Sei sulla pagina 1di 2

Chapter 8 & 9 Questions

1. For what might we use the tool Kismet?

2. Explain the concept of segmentation.

- Segmentation is the process of breaking up a wireless network into smaller sub-nets that have
controlled access between them. In the case of an attack, these sub-nets allow us to block access to
other parts of the network.

3. If we needed a command-line tool that could sniff network traffic, what tool might we use?

- TCPDump

4. What are the three?

- WEP, WPA,

5. What tool might we use to scan for devices on a network?

- Kismet

6. Why would we use a honeypot?

- To bait in potential attackers and see their methods. This allows us to see how a malware ware works,
see what attackers may want, or identify IPS that are an outside threat.

7. Explain the difference between signature and anomaly detection in IDSes.

- to monitor for unusual spikes in network traffic that can signal an attack.

8. What would we use if we needed to send sensitive data over an untrusted network?

- a VPN

9. What would we use a DMZ to protect?

- We could use a DMZ to protect our mail server. The DMZ will protect the server and networks from
internet-based attacks.

10. What is the difference between a stateful firewall and a deep packet inspection firewall?

- Deep packet and possible attacks.

1. What is a vector for malware propagation?

- Not updating the system.

2. What is an exploit framework?

- A set of tools used to attack a network. These usually consist of an exploit, sniffers and mapping tools.

3. What is the difference between a port scanner and a vulnerability assessment tool?
- Port Scanners are used to discover the networks and systems that are connected while vulnerability
assessment tools are used to point out areas where the system may be vulnerable to an attack.

4. Explain the concept of an attack surface.

- The attack area is the size of area that is open to an attack. The larger the area, the more likely an
attacker may succeed in breaking through our defenses. Every insecure area adds to the attack surface.

5. Why might we want a firewall on our host if one already exists on the network?

- They can provide more centralized monitoring and provide the environment for more complex rules
and management options.

6. What is operating system hardening?

- A method to reduce the number of available avenues through which our operating system might be
attacked.

7. What is the XD bit and why do we use it?

- It stands for Execute Disable and it is Intel’s version of executable space prevention. Its used to prevent
buffer overflows.

8. What does executable space protection do for us?

- It prevents certain portions of the memory used by the operating system and applications from being
used to execute code. This can limit or disable buffer overflows.

9. How does the principle of least privilege apply to operating system hardening?

- I adds another level of security to the system by limiting who has what privileges and leaving only
admins with high level clearance.

10. Download Nmap from www.nmap.org and install it. Conduct a basic scan of scanme.nmap.org using
either the Zenmap GUI or the command line. What ports can you find open?

-Ports 22, 80, 554, 7070, 9929, 31337 are open.

Potrebbero piacerti anche