Port Scanning – Chapter 5

This chapter is all about Port scanning and some of the various tools available to security testers. Port scanning is a method to detect which services a host computer offers. Listed below are some of the types of port scans.

• SYN scan - Stealthy scan
• Connect scan - Completes three-way handshake
• NULL scan - Packet flags are turned off
• XMAS scan - FIN, PSH and URG flags are set
• ACK scan - Used to get past firewall
• FIN scan - Closed port responds with an RST packet
• UDP scan - Closed port responds with ICMP “Port Unreachable” message

Some of the port scanning tools are:

• Nmap – It is currently the standard port-scanning tool for security testers. You are able to customized Nmap with different commands.
• Unicornscan – This is used primarily on large networks. This product is considering an all in one tool.
• Nessus - No longer under GPL license.
• OpenVas - Performs complex queries while client interfaces with server. Capable of updating security check plug-ins.

Ping sweeps are done to identify which IP addresses belong to active hosts. The Fping can ping multiple IP addresses at the same time. The input file is typically created with a shell-script. The Hping is often used to bypass filtering devices. This tool offers an abundant amount of features for advanced port scanning.

The end of the chapter goes into some discussion about scripting and the importance of being able to customize programs. Shown below are some of the basic commands. This can be both a time and money saver.

Footprinting and Social Engineering – Chapter 4

Footprinting is the process of finding information on a company’s network. An important concept is Footprinting is passive or nonintrusive it is not breaking the law. The sites listed below are available tools for Footprinting.

Competitive intelligence is discovering as much as possible about a business in a legal manner. As a security professional one needs to have a good understanding of what competitors are seeking and be able to communicate this to their client.

Network attackers often discover critical data about business in various ways. They analyze company web sites, use HTTP basics, and in some cases uses E-mail addresses that are listed in a DNS output. Some other techniques are detecting cookies, web bugs and using Domain Name System (DNS) zone transfers all explained in the chapter.

Social Engineering has been around for long time it is the skill of using knowledge of human nature to get information from people. There are several different techniques that are used they are: Urgency, Quid pro quo, Status quo, kindness, and Position. Two other methods that play off of social engineering  are phishing and spear phishing. Both means send e-mail requesting information. With phishing the individual does not know the sender whereas with spear phishing the recipient potential knows the sender. These approaches can be very effective in obtaining all kinds of data regarding a company’s network.

The art of Shoulder Surfing, Dumpster Diving and Piggybacking are somewhat more aggressive in their approach of gaining information about a business. Shoulder Surfing is basically looking over someone’s shoulder and watching what they are typing. Piggybacking is following somebody into an unauthorized area again with the intent of securing guarded information. Dumpster Diving is just what it states rummaging through the refuse to find pertinent data about a business.

The Security professional must have the where with all to stop these potential vulnerabilities from being exploited and jeopardizing his client’s security.

Network and Computer Attacks – Chapter 3

As the title indicates this chapter was all about intruders attacking Computer systems and Network infrastructure. These assaults can come from both insiders as well as outsiders. In some situations protecting both the Network and workstations might be as simply as ensuring proper precautions have been taken to secure their locations and proper identification is presented when requested.

The chapter begins with describing malicious software.  Malware is malicious software used with the intent of corrupting or destroying data. Some of the other types of malware are worms, viruses, and Trojan programs which are all explained in greater detail.

Spyware and adware are similar in that both programs can be installed without users aware of their presence. The purpose or intent of placing spyware on someone’s computer is to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program. However programs that collect data with the user’s knowledge are not technically spyware. Such software is called adware and is designed to track and report user information to advertising or other interested parties.

It goes on to explain Denial of Service Attacks (DOS), Distributed Denial of Service Attacks (DDoS), Addressing Physical Security, and Keyloggers. The chapter covered potential ways to breach both Computes and the Network that an ethical-hacker needs to be able to identify and stop.     

TCP/IP Concepts Review – Chapter 2

This chapter was an overview of networking concepts with a focus on Transmission Control Protocol/Internet Protocol. (TCP/IP) It concluded by reviewing the following number systems binary, octal and hexadecimal. Within this section ‘nibbles’ were discussed with an emphasis on converting binary to decimal.

The section began with discussing protocol and specifically TCP/IP. It noted that TCP/IP was the most widely used protocol. It continued with the four layers application, transport, internet, and network giving a brief description of each one.

                                                   

                                       

 The chapter covers the six TCP segment flags which are:

 ◦SYN flag: The synch flag signifies the beginning of a session.

◦ACK flag: The acknowledgment flag acknowledges a connection and is sent by a host after receiving a

   SYN-ACK packet.

◦PSH flag: The push flag is used to deliver data directly to an application. Data isn’t buffered it’s sent

   immediately.

◦URG flag: This flag is used to signify urgent data.

◦RST flag: The reset flag resets or drops a connection.

◦FIN flag: The finish flag signifies that the connection is finished.

It also talks about the top TCP ports a security professional and penetration tester use and should understand. They are Ports 20&21, 25, 53, 69, 110, 119, 135, 139, and 143.

The chapter goes into IP addressing and explains classes A, B, and C. It also reviews IP address assignments and IPv6 addressing. This chapter was a great help for me.