In this video, you will learn to; describe how network mapping or casing the joint

is
used by bad hackers. What commands are used and what information is
commonly gathered. Describe the counter
measures that can be used against
mapping threats. Now, let's take a dive into specific security threats against
Internet-based
enterprises. One of the first ones we'll
take a look at today, here on Slide 12, is the idea
of a network mapping. So this is basically
casing the joint. Where our adversaries
will scan the network, they'll find out what devices are on there, what services,
what protocols are on the network using
our ping commands. There's also other tools
like Nmap that determine what hosts are on the network and what
their addresses are. Certainly, port-scanning
comes into play and we talked
about Nmap a little bit earlier which is
a network exploration tools. So one of the questions is, given this problem set
of our adversaries, scanning our network,
and looking for houses essentially getting
the topography of that. What can we do? We take a look at coding network traffic
entering the network. Looking for suspicious activity, IP addresses, ports being
scanned sequentially. By the way, these are
network anomalies that good SIEMs like Qradar will be able to pick up
and create an alert. We can also use
a good host scanner, for example, is that
founding Qradar, keep a good inventory of
the hosts on the network? What would that do for us? Well, by good asset
management, by the way, which is needed for patch management, at a minimum, we can
create
a whitelist or a list of authorized devices by mark address that are
allowed on the network. So that we can if there's additional activity and other
hosts that
get put some play, we will know this
because it'll be a white list violation.