Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Worm
A worm is self-replicating malware that
travels throughout a network without
user intervention
• Trojan
A trojan appears to be one thing, such
as pirated software or free antivirus
software, but is something malicious.
• Rootkit
A type of malware that has system-
level access to a compouter. Rootkits
are often able to hide themselves
from users and antivirus software.
• Keylogger
A keylogger captures a user’s
keystrokes. They are then stored in a
file and are either automatically sent
or manually retrieved by attacker.
• Adware
Software intent on learning user
habits for the purpose of targeted
advertising. Adware also applies to
software that is free but includes
advertisements.
• Spyware
Software installed without user’s
knowledge or consent and it monitors
the user’s activites. It sometimes
includes a keylogger that records the
user’s activities.
- Spear phishing
A targeted form of phishing. Spear phishing attacks attempt
to target specific group of users such as those in a business.
- Whaling
A form of spear phishing that attempts to target high-level
executives. When successful, attackers gain confidential company information
that they might not be able to get anywhere else.
- Vishing
Vishing attacks use the phone system to trick users into giving up
personal and financial information. It often uses Voice over IP (VoIP)
technology and tries to trick the user similar to other phishing attacks. When
the attack uses VoIP, it can spoof caller ID, making it appear as though the
call came from a real company.
- Tailgating
- Impersonation
- Dumpster diving
- Shoulder surfing
Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get
information. Shoulder surfing is an effective way to get information in crowded places because it’s relatively easy
to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a
calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or
other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or
your keypad from view by using your body or cupping your hand.
- Hoax
- Authority
- Intimidation
- Consensus
- Scarcity
- Familiarity
- Trust
- Urgency
Application/service attacks
- DoS
- DDoS
- Man-in-the-middle
- Buffer overflow
- Injection
- Cross-site scripting
- Privilege escalation
- ARP poisoning
- Amplification
- DNS poisoning
- Domain hijacking
- Man-in-the-browser
- Zero day unknown vulnerability that leaves a system open to attack until it is patched.
- Replay
Attempt to capture packets through impersonation
- Session hijacking
- URL hijacking
- Typo squatting
- Driver manipulation
- Shimming
- Refactoring
- MAC spoofing
- IP spoofing
Wireless attacks
- Replay
Impersonation attack attempting to capture packets
- IV
- Evil twin
- Rogue AP
- Jamming
- WPS
- Bluejacking
Sending messages to device
- Bluesnarfing
Having control of a mobile device
- RFID
- NFC
- Disassociation
• Cryptographic attacks
- Birthday
- Known plain text/cipher text
- Rainbow tables
Libraries of precomputed hashes used for rainbow attacks
- Dictionary
uses a
dictionary of words and attempts every word in the dictionary to see if it
works. A dictionary in this context is simply a list of words and character
combinations.
- Brute force
- Online vs. offline
- Collision
- Downgrade
- Replay
- Weak implementations
Explain threat actor types and attributes
Types of actors
- Script kiddies
- Hacktivist
- Organized crime
- Nation states/APT
- Insiders
- Competitors
• Attributes of actors
- Internal/external
- Level of sophistication
- Resources/funding
- Intent/motivation
• Use of open-source intelligence
• Passive reconnaissance
Collecting information on a target using open source intel such as facebook, google etc
• Pivot
• Initial exploitation
• Persistence
• Escalation of privilege
• Black box
• White box
• Gray box
• Penetration testing vs.
vulnerability scanning
• Race conditions
• Vulnerabilities due to:
- End-of-life systems
- Embedded systems
- Lack of vendor support
• Improper input handling
• Improper error handling
• Misconfiguration/weak configuration
• Default configuration
• Resource exhaustion
• Untrained users
• Improperly configured accounts
• Vulnerable business processes
• Weak cipher suites and implementations
• Memory/buffer vulnerability
- Memory leak
- Integer overflow
- Buffer overflow
- Pointer dereference
- DLL injection
• System sprawl/undocumented assets
• Architecture/design weaknesses
• New threats/zero day
• Improper certificate and
key management
• VPN concentrator
- Remote access vs. site-to-site
- IPSec
- Tunnel mode
- Transport mode
- AH
- ESP
- Split tunnel vs. full tunnel
- TLS
- Always-on VPN
• NIPS/NIDS
- Signature-based
- Heuristic/behavioral
- Anomaly
- Inline vs. passive
- In-band vs. out-of-band
- Rules
- Analytics
- False positive not an actual threat
- False negative an undetected threatlinux
• Router
- ACLs
- Antispoofing
• Switch
- Port security
- Layer 2 vs. Layer 3
- Loop prevention
- Flood guard
• Proxy
- Forward and reverse proxy
- Transparent
- Application/multipurpose
• Load balancer
- Scheduling
- Affinity
- Round-robin
- Active-passive
- Active-active
- Virtual IPs
• Access point
- SSID
- MAC filtering
- Signal strength
- Band selection/width
- Antenna types and placement
- Fat vs. thin
- Controller-based vs. standalone
• SIEM security information event management system provides a centralized solution for collecting, analyzing, and
Managing data from multiple sources and can aggregate and correlate logs.
- Aggregation
- Correlation
- Automated alerting and triggers
- Time synchronization
- Event deduplication
- Logs/WORM
• DLP
- USB blocking
- Cloud-based
- Email
• NAC
NAC network access control inspects clients for health, including up to date virus def files
otherwise device gets redirected to remediation network
• Mail gateway
- Spam filter
- DLP
- Encryption
• Bridge
• SSL/TLS accelerators
• SSL decryptors
• Media gateway
• Hardware security module
a port scanner identifies open ports and is used to determine what services are running on the system
- Rogue system detection
- Network mapping
• Wireless scanners/cracker
• Password cracker
• Vulnerability scanner
• Configuration compliance scanner
• Exploitation frameworks
• Data sanitization tools
• Steganography tools
• Honeypot
• Backup utilities
• Banner grabbing
• Passive vs. active
• Command line tools
- ping
Checks connectivity with remote systems. Icmp.
- netstat
netstat shows act connections and other net stats on a local system, but it doesn't identify pathways.
- tracert
Tracks packet flow through the network
- nslookup/dig
- arp
Arp is a command-line tool that is related to the Address Resolution
Protocol (ARP); however, arp (the command) and ARP (the protocol) are not
the same thing
- ipconfig/ip/ifconfig
Tcp/ip config information ifconfig applies to linux based systems
- tcpdump
Cmd line tool used to capture packets, but doesn’t query systems for data
- nmap
Nmap is a sophisticated network scanner that runs from the command line
- netcat
netcat is useful for remotely adminsitering servers. can also be used for banner grabbing which yields info on OS and some onfo
on services and apps used by server.
• Protocols
- DNSSEC
- SSH
- S/MIME
- SRTP
- LDAPS
- FTPS
- SFTP
- SNMPv3
- SSL/TLS
- HTTPS
- Secure POP/IMAP
• Use cases
- Voice and video
- Time synchronization
- Email and web
- File transfer
- Directory services
- Remote access
- Domain name resolution
- Routing and switching
- Network address allocation
- Subscription services
Explain use cases and purpose for frameworks, best
practices and secure configuration guides.
Industry-standard frameworks
and reference architectures
- Regulatory
- Non-regulatory
- National vs. international
- Industry-specific frameworks
• Benchmarks/secure configuration guides
- Platform/vendor-specific guides
- Web server
- Operating system
- Application server
- Network infrastructure devices
- General purpose guides
• Defense-in-depth/layered security
- Vendor diversity
- Control diversity
- Administrative
- Technical
- User training
- Extranet
Partner site, set apart from intranet
- Intranet
Internal network
- Wireless
- Guest
Guest accounts to allow outsiders access to your network, normally in the DMZ
- Honeynets
Decoy networks
- NAT
Network address translation, hides internal computers from the internet. Converts public to private ip and back again.
- Ad hoc
Point to point connection without a network device such as a switch or a router.
• Segregation/segmentation/isolation
- Physical
- Logical (VLAN)
Creating separate managed channels to prevent crossover. Logical separation created at layer 2.
- Virtualization
Virtual environment used to maximize hardware or test software
- Air gaps
Physical isolation
• Tunneling/VPN
- Site-to-site
Uses two vpn servers that act as gateways for two networks separated geographically.
- Remote access
- Correlation engines
- Filters
- Proxies
server (or servers) used to forward requests for services
such as HTTP or HTTPS. A forward proxy server forwards requests from
internal clients to external servers. A reverse proxy accepts requests from the
Internet and forwards them to an internal web server. A transparent proxy does
not modify requests, but nontransparent proxies include URL filters. An
application proxy is used for a specific application, but most proxy servers are
used for multiple protocols.
- Firewalls
stateful firewall filters based on the packet state
stateless firewall filters based on ip address, port, or protocol id
- VPN concentrators
When using a VPN concentrator, you would typically place it in the
DMZ. The firewall between the Internet and the DMZ would forward VPN
traffic to the VPN concentrator. The concentrator would route all private
VPN traffic to the firewall between the DMZ and the intranet.
- SSL accelerators
- Load balancers
- DDoS mitigator
Placed inside DMZ near firewall to internet
- Aggregation switches
Core switch network
• SDN
software defined network- uses virtualization technologies to route traffic
- HSM
HSM-hardware sec module is an external sec device used to store crypto keys
- UEFI/BIOS
Motherboard operating system. Allows user to configure hardware
integrity measurement-master image is the baseline that admins use to compare when identifying deviations
• RTOS
Realtime operating system, such as an ATM
• Printers/MFDs
• Camera systems
• Special purpose
- Medical devices
- Vehicles
- Aircraft/UAV
- Security automation
automated tests to check code
- Continuous integration
process of merging code
changes into a central repository. Software is then built and tested
from this central repository. The central repository includes a version
control system, and the version control system typically supports
rolling back code changes when they cause a problem
- Baselining
applying changes to the baseline code
every day and building the code from these changes
- Immutable systems
cannot be changed
- Infrastructure as code
managing and provisioning data
centers with code that defines virtual machines (VMs
• Version control and change management
helps ensure that developers do not make unauthorized changes.
Version control tracks the versions of software as it is updated, including who made the update and when.
• VM sprawl avoidance
When VMs are being setup and discarded but never actually removed from use, allowing them to waste resources.
• VM escape protection
• Cloud storage
• Cloud deployment models
- SaaS
Software as a Service (SaaS) includes any software or application
provided to users over a network such as the Internet. Internet users access the
SaaS applications with a web browser. It usually doesn’t matter which web
browser or operating system a SaaS customer uses. They could be using
Microsoft Edge, Chrome, Firefox, or just about any web browser.
As mentioned previously, web-based email is an example of SaaS
- PaaS
Platform as a Service (PaaS) provides customers with a preconfigured
computing platform they can use as needed. It provides the customer with an
easy-to-configure operating system, combined with appropriate applications
and on-demand computing.
- IaaS
Infrastructure as a Service (IaaS) allows an organization to outsource its
equipment requirements, including the hardware and all support operations.
The IaaS service provider owns the equipment, houses it in its data center,
and performs all the required hardware maintenance. The customer
essentially rents access to the equipment and often pays on a per-use basis
- Private
A private cloud is set up for specific organizations. For example, the
Shelbyville Nuclear Power Plant might decide it wants to store data in the
cloud, but does not want to use a third- party vendor. Instead, the plant
chooses to host its own servers and make these servers available to internal
employees through the Internet.
- Public
Public cloud services are available from third-party companies, such as
Amazon, Google, Microsoft, and Apple. They provide similar services to
anyone willing to pay for them.
- Hybrid
Two or more clouds
- Community
Communities with shared concerns (such as goals, security
requirements, or compliance considerations) can share cloud resources within
a community cloud. As an example, imagine that the Shelbyville Nuclear
Power Plant and several schools within Springfield decided to share
educational resources within a cloud. They could each provide resources for
the cloud and only organizations within the community would have access to
the resources.
• Security as a service
Another entry into cloud computing is Security as a Service. It includes any services provided via the cloud that provide
security services, and is commonly viewed as a subset of the Software as a Service (SaaS) model.A common example of a
Security as a Service application is antivirus software.
Explain how resiliency and automation strategies reduce risk
• Automation/scripting
- Automated courses of action
- Continuous monitoring
- Configuration validation
• Templates
• Master image
master image-only includes apps, services, and protocols needed to meet the principle of least functionality
• Non-persistence
- Snapshots
- Revert to known state
- Rollback to known configuration
- Live boot media
• Elasticity
• Scalability
• Distributive allocation
• Redundancy
• Fault tolerance
• High availability
• RAID
• Multifactor authentication multiple authentication factors, if two its dual, if three its, 3 way, etc
When answering any potential question pick most accurate.
- Something you have
biometrics
- Something you know
password
- Somewhere you are
Gps location
- Something you do
• Federation central authentication in non-homogeneous environment. Each environment uses the same username
And password, such as facebook, or google
• Single sign-on what air force portal is supposed to be. Sign in once and only once.
• Transitive trust indirect trust relationship. If A trust B and C, B and C can trust each other.
• Kerberos method of issuing tickets for authentication. KDC key distribution Center
-system of ticket granting tickets TGT
-time synchronization within 5 minutes
-a data base of users or subjects
Kerberos tickets are only temp, making it harder for replay or man in the middle attacks to occur.
Windows authentication protocol within a Microsoft windows active directory
If you only have one KDC then you have a SPOF, single point of failure
Uses symmetric key cryptography
• TACACS+ port 49 TCP/UDP cisco proprietary, encrypts entire authentication process, uses multiple challenges
Between server and client. Modular, can pick and choose features to use.
• Secure token
• NTLM new tech. LAN manager, mostly used on legacy systems, mostly used on Kerberos.
- DAC discretionary access control-creator of file in charge, less admin overhead control, susceptible to trojans
- ABAC attribute based access controls-more granular(specific) than ROBAC, role based access control
- Role-based access control/ROBAC based off user role, admin, executive, project managers, team members
- Rule-based access control/RUBAC not considered to be part of the access control models/paradigms, ACL access
Control list, do not require users
- Proximity cards
- Smart cards
• Biometric factors
- Fingerprint scanner
- Retinal scanner
- Iris scanner
- Voice recognition
- Facial recognition
- False acceptance rate FAR false acceptance rate, false match, lower score better
- Crossover error rate where FAR and FRR cross on a chart. Lower CER equals more accurate system
• Tokens
- Hardware
- Software
- HOTP/TOTP HMAC-OneTimePassword, based off events TimeBasedOneTimePassword
• Certificate-based authentication
- PIV/CAC/smart card
- IEEE 802.1x
• Database security DLP data loss prevention software, column encryption, don’t encrypt key files or regularly
Accessed, physical sec, SSL TSL
• Account types
- User account average user
- Shared and generic avoid shared/generic
accounts/credentials
- Guest accounts cannot be deleted but can be disabled
- Service accounts specific purpose is to run some services/applications
- Privileged accounts system admin accounts, usually no internet/email access to reduce threat vectors
• General Concepts
- Least privilege only access to what is needed to perform job
- Permission auditing and review regularly perform, making sure changes are up to date.
- Standard naming convention naming conventions, good for organization, but if attackers knows, can hide more
easily
- Account maintenance
- Location-based policies consideration of geographical location and local laws that apply
• Agreement types
- BPA Business partner agreement – how companies work together
- SLA Service Level Agreement- detail oriented, what and when, between vendor and company that stipulates
performance expectation
- ISA Interconnection Security agreement-specifies technical and security requirements for planning, establishing,
Maintaining and disconnecting a secure connection. Tech details.
• Personnel management
- Separation of duties prevents any single person or entity from being to able to complete all the functions of a critical
Or sensitive process. Designed to prevent, fraud, theft, and errors.
- Clean desk reduces threat of security incidents, helps prevent possibility of data theft or inadvertent disclosure
- System owner
A system owner is typically a high-level executive or department head who has overall responsibility for the system.
- User
Regular end users need to understand common threats, such as malware and phishing attacks. They also need to understand
the risk posed by clicking an unknown link and how drive-by downloadscan infect their system.
- Privileged user
A privileged user is any user with more rights and permissions than typical end users
- Executive user
Executives need high-level briefings related to the risks that the organization faces, along with information on the
organization’s overall information security awareness program
- Adverse actions
• General security policies
- Social media networks/applications
- Personal email
• MTBF Mean Time Between Failure/average system up time.system reliability. Larger number is better
• MTTR Mean time to Recovery/ average time to restore a failed system, how fast to fix. Smaller # Better.
Rule of 5 9’s 99.999 ideal uptime
• Single point of failure when task/service can only be performed in one area. Essentially a bottleneck.
• Privacy impact assessment what happens if data is leaked? Attempts to identify potential risks related to PII and
Ensures the organization is complying with applicable laws and regulations
- Risk register chart for measuring risk, list all known risks for an asset such as a web server, includes a risk score
- Likelihood of occurrence
- Supply chain assessment What happens if chain is broken?
- Impact
- Testing
- Transfer
Buy insurance
- Avoid
- Mitigate
Buy locks for laptops so they cannot be easily stolen
• Legal hold how long devise under investigation can be held for investigation.
• Data acquisition Hash drive, system image, hash system image, put hdd back in evidence, investigate on image,
Hash system image, put image in evidence
- Capture system image
- Network traffic and logs
- Capture video
- Record time offset be aware of time frames and time zones
• Recovery
• Strategic intelligence/
counterintelligence gathering
- Active logging
• Backup concepts
- Differential does not reset archive bit, starts with full backup, 2 backups to restore. Fast restoral, slow
Archival(saving)
- Incremental resets archive bit. Archival Fast, Restoral Slow, requires multiple backups to restore
• Geographic considerations
- Off-site backups
- Distance
- Location selection
- Legal implications
- Data sovereignty laws of different countries
• Continuity of operations planning
- Exercises/tabletop Think D&D, verbal run downs
- After-action reports
- Failover
- Alternate processing sites
- Alternate business practices
• Corrective
• Physical
Blowfish/twofish 64 bit blocks key length 32-448 bits, fast except when changing keys. Can be faster than AES due to 64 bit
block size compared to AES 128/ 128 bit block, key 8-256 blocks, most commonkey128,192,256.
RC4 stream cipher, used in Secure Socket Layer, WEP encryptions and simple Windows, vpn over PPTP, not strong
enough, 40 and 128 key bits are common. Can go as high as 2048 bits
AES advanced encryption 128 bit block size. Key size 128,192,256. standard strength, speed ,small codesize
IDEA
DES/3DES Data Encryption Standard, 64 bit blocks, susceptible to brute force attks. 56 bit key/ 64 bit blocks, 3
separate passes
And uses multiple keys. Key sizes of 56,112,168. Used when legacy does not support AES
• Modes of operation
• Asymmetric algorithms two keys, private and public. Requires PKI public key infrastructure to issues certificates.
RSA Rivest,Shamir,Aldleman strong, uses prime #’s(resource intensive) used to protect email and other data
transmitted over the internet. Most common Asymmetric, key 1024-
ECDHE elliptical curve Diffie-Helman Ephemeral based off elliptical curve mathematics to reduce processing
Requirements, as opposed to using prime numbers, and temp keys
DH Diffie-Helman a key exchange algorithm used to privately share a symmetric key between two parties. Once
The two parties know the symmetric key they symmetric encryption to encrypt data. Used with ssh, ssl, ipSec.
DHE Diffie-Helman Ephemeral generates ephemeral(temp) keys per session.
• Hashing creates a fixed size string, from an infinite variety of inputs. Cannot be reversed, one way only. Assures
data integrity has been maintained.
MD5 Message digest 5 wide commercial use, deprecated government use, 128 bit hash
• Elliptic curve algorithms based on curves, less resource intensive. Ideal for mobile platforms.
• Key exchange
• Digital signatures
• Diffusion change in input has change in output
• Secret algorithm
• Data-in-transit
• Data-at-rest
Data on HDD
• Data-in-use
Cannot be encrypted
• Random/pseudo-random
number generation
- 3DES 64 bit block. Multiple passes. Only recommended with legacy systems if AES is not supported
- RC4 stream cipher. Used in SSL, WEP encryptions, and simple windows, VPN over PPTP, not strong enough.
40 and 128 key bits are common
- Blowfish/Twofish 64 bit block, fast except when changing keys. 32-448 bit key/128 bit, key 8-256 bits
Most common key 128-192-256
• Cipher modes
- CBC
- GCM
- ECB
- CTR
• Asymmetric algorithms
- RSA
- DSA
- Diffie-Hellman
- Groups
- DHE
- ECDHE
- Elliptic curve
- PGP/GPG
• Hashing algorithms
- MD5 mesa
- SHA
- HMAC
- RIPEMD
• Key stretching algorithms
- BCRYPT
- PBKDF2
• Obfuscation
- XOR
- ROT13
- Substitution ciphers
- Stapling an alternative to ocsp. The certificate presenter appends the certificate with a timestamped digitally
Signed ocsp response from the ca. reduces ocsp traffic to and from CA.
- Pinning
public key pinning is a security mechanism designed to prevent attackers from impersonating a web site
Using fraudulent certificates. Public key pinning includes a list of public key hashes in
HTTPS responses from the web server. While pinning helps validate
certificates, it is unrelated to OCSP. Digital signatures won’t reduce
traffic. Client side?
- Trust model
- Key escrow
third party that holds encrypted keys in the event that someone cannot provide their key, it can be
Recovered and used.
- Certificate chaining
certificate chaining combines all the certificates from the root CA down to the certificate issued
To the end user.
• Types of certificates
- Code signing
Developers often use code signing certificates to
validate the authentication of executable applications or scripts. The
code signing certificate verifies the code has not been modified.
- Self-signed
A self-signed certificate is not issued by a trusted
CA. Private CAs within an enterprise often create self-signed
certificates. They aren’t trusted by default. However, administrators
can use automated means to place copies of the self-signed
certificate into the trusted root CA store for enterprise computers.
Self-signed certificates from private CAs eliminate the cost of
purchasing certificates from public CAs.
- Machine/computer
Certificates issued to a device or a computer
- Email
uses of email certificates are for encryption of emails and digi signatures
- User
Certificares issued to users, they can be encryption, authentication, and smarts. Example certificates on CAC
- Root
First certificate created created by the CA that identifies it, and the store is just a collection of these root certificates. If the
CA’s root certificate is placed in this store.
- Domain validation
Indicates that the certificate has some control over a DNS domain. The ca takes extra steps to contact the requestor such as
by email or telephone
- Extended validation
Additional steps beyond domain validation. You will see the company name prior to the URL to combat phishing attacks.
• Certificate formats
- DER
- PEM
PEM is derived from the Privacy Enhanced Mail format, but that is
misleading. It implies that PEM-based certificates are used for email only.
However, PEM-based certificates can be used for just about anything. They
can be formatted as CER (binary files) or DER (ASCII files). They can also
be used to share public keys within a certificate, request certificates from a
CA as a CSR, install a private key on a server, publish a CRL, or share the
full certificate chain.
You might see a PEM-encoded certificate with the. pem extension.
However, it’s more common for the certificate to use other extensions. For
example, a PEM-encoded file holding the certificate with the public key
typically uses the.cer or.crt extension. A PEM file holding just the private
key typically uses the. key extension.
- PFX
Personal Information Exchange (PFX) is a predecessor to the P12
certificate and it has the same usage. Administrators often use this format on
Windows systems to import and export certificates.
- CER
- P12
P12 certificates use the PKCS version 12 (PKCS#12) format and they
are CER-based (binary). They are commonly used to hold certificates with
the private key. For example, when installing a certificate on a server to
supports HTTPS sessions, you might install a P12 certificate with the private
key. Because it holds the private key, it’s common to encrypt P12
certificates. It’s also possible to include the full certificate chain in a P12
certificate.
- P7B
P7B certificates use the PKCS version 7 (PKCS#7) format and they are
DER-based (ASCII). They are commonly used to share public keys with
proof of identity of the certificate holder. Recipients use the public keys to
encrypt or decrypt data. For example, a web server might use a P7B
certificate to share its public key. P7B certificates can also contain a
certificate chain or a CRL. However, they never include the private key.
Personal Information Exchange (PFX) is a predecessor to the P12
certificate and it has the same usage. Administrators often use this format on
Windows systems to import and export certificates.
CER is a binary format for certificates and DER is an ASCII
format. PEM is the most commonly used certificate format and can
be used for just about any certificate type. P7B certificates are
commonly used to share public keys. P12 and PFX certificates are
commonly used to hold the private key.
EQUIPMENT
• Router
• Firewall
• Access point
• Switch
• IDS/IPS
• Server
• Content filter
• Client
• Mobile device
• VPN concentrator
• UTM
• Enterprise security managers/SIEM suite
• Load balancer
• Proxies
• DLP appliance
• ICS or similar systems
• Network access control servers
• DDoS mitigation hardware
SPARE PARTS/HARDWARE
• Keyboards
• Mice
• Network cables
• Monitors
• Wireless and Bluetooth dongles
HARDWARE TOOLS
• WiFi analyzers
• Hardware debuggers
SOFTWARE TOOLS AND SOFTWARE TOOLS
• Exploitation distributions (e.g., Kali)
• Proxy server
A server (or servers) used to forward requests for services
such as HTTP or HTTPS. A forward proxy server forwards requests from
internal clients to external servers. A reverse proxy accepts requests from the
Internet and forwards them to an internal web server. A transparent proxy does
not modify requests, but nontransparent proxies include URL filters. An
application proxy is used for a specific application, but most proxy servers are
used for multiple protocols. Can they forward email?
• Virtualization software
• Virtualized appliances
• Wireshark
• tcpdump
• NMAP
• OpenVAS
• Metasploit/Metaspoitable2
• Back Orifice
• Cain & Abel
• John the Ripper
• pfSense
• Security Onion
• Roo
• Any UTM
OTHER
• SourceForge
/var/log/httpd directory includes logs from the apache web server when installed
address in the scan range. If a host responds, the scanner knows that a