CREST CPSA - Appendix B: Core Technical Skills

B2 (3) What is 10/100/1000baseT?

10/100/1000baseT is a standard for Ethernet networks that defines the speed of data transfer. 10baseT supports a data transfer rate of 10Mbps, 100baseT supports a data transfer rate of 100Mbps and 1000baseT supports a data transfer rate of 1Gbps.

B1 IP Protocols

B1 IP Protocols

B2 Network Architectures

B2 Network Architectures

B4 Network Mapping & Target Identification

B4 Network Mapping & Target Identification

B1 (5) Why is it important to be aware that other IP protocols exist?

Being aware that other IP protocols exist is important because it allows for a deeper understanding of how networks operate and how different protocols interact with each other. It also allows for more effective troubleshooting and diagnosis of network issues, as well as the ability to identify and address security vulnerabilities. Additionally, new protocols are being developed and introduced, being aware of them can help to future-proof the security of the network.

B2 (2) What is CAT 5 / Fibre?

CAT 5 (Category 5) and Fibre are types of cables used to connect devices on a network. CAT 5 cables are copper cables that support Ethernet and Fast Ethernet (10/100Mbps) networks, while Fibre optic cables are glass or plastic cables that support high-speed data transfer over longer distances.

B4 (4) What are the potential for false negatives during network sweeping?

False negatives are a potential issue during network sweeping because they occur when an active system or open port is not detected by the scanning tools. This can happen due to a variety of reasons, such as network filtering or security measures that are in place to evade detection. To mitigate this, penetration testers should use a combination of different scanning techniques and tools, as well as manual verification, to ensure that all active systems and open ports are identified.

B1 (4) What is ICMP?

ICMP (Internet Control Message Protocol) is a network-layer protocol that is used to send error messages and operational information about network conditions. It is used to diagnose and troubleshoot network issues, such as network congestion and errors in IP addresses.

B1 (1) What are IP protocols?

IP protocols are the set of rules and standards that govern the communication of data over a network using the Internet Protocol. The most commonly used IP protocols include IPv4 and IPv6, TCP, UDP and ICMP.

B1 (2) What is IPv4 and IPv6?

IPv4 is the fourth version of the Internet Protocol, it provides a unique 32-bit address to identify a device on a network. IPv6 is the sixth version of the Internet Protocol, it provides a unique 128-bit address to identify a device on a network, it also includes additional features and capabilities than IPv4.

B4 (6) What should we look out for in the output of the tools used to map the route between the engagement point and a number of targets?

In the output of the tools used to map the route between the engagement point and a number of targets, we should look out for the IP addresses of the devices and routers along the path, the hops taken to reach the target and the round trip time. This information can be used to identify potential vulnerabilities and attack vectors along the route, such as misconfigured devices or outdated software versions.

B4 (2) What are network sweeping techniques?

Network sweeping techniques are methods used to systematically scan a network to identify active systems, open ports, and other information that can be used to prioritize a target list. Common network sweeping techniques include ping sweeps, port scans, and vulnerability scans.

B4 (3) Why is it important to prioritize a target list?

Prioritizing a target list is important because it allows penetration testers to focus their efforts on the most critical systems and vulnerabilities, rather than wasting time and resources on less important targets. This can also help to ensure that the most critical vulnerabilities are identified and addressed first.

B2 (6) What are the security implications of shared media, switched media and VLANs?

Shared media networks, such as Ethernet networks, allow all devices to access the same communication channel, making it easy for attackers to intercept and read data. Switched media networks, such as Token ring, can provide a higher level of security by isolating devices on the network into different segments and limiting access to the communication channel. VLANs (Virtual Local Area Networks) is a technology that allows to segment a physical network into multiple virtual networks, providing an additional layer of security and isolation. However, VLANs can also be misconfigured, which can lead to security vulnerabilities.

B1 (3) What is TCP and UDP?

TCP (Transmission Control Protocol) is a transport layer protocol that provides a reliable, ordered delivery of data over a network. It establishes a connection between two devices before transmitting data and ensures that all data is received correctly. UDP (User Datagram Protocol) is also a transport layer protocol but it does not establish a connection before transmitting data and does not guarantee the delivery of data.

B4 (1) What is the analysis of output from tools used to map the route between the engagement point and a number of targets?

The analysis of output from tools used to map the route between the engagement point and a number of targets is the process of reviewing the results of network mapping and enumeration tools, such as traceroute and ping sweep, to identify the path that data travels between the engagement point and the target systems. This information can be used to identify potential vulnerabilities and attack vectors along the route.

B2 (4) What is Token ring?

Token ring is a type of local area network (LAN) that uses a token to control access to the network. The token is passed around the network from device to device, allowing each device to transmit data when it receives the token.

B4 (5) What tools are used to map the route between the engagement point and a number of targets?

Tools that can be used to map the route between the engagement point and a number of targets include traceroute, tracepath, tcptraceroute and mtr. These tools send packets to a target and trace the path that the packets take to reach the target. This allows for identifying the path that data travels between the engagement point and the target systems, and the devices and routers along the way.

B2 (1) What are the varying network types that could be encountered during a penetration test?

Varying network types that could be encountered during a penetration test include CAT 5 / Fibre, 10/100/1000baseT, Token ring, and Wireless (802.11).

B1 (6) What are the all the other IP protocols that are important for a penetration tester to be aware of?

While IPv4, IPv6, TCP, UDP, and ICMP are the most commonly used IP protocols, there are other IP protocols that are important for a penetration tester to be aware of, including: 1.) ARP (Address Resolution Protocol) - a protocol used to map an IP address to a physical (MAC) address on a local network. 2.) DNS (Domain Name System) - a system used to map domain names (e.g. www.google.com) to IP addresses. 3.) FTP (File Transfer Protocol) - a protocol used to transfer files between computers on a network. 4.) HTTP (Hypertext Transfer Protocol) - a protocol used to transfer data over the web. 5.) HTTPS (HTTP Secure) - an extension of HTTP that provides an encrypted connection between a web browser and a server. 6.) SMTP (Simple Mail Transfer Protocol) - a protocol used to transfer email messages between servers. 7.) SSH (Secure Shell) - a protocol used to securely access and manage remote systems. 8.) SNMP (Simple Network Management Protocol) - a protocol used to manage and monitor network devices. 9.) VPN (Virtual Private Network) - a protocol used to create a secure, encrypted connection between two devices over a public network. Penetration testers should be familiar with these protocols and understand how they work, as well as the potential vulnerabilities associated with them, in order to effectively identify and exploit weaknesses in a target network.

B2 (5) What is Wireless (802.11

Wireless (802.11) is a standard for wireless local area networks (WLANs) that defines the protocol for communication between wireless devices on a network. It includes different specifications, such as 802.11a, 802.11b, 802.11g, 802.11n and 802.11ac, which define the transfer rate, range and frequency.