Prof Commentary Flashcards
(34 cards)
how many types of vulnerability assessment scanners are there?
2 network scanners and web application scanners
what do network scanners do
probe a network for a variety of widely known vulnerabilities. like finding open network ports. (zenmap or nmap)
what do web application scanners do
scan hosted web applications for known vulnerabilities. Since they are public facing they cannot be locked down as easily as an internal network.
zenmap
shows number of ports, number and identity of open ports, and common usage of the ports
topology report does what
Helps you to visualize your connection to the network. shows local connection(your computer) and following connections like to a home network, to a server, to a DNS server, to a website.
nessus
commercial security scanner. widely used tool. useful for large networks. reports includes open ports, open on which hosts, and any security threats to those ports.
retina
proprietary vulnerability scanner. deep-scan looking for known issues not patched in existing applications. report contains open ports, vulnerabilities, and state of environment.
saint
(system administrator’s integrated network tool) commercial vulnerability assessment tool. unix based.
network analysis or network forensics analysis
analysis of network data to reconstruct network activity over a specific period of time.
network analysis able to reveal
vulnerabilities
probing
DoS attacks
user-to-root attacks
remote-to-local attacks
what is probing
scanning to find known vulnerabilities
what is DoS
overwhelming the system with requests
what are user-to-root attacks
gains access to an ordinary user attack and exploits it to gain administrative privileges
what are remote-to-local attacks
has no user account but gains access to a network by exploiting a vulnerability.
packet capture tools
allow you to capture packets and analyze it in detail
intrusion detection systems
monitor internal hosts or networks for suspicious traffic and alert administrators at its occurrence.
data collector
appliance or software that records data on each network connection passing through the device monitoring appliance or software. can detect specific data, such as packets going to or from a specific system. typically not feasible to keep captured data for an extended period of time.
Main area for traffic collection is
inbound and outbound traffic at a DMZ or just inside the firewall.
network analysis steps
create a baseline (nmap)
capture data at specific points on the network
analyze captured data, compare to baseline review logs (data should not overwhelm analysis process so be as specific as possible during capture phase)
use results of analysis (EX. remove unnecessary services or closing open ports that represent a vulnerability.)
types of data loss/data leak prevention tools
2 types, parameter based tools or client/end point based tools (some tools combine these two types of tools)
purpose of data loss/data leak prevention tools
detect(can scan emails for large file sizes, account numbers, social security numbers) and block sensitive data from leaving a network. enforce policies across emails, file shares, databases, and stored data to prevent data leak.
stops leaks before it leaves the lan or wan network.
perimeter based data loss prevention tools
GTB inspector
palisade packetsure
fidelis XPS
Code Green Content Inspector
Microsoft information security suite?
stops leak before it leaves the client device
client based data loss prevention tools (not worth operating in soho networks)
Sophos Endpoint Security
Data Protection Software suite
RSA SLP Endpoint
main role of boundary router
protects internal network against IP address spoofing and directed IP broadcasts and passes traffic to firewall
