auditing tool to verify that devices meet regulatory compliance or policy requirements. When used for vulnerability checking, they ensure devices are connected to the network and they are not missed when updates were applied.
What are honeypots?
Honeypots are systems that are configured to simulate one or more services within an organization’s network. They can identify level of aggression attention from an attack and study the attacker’s methods. It does this by logging and monitoring an attacker’s activity when they access a honeypot system. They distract attackers from valid network content in the process.
What is a honeynet?
A collection of honeypots. They create what appears to be a functional network, but it’s essentially a trap to study the attacker. Can provide an early warning of future attack attempts.
What are the steps in exploiting regarding exploitation frameworks?
Exploitation frameworks are used for penetration tests and risk assessments. Each framework has a set of exploits for known vulnerabilities that run against a host to see if it’s vulnerable to the exploit.
These are the exploitation steps:
1. Select a target system
2. Select an exploit
3. Determine if exploit might work on target system (if previous reconnaissance was done)
4. Select and configure the exploit payload
5. Select encoding method for payload so it can get through IDS
6. Run the exploit
What is a password cracker?
It is a software utility that allows direct testing of user logon password strength. Testing is done through brute force technique using dictionary terms, special lexicons, or complex guidelines.
What is steganography?
It’s the art or practice of concealing a message, image, or file within another message, image or file. Similar to a digital watermark. Can also be used to to create a substitute for a one-way hash value. Can help maintain confidentiality of valuable info, protect data from sabotage, theft or unauthorized viewing of passwords.
What are the categories of data sanitation?
Sanitation is the process of removing the contents from the device or media as fully as possible using a software tool or combo of software and firmware.
Categories of sanitation:
1. Clear: Applied through standard read and write commands
2. Purge: Physical or logical techniques, making recovery impossible
3. Destroy: Physical or logical techniques that render the device useless
