Introduction

Appendix A looks at some of the tools security analyst's can use to help test and secure their networks. For the exam, it is important to be comfortable with using tools that test systems and protect them from exploitation.

Following are some of the terms used in this appendix:

• White Hat  As functional security analyst's working to defend and protect the systems they administer from attack and exploitation, White Hats test hacking tools in a controlled environment. Think of a White Hat as a "good guy" when it comes to network security.

• Black Hat  Black Hats create tools to manipulate weaknesses within running systems for the purpose of causing harm. Black Hats are usually highly skilled in networking and programming and can create most of the tools they use themselves. These are the most dangerous of the "bad guys" in network security.

• Gray Hat  Falling somewhere in the middle of White Hats and Black Hats, Gray Hats are hackers who are not as malicious as Black Hats, but do not necessarily share the White Hat's beliefs that security breaches should be reported to vendors for repair.

• Script Kiddies  Script Kiddies are Black Hat wannabe's who find tools online to use to cause harm to networks. Most of the "hacker" population today falls under this category.

• Click Kiddies  Click Kiddies are the newest version of Script Kiddies who use simple tools that are pre-canned and ready to be executed via the click of a mouse. As more pre-made Malware programs become available online, the number of Click Kiddies will grow.

It is important to learn how to use tools of this nature in a controlled environment so that you can learn how to defend against them. Each section of this appendix shows a tool, how to get it, its basic configuration, and why you should be aware of its existence. This information will also help you understand many of the concepts learned within the book such as Public Key Infrastructure (PKI), encryption, ports, and exploitable services that are not shut down or disabled. Exam-specific content is indicated throughout this appendix.

The following sections look at how to test a system's vulnerability with specific tools made to scan and sniff systems and networks looking for exploitable vulnerabilities.

The testing tools covered are:

• LANguard Network Scanner (vulnerability scanner)

• NmapWin (port scanner)

• Ethereal (packet sniffer/protocol analyzer)

There are also tools available that can be used to protect systems from attack and exploitation. Most times, you are using services on the network from the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite such as Telnet, and SMTP for e-mail. Because of the massive vulnerabilities that exist with these protocols (such as credentials like username and password being sent in cleartext instead of protected ciphertext), you might want to use alternative tools and services to help remove or diminish the possibility of attack. These tools are:

• Secure Shell (SSH) (encryption for in band terminal emulation)

• Pretty Good Privacy (PGP) (encryption for e-mail protection)

Lastly, it is important to understand that downloading freeware tools from the Internet incurs its own set of possible risks. You may inadvertently download a Trojan or virus. One solution is to connect an old machine to the Internet to download the tools to. Then run antiviral software on the tools to make sure they are clean and then burn them to CD-ROM. Once on CD-ROM, the tools can be used anywhere. Also, the virus definitions on the target machine should be updated so that the most current signatures are available.