collective tools are aimed at information gathering, whether it be data about a single setting on a single system or aggregate data from various systems across the network.
Various tools collect different types of data and in different formats,
choosing the right tool for the job is Justus important as choosing what types of data tickling
security information and event management tools also refer to a SIM Tools collect aggregate and even display vast amounts of data from systems across the network.
The goal is SIM is to obtain a holistic, an all encompassing view of the events occurring on the network to make your leading events and potential incidents easier.
Several well known sin products include Ark Site, which is owned by HP
que radar, Splunk OS M and Kiwi Sis Log.
Ark Site collects data and helps analyze the data for potential compromises or attacks.
Splunk in O S. M. R to open source tools that are also provided at a commercial level.
Both Splunk and O. S M offer dashboard based graphical user interfaces, which makes sorting, cataloguing and viewing large amounts of event data all that much easier.
But they typically do not perform event data collection themselves.
Kiwi Sis Log is geared towards law collection and storage and may typically be fed into an analysis tools such a Splunk or OS M
network Scanning tools such as WMAP can be used to identify systems on the network as well as their various open ports that correspond to various service is.
The information collected could be used to not only identify these systems in open ports, but also to identify what Attackers would see if they were to scan the network.
Doing so might help a security professional locked down or adjust the security posture of these systems to reduce the vulnerable surface as much as possible.
Vulnerability scanning tools such aske Wallace messes Open Boss Next Pose, Nick, too, and Microsoft Baseline Security Analyzer or NBS A. Are used to scan or monitor a machine for potential vulnerabilities or shortcomings and compliance requirements.
From a collection standpoint, Vulnerability scanners could be used to identify record and organized details about one or abilities as they relate to security settings. Running service is open ports, missing updates or patches or potentially dangerous files, certificates or password encryption mechanisms.
Many of these tools, such as necessary or open boss can be used to scan remote targets and collect all relevant data to a central source for easier viewing and analysis. Most tools also provide some type of report mechanism to organize data in a coherent and logical fashion.
Such is prioritizing high risk vulnerabilities.
Packet capture tools also refer to a sniffers, collect network traffic data and can be viewed either from a stored file or live
wire. Shark and TCP dump are very similar in the way they captured data. The wire shark has a more graphical user interface, and TCP Dump is a command line tool.
Wire shark is much more powerful at analyzing packet capture data due to its ability to filter life streams and search packet capture data for specific features. Such a source, destination protocol or traffic type
wire shark can also be used to reconstruct files and rebuild streams to see the entire conversations of traffic.
Any of these features may be crucial when investigating an incident or attack.
Air cracking is a traffic sniffing and capturing tool for wireless communications that can also monitor attack, test and even crack wireless traffic. The capturing process is named heir. Odom bash in G and act similarly to TCP dump.
Other features used to attack or crack wireless transmissions might be of use to test the security of a wireless network.
Mannlein I P Utilities have a variety of uses and are often found as built in utilities on a variety of operating systems,
though they perform similar, if not identical, functions.
I p config on Windows and I f config on Lenox based systems can be used to ascertain details about the network adapters on a system
nets that can be used to identify open or listening ports on the system, as well as display any established connection to remote sockets.
Peeing can be used to test connectivity between two systems and troubleshoot connection problems between two remote host
trace route on Windows systems or trace route for Lennox could be used to also test been activity between two systems, while also displaying the number of hops that lie in between the source system and its target, such as routers, firewalls or other network devices.
Should connectivity between a local host and a remote host fail trace route and at least be used to determine just how far the network traffic gets before it can go no further. Perhaps due to an outage or abound, route
ns look up and dig. Our two utilities used to test and troubleshoot d. N s service is by looking at the hosts a signed Ian s server or to look up the D. N s details about a specific host name and website.
Sis internals is a vast set of utilities that could be used to perform a large number of checks against the system,
such as currently logged on users process lists, trees, permission sets or start up applications and programs, just to name a few.
Any one of these pieces of information can come in handy when trying to assess the security state of a system or when responding to an incident or attack.
Open SSL is a utility that could be used to generate and store self signed certificates, and their respective keys for use
ideas or host based ideas is can be used as collected tools since they act almost like sniffers in the sense that they must analyze and inspect all network traffic that passed through them. While a packet capture tool may capture all traffic data and I. D. S or host based ideas is likely on Lee collecting data related to the rules and signatures provided.
Since ideas tend to store historical data, it can be powerful collection tools when trying to baseline network traffic,
rule out false positives and correlate data across multiple systems that are monitored by the same idea. Sensor
ideas data could be aggregated and rolled up to some applications as well. For a more global view of what is happening on the network as a whole, collection tools help a security professional toe learn what is going on in their networks.
By storing important information about the network, its systems and the network traffic security
analysts don't have to necessarily see something occurring. Live
collection tools provide historical records such as event logs, packet capture, data and system information that could be analysed hours or even months later when an incident either occurs or is finally discovered.
Further tool demos in this course mar Jewel are listening an attempt to provide more insight into how these various tools operate and are not meant to advocate for anyone tool over another or to test the operations of any specific tool