Chapter 2.2 Flashcards
Kerberos
Kerberos is the preferred method in a Windows domain using a ticket granting system to login and access resources on the network.
Zenmap
Zenmap is the GUI (Graphical User Interface) version for Nmap. Also known as Nmap Security Scanner, it uses diverse methods of host discovery.
–traceroute
Using the –traceroute switch with Zenmap, the GUI can record the path to an IP target address and present the route in a graphical view, like a map.
nmap
The basic syntax of an nmap command is to give the IP subnet (or IP address) to scan. When used without switches, it pings and sends a TCP ACK packet to ports 80 and 443 to determine whether a host is present. This is a command line view.
-sn
Nmap, by default, does a host discovery and port scan. Using a -sn switch suppresses the port scanning.
%SystemRoot%\NTDS\NTDS.DIT file
The %SystemRoot%\NTDS\NTDS.DIT file stores domain user passwords and credentials. Employees commonly use their domain credentials to login to do work and gain access to corporate information.
netstat
The netstat command allows the admin to check the state of ports on the local machine (Windows or Linux). He or she may also be able to identify suspect remote connections to services on the local host or from the host to remote IP (Internet protocol) addresses.
netcat
The netcat (or nc for short) is a remote access software that is available for both Windows and Linux. It can be used as a backdoor to other servers. Netcat (nc) is a remote access trojan (RAT) that is available for both Windows and Linux.
ipconfig
The ipconfig command only provides network adapter information such as the IP address of the server.
ip
The ip command is a replacement to the ifconfig command that is used on Linux servers. It serves the same functionality as the ipconfig command used on the Windows operating system.
Microsoft Policy Analyzer
Microsoft’s Policy Analyzer is part of the Security Compliance Toolkit (SCT). It compares scanned hosts with a template of controls and configuration settings to determine system compliance.
CVE
VEs (Common Vulnerabilities and Exposures) can be used by Nessus scanner to compare and find vulnerabilities in commonly used systems. Vulnerability scans and security compliance audits can be gathered all at once with Nessus.
ping switches
The -t switch pings the specified server name or IP (Internet protocol) address until stopped. Typing CTL+C on the keyboard will stop the pings.
The -n switch sets the number of echo requests to send. The standard send count is four. The number can be specified after the -n switch.
The -S switch, which is a capital S, is used to specify a source address to use that is different from the server that the admin is initiating the ping command from.
The -r switch records route for count hops. This is used for IPv4 addresses.
banner grabbing
Banner grabbing refers to probing a server like OS fingerprinting; however, it also involves opening random connections to common port or network protocols and gathering information from banner or error responses.
OS fingerprinting
OS (operating system) fingerprinting is a method used by Nmap to probe hosts for running OS type and version, and even application names and device type (e.g., laptop or virtual machine).