Security Testing

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Network Layer

...

Port logical

...

Security Testing

...

Binary conversion

0000 = 0 ...0001 = 1 ...0010 = 2 ...0011 = 3 ....0100 = 4 ...0101 = 5 ....0110 = 6 ....0111 = 7 ....1000 = 8 .....1001 = 9 .....1010 = 10 ....1011 = 11 ...1100 = 12 ...1101 = 13 ...1110 = 14 ...1111 = 15

Short Answer: DDoS

A distributed denial-of-service (DDoS) is an attack on a host from multiple servers or computers

Virus Signature file

A file maintained by antivirus software that contains signatures of known viruses; antivirus software checks this file to determine whether a program or file on your computer is infected.

firewall

A good software or hardware firewall would most likely identify traffic that's using unfamiliar ports, but Trojan programs that use common ports, such as TCP port 80 (HTTP) or UDP port 53 (DNS), are more difficult to detect. Also, many home users and small businesses don't use software or hardware firewalls.

Botnet

A group of multiple computers, usually thousands, that behave like robots to conduct an attack on a network. The computers are called zombies because their users aren't aware their systems are being controlled by one person. See also zombies.

rootkit

AKA Back doors. are programs that give attackers a means of regaining access to the attacked computer later. A rootkit is created after an attack and usually hides itself in the OS tools, so it's almost impossible to detect. Back Orifice is still one of the most common Trojan programs used today. It allows attackers to take full control of the attacked computer, similar to the way Windows XP Remote Desktop functions, except that Back Orifice works without the user's knowledge. The program has been around since 1999, but it's now marketed as an administrative tool rather than a hacking tool

Certified Ethical Hacker

Currently, the multiple-choice CEH exam is based on 22 domains (subject areas) the tester must be familiar with. Knowledge requirements change periodically, so if you're interested in taking this exam, visit EC-Council's Web site (www.eccouncil.org) for the most upto-date information.

Short Answer: Define TCP flags

Each TCP flag occupies one bit of the TCP segment and can be set to 0 (off) or 1 (on).

TCP/IP

For computers to communicate with one another over the Internet or across an office, they must speak the same language. This language is referred to as a protocol, and the most widely used is Transmission Control Protocol/Internet Protocol (TCP/IP). No matter what medium connects workstations on a network—copper wires, fiber-optic cables, or a wireless setup— the same protocol must be running on all computers if communication is going to function correctly.

College Students eBay Hack 1999

Jerome Heckenkamp, 25. called MagicFX. installed Trojans that captured usernames and passwords that he later used to gain unauthorized access into other eBay computers

WebTV David Jeansonne

July 2002, and sent it out disguised as a tool to change the colors on MSN TV's user interface. Though the code didn't mass-mail itself to others, some of the recipients were sufficiently fooled that they forwarded it to friends, for a total of 21 victims. Known as WebTV before it was acquired by Microsoft, MSN TV works with television set-top boxes to allow users to surf the Web and send and receive e-mail without using a PC. The boxes connect to the Internet through a local dial-up number. The malicious script changed the dial-up to 9-1-1. If a victim didn't go online again after being infected, the box would summon help anyway when it tried to make an automatic daily call to the network at midnight. The code also crossmailed itself to the 18 targeted users, so it would appear in some cases to have come from someone the victim knew. Additionally, it posted victims' browser histories to a particular website, and e-mailed their hardware serial number to the free webmail account "[email protected]."

Alta Vista Laurent Chavet

Laurent Chavet, a former AltaVista employee, illegally accessed the California company's computer system in March 2002 and June 2002, after he left AltaVista and well before he went to work for Microsoft. Chavet, then living in California, copied to his home computer source code that was used by AltaVista "to perform the function of scouring the World Wide Web," according to an FBI affidavit.

OPST

OSSTMM Professional Security Tester certification is designated by the Institute for Security and Open Methodologies (ISECOM)

OSSTMM Professional Security Tester

Open Source Security Testing Methodology Manual (OSSTMM) Professional Security Tester The OSSTMM Professional Security Tester (OPST) certification is designated by the Institute for Security and Open Methodologies (ISECOM), a nonprofit organization that provides security training and certification programs for security professionals. The OPST certification uses the Open Source Security Testing Methodology Manual (OSSTMM), written by Peter Herzog, as its standardized methodology

Multiple OS's

Penetration testers and security testers usually have a laptop computer configured with multiple OSs and hacking tools

POP3

Port 110 (Post Office Protocol 3)—To retrieve e-mail from a mail server, you most likely access port 110.

Network News Transport Protocol

Port 119 (Network News Transport Protocol)—This port is used to connect to a news server for use with newsgroups

Microsoft RPC

Port 135 (Remote Procedure Call)—This port, used by Microsoft RPC, is critical for the operation of Microsoft Exchange Server as well as Active Directory, available in Windows 2000 Server and later

NetBIOS

Port 139 (NetBIOS)—This port is used by Microsoft's NetBIOS Session Service to share resources

SMTP

Port 25 (Simple Mail Transfer Protocol)—E-mail servers listen on this port. If you attempt to send e-mail to a remote user, your workstation connects to port 25 on a mail server

DNS

Port 53 (Domain Name System)—If a server on your network uses DNS, it's using port 53. Most networks require a DNS server so that users can connect to Web sites with URLs instead of IP addresses. When a user enters a URL, such as www.yahoo.com, the DNS server resolves the name to an IP address. The DNS server might be internal to the company, or each computer might be configured to point to the IP address of a DNS server that's serviced by the company's ISP.

TFTP

Port 69 (Trivial File Transfer Protocol)—Many network engineers use the TFTP service to transfer router and backup router configurations

HTTP

Port 80 (Hypertext Transfer Protocol)—Most certification exams have a question about port 80 being used for HTTP. Port 80 is used when you connect to a Web server. If security personnel decided to filter out HTTP traffic, almost every user would notice a problem on the network

FTP

Ports 20 and 21 (File Transfer Protocol)—FTP has been around as long as the Internet. It was the standard for moving or copying large files and is still used today, although to a lesser extent because of the popularity of HTTP (covered later in this section). FTP uses port 20 for data transfer and port 21 for control. FTP requires entering a logon name and password and is more secure than Trivial File Transfer Protocol (TFTP; covered later in this list)

Session hijacking

Session hijacking enables an attacker to join a TCP session and make both parties think he or she is the other party. This attack, discussed briefly in Chapter 2 in relation to initial sequence numbers (ISNs), is a complex attack that's beyond the scope of this book

SANS

SysAdmin, Audit, Network, Securit

Port

The logical component of a connection that identifies the service running on a network device. For example, port 110 is the POP3 mail service

ICMP

The protocol used to send informational messages and test network connectivity.

Buffer Overflow

a programmer finds a vulnerability in poorly written code that doesn't check for a defined amount of memory space use. For example, if a program defines a buffer size of 100 MB (the total amount of memory the program is supposed to use), and the program writes data over the 100 MB mark without triggering an error or preventing this occurrence, you have a buffer overflow. Basically, the attacker writes code that overflows the buffer, which is possible because the buffer capacity hasn't been defined correctly in the program. The trick is to not fill the overflow buffer with meaningless data, but fill it with executable program code. That way, the OS runs the code, and the attacker's program does something harmful. Usually, the code elevates the attacker's permissions to an administrator's level or gives the attacker the same privileges as the program's owner or creator

Ping of Death

a type of DoS attack, is not as common as it was during the late 1990s. The attacker simply creates an ICMP packet (discussed in Chapter 2) that's larger than the maximum allowed 65,535 bytes. The large packet is fragmented into smaller packets and reassembled at its destination. The user's system at the destination point can't handle the reassembled oversized packet, thereby causing the system to crash or freeze.

spybot

adware removal programs

Session hijacking

an attack that relies on guessing the ISNs of TCP packets.

Keyloggers

are hardware devices or software that can be used to capture keystrokes on a computer. Software keyloggers behave like Trojan programs and are loaded on a computer. A hardware keylogger is a small device, often smaller than an inch long. It can usually be installed in less than 30 seconds. It's a simple matter of unplugging the keyboard, plugging the small device into the keyboard input jack, and then plugging the keylogger jack into the computer's keyboard port. After installing the hardware, most vendors require you to run a word processing program, such as WordPad, and then enter the vendor-supplied password in a blank document. After entering the password, a menu is displayed. Some common hardware keyloggers are KeyKatcher and KeyGhos

card access

card is scanned, and access is given to the cardholder while documenting the time of entry. This method also makes it possible for one card to allow access to several doors without having to issue multiple keys or having users memorize different combinations

Certified information Systems Security Professional (CISSP)

certification for security professionals is issued by the International Information Systems Security Certification Consortium (ISC2). Even though the CISSP certification isn't geared toward the technical IT professional, it has become one of the standards for many security professionals. The exam doesn't require testers to have technical knowledge in IT; it tests security-related managerial skills

Tiger box

collection of tools for conducting vulnerability assessments and attacks is sometimes referred to as

Trojan programs

disguise themselves as useful programs and can install a backdoor or rootkit on a computer.

public key infrastructure

encryption

Virus

is a program that attaches itself to a file or another program, often sent via e-mail. The key word is "attaches." A virus doesn't stand on its own, so it can 't replicate itself or operate without the presence of a host. A virus attaches itself to a host file or program (such as Microsoft Word), just as the flu attaches itself to a host organism, and then performs whatever the creator designed it to

Worm

is a program that replicates and propagates itself without having to attach itself to a host (unlike a virus, which needs to attach itself to a host). The most infamous worms are Code Red (covered in Activity 3-3), Nimda, and Conficker. Theoretically, a worm that replicates itself multiple times to every user it infects can infect every computer in the world over a short period

Transport Layer

is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or User Datagram Protocol (UDP) header. TCP/UDP services This layer is responsible for getting data packets to and from the Application layer by using port numbers. TCP also verifies packet delivery by using acknowledgments

Network Layer

is concerned with physically moving electrons across a medium (whether it's copper wire, fiber-optic cables, or wireless) This layer represents the physical network pathway and the network interface card

Network Security

is concerned with the security of computers or devices that are part of a network infrastructure

Internet Layer

is responsible for routing packets by using IP addresses. This layer uses IP addresses to route packets to the correct destination network.

Application Layer

is where applications and protocols, such as HTTP and Telnet, operate. This layer includes network services and client software.

Black Box

management doesn't divulge to staff that penetration testing is being conducted, nor does it give the tester any diagrams or describe what technologies the company is using. This model puts the burden on the tester to find this information by using techniques you learn throughout this book. This model also helps management see whether the company's security personnel can detect an attack

US Dept of Justice Hacking

many people have been sentenced to prison for "hacking," the term used by the Department of Justice

Global Information Assurance Certification (GIAC)

offers training and IT security certifications

SysAdmin, Audit, Network, Security (SANS) Instifute

offers training and IT security certifications through Global Information Assurance Certification (GIAC). It also disseminates research documents on computer and network security worldwide at no cost. One of the most popular SANS Institute documents is the Top 20 list, which details the most common network exploits and suggests ways of correcting vulnerabilities. This list offers a wealth of information for penetration testers or security professionals

DoS

prevents legitimate users from accessing network resources. Some forms of DoS attacks don't even involve computers. For example, intentionally looping a document on a fax machine by taping two pages together can use up reams of paper on the destination fax machine, thus preventing others from using it. In a DoS attack that does involve computers, attackers aren't attempting to access information from servers. However, they might be using the attack to cripple the network until it's vulnerable to a different type of attack.

adware

sometimes displays a banner that notifies users of its presence. Adware's main purpose is to determine a user's purchasing habits so that Web browsers can display advertisements tailored to this user. The biggest problem with adware is that it slows down the computer it's running on.

Security Testing

testers do more than attempt to break in; they also analyzes a company's security policy and procedures and report any vulnerabilities to management. Security testing, in other words, takes penetration testing to a higher level

Adrian Lamo

the homeless hacker. 2-20-81

Red Team Testing

you'll most likely be placed on a team that conducts penetration tests. This team is composed of people with varied skills who perform the tests. For example, a red team might include a programming expert who can perform SQL injections or other programming vulnerability testing

Script kiddies

younger, inexperienced people who experienced hackers refer to as


Set pelajaran terkait

Kaplan MCAT Physics Chapter 7: Waves and Sound 7%

View Set

PEDs Exam I Content Review : optional

View Set

Saunders Respiratory NCLEX questions

View Set

We are not really strangers FULL GAME

View Set

M1:U1 PowerPoint Key Terms Assignment

View Set

NURS 562: Family Nursing Prep U Chapter 1

View Set