Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
60 Cards in this Set
- Front
- Back
The footprinting (profiling) hacking step.
|
1st hacking step: The gathering of information that is publicly available. DNS servers are common targets because they can provide a detailed map of an organization's entire network infrastructure.
|
|
The scanning hacking step.
|
2nd hacking step: Scanning an organization's infrastructure to see where vulnerabilities might lie. May use network mapping tools such as Nmap or perform a ping sweep to determine which host IP addresses in the companies IP range are active. Will scan to see what services are listening on what ports and determine the OSs and manufactures of each system.
|
|
The enumerating hacking step.
|
3rd hacking step: The attacker tries gaining access to resources or other information, such as users, groups, and shares. Any method can be used to gain access at this stage.
|
|
The attacking hacking step.
|
4th (last) hacking step: The hacker acts to cause damage or service disruption, or to steal or destroy sensitive information using various hacking tools.
|
|
Network Mapper
|
Tools used to explore and gather network layout information from a network. Can illustrate the physical connectivity of networks, provide detailed information on hardware, services, and traffic paths.
|
|
Vulnerability Assessment
|
Identifies weaknesses within a system but does not test the security features of that system.
|
|
Penetration Test
|
Simulates an attack on a system, real damage can be caused from the security breach.
|
|
OVAL
|
Open Vulnerability and Assessment Language. A security initiative that collects information on attacks and shares that information with the public to make scanning software better.
|
|
OSSTMM
|
Open Source Security Testing Methodology Manual. Open-source, vendor-neutral manual that provides a methodology for a security audit. Similar to OVAL, OSSTMM is a little controversial as not everyone agrees that standardization is an attainable goal.
|
|
What type of tools are the following: MBSA, Nessus, SAINT, ISS Internet Scanner, NMap, Security Analyzer, LANGuard, Cybercop, Strobe.
|
Vulnerability scanning tools.
|
|
What type of tools are the following: Microsoft Port Reporter, Superscan, ShieldsUP!, NMap, Netcat, pinger.
|
Port scanning tools.
|
|
What type of tools are the following: Crack, John the Ripper, Pandora, Snadboy's Revelation, Pwdump, Ophcrack.
|
Password scanning and cracking tools.
|
|
What type of tools are the following: UDPFlood, GetAdmin.
|
Exploits, trojan horses, and other "stress tester" tools.
|
|
What type of tools are the following: BackOfficerFriendly, ISS Internet Scanner, ISS System Scanner, Snort, IDSCenter, Fport, ZoneAlarm.
|
Intrusion detection tools.
|
|
What type of tools are the following: Webmin, Tripwire, Bastille, PuTTY, HiSecWeb.
|
Network and security administration tools.
|
|
What type of tools are the following: NetScout, dSniff, Wireshark, OmniPeek, Ettercap, Microsoft Network Monitor, TCPDump, WinDump, Visual Route, Wireshark.
|
Protocol analyzers and packet sniffer tools.
|
|
Port range: 0 to 1,023.
|
Well-known ports preassigned and used consistently by all systems on the internet.
|
|
Port range: 1,024 to 49,151.
|
Registered ports available to assign to individual protocols and processes.
|
|
Port range: 49,152 to 65,535.
|
Dynamic or private ports assigned by OSs on an as-needed basis.
|
|
IANA
|
Internet Assigned Numbers Authority. Manages the registration of well-known ports, and also lists registered ports as a convenience.
|
|
Port 7
|
echo. Echo service.
|
|
Port 19
|
chargen. Character generator service.
|
|
Port 20
|
ftp-data. FTP data.
|
|
Port 21
|
ftp. FTP control.
|
|
Port 23
|
telnet. Telnet service.
|
|
Port 25
|
SMTP. Simple Mail Transfer Protocol for email services.
|
|
Port 42
|
nameserver. Host name server used for WINS replication.
|
|
Port 53
|
DNS. DNS server.
|
|
Port 80
|
http. Hypertext Transfer Protocol (HTTP).
|
|
Port 88
|
Kerberos. Kerberos protocol.
|
|
Port 110
|
POP3. Post Office Protocol 3 for email services.
|
|
Port 119
|
NNTP. Newsgroups.
|
|
Port 135
|
loc-srv/epmap. RPC port mapper for initiating communications.
|
|
Port 137
|
NETBIOS-NS. NetBIOS name service.
|
|
Port 138
|
NETBIOS-DGM. NetBIOS broadcasting.
|
|
Port 139
|
NETBIOS-SSN. NetBIOS Session service.
|
|
Port 143
|
IMAP. Internet Message Access Protocol for email services.
|
|
Port 389
|
ldap. Lightweight Directory Access Protocol for directory services.
|
|
Port 443
|
https. HTTP over SSL. Establish a web connection using the 40-bit RC4 encryption protocol.
|
|
Port 445
|
MS-DS. Microsoft-DS port.
|
|
Port 464
|
kpassword. For Kerberos authentication.
|
|
Port 500
|
isakmp. ISKMP/Oakley key exchange protocol.
|
|
Port 563
|
nntps. NNTP over SSL.
|
|
Port 636
|
ldaps. LDAP over SSL.
|
|
Port 995
|
POP3s. POP3 over SSL.
|
|
Port 1701
|
L2TP. Layer 2 Tunneling Protocol.
|
|
Port 1723
|
PPTP. Point-to-Point Tunneling Protocol.
|
|
Behavior-based monitoring
|
Initially report all traffic as a threat. Over time they learn which traffic is allowed and which is not with the assistance of an administrator. Identifies abnormal sequences.
|
|
Signature-based monitoring
|
Uses a predefined set of rules provided by a software vendor to identify traffic that is unacceptable.
|
|
Anomaly-based monitoring
|
Uses a database of unacceptable traffic patterns identified by analyzing traffic flows. Creates a performance baseline of acceptable traffic flows during their implementation process.
|
|
What are the following tools used for: Nessus, GFI LANguard, Core Impact, Retina, X-scan, ISS Internet Scanner, MBSA, Immunity Canvas, Metasploit.
|
Windows-based network monitoring utilities.
|
|
What are the following tools used for: Nessus, Sara, SAINT, EtherApe, Nagios.
|
Unix-based network monitoring utilities.
|
|
NIDS
|
Network-based IDS. Uses passive hardware sensors to monitor traffic on a specific segment of the network. Cannot analyze encrypted packets but can sniff traffic and send alerts about anomalies or concerns.
|
|
HIDS
|
Host-based IDS. Uses software installed on a specific host. Can analyze encrypted data if it is decrypted before reaching the target host. Uses the resources of the host which can slow down processing time.
|
|
Application-based IDS
|
Expensive to implement but may be used in conjunction with another IDS to add another layer of protection to a critical application, such as a customer database.
|
|
Passive IDS
|
Detects security breaches, logs the activity, and alerts security personnel.
|
|
Active IDS
|
Same as passive but blocks the suspicious activity. Intrusion prevention system.
|
|
IPS or NIPS
|
Intrusion Prevention System or Network Intrusion Prevention System is an inline security device that monitors suspicious network and/or system traffic and reacts in real-time to block it. Similar to a firewall but is smart enough to filter the traffic before blocking it.
|
|
Honeypot
|
Security tool that lures attackers away from legitimate network resources while tracking their activities. Appear to act as a legitimate component of the network but are actually secure lockboxes where security professionals can block the intrusion and begin logging activity for use in court or even launch a counterattack. Can be software emulation programs, hardware decoys, or an entire dummy network.
|
|
Ports 161 and 162
|
SNMP. Simple Network Management Protocol.
|