• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

60 Cards in this Set

  • Front
  • Back
The footprinting (profiling) hacking step.
1st hacking step: The gathering of information that is publicly available. DNS servers are common targets because they can provide a detailed map of an organization's entire network infrastructure.
The scanning hacking step.
2nd hacking step: Scanning an organization's infrastructure to see where vulnerabilities might lie. May use network mapping tools such as Nmap or perform a ping sweep to determine which host IP addresses in the companies IP range are active. Will scan to see what services are listening on what ports and determine the OSs and manufactures of each system.
The enumerating hacking step.
3rd hacking step: The attacker tries gaining access to resources or other information, such as users, groups, and shares. Any method can be used to gain access at this stage.
The attacking hacking step.
4th (last) hacking step: The hacker acts to cause damage or service disruption, or to steal or destroy sensitive information using various hacking tools.
Network Mapper
Tools used to explore and gather network layout information from a network. Can illustrate the physical connectivity of networks, provide detailed information on hardware, services, and traffic paths.
Vulnerability Assessment
Identifies weaknesses within a system but does not test the security features of that system.
Penetration Test
Simulates an attack on a system, real damage can be caused from the security breach.
Open Vulnerability and Assessment Language. A security initiative that collects information on attacks and shares that information with the public to make scanning software better.
Open Source Security Testing Methodology Manual. Open-source, vendor-neutral manual that provides a methodology for a security audit. Similar to OVAL, OSSTMM is a little controversial as not everyone agrees that standardization is an attainable goal.
What type of tools are the following: MBSA, Nessus, SAINT, ISS Internet Scanner, NMap, Security Analyzer, LANGuard, Cybercop, Strobe.
Vulnerability scanning tools.
What type of tools are the following: Microsoft Port Reporter, Superscan, ShieldsUP!, NMap, Netcat, pinger.
Port scanning tools.
What type of tools are the following: Crack, John the Ripper, Pandora, Snadboy's Revelation, Pwdump, Ophcrack.
Password scanning and cracking tools.
What type of tools are the following: UDPFlood, GetAdmin.
Exploits, trojan horses, and other "stress tester" tools.
What type of tools are the following: BackOfficerFriendly, ISS Internet Scanner, ISS System Scanner, Snort, IDSCenter, Fport, ZoneAlarm.
Intrusion detection tools.
What type of tools are the following: Webmin, Tripwire, Bastille, PuTTY, HiSecWeb.
Network and security administration tools.
What type of tools are the following: NetScout, dSniff, Wireshark, OmniPeek, Ettercap, Microsoft Network Monitor, TCPDump, WinDump, Visual Route, Wireshark.
Protocol analyzers and packet sniffer tools.
Port range: 0 to 1,023.
Well-known ports preassigned and used consistently by all systems on the internet.
Port range: 1,024 to 49,151.
Registered ports available to assign to individual protocols and processes.
Port range: 49,152 to 65,535.
Dynamic or private ports assigned by OSs on an as-needed basis.
Internet Assigned Numbers Authority. Manages the registration of well-known ports, and also lists registered ports as a convenience.
Port 7
echo. Echo service.
Port 19
chargen. Character generator service.
Port 20
ftp-data. FTP data.
Port 21
ftp. FTP control.
Port 23
telnet. Telnet service.
Port 25
SMTP. Simple Mail Transfer Protocol for email services.
Port 42
nameserver. Host name server used for WINS replication.
Port 53
DNS. DNS server.
Port 80
http. Hypertext Transfer Protocol (HTTP).
Port 88
Kerberos. Kerberos protocol.
Port 110
POP3. Post Office Protocol 3 for email services.
Port 119
NNTP. Newsgroups.
Port 135
loc-srv/epmap. RPC port mapper for initiating communications.
Port 137
NETBIOS-NS. NetBIOS name service.
Port 138
NETBIOS-DGM. NetBIOS broadcasting.
Port 139
NETBIOS-SSN. NetBIOS Session service.
Port 143
IMAP. Internet Message Access Protocol for email services.
Port 389
ldap. Lightweight Directory Access Protocol for directory services.
Port 443
https. HTTP over SSL. Establish a web connection using the 40-bit RC4 encryption protocol.
Port 445
MS-DS. Microsoft-DS port.
Port 464
kpassword. For Kerberos authentication.
Port 500
isakmp. ISKMP/Oakley key exchange protocol.
Port 563
nntps. NNTP over SSL.
Port 636
ldaps. LDAP over SSL.
Port 995
POP3s. POP3 over SSL.
Port 1701
L2TP. Layer 2 Tunneling Protocol.
Port 1723
PPTP. Point-to-Point Tunneling Protocol.
Behavior-based monitoring
Initially report all traffic as a threat. Over time they learn which traffic is allowed and which is not with the assistance of an administrator. Identifies abnormal sequences.
Signature-based monitoring
Uses a predefined set of rules provided by a software vendor to identify traffic that is unacceptable.
Anomaly-based monitoring
Uses a database of unacceptable traffic patterns identified by analyzing traffic flows. Creates a performance baseline of acceptable traffic flows during their implementation process.
What are the following tools used for: Nessus, GFI LANguard, Core Impact, Retina, X-scan, ISS Internet Scanner, MBSA, Immunity Canvas, Metasploit.
Windows-based network monitoring utilities.
What are the following tools used for: Nessus, Sara, SAINT, EtherApe, Nagios.
Unix-based network monitoring utilities.
Network-based IDS. Uses passive hardware sensors to monitor traffic on a specific segment of the network. Cannot analyze encrypted packets but can sniff traffic and send alerts about anomalies or concerns.
Host-based IDS. Uses software installed on a specific host. Can analyze encrypted data if it is decrypted before reaching the target host. Uses the resources of the host which can slow down processing time.
Application-based IDS
Expensive to implement but may be used in conjunction with another IDS to add another layer of protection to a critical application, such as a customer database.
Passive IDS
Detects security breaches, logs the activity, and alerts security personnel.
Active IDS
Same as passive but blocks the suspicious activity. Intrusion prevention system.
Intrusion Prevention System or Network Intrusion Prevention System is an inline security device that monitors suspicious network and/or system traffic and reacts in real-time to block it. Similar to a firewall but is smart enough to filter the traffic before blocking it.
Security tool that lures attackers away from legitimate network resources while tracking their activities. Appear to act as a legitimate component of the network but are actually secure lockboxes where security professionals can block the intrusion and begin logging activity for use in court or even launch a counterattack. Can be software emulation programs, hardware decoys, or an entire dummy network.
Ports 161 and 162
SNMP. Simple Network Management Protocol.