CompTIA® Security+ Exam Notes : Software Tools To Assess The Security Posture Of An Organization

2. Technologies and Tools

2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization

Backup Utilities:

1. HDD: Data stored on a hard disk drive (HDD) is permanent in nature. It remains on the hard drive even after the system is powered down and rebooted. However, a normal hard disk drive is prone to errors and may crash because of non-availability of redundancy.

2. Logs stored on remote systems: Any data stored on a remote system is less vulnerable than data stored on the target system. For this reason, many servers send log data to a remote system for centralized collection. Even if the server is completely destroyed, the centralized logs still have valuable data for problem analysis.

3. Archive media: This includes any types of backups or copies of data captured for either recovery or archive purposes. They are generally offline and less likely to be destroyed or corrupted. Examples of archive media include backup tapes and DVDs.

Software Tools:

Honeypot: Honeypots are designed such that they appear to be real targets to hackers. That is a hacker can not distinguish between a real system and a decoy. This enables lawful action to be taken against the hacker, and securing the systems at the same time.

Netstumbler: Netstumbler can be used to sniff wireless networks during wardriving. The software tool provides several details of a wireless network such as SSID.

To reduce vulnerabilities on a web server , you need to apply the latest service packs and patches to a web server or any operating system as a preventive measure. Audit logs may help detect any attempts to hack the web server, and not a preventive measure.

Network Mapper: A network mapper is a tool that identifies what the devices connected to the network and the operating systems being used, if any. Firewall, proxy server, and web security gateway are used for network/host security. System mapper is given to divert the attention from the basic question.

Sniffer: A sniffer is a piece of software that grabs all of the traffic flowing into and out of a computer attached to a network. A sniffer may be used in an IDS, and a sniffer by itself doesn't identify any suspicious traffic.

Proxy Server: A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.

Command line tools:

NBTSTAT: This utility displays current NetBIOS over TCP/IP connections, and display NetBIOS name cache.

NETSTAT: Displays current TCP/IP connections since the server was last booted.

TRACERT: Used to determine which route a packet takes to reach its destination from source.

IPCONFIG: Used to display Windows IP configuration information.

NSLOOKUP : This utility enables users to interact with a DNS server and display resource records.

ROUTE: Used to display and edit static routing tables.

Previous   Contents   Next

Security+ Cram Notes Contents ad