More on this book
Community
Kindle Notes & Highlights
Network mapping discovers devices on the network and how they are connected with each other.
contrast, a full network scan also includes additional scans to identify open ports, running services, and OS details.
Remember this Wireless scanners can detect rogue access points on a network and sometimes crack passwords used by access points. Netcat can be used for banner grabbing to identify the operating system and some applications and services on remote servers.
Security administrators often use a vulnerability scanner to identify which systems are susceptible to attacks.
Common Vulnerabilities and Exposures (CVE)
Open ports. Open ports can signal a vulnerability, especially if administrators aren’t actively managing the services associated with these ports.
Weak passwords.
• Default accounts and passwords.
Sensitive data. Some scanners include data loss prevention (DLP) techniques to detect sensitive data sent over the network.
Security and configuration errors. Vulnerability scans can also check the system against a configuration or security baseline to identify unauthorized changes.
Remember this A vulnerability scanner can identify vulnerabilities, misconfigured systems, and the lack of security controls such as up-to-date patches. Vulnerability scans are passive and have little impact on a system during a test. In contrast, a penetration test is intrusive and can potentially compromise a system.
Remember this A false positive from a vulnerability scan indicates the scan detected a vulnerability, but the vulnerability doesn’t exist. Credentialed scans run under the context of a valid account and are typically more accurate than non-credentialed scans.
A configuration compliance scanner verifies that systems are configured correctly.
Penetration testing actively assesses deployed security controls within a system or network. It starts with passive reconnaissance, such as a vulnerability scan, but takes it a step further and tries to exploit vulnerabilities by simulating or performing an attack.
Many penetration tests include the following activities: • Passive reconnaissance • Active reconnaissance • Initial exploitation • Escalation of privilege • Pivot • Persistence
Remember this A penetration test is an active test that can assess deployed security controls and determine the impact of a threat. It starts with a vulnerability scan and then tries to exploit vulnerabilities by actually attacking or simulating an attack.
Passive reconnaissance collects information about a targeted system, network, or organization using open-source intelligence.
Active reconnaissance includes using tools to send data to systems and analyzing the responses. It
Remember this Penetration tests include both passive and active reconnaissance. Passive reconnaissance uses open-source intelligence methods, such as social media and an organization’s web site. Active reconnaissance methods use tools such as network scanners to gain information on the target.
Pivoting is the process of using various tools to gain additional information.
Remember this After exploiting a system, penetration testers use privilege escalation techniques to gain more access to target systems. Pivoting is the process of using an exploited system to target other systems.
• Black box testing. Testers have zero knowledge of the environment prior to starting a black box test.
• White box testing. Testers have full knowledge of the environment before starting a white box test.
Gray box testing. Testers have some knowledge of the environment prior to starting a gray box test.
Remember this Black box testers have zero prior knowledge of the system prior to a penetration test. White box testers have full knowledge, and gray box testers have some knowledge. Black box testers often use fuzzing.
Remember this A vulnerability scanner is passive and non-intrusive and has little impact on a system during a test. In contrast, a penetration test is active and intrusive, and can potentially compromise a system. A penetration test is more invasive than a vulnerability scan.
Metasploit Framework. Metasploit is an open source project that runs on Linux systems.
BeEF (Browser Exploitation Framework). BeEF is an open source web browser exploitation framework.
• w3af (Web Application Attack and Audit Framework). This open source framework focuses on web application vulnerabilities.
A protocol analyzer can capture and analyze packets on a network.
Port Address Translation (PAT) translates public and private IP addresses.
Remember this Administrators use a protocol analyzer to capture, display, and analyze packets sent over a network. It is useful when troubleshooting communications problems between systems. It is also useful to detect attacks that manipulate or fragment packets. A capture shows information such as the type of traffic (protocol), flags, source and destination IP addresses, and source and destination MAC addresses. The NIC must be configured to use promiscuous mode to capture all traffic.
Tcpdump is a command-line packet analyzer (or protocol analyzer). It allows you to capture packets like you can with Wireshark (mentioned in the “Sniffing with a Protocol Analyzer” section).
Nmap is a network scanner and was discussed earlier in the “Network Scanners” section.
It includes many capabilities, including identifying all the active hosts and their IP addresses in a network, the protocols and services running on each of these hosts, and the operating system of the host.
Chapter 3 discusses Netcat and how administrators often use it for remotely accessing Linux systems.
Remember this Tcpdump is a command-line protocol analyzer. It can create packet captures that can then be viewed in Wireshark. Nmap is a sophisticated network scanner that runs from the command line. Netcat can be used to remotely administer systems and also gather information on remote systems.
Remember this Logs record what happened, when it happened, where it happened, and who did it. By monitoring logs, administrators can detect event anomalies. Additionally, by reviewing logs, security personnel can create an audit trail.
A security information and event management (SIEM) system provides a centralized solution for collecting, analyzing, and managing data from multiple sources.
as write once read many (WORM).
Remember this A security information and event management (SIEM) system provides a centralized solution for collecting, analyzing, and managing data from multiple sources. It typically includes aggregation and correlation capabilities to collect and organize log data from multiple sources. It also provides continuous monitoring with automated alerts and triggers.
A permission auditing review looks at the rights and permissions assigned to users and helps ensure the principle of least privilege is enforced.
Remember this Usage auditing records user activity in logs. A usage auditing review looks at the logs to see what users are doing and it can be used to re-create an audit trail. Permission auditing reviews help ensure that users have only the access they need and no more and can detect privilege creep issues.
C.
C. $15,000
D.
D.
D.
B.
A.
