click below
click below
Normal Size Small Size show me how
ITEC-462
Hacking
Question | Answer |
---|---|
What is penetration testing? | A security professional performs an attack on a network with permission from the owner to discover vulnerabilities; penetration testers are also called ethical hackers |
What are two models of penetration testing? | • Two main penetrating tools are the white box and black box. There is also a hybrid version of the two models, which is the grey box. |
What is footprinting? | Footprinting is to find information on company’s network and is passive and nonintrusive. |
What are some footprinting tools? | Whois, Namedroppers, and Google. Five methods including: Web site searching, Email, URL, Cookies. |
what is port scanning? | a method of finding out which services a host computer offers |
What is enumeration? | The process of connecting to a system and obtaining information such as logon names, passwords, group membership, and shared resources. Process of extracting information, User names, Passwords, Shared resources |
Windows Enumeration tools? | -Backtrack Smb4K tool -DumpSec: –Produced by Foundstone, Inc. -Allows user to connect to a server and “dump”: –Permissions for shares, Permissions for printers, Permissions for the Registry, Users in column or table format,Policies, Rights, Servic |
nix enumeration tools? | Finger utility, Most popular enumeration tool for security testers, Finds out who is logged in to a *nix system, Determines who was running a process, Nessus |
Netware enumeration tools? | NetWare 5.1 –Still used on many networks -New vulnerabilities are discovered daily –Vigilantly check vendor and security sites |
Windows OS vulnerabilities? | Windows 2000 and earlier •Administrators must disable, reconfigure, or uninstall services and features –Windows XP, Vista, Server 2003, Server 2008, and Windows 7 •Most services and features are disabled by default |
Tools for identifying OS vulnerabilities? | Using more than one is advisable •Using several tools –Helps pinpoint problems more accurately |
Method for hardening windows? | Penetration tester –Finds and reports vulnerabilities •Security tester –Finds vulnerabilities –Gives recommendations for correcting them |
Linux OS vulnerabilities? | Linux can be made more secure –Awareness of vulnerabilities –Keep current on new releases and fixes Many versions are available –Differences ranging from slight to major |
Tools for identifying Linux OS vulnerabilities? | •Identify a computer on the network by using port scanning and zone transfers •Identify the OS by conducting port scanning and enumeration •Identify via enumeration any logon accounts and passwords •Learn names of shared folders by using enumeration |
What is embedded OS? | Small program developed for embedded systems •Stripped-down version of OS commonly used on general-purpose computers •Designed to be small and efficient |
Windows Embedded OS example? | Windows Embedded Standard, code-named Quebec Windows Embedded Enterprise |
Other Embedded OS example and *Nix Embedded OS? | –Monolithic OS •Used in industrial, medical, and consumer items –Supports widest variety of hardware –Allows adding features •Dynamic kernel modules•Real Time Linux (RTLinux) –OS microkernel extension –Turns “regular” Linux into an RTOS |
Vulnerabilities of Embedded OS? | •Impact of attacks have become more serious 22. –Embedded OSs are no exception 23. •Easiest way to profit from hacking 24. –Attack devices that store and dispense cash (e.g., ATMs) 25. •Involves use of card skimmers or stealing the machines |
Web application mainly types and mainly components? | •Static Web pages –Created using HTML •Same information regardless of time or user 4•Dynamic Web pages –Information varies –Need special components •Common Gateway Interface (CGI) •Active Server Pages (ASP) and PHP •ColdFusion and JavaScript |
Web application vulnerabilities? | Cross-site scripting (XSS) flaws –Injection flaws and malicious file execution –Unsecured direct object reference –Cross-site request forgery (CSRF) –Information leakage and incorrect error handling –Broken authentication and session management |
Web application vulnerabilities countermeasures? | Open Web Application Security Project (OWASP) –Finds and fights Web application vulnerabilities –Publishes Ten Most Critical Web Application Security Vulnerabilities •Built into Payment Card Industry (PCI) Data Security Standard |
How to assess the web with questions? | –Does the Web application use dynamic Web pages? –Does the Web application connect to a back-end database server? –Does the Web application require authentication of the user? –On what platform was the Web application developed? |
Web application assessing Wfetch? | •GUI tool that queries status of Web server •Multiple HTTP methods •Configuration of hostname and TCP port •HTTP 1.0 and HTTP 1.1 support •Anonymous, Basic, NTLM, Kerberos, Digest, and Negotiate authentication types |
Web application assessing Wapiti? | Web application vulnerability scanner –Uses a black box approach •Doesn’t inspect code –Inspects by searching from outside •Ways to take advantage of XSS, SQL, PHP, JSP, and file-handling vulnerabilities |
Understanding wireless network technology and standard? | •Standard –Set of rules formulated by an organization •Institute of Electrical and Electronics Engineers –Defines several standards for wireless networks •IEEE Project 802: LAN and WAN standards |
802.1X authentication method? | Defines process of authenticating and authorizing users on a WLAN –Addresses concerns with authentication –Point-to-Point Protocol (PPP) –Extensible Authentication Protocol (EAP) –Wired Equivalent Privacy (WEP) –Wi-Fi Protected Access (WPA) |