Determining What Tools to Use

Table of contents:

Key Terms

Active fingerprint

An active method of identifying the OS of a targeted computer or device.


File type

Search for non-HTML file formats including .pdf, .doc, .ppt, and others.


Gentle scan

A type of vulnerability scan that does not present a risk to the operating network infrastructure.



A primary governing body for Internet networking. IANA oversees three key aspects of the Internet: top-level domains (TLDs), IP address allocation, and port number assignments. IANA is responsible for preserving the central coordinating functions of the Internet for the public.


Internet Control Message Protocol (ICMP)

Part of TCP/IP that supports diagnostics and error control. Ping is a type of ICMP message.



If you include [intitle:] in your query, search engines such as Google will restrict the search to documents containing the specified word or phrase in the title.


Intrusion Detection System (IDS)

IDS systems inspect all inbound and outbound network activity and identify suspicious patterns or unusual types of traffic that may indicate a network or system is under attack or being probed.


Inverse SYN Cookies

A method for tracking the state of a connection that takes the source address and port, along with the destination address and port, and puts them through a SHA-1 hashing algorithm. This value becomes the initial sequence number for the outgoing packet.



A movie about a computer hacker who learns from mysterious rebels about the true nature of his reality and his role in the Matrix machine. A favorite movie of hackers.


Null session

A Windows feature where anonymous logon users can list domain usernames, account information, and enumerate share names.


OS identification

The practice of identifying the operating system of a networked device through either passive or active techniques.


Passive fingerprint

A passive method of identifying the OS of a targeted computer or device.


Port knocking

Port knocking is a defensive technique that requires users of a particular service to access a sequence of ports in a given order before the service will accept their connection.



Ports are used by protocols and applications. Port numbers are divided into three ranges: Well Known Ports, Registered Ports, and the Dynamic and/or Private Ports. Well Known Ports are those from 0 through 1023. Registered Ports are those from 1024 through 49151, and Dynamic and/or Private Ports are those from 49152 through 65535.


Rogue access point

An 802.11 access point that has been set up by an attacker for the purpose of diverting legitimate users so that their traffic can be sniffed or manipulated.



A hardware or software device that can be used to intercept and decode network traffic.



An application layer protocol that facilitates the exchange of management information between network devices. Version one uses well-known public and private community strings.


TCP handshake

A three-step process computers go through when negotiating a connection with one another. The process is a target of attackers and others with malicious intent.


Transmission Control Protocol (TCP)

One of the main protocols of IP. It is used for reliability and guaranteed delivery of data.


User Datagram Protocol (UDP)

A connectionless protocol that provides very few error-recovery services, but offers a quick and direct way to send and receive datagrams.



The act of driving around in a vehicle with a laptop computer, an antenna, and an 802.11 wireless LAN adapter to find and possibly exploit existing wireless networks.


Wi-Fi Protected Access (WPA)

A security standard for wireless networks designed to be more secure than WEP. Developed from the draft 802.11i standard.


Wired Equivalent Privacy (WEP)

Based on the RC4 encryption scheme. It was designed to provide the same level of security as that of a wired LAN. Because of 40-bit encryption and problems with the initialization vector, it was found to be insecure.


Introduction to Assessing Network Vulnerabilities

Foundations and Principles of Security

Why Risk Assessment

Risk-Assessment Methodologies

Scoping the Project

Understanding the Attacker

Performing the Assessment

Tools Used for Assessments and Evaluations

Preparing the Final Report

Post-Assessment Activities

Appendix A. Security Assessment Resources

Appendix B. Security Assessment Forms

Appendix C. Security Assessment Sample Report

Appendix D. Dealing with Consultants and Outside Vendors

Appendix E. SIRT Team Report Format Template

Inside Network Security Assessment. Guarding your IT Infrastructure
Inside Network Security Assessment: Guarding Your IT Infrastructure
ISBN: 0672328097
EAN: 2147483647
Year: 2003
Pages: 138 © 2008-2020.
If you may any questions please contact us: