Professional Documents
Culture Documents
Lesson 3 NT E
C E
Performing Security Assessments L
N A
S IO
ES
OF
P R
C I S
A
R
Topic 3A N T E
C E
Assess Organizational Security withLNetwork
Reconnaissance Tools NA IO
S S
F E
R O
S P
C I
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 2
Syllabus Objectives Covered
S P
C I
A Screenshot used
with permission
from Microsoft.
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 4
route and traceroute
• route
• Show the local routing table
E R
• Identify default route and local subnet
N T
• Check for suspicious entries
C E
• tracert/traceroute
A L
• Test the path to a remote host
IO N
• pathping/mtr
S S
• Measure latency
F E
R O
S P
C I
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 5
IP Scanners and Nmap
• Host discovery
E R
• Test whether host in
N T
IP range responds to
probes C E
• Port scan A L
• Test whether TCP or IO N
UDP port allows
S S
connections
F E
R O
S P
C I
A Screenshot used with permission from nmap.org.
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 6
Service Discovery and Nmap
• Service discovery
E R
• Scan custom TCP/UDP
N T
port ranges
C E
• Service and version
detection A L
• Fingerprinting each port IO N
• Protocol S S
• Application/version F E
• OS type R O
• Device type S P
C I
A Screenshot used with permission from nmap.org.
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 7
netstat and nslookup
• netstat
E R
• Report port status on local machine
N T
• Switches to filter by protocol
C E
• Display process name or PID that opened port
A L
• nslookup and dig
IO N
• Query name servers
S S
• Zone transfers
F E Screenshot used with permission from Microsoft.
R O
S P
C I
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 8
Other Reconnaissance and Discovery Tools
• theHarvester
E R
• Collate open source intelligence (OSINT)
N T
• dnsenum
C E
• Collate DNS hosting information, name records, and IP schemas
A L
• scanless
IO N
•
S S
Collate results from third-party port scanning sites
• curl
F E
•
R O
Craft and submit protocol requests
• Nessus
S P
•
C I
Perform automated vulnerability scanning
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 9
Packet Capture and tcpdump
• Output panes
E R
• Packet list
N T
•
C E
Packet details (headers and fields)
IO N
• Capture and display filters
S S Coloring rules
•
R O
S P
C I
A
Screenshot used with permission from wireshark.org.
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 11
Packet Injection and Replay
• Packet injection
E R
• Crafting spoofed packets
N T
• Dsniff, Ettercap, Scapy
C E
• hping
A L
• Host/port detection and firewall testing
IO N
• Traceroute
S S
• Denial of service (DoS)
F E
• tcpreplay
R O
•
S P
Stream a packet capture through an interface
• I
Sandbox analysis and intrusion detection testing
AC
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 12
Exploitation Frameworks
•
A
• Other frameworks
Linux, embedded, browser,
web/mobile app, cloud, ….
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 13
Netcat
C I S
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 14
R
Topic 3B N T E
C E
Explain Security Concerns with General
L Vulnerability
Types NA IO
S S
F E
R O
S P
C I
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 15
Syllabus Objectives Covered
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 17
Zero-day and Legacy Platform Vulnerabilities
• Zero-day
E R
• Vulnerability is unknown to the vendor
N T
• Threat actor develops an exploit for which there is no patch
C E
• Likely to be used against high value targets
A L
• Legacy platform
IO N
• Vendor no longer releases security patches
S S
F E
R O
S P
C I
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 18
Weak Host Configurations
• Default settings
E R
T
• Vendor may not release product in a default-secure configuration
N
• Unsecured root accounts
C E
• Threat actor will gain complete control
A L
• Limit ability to login as superuser
I O N
• Open permissions
• Configuration errors allowingE S S
unauthenticated access
• Allowing write access whenO Fonly read access is appropriate
P R
I S
AC
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 19
Weak Network Configurations
• Weak encryption S S
F E
• Storage and transport encryption
R O
• Key is generated from a weak password
P
• Cipher has weaknesses
S
C I
• Key distribution is not secure
• Errors A
• Error messages that reveal too much information
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 20
Impacts from Vulnerabilities
• Supply chains
E R
• Due diligence
N T
• Weak links
C E
• Vendor management
A L
IO N
• Process for selecting suppliers and evaluating risks
• System integration
S S
• Lack of vendor support
F E
• Outsourced code development
R O
• Data storage
S P
•
C I
Cloud-based versus on-premises risks
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 22
R
Topic 3C N T E
C E
Summarize Vulnerability Scanning Techniques
L
N A
S IO
S
OFE
P R
C I S
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 23
Syllabus Objectives Covered
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 26
Common Vulnerabilities and Exposures
• Vulnerability feed/plug-in/test
E R
• Security Content Automation
N T
Protocol (SCAP) Score
C E Description
N
4.0+
AL Low
Medium
• Common identifiers
S IO
• Common Vulnerabilities and S 7.0+ High
Exposures (CVE)
O FE 9.0+ Critical
R
• Common Vulnerability Scoring
P
System (CVSS)
C I S
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 27
Intrusive versus Non-intrusive Scanning
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 28
Credentialed versus Non-credentialed Scanning
• Non-credentialed • Credentialed
• Anonymous or guest • Scan configured with logon E R
access to host only
N
• Can allow privileged access to configuration T
• Might test default passwords settings/logs/registry
C E
L
• Use dedicated account for scanning
A
IO N
S S
F E
R O
S P
C I
A
Screenshot used with permission from Greenbone Networks (openvas.org).
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 29
False Positives, False Negatives, and Log Review
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 30
Configuration Review
• Lack of controls
• Security controls that should be present
E R
but are not (or are not functioning)
• Misconfiguration N T
• Settings deviate from template C E
configuration
A L
• Driven by templates of configuration
IO N
settings
• S
Open Vulnerability and Assessment
S
Language (OVAL) F E
•
R O
Extensible Configuration Checklist
P
Description Format (XCCDF)
S
C
in many products
I
• Compliance-based templates available Screenshot used with permission from Microsoft.
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 31
Threat Hunting
• Red team
E R
• Performs the offensive role
N T
• Blue team
C E
• Performs the defensive role
A L
• White team
IO N
•
S S
Sets the rules of engagement and monitors the exercise
• Purple team
F E
•
R O
Exercise set up to encourage collaboration
•
S P
Red and blue teams share information and debrief regularly
•
C I
Might be assisted by a facilitator
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 37
Passive and Active Reconnaissance
• Initial exploitation R
• Obtain a foothold via an exploit
T E
• Persistence
E N
•
•
Establish a command & control backdoor
Reconnect across host shut down/user log off events L C
• Privilege escalation N A
• Internal reconnaissance
S IO
Gain additional credentials and compromise higher privilege accounts
•
• Lateral movement ES
• Compromise other hosts
O F
• Pivoting
P R
•
C I S
Access hosts with no direct remote connection via a pivot host
• Actions on objectives
• Cleanup A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 39
R
Lesson 3 N T E
C E
Summary L
N A
S IO
ES
O F
P R
C I S
A
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 40