Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
60 Cards in this Set
- Front
- Back
|
A way to mimic the steps taken by hackers. Performed to assess strengths and weaknesses within the security protocols. Mimic the steps that an unauthorized malicious user would take. Ensure senior management is aware before performing.
|
penetration testing |
|
|
Penetration testing planning
|
1) Define the details 2) Decide on a starting point 3) Objectives 4) Assess security of the applications 5) Full penetration is it needed? or stress testing? |
|
|
Penetration testing objectives
|
2) assess security of applications 3) flaws of wireless networks 4) social engineering susceptability |
|
|
penetration tester
|
2) external - try to hack into the system (unauthorized) |
|
|
four general processes for penetration testing
|
2)bypass security controls 3)actively test security controls 4)exploit any uncovered vulnerabilities |
|
|
an event that can cause harm to the asset
|
threat |
|
|
three types of penetration testing
|
2) gray box 3) white box |
|
|
When the pen tester is given all the details of the organization including network infrastructure details
|
|
|
|
When pen testing is outsourced and the pen tester isn't given any information on the organization or the infrastructure
|
black box
|
|
|
When the pen tester is given some details about the organization and it's network infrastructure; limited by the scope of the engagement |
gray box |
|
|
3 categories of information disclosure
|
2) double-blind testing 3) targeted testing |
|
|
Organization provides tester with the name of organization and nothing more
|
|
|
|
Minimal personal are informed of penetration testing. This is useful for testing security monitoring and incident-identification procedures and processes within an organization
|
double blind testing |
|
|
Testing performed with complete knowledge of the organization's personnel. The pen tester works alongside the technical team as the results of the testing are openly discussed during the process
|
targeted test |
|
|
penetration testing best practices/approaches
|
2) enumeration 3) vulnerability analysis 4) execution 5) document finding |
|
|
Penetration best practice that focuses on the gathering and analysis of the target organization from publicly available sources
|
reconnaissance |
|
|
Process used to gather information about a target endpoint within the network infrastructure, such as web server or an administration portal by actively trying to connect to it |
enumeration |
|
|
Process that focuses on uncovering and identifying the vulnerability. No differentiation between vulnerability that can be exploited and ones that cant. This is a list of possible flaws, not verified flaws
|
Vulnerability analysis |
|
|
verifying the vulnerabilities from being a what if and possibility to an actual itemized risk that needs to be addressed by the organization depending on the risk rating, scope of vulnerability and its overall impact to the organization.
|
|
|
|
an itemized potential risk that may need to be addressed by the organization depending on the risk rating, scope of it, and it's overall impact to the organization; a flaw someone can exploit to cause harm
|
vulnerability |
|
|
only addresses these at the potential level; results can be misleading when it comes to prioritizing risk that the company needs to address by mitigation strategies
|
vulnerability assessment |
|
|
1) unpatched operating systems and programs 2) incorrectly configured firewalls 3) absence of antivirus software 4) weak passwords 5) incorrectly deployed intrusion prevention 6) intrusion detection systems |
Network vulnerabilities
|
|
|
Three main types of threats
|
2)external 3)application-level |
|
|
threat that can be malicious in nature or simply unintentional
a |
|
|
|
threat that someone accesses the organizations network resources from outside out of the network
|
external |
|
|
when an application is open to the public and are easily accessible with a username and password
|
application level threat |
|
|
Vulnerability assessment steps
|
2) examine existing controls 3) compare controls to threats 4) document inadequate controls 5) discuss solutions |
|
|
Security assessment tools
|
2) honeypots 3) honeynets |
|
|
These are used to identify potential threats and weaknesses within a network infrastructure and can be used to test all the system components from hosts through networking appliances through applications
|
vulnerability scanners |
|
|
With this tool you perform multiplatform scans including windows, MAC OS, Linux, and iOS, Android, and Windows phone devices that connect to areas such as Exchange Servers across all environments, including virtual machines and you can even analyze your network security setup and status
|
GFI LANguard |
|
|
This tool provides patch, configuration, and compliance auditing, mobile, malware, and botnet discovery, sensitive data identification, and many other features
|
Nessus vulnerability scanner |
|
|
This tool is a standalone application or as part of the Retina CS Unified Vulnerability Management platform. This tool also enables you to efficiently identify IT exposures and prioritize remediation enterprise wide.
|
Beyond Trust Retina Network Security Scanner |
|
|
This tool is the basis for network security. It provides automated vulnerability assessments for network to systems including servers, desktops, and infrastructure devices. This tool helps your organization protect critical online assets by identifying vulnerabilities and flaws in operating systems and applications which could expose you to compromise and it helps you manage your process to correct those vulnerabilities and eliminate the risk to your business
|
IBM Internet Security Systems Scanner Software (ISS) |
|
|
This tool is specifically designed to help monitor the behavior and health of the MAC system in a simple and straightforward manner and this is done in real time. It is also able to detect common problems with the MAC and OSX and will also provide useful tips to help you fix them
|
X-Scan |
|
|
This is third generation network security analysis tool that has been available and actively updated for over ten years. It operates under UNIX, Linux, MAC OSX, or Windows. It integrates with the national vulnerability database, it performs SQL injection attacks and cross-site scripting, it can support remote self-scan and API facilities and there is enterprise search module along with standalone mode and daemon mode.
|
SARA (Security Auditors Research Assistant) |
|
|
This tool can help you find and track vulnerabilities and perimeter servers and devices, web applications, and web sites, corporate networks, and even Amazon EC2 instances. Helps you prioritize and manage remediation, it can predict impact of zero-day attack and it can interactively view security posture throughout your entire network
|
|
|
|
This tool uncovers areas of weakness and recommends fixes. It can also identify vulnerabilities on network devices, operating systems, desktop applications web applications, and database just to name few. It can detect and fix possible weaknesses in your network security before they can be exploited by intruders. It can anticipate and prevent common system vulnerabilities. In addition it can also perform configuration audits with policies defined by FDCC and DISA
|
SAINT scanner |
|
|
the tool provides a streamlined method to identify missing security updates and common security misconfigurations
|
Microsoft Baseline Security Analyzer |
|
|
this tool helps validate vulnerabilities
|
exploitation tools |
|
|
three very common exploitation frameworks
|
2) Immunity's CANVAS 3) Metasploit |
|
|
The most comprehensive commercial grade penetration testing product available enabling you to conduct real world assessments across the board spectrum of risk areas, including end user security awareness training, endpoint penetration testing, mobile devices penetration testing, password and identity cracking, and validating vulnerabilities identified by scanners; this tool allows you to evaluate your security posture using the same techniques employed by today's cyber criminals
|
CORE Impact Pro
|
|
|
This tool makes available hundreds of exploits on automated exploitation system and a comprehensive reliable exploit development framework to penetration testers and security professionals worldwide
|
Immunity's CANVAS
|
|
|
This is a penetration testing software that helps verify vulnerabilities and manage security assessments
|
Metasploit |
|
|
A system that can be placed within a DMZ or a private network that is designed to lure malicious users away from production environments; it's a trap
|
honeypot
|
|
|
These are an entire network that is designed to attract attackers away from production environments.
|
honeynets
|
|
|
The ability to know and fully understand what your network should be doing as a normal day-to-day operations. Therefore anomalies occur, you will know by referring back to this. Some of the standard information that may be stored here: network diagrams, traffic content, WAN and LAN protocols, usage patterns, traffic on the network, updated logs, and statistical logs. Also documents all current hardware and cabling.
|
network baseline |
|
|
Three main log file types
|
2) event 3) system |
|
|
types of system events that are logged
|
2) warning 3) information |
|
|
These type of files need to properly updated as the network baseline is continually upgraded. Should include description of what changed, the name of the person who performed the work so the individual can be referenced in case additional info is needed. Also document the reason for the applying the change and start date and completion date.
|
Log files
|
|
|
This is used to view stored log files.
|
|
|
|
special files that record important events that have occurred on the computer system. Examples of important events include who has successfully logged on, who has not been properly authenticated, or failed attempts at logging on to the system, all the way through to when an application malfunctions and returns a specific error message. Viewing these can be used for solving a security incident or simply to troubleshoot a failed driver.
|
event logs |
|
|
Event viewer log types
|
2) security 3) setup 4) system 5) forwarded events |
|
|
stores error and information about applications running within the Windows operating system
|
|
|
|
records security events
|
Security logs |
|
|
contains a lot of the patch and update info for the system |
|
|
|
contains a lot information at a deep service and operating system level. Events to be viewed here include services that are running, stopped, or that are idle
|
system logs
|
|
|
records events to be forwarded from one host to another |
forwarded events |
|
|
These folders fall under the application and service heading logs
|
2) internet explorer 3) key management service 4) media center |
|
|
how best you wish to have the network infrastructure perform without altering the overall functionality of it, yet having a sustainable and useful security framework. Key factors: set the limit (max and min), use of performance counters and the configuration of alarms and alerts
|
network threshold
|
|
|
counters used to determine and set thresholds
|
2) memory use 3) disk space 4) CPU workload 5) page file use 6) CPU use |
