Welcome the CyberRays video, Siri's and the Company of Security Plus 5 +01 Certification and exam.
I'm your instructor, Ron Warner.
This video is on section two dot too.
Given a scenario, use appropriate software tools to assess the security posture of an organization.
This session is all about the tools.
A variety of tools, applications and software programs help assess the security of systems to identify vulnerabilities and together make up complete vulnerability management program.
These tools include protocol analyzers, vulnerability scanners, honey pots and password crackers.
This section discusses the purpose and use of these tools. Vulnerability assessment tools such as protocol analyzers and scanners. Help the organization find the weaknesses before Attackers take advantage of them.
The goal. Find weaknesses and fix them.
No your security posture By using these tools,
the first category of security tools I will discuss our protocol analyzers, also known as packets, differs.
They help you troubleshoot network issues by gathering packet level information across the network.
This type of application is used to gather information on hub or switch supervisor. Report were in line with network connectivity to enable the analysis of network communications.
Protocol analyzers can identify individual protocols specific endpoints and sequential access attempts. These applications capture packet and can conduct protocol decoding, turning the information into readable data for analysis.
Protocol analyzers can do more than just look at packets, though they're useful in many other areas, such as network management and network monitoring. Looking for unexpected events? I'll discuss a few specific protocol analyzers.
Next, we'll talk about a common protocol analyzing tool
wire Shark is the most prevalent and widely known network packet sniffer. Often a penetration tester can learn a great deal from simply sniffing the network traffic on a target system.
Wire Shark provides a convenient graphical user interface for examining network traffic. It's free, which you can get from wire shark dot org's.
It's available for Windows and for Macintosh.
On your screen is the wire shark website.
I recommend you go out to a wire short dot org's and review the information under screen. You see an example of a wire shark dump. There are three different sections associated with it. One shows the network layer traffic, the second and the third shows actually in depth into the packet.
As previously mentioned. In other videos, you could watch the TCP three way handshake as well as ARP request basically anything that's happening on the network you can see with wire shark, so it's a must have tool.
The next category of tools. I will discuss our network scanners and mappers. Network scanners identify active hosts on a network, one of the most common network scanning tools. Our network mappers network mapper is a software you to utility used to conduct network assessments
over a range of I P addresses.
Basically, you use it to search through a range of eyepiece to see active servers. Hosts, devices, etcetera. Anything on your network can be determined.
The network mapper compiles a listing of all of those system and hardware present within the network segment.
The information could be used to conduct a network inventory, identify single points of failure and create graphical detail suitable for reporting on network configurations.
It's used for that network immune oration. What's on my network?
Let me show you a few examples of some tools.
Solar Winds is a commercial product that also has freeware versions that are available.
It provides numerous capabilities to help you explore your network and understand the security and systems on it.
They provide network performance monitors. You see an example on your screen
with solar winds. You can see multi vendor network monitoring
network insides for deeper visibility, intelligent maps across your network so will tell you not only what systems are there, but what are the applications. And operating systems in place as well, could even dive into the level of patches.
It's a very powerful tool you should be familiar with,
and map is arguably one of the most powerful and oldest network mappers out there. It's a free and open source utility for network discovery and security auditing.
Many systems and network administrators also find it useful for tasks such as network inventory, managing service, grades, schedules and monitoring. Host and service up time
and map uses raw I P packets in novel ways to determine what hosts are available on the network. What service is such as applications and versions? Those hosts are offering what operating systems are running, what type of packet filters and firewalls are in use and dozens of other characteristics.
It was designed to rapidly scan large networks, but works find against single host
and map runs on all major computing operating systems in addition to the classic man line and map excusable the end maps. We also includes an advanced, gooey and results of your Zen map, which you see on your screen.
Ah, flexible data transfer, redirection and debugging tool and cat,
a utility for comparing scan results and if
and a packet generation response, analysis tool
on your screen, you see the end map dot org's Web site
highly recommend you go out there and read all about and map. It has a long history,
but in addition to the site talking about end map,
it also provides a list of many other security tools.
Here's the list of the top 125 network security tools.
For example, Wire shark, which I already discussed.
Medicine Boy will discuss in a while
necessary vulnerability Scanning tool aircraft for wireless scanning,
snort and intrusion detection system cane. Enable for password cracking.
Backtrack. Now known as Callie, which provides a framework and operating system for pen testing,
There's a lot of tools. Go out to SEC tools dot org's and explore and learn more about these tools.
Another tool you can use for network scanning is available on IOS and Android Mobile devices.
It's known as thing F I N G. You see an example on your screen.
I'll use it when I'm on a guest wife. I just to see what other systems are around.
It provides a lot of the same functionality. A Zen map will tell me the other systems on that network segment and what they're running. It's a fun tool to explore and help you understand the ideas of network scanning.
Another common set of security tools. Our vulnerability scanners.
In section 1.5, I explained that Vulnerability scanner is a software application that both scans a range of I P addresses and tests for known vulnerabilities.
A traditional vulnerability scanner relies on a database of known vulnerabilities
normally provided by the vendor.
These are automated tools, and they're directed at a targeted system that you want to evaluate for their vulnerabilities.
Unlike a system that test for open ports like a network, mapper
vulnerability scanners has also for availability of service is and how those service's may be vulnerable. I'll show you a few common vulnerability scanners. Next
they're comin Vulnerability scanner applications you should know about as a security professional. And in studying for the security plus exam,
the first is necessary.
Ness's one of the most popular popular Incapable vulnerability scanner, particularly for UNIX and Lennox System.
A free message home version is also available, though it is limited on on Li license for home network use.
Ness's constantly updated with more than 70,000 plug ins.
Key features include remote and local authenticated security. Jack's a Client Server architecture with Web based interface and embedded scripting language for writing your own pocket and understanding existing plug in. It's one that you will need to run on a Lennox operating system with a client server mode.
Other vulnerability scanners are open Voss on Lenox Systems.
The next pose. A community addition which scans Web applications, databases and virtual environments.
HQ Wallace, a commercial product, also provides some free scans the checks for hidden malware and SSL issues, among other network vulnerabilities.
I use quality SSL scan and free scan on Web sites where I may be doing business, you need to review in practice with each of these vulnerability scanners to really understand how they work
for Web application vulnerability testing, I recommend a WASP Zap Zed application product available from O ost dot or GE it discover security vulnerabilities in Web applications.
Oh, a sap helps you automatically find those security issues in your Web applications while you're developing and testing them.
It is also a great tool for experienced pen testers to use from manual security testing.
You see an example of a loss zap in use on your screen.
Oh, Oscar is an awesome website to look at. Learn more about Web applications security
Right now you see the 00 oh's Bizet Attack Proxy project, describing a wasp zap
experiment with tools like a wasp zap against your own website to learn how they work.
Another common tool for penetration testers and security researchers are exploitation frameworks.
These are platforms used for penetration, testing and risk assessments. Along with understanding vulnerabilities.
They're frameworks containing a set of exploits for known vulnerabilities,
including medicine, Lloyd canvas and Core Impact.
The browser exploitation framework, or beef, is a pen testing tool for exploiting Web vulnerabilities.
One note security plus is rather technology agnostic. You don't need to be experts on each of these frameworks. We do need to know their purpose, and that they exist.
Callie is a very useful tool that you can run on a virtual machine or off of a USB drive. It's a debian derived Lennox distribution designed for digital forensics and pen testing.
It's pre installed with numerous pen testing program, so you don't need to download additional programs. If you're running Cali,
Kelly Lennox can be run from Hard Drive CD or USB, and it is supported platform of the Mad Exploit Projects Medicine Late Framework
tool for developing in executing security exploits
The social engineering tool kit or set is another framework.
The social engineering framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspect of social engineering. You see some typical social engineering attacks on your screen
set is specifically designed to perform advanced attack against the human element element.
The tax built into the tool kit are designed to be targeted and focused attacks against a person or organization used during a penetration test
medicine. Boyd is another common exploitation framework.
Attackers air always developing new exploits and attack methods.
Medicine ploy, penetration Testing software helps you use them as your own weapons against them.
utilizing an ever growing database of exploits. You can safely simulate real world attacks on your network to train your security team to spot and stop the real thing.
Basically, met Exploit comes pre bundled with exploitations against known vulnerabilities, so be very careful. When running it.
You can actually download a free VM called Met Exploitable to run medicine. Lloyd. Against
this way, you can practice within safe come confines of your own virtual system to learn more about medicine. Lloyd, go to med exploit dot com.
I showed the website on your screen.
You also need to be aware of what's on your network, especially your WiFi network. You can use tools like Aero Dump, Kismet, Nets, tumbler V, Ice Tumbler and Insider to be able to map all of the different devices connected to an SS I. D.
Wireless scanners are used to gather information about WiFi networks and detect access points,
Rogue or valid, they can also search out for cloaked S s I. D. S and be used to break weak encryption keys.
This is one of the must have tools to have on your device. That way you can ensure your WiFi network is safe and secure
an additional tool set toe. Having your tool kit are configuration compliance applications such as the Microsoft Baseline Security Analyzer, M. B S A.
It's a free download from Microsoft, and it's a software vulnerability scanner toe. Analyze targeted Microsoft systems to detect whether software security patches or baseline configuration settings are missing.
Other tools that's come from the Center for Internet Security can download their tools as well for configuration compliance
necessary one of those tools. Not only is it good for vulnerability scanning, you could also use it for configuration compliance.
Banner grabbing is a technique to identify operating systems applications, and service is on a system.
This information helps narrow the vulnerability. Signatures to scan for
an attacker can footprint an organization in much the same way.
The more you understand about the specific operating systems, applications and version information, the easier it is to identify vulnerable systems and conduct targeted attacks.
Net Cat is a common tool used for banner grabs.
You see an example of neck tat on your screen using the N. C. Command from a command line going to example, on Port 80 I can see the Web pages that might be used by a Web server.
Neck Hat is a free download for Windows and Lennox, and it could be used to read and write on TCP and UDP network connections.
I will now move on to password cracking, used to disclose passwords and assess password strength. I've run password cracking in organizations to gain an overall idea on how good the passwords were being used by our end users.
I've also used password cracking to break into individual systems when we've lost the passwords to the
online password cracking tools and be able to you to type in the hash and get a password return in plain text. So, for example, if you just have that hash of the password, try Googling it. You might be able to find the password through that simple method.
There are also applications you can download and run could perform password cracking or password discoveries. We also call it
Brutus Cain and Abel. John the Ripper. Tichy, Hydra are all examples.
John the Ripper is a fast password cracker for UNIX, Linux and Mac OS systems.
Its primary purpose is to detect week UNIX Mulanax passwords,
though it supports hats. It hash is for many other platforms as well.
You'll probably want to start with some word lists.
The word lists are already lists of words compared with their hashes.
A lot of these tools use rainbow tables.
Refer to the concepts of rainbow tables and other sections and videos with in security plus
password cracking. Great way to be able to show weaknesses in network security.
Say you want to catch some bad guys doing some stuff on your network. Could be internal employees or external hackers.
You could do that using ah honey pot or a honey neck.
These are individual systems or even networks exposed on purpose.
Sole purpose is to capture malicious activity. They may contain numerous vulnerabilities knowing that they will be exploited.
But then you can watch what's happening. Who's doing the exploiting, where they're coming from the techniques they're using. Alter better understand your network defenses.
It's used as part of investigative initiatives as well. You believe you've been breached. You may put a honey pot or honey net on your network. Get to be ableto watch those who may have breached you
and to study their attack strategies.
Keep in mind it should be separate from any business network because they are exploited systems.
Goto honey d dot org's to learn more about honey pots and honey nets steganography. It's a method for hiding information and other information.
It means hidden writing,
hiding messages in other media so that the unintended of recipients are not even aware of any message. For example, terrorists will use pictures on Facebook
and steganography to hide the messages within those pictures. Anyone looking at the pictures won't be able to tell the hidden message contained within it.
There are multiple approaches for steganography,
least significant bit insertion, masking and filtering algorithms and transformations. Use your study material toe. Understand these different approaches.
Common steganography tools include
camouflage steak, Hide and our stag.
It's fun to play with these tools and see how easy it is to hide your own messages within other types of media.
When you're taking systems off of the network, you want to make sure they are wiped. Their data is sanitized. Sanitization is the process of removing content from a device or media from hard drive, USB drive, etcetera.
Some of the tools you should be familiar with. Our D band.
BC wipe and cryptographic erase. You can often use native operating systems tools as well.
I talked more about system cleanup in other videos.
The last topic for this video. Our command line tools. This is using the UNIX or Windows Command prompt and running commands that pull information aboutthe security or health of your system.
You see different examples on your screen.
The man command is the number one command you need to know. For Lennox Systems,
it's the manual for UNIX or Lennox. So, for example, if you have a Lennox system type man man and it gives you the manual page for the manual command
rather slick, right,
let me show you how some of these others work
from a command prompt.
Ping is just checking to see if I can talk to some other device. So, for example, Ping of Dub Dub that google dot com
replies back, saying, I can ping Google.
What this also shows is the I. P address associated with Google
Nets. That shows the network status for my internal network
Trace ERT, also known as Trace route so I can run that won t r a C E r t shows the path
that'll go from my computer to Google.
You see, it's trying to now resolved through D. N s the path it's slowly working through it. So, for example, you can see my local I p address. Now it's beginning to reverse my I S P address
Trace route can identify where your network packets air going for network troubleshooting and security purposes.
is a tool to perform a d. N s query.
So again, I'll pick on Google and NATO mind they put this information out there on purpose.
It gives me my address and then the answer for the i p address associated with Google, you see both the I P version six address and the I P version for address
other tools conclude I p config or if config so this gives me
the information particularly. I add all this I p config gives me the information about my I p
network addresses on my local machines.
You see, it's scroll off.
So let's pipe it. Two more pipe command that key above the enter
piping to more means don't allow it to scroll off of the screen. So I p kid faked that all. You see the name of my laptop
and my I P addresses
and map neck at I've previously discussed.
Be familiar with the command prompt. You'll use it all the time as a security professional to troubleshoot your own home systems and the ones that your business
practice practice. Practice with the command prompt and will be your great friend as your performing security assessments.
Another command line tool to be aware of its the CIS Internal Sweet
It provides both gooey and command prompt tools to help administer window systems. For example, auto runs will tell me anything that's automatically starting on my Windows PC. I'll use that to get rid of junk where, when I'm re installing a machine
process, Explorer is like task manager on steroids. Give so much more information about what is running on the window system.
You see all the different tools available through the cyst. Internals sweet
on the image on your screen.
There's also a video from the software originator Marquis Zenovich on Mauer hunting that I highly recommend
Sis Internal Suite is available for free from Microsoft.
In this video I covered section 2.2 on security assessment tools.
You see the categories of the tools I talked about on your screen.
Let's practice with a few sample quiz questions.
Question one, also known as packet sniffers. Thes tools help you troubleshoot network issues by gathering packet level information across a network.
The answer is D. A protocol analyzer,
A common protocol analyzer or packet Sniffer is wire shark
Alex is to conduct forensics of a phishing email.
She also knows the i p address of the originating email server.
What command would show Alex the complete path to that I P address? The answer is B Trace ERT, also known as Trace Route.
It will trace the path from the originating PC tow whatever you're trying to locate.
There are numerous labs. You can try to get hands on practice with all of these tools. The first is the Network Vulnerabilities lab. We get to practice network foot printing using and map and Zen map and then packet sniffing with wire shark.
Another lap to consider is the password cracking tool lab,
where you can get hands on experience determining the weaknesses of passwords running tools such as Cain and Abel P W dump LM hash and the ability to detect root kits. It's fun to do this password hacking, but make sure you do it in a safe environment like the's labs.
You can also practice hands on using the scanning and remediation vulnerabilities with open Vase. Lab.
Callie is an operating system pre built with security assessment tools.
Open vase Dancer Open Vulnerability Assessment system.
It's a free tool to use and can be quite comprehensive. And it's scanning techniques as well as assisting in finding vulnerabilities. It could be used in conjunction with other Cali tools. To help end test environments more efficiently,
this land lab will give you that experience in running Cali and open vase. Get as much hands on experience as you can to prepare for the security plus exam.
This concludes the video for section two dot too.
Given a scenario, use appropriate software tools to assess the security posture of an organization.
This is part of Domaine two on technologies and tools.
Refer to your study material for more information on all of these topics,