foot printing versus fingerprinting foot printing means I want to map out your network. Let me find out what I can about your network and how your network is arranged. Let me find out where your critical servers are.
Let me. Uh no d n S is. Let me look at your elder for your authentication server.
Let me learn where those critical service is. Our
DNF zones are one way I can learn that I can use utilities, like in map. I can send TCP messages to see how you respond so that I can see what service is air running, what ports are open. But the bottom line is I wanna learn what is where
I can. I can watch traffic. I can simply do traffic analysis, not intercepting data, but simply. Look, we're traffics going on your network. If I see a ton of traffic on your network at 8 30 in the morning going to a particular server,
that tells me that's an authentication server. That's a domain controller. Uh, or maybe Dean s server.
So when we talk about foot printing the network, I want to know where your central service is our
and then I want a fingerprint. Those systems, because I want to learn the operating system running on those critical service is every operating system has a vulnerability. Let's start there. Have you closed up the vulnerabilities on your operating system? Port scanning allows me to see
what porch your system is listening on. The most important step when we talk about hardening a system is to remove unnecessary service. Is why, Because network service is open, ports and ports are referred to his listening meaning they're open.
What's out there for me? So porch provide input or an entryway into your system. If the port doesn't need to be open close. Those work
protocol analyzers often referred to hiss sniffers. Wire shark, for instance, is a very common protocol analyzer. Well, as a network admin. I wanna have a sniffer on my network. I want to see our people passing passwords across the network in clear text.
What type of traffic is there? Is there anything that would indicate maybe a security violation?
Sniffers are used for both good and bad, and as a network admin, I very well may want to use a sniffer on my network.
Now, this idea of switch port analyzer. Often, this is kind of abbreviated as port span. And this will go back to a discussion that we had when we were talking about network apologies and network devices, and we talked about switches
and the big improvement. That switch is brought to our networks above
pubs was that switches direct traffic out on Lee. The appropriate port. Where is the hub? Sends all data out all ports all the time. So it's an attacker. If this were switch, I'd plug into any porter. I'm sorry. As an attacker, if this were a hump,
I pulled into any port on that hub and I have had access to all the data. That's, Ah, security fiasco.
So we bring in a switch and as an attacker, if I plug my sniffer into this port on the switch, what do I have access to? Not much,
because it's only gonna ford out traffic out this port.
However, as a network administrator, remember, I said I might want to sniff the network. I might want to monitor my own network, and I probably do
so for good guys or bad guys. When you plug a sniffer into a switch. You don't get a lot of information.
Another consideration when we talk about intrusion detection systems or intrusion prevention systems. All these devices are
these devices air sniffers
that also have an analysis engine. All these devices do is capture traffic on the network, But they also have software that analyzes that traffic and makes a decision. Is it good, or is it bad?
So if I want an intrusion detection system on my network,
well, when I plug it into the port on the switch, I don't see anything,
It's good that the bad guys don't say anything. It's bad. The good guys don't see anything
so often. What we do on this particular port is we enable what's called Port Span and that stands for switch Port analyzer, Ports fan. And what Porch Span does is that allows
all network traffic to come out a particular port for the purposes of sniffing proactively or the purpose of having an intrusion detection system plugged in. So, honestly, what I've done is I've turned this one port on my switch
into a hub port. Essentially, all traffic is comes out of that port as well.
Very good from an intrusion detection system standpoint, is a network admin. We wanna lock that port down because it also has benefits to an attacker as well. So we want to be concerned there. That's what switchboard analyzer does or port span.
All right, for network enumeration, uh, enumeration means listing. So let me list out the I P addresses. Let me list out port numbers. Let me just list out information. The more information I have and I'm able to gain about your network, the more likely I am to be successful
so often networking and enumeration goes with
foot printing the network or fingerprinting operating systems.
Okay. Password cracking? Yep. Password cracking. Remember, Attackers don't care what your password is. My goal is not to get your password. My goal is to use your password. So if I can capture a password even if it's encrypted and I can't see what the password is if I can play it again later
and gain access by replaying your password that's good enough for me.
Um, rainbow tables, rainbow tables. Try every possible character combination hoping to get your password hatch hoping to create a match to your hash. That's all I need. I don't need to see what your password waas
past phrases are now becoming very popular because shorter passwords are very easy to crack. Is processing powers increase as rainbow tables per lift proliferate? The probe lift for rate
the Internet on air so widely available, We need stronger passwords. So past phrases or common in some applications. And in some instances, um, because if you think about a password pass phrase, maybe I'm gonna use the sentence. I'll start the sentence with upper case. I'll have spacing. I'll have punctuation.
But please know that the passwords that jump to your mind would also jump to an attacker's mind. And we're every bit as vulnerable using pass phrases if they're well known as we are using well known passwords
Dictionary attacks, which most people, when you ask him what a dictionary attack is, they'll tell you well, they're trying to guess passwords by using every word in the dictionary. And that's not the case. They're using everything from a file.
because we as Attackers know that past phrases are becoming very popular, we include past phrases in our dictionary files
and as a matter of fact, if you look at some of the tools that are out there that are specifically focused towards pass phrases, there are past phrase dictionaries,
text files that air two gigabytes plus in size.
Now, if you want to think about how much would be contained in a text file
to take up two gigabytes in space, that is a profound amount. So anything that would come to your mind from a work of literature or common everyday phrase that Attackers thought of as well, and it's made its way into the dictionary.
I've already mentioned fuzzing, which is a way of PIN testing applications, particularly http interceptors on the test. They'll ask you about this, and their primary purpose is to analyze http headers
for false or malicious content. So when you're talking about Web access, making sure the H e P header is properly formatted, it's your htp interceptor that would do that. Now. The bottom work here that's actually cut off. It's fine. It just says exploits. And
of course, there are a 1,000,000 different exploits that are out there. We just want to stay knowledgeable and will want to stay current with the information that we have