1.0 Identify Flashcards
Active
Active fingerprinting is performed with a scanning tool that sends specifically crafted packets and examines their responses to determine the operating system version and service-related information
Passive
Passive fingerprinting attempts to learn more about a targeted service without the targeted service without the target knowing it. A form of packet sniffing.
Nessus
Tenable Nessus is a comprehensive vulnerability scanner that provides high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis
Nmap
Nmap can help a pen tester by scanning the status of network ports, enumerating the host information like its operating system, and identifying the IP address of all active hosts on a network
Switch Port analyzer (SPAN) ports
SPAN is an approach in which a network appliance (switch or router) takes the network packets that flow to and from one main port (or VLAN) on the device, then copies those packets to another port (mirror port). The mirror port then forwards the copied packets to the network monitoring system.
Test access point (TAP) devices
TAP is not a port on an existing device, but a dedicated device itself. The TAP device sits between network appliances, often between a switch and router, and forwards both incoming and outgoing packets between those appliances to a security monitoring system. Packets are also copied to separate monitoring ports on the TAP device (one for incoming traffic, one for outgoing).
service-level agreements (SLAs)
Clearly defines what services are to be provided to the client, and what support, if any, will be provided.
Common Vulnerability Scoring System (CVSS)
A risk management approach to quantifying vulnerability data and then taking into account the severity of harm to different types of systems or information
Common Vulnerabilities and Exposures (CVE)
A database of software-related vulnerabilities. Maintained by the MITRE Corporation
Common Weakness Enumeration (CWE)
Sponsored by MITRE, provides a catalog of software weaknesses and vulnerabilities, with the goal of reducing security-related software flaws and creating automated tools to identify, correct, and prevent such flaws
Common Attack Pattern Enumeration and Classification (CAPEC)
A database that classifies specific attack patterns. Maintained by the MITRE Corporation
Threat Modeling
The process of identifying and assessing the possible attack vectors that target systems.
1. Identify security objectives and requirements
2. Identify the architecture of the target system, including its components, roles, services, and dependencies
3.Decompose the system further to identify how it functions and how those functions can be vulnerable
4. Identify know threats to the target system
5. Determine ways to mitigate these threats
Network topology and architecture information
Collect artifacts and evidence based on volatility level
Assets and underlying risks
Data collection
Data analysis and e-discovery
Threat targets
Individuals
Non-profit associations
Corporations
Governments
Critical Infrastructure
Systems
Mobile
IOT
SCADA
ICS
PLC
Threat actors
