Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

1. Describe the enumeration step of security testing 2. Describe the process of

ID: 3750243 • Letter: 1

Question

1. Describe the enumeration step of security testing
2. Describe the process of enumeration. You start by port scanning and footprinting a system to determine what type of OS it is using.
3. Describe the Network Basic Input Output System (NetBIOS), a Windows programming interface that allows computers to communicate over a LAN. It is commonly used to share files and printers.
4. Describe OpenVAS. OpenVAS is an open-source descendent of Nessus. It is a popular tool for identifying vulnerabilities.
Technical Notes for Activities
Activity 6-1: This activity requires a classroom Linux CD, a computer running Windows, and an Internet connection.
Activity 6-2: This activity requires a computer running Windows and a network connection.
Activity 6-3: This activity requires a computer running Windows, a classroom Linux CD, and an Internet connection.
Activity 6-4: This activity requires a classroom Linux CD and an Internet connection. 1. Describe the enumeration step of security testing
2. Describe the process of enumeration. You start by port scanning and footprinting a system to determine what type of OS it is using.
3. Describe the Network Basic Input Output System (NetBIOS), a Windows programming interface that allows computers to communicate over a LAN. It is commonly used to share files and printers.
4. Describe OpenVAS. OpenVAS is an open-source descendent of Nessus. It is a popular tool for identifying vulnerabilities.
Technical Notes for Activities
Activity 6-1: This activity requires a classroom Linux CD, a computer running Windows, and an Internet connection.
Activity 6-2: This activity requires a computer running Windows and a network connection.
Activity 6-3: This activity requires a computer running Windows, a classroom Linux CD, and an Internet connection.
Activity 6-4: This activity requires a classroom Linux CD and an Internet connection. 1. Describe the enumeration step of security testing
2. Describe the process of enumeration. You start by port scanning and footprinting a system to determine what type of OS it is using.
3. Describe the Network Basic Input Output System (NetBIOS), a Windows programming interface that allows computers to communicate over a LAN. It is commonly used to share files and printers.
4. Describe OpenVAS. OpenVAS is an open-source descendent of Nessus. It is a popular tool for identifying vulnerabilities.
Technical Notes for Activities
Activity 6-1: This activity requires a classroom Linux CD, a computer running Windows, and an Internet connection.
Activity 6-2: This activity requires a computer running Windows and a network connection.
Activity 6-3: This activity requires a computer running Windows, a classroom Linux CD, and an Internet connection.
Activity 6-4: This activity requires a classroom Linux CD and an Internet connection.

Explanation / Answer

1)Answer:

enumeration step of security testing:

Enumeration is the next step after scanning. The goal of enumeration is to get a complete picture of the target. In this phase, a penetration tester tries to identify valid user accounts or poorly-protected shared resources using active connections to systems.

Techniques Used in Enumeration

Following are the common set of procedures used in Enumeration

2)Answer:

Enumeration in information security is the process of extracting user names, machine names, network resources, and other services from a system. All the gathered information is used to identify the vulnerabilities or weak points in system security and then tries to exploit it.

Techniques for Enumeration:

There are many ways to collect data, such as network users, routing tables and Simple Network Management Protocol (SNMP) information. Let’s discuss the possible ways an attacker might enumerate a target network and what countermeasure can be taken to prevent these.

Extract User Names Using Email IDs:

Usually, email ID contains two parts; the one is Username, and the other is Domain name. The structure of the email address is “username@domainname.” For instance, xyz@live.com is an email ID, then xyz (Character preceding the ‘@’ symbol) is the user name and live.com (Character proceeding the ‘@’ symbol) is the domain name.

Extracting Information Using the Default Passwords:

There are many online resources that publish many default passwords assigned by the manufacturer for their products. Often users forget to change the default passwords that help an attacker to enumerate their data easily.

Brute Force Active Directory:

Microsoft Active Directory is susceptible to a username enumeration weakness at the time of user-supplied input validation. This is the consequence of a design error in the application. Attacker takes benefits from it and exploits the weakness to enumerate valid usernames.

Extract Username Using SNMP:

By using SNMP APIs, attackers can guess the strings through which they can extract required username.

Extract Information Using DNS Zone Transfer:

An Attacker can get valuable topological information about the target’s internal network using DNS zone transfer.

Services and Ports to Enumerate:

TCP 53: DNS Zone Transfer:

DNS zone transfer relies on TCP 53 port rather than UDP 53. The TCP protocol helps to maintain a consistent DNS database between DNS servers. DNS server always uses TCP protocol for the zone transfer.

TCP 137: NetBIOS Name Service (NBNS):

NBNS, also known as Windows Internet Name Service (WINS), maintain a database of the NetBIOS names for hosts and the corresponding IP address the host is using.

UDP 161: Simple Network Management Protocol (SNMP):

You can use the SNMP protocol for various devices and applications including firewall and routers to communicate logging and management information with remote monitoring application.

TCP/UDP 389: Lightweight Directory Access Protocol (LDAP):

You can use the LDAP Internet protocol, Microsoft Active Directory and as well as some email programs to look up contact information from a server.

TCP 25: Simple Mail Transfer Protocol (SMTP):

SMTP allows email to move across the internet and across the local internet. It runs on the connection-oriented service provided by Transmission Control Protocol (TCP) and uses port 25.

Port Scanning:

Port Scanning is one of the most popular techniques that attacker uses to discover services, which can exploit the systems. All the systems connected to the LAN or accessing network via a modem which runs services that listen to well-known ports.

By using port scanning, we can explore information such as: What services are running, what users own those services, is anonymous login are supported, whether certain network services require authentication and other related details.

Port Scanning Techniques:

There are various port scanning techniques available. The well-known tools like Nmap and Nessus have made port scanning process automated. The scanning technique includes:

Address Resolution Protocol (ARP) scan:

In this technique, a series of ARP broadcast is sent, and the value for the target IP address field is incremented in each broadcast packet to discover active devices on the local network segment. This scan helps us to map out the entire network.

Vanilla TCP connect scan:

It is the basic scanning technique that uses connect system call of an operating system to open a connection to every port that is available.

TCP SYN (Half Open) scan:

SYN scanning is a technique that a malicious hacker uses to determine the state of a communications port without establishing a full connection. These scans are called half open because the attacking system doesn’t close the open connections.

TCP FIN Scan:

This scan can remain undetected through most firewalls, packet filters, and other scan detection programs. It sends FIN packets to the targeted system and prepares a report for the response it received.

TCP Reverse Ident Scan:

This scan discovers the username of the owner of any TCP connected process on the targeted system. It helps an attacker to use the ident protocol to discover who owns the process by allowing connection to open ports.

TCP XMAS Scan:

It is used to identify listening ports on the targeted system. The scan manipulates the URG, PSH and FIN flags of the TCP header.

TCP ACK Scan:

It is used to identify active websites that may not respond to standard ICMP pings. The attacker uses this method to determine the port status by acknowledgment received.

FINGERPRINTING

Banner grabbing and operating system identification, also be defined as fingerprinting the TCP/IP stack, is the process that allows the hacker to identify particularly vulnerable or high-value targets on the network.

Many email and web servers respond to a Telnet connection with the name and version of the software that enables an attacker in fingerprinting the OS and application software. There are two categories in which fingerprint is further divided, Active stack and Passive Stack Fingerprinting.

The OS fingerprinting helps us to design better and implement security controls in networks and local machines. Additionally, effective OS fingerprinting is a vital penetration testing skill.

Active Stack Fingerprinting:

It is the most common form of fingerprinting that involves sending data to a system to see how the system responds. Different operating system vendors implement the TCP stack differently, and their responses differ from each other, based on the operating system. The responses are then compared to a database to determine the operating system.

The Active stack fingerprinting is easily detectable, as it frequently attempts to connect with the same target system.

Passive Stack Fingerprinting:

Passive stack fingerprinting is a bit complicated task that involves examining traffic on the network to determine the operating system rather than generating network traffic by sending packets to them. It uses sniffing techniques instead of scanning techniques. Passive Stack Fingerprinting remains undetected by an IDS or another security system but is less accurate than active fingerprinting.

Fingerprinting Techniques:

Fingerprinting techniques are based on detecting modification in packets produced by different operating systems.

Common techniques are based on analyzing:

Other techniques are based on analyzing:

Related Questions

1. Describe how you would make 400.0 mL of a 0.0500M solution of NaOH from pure
Question #1042260
1. Describe how you would prepare 50 mL of a solution containing 0.15 M malonic
Question #787382
1. Describe how you would prepare each of the following aqueous solutions. a. 1.
Question #982303
1. Describe how you would test the hypothesis that the small island and the main
Question #45225
1. Describe in detail how SNARE proteins and other accessory proteins may help i
Question #197481
1. Describe in your own words the differences between cyclic and seasonal patter
Question #339546
1. Describe in your own words the process of the electrochemical actions of neur
Question #3445129
1. Describe in your own words what a social convoy is and what its purpose is. D
Question #129786

Navigate

Previous
1. Describe the enthalpy changes during the dissolving of KBr into C 2 H 6 : The
Next
1. Describe the etiology, complications, interprofessional care, and nursing man

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.