• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/30

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

30 Cards in this Set

  • Front
  • Back
What is a CAM table?
- CAM is short for Content Addressable Memory.

- When a switch 'sees' traffic on a port it makes a log of such information into its CAM table.

- This allows the switching process to send traffic directly between hosts rather than flood traffic out all ports like a simple hub.

- This increases performance and efficiency of networks allowing for greater scalability.

- LIMITATION
> The limitation is the size of the CAM table.
> If an attacker floods Ethernet frames into the switch, it is obligated to keep track of the port into which the traffic comes and the 48 Bit MAC address contained in the frame.
> Once the size of the CAM table is filled, the switch has no choice but to try to keep up and memorize the Port/MAC Address pairings which flushes out older pairings.
> Once the CAM table is filled with bogus entries the switch, in favor of failing in a shutdown condition, floods all traffic to all ports so that the network doesn't stop.

What is Nmap?
- Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing.

- Nmap is a "fingerprinting" tool.

- Nmap was designed to rapidly scan large networks, although it works fine against single hosts.

- Nmap uses raw IP packets in novel ways to determine
> what hosts are available on the network
> what services (application name and version) those hosts are offering
> what operating systems (and OS versions) they are running
> what type of packet filters/firewalls are in use
> and dozens of other characteristics

- Nmap runs on most types of computers.

- Both console and graphical versions are available.
What is Maltego?
- Maltego is a discovery tool that can be used to determine the threat picture of your environment.

- The unique perspective that Maltego offers to both network and resource based entities is the aggregation of information posted all over the internet - whether it’s the current configuration of a router poised on the edge of your network or the current whereabouts of your Vice President on his international visits, Maltego can locate, aggregate and visualize this information.

- Maltego is a program that can be used to determine the relationships and real world links between:
> People
> Groups of people (social networks)
> Companies
> Organizations
> Web sites
> Internet infrastructure such as:
~ Domains
~ DNS names
~ Netblocks
~ IP addresses
> Phrases
> Affiliations
> Documents and files

- These entities are linked using open source intelligence.
What is Netcat?
- Netcat is a computer networking service for reading from and writing to network connections using TCP or UDP.

- Netcat is designed to be a dependable "back-end" device that can be used directly or easily driven by other programs and scripts.

- At the same time, Netcat is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation you would need and has a number of built-in capabilities.

- Netcat is often referred to as a "Swiss-army knife for TCP/IP". Its list of features includes:
1. Port scanning
2. Transferring files
3. Port listening
4. Backdoor (it can be used as a backdoor)
What is Nslookup?
- Nslookup (Name System Lookup) is a tool for querying a domain name server in order to get information regarding a domain or host, and diagnosing any configuration problems that may have arisen on the DNS.

- When used without any arguments, the command nslookup displays the name and IP address of the primary domain name server, as well as a command prompt for making queries.
> Simply type the domain name at the prompt in order to display its characteristics.
> You can also request information on a host by adding its name after the command nslookup: nslookup host.name

- By default, the command nslookup queries the primary domain name server installed on the machine.

- However, it is also possible to query a particular DNS by specifying it, preceded by a minus sign, after the command: nslookup host.name -server.name

- You can also change the query mode for nslookup by using the argument set:
• set type=mx is used for getting info
What is John the Ripper?
- John the Ripper is an open-source password cracking tool. Some consider it to be the best open-source tool.

- Once a hacker gets into a system s/he will try to dump out either the SAM or capture the Unix password and shadow files.

- The hacker will download them into their local system and run them through John the Ripper.
What does a port scanner do?
- Attackers use Port Scanners to identify hosts that are alive and listening, and what their IP Addresses are.

- The scanner would also tell you the state of a port.

- Port states include:
> Open -- a service is listening
> Closed -- there is no service and the port is disabled
> Filtered -- means there are some filtering devices before you get to the port
What is Telnet?
- Telnet is an old protocol and is one of the basic utilities for TCP/IP.

- Telnet is available in Windows, UNIX, and Linux at the command line.

- Telnet runs on top of TCP/IP.

- Telnet is used for remotely logging into another computer and is the Internet standard protocol for remote login.

- Telnet is a common way to remotely control Web servers.

- Telnet is an application of choice for configuring all kinds of networking equiment, especially routers and hubs.

- Telnet does not encrypt the data that is sent back and forth. (SSH has the same functionality but DOES encrypt the data).
What is a sniffer?
- A sniffer is a program and/or device that monitors data traveling over a network.

- A sniffer can be used both for legitimate network management functions and for stealing information off a network.

- Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere.

- This makes them a favorite weapon in the hacker's arsenal.

- On TCP/IP networks, where they sniff packets, they're often called packet sniffers.
What is network scanning?
- Network Scans are used to determine which network hosts are active and a possible target for attack.

- Network scan techniques include ICMP and PING:
> ICMP scans are often used because such traffic isn't ordinarily logged by the target computers.
> Network intrusion detection sensors can 'see' this traffic and many networks and firewalls will not accept ICMP today.
> ICMP Scans are considered noisy because they are easily picked up by sensors.
> PING scans are very fast and a huge network can be footprinted in moments.
What is port scanning?
- Port scanning identifies active services on hosts.

- The differences between port scanning, vulnerability management, and penetration testing are easier to understand if you think of your network as a house:
> Port scanning is like counting the doors and windows on the house.
> Vulnerability management is like walking around the house and listing all the doors, windows and locks that are reportedly insecure based on the vendor and model information.
> Penetration testing is like trying to break into the house by picking the weak locks and smashing a window.
What is vulnerability scanning?
- Vulnerability scanning is the process of scanning systems for specific vulnerabilities but not specifically for ports.

- Tools like Nessus Vulnerability Scanner can remotely scan hosts for possible vulnerabilities.
What are the 3 types of scanning?
1. Port scan
> Port Scan is the process of learning about the specific services hosted on a computer for the purpose of determining a vulnerable service which could grant the attacker access.

2. Vulnerability scan
> Vulnerability scan is the process of scanning systems for specific vulnerabilities but not specifically for ports.
> Tools like Nessus Vulnerability Scanner can remotely scan hosts for possible vulnerabilities.

3. Network scan
> Network Scans are used to determine which network hosts are active and a possible target for attack.
> ICMP scans are often used because such traffic isn't ordinarily logged by the target computers.
> Network intrusion detection sensors can 'see' this traffic and many networks and firewalls will not accept ICMP today.
> ICMP Scans are considered noisy because they are easily picked up by sensors.
> PING scans are very fast and a huge network can be footprinted in
NetBIOS risk
At its simplest, NetBIOS on your LAN may just be a necessary evil.

NetBIOS on your WAN or over the Internet, however, is an enormous security risk.

All sorts of information, such as your domain, workgroup and system names, as well as account information is obtainable via NetBIOS.

It really is in your best interests to ensure that NetBIOS never leaves your network.

If you are using a router as your Internet gateway then you will want to ensure that it does not allow inbound or outbound traffic via TCP ports 135-139.

If you are using a Firewall then you should also block the same ports - TCP ports 135-139.
Port 25
SMTP
Port 21
FTP
Port 22
SSH (Secure Shell) - used for secure logins, file transfers (scp, sftp) and port forwarding
Port 23
Telnet protocol - unencrypted text communications
Port 53
DNS (Domain Name Server), used to resolve host names to IP addresses
Port 88
Kerberos - authenticating agent
Ports 137, 138, 139
NetBIOS over TCP/IP
Port 161
SNMP (Simple Network Management Protocol)
Port 389
LDAP (Lightweight Directory Access Protocol)
Port 443
HTTPS - HTTP over SSL (encrypted transmission)
Port 445
Microsoft-DS SMB - used for file sharing
Port 8080
HTTP Alternate (http-alt) - used when running a second web server on the same machine (the other is in port 80), for web proxy and caching server, or for running a web server as a non-root user
What is Nmap?
Nmap is active software that sends a series of special commands, each command unique to a particular operating system type and version.

For example, a Unix system will not respond to a NetBIOS type 137 request. However a computer running Microsoft Windows will answer.

The exact OS can usually be identified with only seven or eight simple service requests.

Provides clues to a system even if all other communication is encrypted.
What does the Nmap -sS scan do?
-sS refers to TCP SYN Stealth scan.

SYN scan is the default and most popular scan option for good reasons.

It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls.

It is also relatively unobtrusive and stealthy since it never completes TCP connections.

SYN scan works against any compliant TCP stack rather than depending on idiosyncrasies of specific platforms as Nmap's
FIN/NULL/Xmas, Maimon and idle scans do.

It also allows clear, reliable differentiation between the open, closed, and filtered states.

This technique is often referred to as half-open scanning, because you don't open a full TCP connection.

How it works:
> You send a SYN packet, as if you are going to open a real connection and then wait for a response.
> A SYN/ACK indicates the port is listening (open), while a RST (reset) is indicative of a non-listener.
> If no response is received after several
What is a default gateway?
A default gateway is a node (a router) on a computer network that serves as an access point to another network.

Home Use
> In homes, the gateway is usually the ISP-provided device that connects the user to the Internet.

Enterprise Use
> In enterprises the gateway is the computer that routes the traffic from a workstation to the outside network.
> In such a situation, the gateway node often acts as a proxy server and a firewall.
> The gateway is associated with both
~ a router, which uses headers and forwarding tables to determine where packets are sent
~ a switch, which provides the actual path for the packet in and out of the gateway

A default gateway is an entry point and an exit point in a network.

A default gateway is used by a host when an IP packet's destination address belongs to someplace outside the local subnet (thus requiring more than one hop of Ethernet communication).
What is a default gateway?
A default gateway is a machine that attempts to forward any IP traffic not aimed at the local subnet.

This makes it the gateway to other networks.

The gateway in a network that will be used to access another network if a gateway is not specified for use.

The IP Address of the Router, needed to send information or video from one network to another.

The Internet address used as a destination when the actual IP address is hidden behind that gateway. Generally, a default gateway is a router's IP address.

A default gateway is a node on a computer network that serves as an access point to another network.