Use Appropriate Software Tools to Assess the Security Posture of an Organization

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

33 hours 23 minutes
Video Transcription
Hello and welcome back to Sai Berries. 2019 comp. T A security plus certification preparation course
We're going continue. Our discussion on marginal to
and the topic of discussion would be domain to technology and twos.
It should be noted that we have a brand new objective we're gonna be discussing in this particular video,
which is tied at 2.2. Giving a scenario used appropriate software tools, access to security posture often organization
again. These are the top is a discussion which encompasses this particular ejected, ranging from a protocol and ELISA Networx analyze all way down to vulnerably scatter and so forth.
This brings us to our first pre assessment quiz, and the question is as follows.
What tools can you use the find the operating system running on a computer? Is it a a configuration compliance scanner
B. Obama grammar. See a protocol analyzer or D a network mapper.
If you would like to see you, absolutely correct, because you can in fact, use a protocol analyzed. Find operating system running on a computer.
A protocol analyzes a two used to capture and analyze signals and data traffic over a communication channel.
Such a communication channel varies from local computer bus to a satellite link that provides a means of communication using a standard communication protocol.
Now protocol analyzed. Offer time refer to as a sniffer or packets. Capture. Utility is a tool used to capture and analyze your network communication.
A network scanner is a procedure for identifying active devices on a network by employing features or features in the network protocol to signal devices and await a response.
One important key concepts. A term call row system detection.
This is an unknown and authorized advice that is plugged into the network.
Network mapping is a procedure used to discover and visualize physical and virtual network connectivity. Vera a group of interrelated tasks that facilitate the creation of a network map, including flow charts,
network diagrams, topology detection as well as the vice inventories.
Then we have what we call a wireless scanner
their scam for wireless networks and range, whether they are hitting or visible to everybody. They report the high level information about the networks, such as the S I d. The signal spring, the manufacturer, the Mac address and so forth.
Then we have a wildest cracker.
Basically, it's an information network attacks similar to a what we call a direct intrusion. This is a cracking to that tries to obtain access to your wireless network without authorization, for example, by attempted to crack the key or brute force
the past praise.
We have a password cracker. Now this is an application program is used to identify an unknown or forgotten password to a computer or network resource. It can also be used to help a human crack obtained unauthorized access to resources.
Another interesting tools. Call a bona police scanner.
Now this is a program that performs a diagnostic phase of a vulnerable analysis, also known as available a vulnerably assessment in other words
and its look and it basis to be used to find Mitchell missing patches known vulnerability, insecure configurations on your network as well.
Then we have the configuration compliance scanner
this. Get help, discover and identify this type of information. The compliance cannot focuses on configuration settings for security, heartening being applied to a system.
We also have another interesting to weaken use.
Basically, this particular duda is a penetration testing tool that focuses upon your Web browser so basic what it does exploits your framework in the and in essence,
this brings us to a brain new objective here
again, giving us an error. Use appropriate software to the sexto security posture off of the organisms. In fact, this is, say, this is in fact the same objective, but going to discuss some additional topics that pertain to this particular objective.
We'll take a look at data data, uh, sterilization. We have steganography tools, honeypot, backup utilities Banner grabs words passive as well as active.
Now the first item on our agenda. When you need dispose of stores devices, you need to find a way to securely erase the data first.
So basically, this is a process of deliberately, permanently and irreversibly removing or the screwing the data stored on a memory device
we have steganography basically is hidden in plain sight. Other words. You had it within your particular drive. For example, if you was had, like, a word document, you changed a file extension,
and that's another way of hiding in middle in plain sight. So stay in office is data hitting within data Steak knife isn't encryption technique that can be used along with photography as an extra secure method in which to protect your data,
then we have a honeypot. Honeypot is nothing more than D courses to resign to attract hackers.
100 youth has all the logging and tracing enabled and security level is lord on purpose. In this case, such system often include deliberately and luring. Other were annoyed someone in hopes of attracting a would be attacker so they can obtain valuable items on these particular systems.
Then we have a back of utility.
Basically, it's an application that enabled the backup files your folders, your documents, your software data, most data types and the computer or server as a whole.
Better graham it. Batter grabbing is basically a process
used to excess
your host system. If it makes such a new operating system, service packs
and software version and and so forth,
then we have a term called passive vs Active. Now we have ah, passive device. It sits outside the direct path of communication or it's on standby, ready to become active upon request
Active device A typically live on the network in the direct path of communication or actively participating in the service,
continue on with some additional topics that pertain to this particular objective. We're gonna take a look at some different types of what we call command line tools such as paying Net stat, tracer and so forth.
The 1st 1 wouldn't take a look again term called Command line tools, not command line tools are run without a graphical user interface. You can run them on a variety of computers and sometimes even on your smartphones.
Let's take a look at some of the different types of command line tools first, when we have the ping command. Now this is basically to use to make sure insure we have other words is you lies as a diagnostic to determine network connectivity. Duping a destination note in that control message protocol are echo request packages sent to that note
Mets that is bracing. It delivers basic statistical all your network activities. Inform your user which ports and addresses
the correspondent TCP UDP are running on
Tracy Base. It is a network dynasty to used to track the path were taken by package on an I P network from source to his actual destination.
Then we have the N s look up is a basically network administration command line tool available in many a computer operating system for Korean DNS. Otherwise domain name and services to obtain the main name or the I P. Meth I P address mapping or other DS DNS records aren't requests. Are the words first with the address resolution. Protocol
is, in fact, a communication protocol used for discovering
that the link layer, such as your Mac address associate with a given Internet layer address. Typically, you lies with a nappy version type of dress,
some additional command line tools. You need to be aware it's called. I peek and pick its command using Windows. Why I have come big issues within limits, operating system and really, what has used to tell you what you, uh, tell you what type of configuration you have being on your windows or perhaps your lynx operating computer.
TCP Dumped Basin is a common packets analyze that runs under the command line. It allows the user display the TCP Happy and other packets band transmitted or received over a network to which the computer is attached
and in map basically sends a TCP or the words UDP member. UDP is a is a TCP, the Connection Orient Protocol, while UDP is a non connection Orient Protocol, so it allows it to send the TCP UDP package to the target machine, then examines the response by comparing the results with the database.
Annette Cat is a a computer networking utility for reading, farm and writing to network connection using TCP or UDP.
At this point in time, we have a post assessment quiz,
and the question is as follows. Steganography allows you to hide a power bi the audio video or image file inside another fire bid. In the audio video, Our image file a large, far a faded image are the well. Other words are the telltale signs
of what we call steganography. Is that true or false?
If you said that you you're absolutely correct, let's not turn our attention towards some key takeaways from this particular video.
We learned that sticking office is data hidden within data.
A pastor devices outside the direct path of communication or is on standby ready to become active. Upon request.
I learned that active device are typically life on the network in the direct path of communication or actively participated in a service.
We also learned that backup software chilies is an application that enables the back of the files, your folders, your documents, software, data and so forth.
We noted a honey pot is computer system can figure to attract the would be hackers. In other words,
we have this process called data data.
Civilization basically surprises it liberally, permanently and irreversibly removing us going to data stored on a memory device.
A Vitamin A scanner is in fact, a program that performed the diagnosis phase of a vulnerably analysis, also known as a bone Billy. Assessment
in our upcoming video will be taking a look at another brand new objective, which is 2.3, which is titled Given a Scenario Troubleshoot Common Security Issues. I look forward to seeing you in the very next video.
Up Next
CompTIA Security+

Interested in the cybersecurity industry? The CompTIA Security+ is the gold standard for those looking to enter the cybersecurity industry. Join thousands of professionals who have gained this certification through this course and launched their careers in information security.

Instructed By