INTRODUCTION – Scanning
You’re reading a training course on the part that leads to the knowledge of scanning technologies and their role in cybersecurity. This module will take you into a complex variety of scanning methodologies and present how they fortify the defenses of any digital infrastructure, identifies the vulnerabilities, and even detects threats that exist within these intricate networks.
By understanding the subtle nuances of these avant-garde technologies, you prepare yourself with the competence and authority to navigate the ever-changing landscape of cybersecurity with precision and confidence. Ready to unlock the effective scanning techniques and further your comprehension of their critical roles in safeguarding valuable assets from cutting-edge cyber threats?
Learning Objectives
- Define the packet capture file format
- Describe Wireshark
- Define what network protocol analyzers are
Nmap and Zenmap port scanning applications. - Define information retrieved via port scanning
Define port scanning. - Define how to apply the Center for Internet Security (CIS) benchmark hardening/vulnerability checklists.
- Define the Security Technical Implementation Guide’s application to improve the whole security environment.
- Define the application of the Common Vulnerability Scoring System (CVSS) for allocating vulnerability rating.
- Cite how vulnerability scanners work
Describe how vulnerability scanners operate.
VULNERABILITY TOOLS KNOWLEDGE CHECK
1. Which component of a vulnerability scanner would perform security checks according to its installed plug-ins?
- Database
- User Interface
- Report Module
- Engine Scanner (CORRECT)
2. Which component of a vulnerability scanner stores vulnerability information and scan results?
- Engine Scanner
- Report Module
- User Interface
- Database (CORRECT)
3. How does a vulnerability scanner detect internal threats?
- By scanning hosts (CORRECT)
- By scanning internet facing hosts from the Internet
- By scanning commonly access external hosts from within the network
- By reviewing incident data retrieved from a SIEM system
4. In which component of a Common Vulnerability Score (CVSS) would the attack vector be reflected?
- Environmental Score
- Temporal Score
- Base-Exploitability Subscore (CORRECT)
- Base-Impact Subscore
5. In which component of a Common Vulnerability Score (CVSS) would confidentiality be reflected?
- Temporal Score
- Base-Impact Subscore (CORRECT)
- Base-Exploitability Subscore
- Environmental Score
6. In which component of a Common Vulnerability Score (CVSS) would exploit code maturity be reflected?
- Temporal Score (CORRECT)
- Base-Exploitability Subscore
- Base-Impact Subscore
- Environmental Score
7. In which component of a Common Vulnerability Score (CVSS) would security requirements subscore be reflected?
- Base-Exploitability Subscore
- Environmental Score (CORRECT)
- Temporal Score
- Base-Impact Subscore
8. True or False. The US Dept of Defense has produced a number of Security Technical Implementation Guides to show the most secure ways to deploy common software packages such as operation systems, open source software, and network devices. These guides are available to the public and can be freely downloaded.
- True (CORRECT)
- False
9. The Center for Internet Security (CIS) has implementation groups that rank from the least secure to the most secure. Which of these has the least stringent security requirements?
- a) CIS Sub-Controls for small, commercial off-the-shelf or home office software environments. (CORRECT)
- b) CIS Sub-Controls focused on helping security teams manage sensitive client or company information.
- c) CIS Sub-Controls that reduce the impact of zero-day and targeted attacks from sophisticated adversaries.
- “a” and “b” only
- “a” and “c” only
- All of the above.
PORT SCANNING KNOWLEDGE CHECK
1. Which three (3) of these is identified by a basic port scanner? (Select 3)
- Active hosts using TCP (CORRECT)
- The destination of packets flowing through an open port
- Available services provided by the target system (CORRECT)
- A list of Open ports on a target system (CORRECT)
Partially correct!
2. Port numbers 49151 through 65536 are known as what?
- Virtual Ports
- Well known ports
- Dynamic and Private Ports (CORRECT)
- Registered Ports
3. What are the three (3) responses a port scanner might receive when it is scanning a system for open ports? (Select 3)
- Filtered (or blocked) (CORRECT)
- Available
- Closed (CORRECT)
- Open (CORRECT)
Partially correct!
4. Which type of scan is commonly used to check if a working system is at the address indicated and that it is responding?
- Stealth scan
- TCP/Half Open Scan (aka a SYN scan)
- UDP port scan
- Ping (ICMP Echo Request) (CORRECT)
- TCP Connect
5. Which type of scan sends an empty packet or packet with a different payload for each port scanned. A response is received only for closed ports?
- UDP port scan (CORRECT)
- TCP/Half Open Scan (aka a SYN scan)
- Stealth scan
- Ping (ICMP Echo Request)
- TCP Connect
NETWORK PROTOCOL ANALYZERS KNOWLEDGE CHECK
1. Which two (2) of these are other names for a protocol analyzer? (Select 2)
- Packet analyzer (CORRECT)
- Port analyzer
- Snooper
- Network analyzer (CORRECT)
Partially correct!
2. Which is the most popular packet sniffer used?
- WireShark (CORRECT)
- PacketGrabber
- SniffMaster
- ProtoALL
VULNERABILITY ASSESSMENT TOOLS GRADED ASSESSMENT
1. Which of these is identified by a basic port scanner?
- OSI Layer 1 data
- MAC addresses
- IP addressess
- Open ports (CORRECT)
2. Port numbers 0 through 1023 are known as what?
- Registered Ports
- Dynamic and Private Ports
- Well known ports (CORRECT)
- Virtual Ports
3. If a port is blocked, what response will be sent to the port scanner?
- A “this port is blocked” message will be sent
- A reply will be sent containing the next higher port number that is open.
- There will be no response (CORRECT)
- A challenge message will be sent requestion appropriate authorization codes
4. Which type of scan notes the connection but leaves the target hanging, i.e. does not reveal any information to the target about the host that initiated the scan?
- Ping (ICMP Echo Request)
- TCP Connect
- UDP port scan
- Stealth scan
- TCP/Half Open Scan (aka a SYN scan) (CORRECT)
5. Which two (2) of these are other names for a protocol analyzer? (Select 2)
- Traffic analyzer (CORRECT)
- Gateway analyzer
- Domain analyzer
- Sniffer (CORRECT)
Partially correct!
6. True or False. Packet sniffers are used by hackers but have no legitimate place in legitimate network management.
- True
- False (CORRECT)
7. Which component of a vulnerability scanner provides high-level graphs and trend reports for executive leadership?
- Engine Scanner
- Database
- Report Module (CORRECT)
- User Interface
8. How does a vulnerability scanner detect external threats?
- By reviewing incident data retrieved from a SIEM system
- By scanning commonly access external hosts from within the network
- By scanning hosts
- By scanning internet facing hosts from the Internet (CORRECT)
9. What are the three (3) components that make up the overall Common Vulnerability Score (CVSS)? (Select 3)
- External
- Environmental (CORRECT)
- Temporal (CORRECT)
- Internal
- Base (CORRECT)
Partially correct!
10. In which component of a Common Vulnerability Score (CVSS) would attack complexity be reflected?
- Base-Exploitability Subscore (CORRECT)
- Base-Impact Subscore
- Temporal Score
- Environmental Score
11. In which component of a Common Vulnerability Score (CVSS) would integrity be reflected?
- Environmental Score
- Base-Impact Subscore (CORRECT)
- Base-Exploitability Subscore
- Temporal Score
12. In which component of a Common Vulnerability Score (CVSS) would remediation level be reflected?
- Environmental Score
- Base-Exploitability Subscore
- Temporal Score (CORRECT)
- Base-Impact Subscore
13. In which component of a Common Vulnerability Score (CVSS) would impact subscore be reflected?
- Base-Exploitability Subscore
- Environmental Score
- Temporal Score (CORRECT)
- Base-Impact Subscore
14. True or False. The US Dept of Defense has produced a number of Security Technical Implementation Guides to show the most secure ways to deploy common software packages such as operation systems, open source software, and network devices. These guides are restricted to use by US military agencies only.
- True
- False (CORRECT)
15. The Center for Internet Security (CIS) has implementation groups that rank from the least secure to the most secure. Which of these are required to meet the middle level of security?
- a) CIS Sub-Controls for small, commercial off-the-shelf or home office software environments.
- b) CIS Sub-Controls focused on helping security teams manage sensitive client or company information.
- c) CIS Sub-Controls that reduce the impact of zero-day and targeted attacks from sophisticated adversaries.
- “a” and “b” only (CORRECT)
- “a” and “c” only
- All of the above.
CONCLUSION – Scanning
In summary, this module would have presents a holistic view of different scanning technologies and their indispensable utility in cybersecurity. From looking at these tools, the participants will have gained significant insights into how to improve the digital defenses, identify vulnerabilities, and detect latent threats diversely across network environments.
Thus, by knowing this information, one can better prepare themselves to prevent risks, improve security measurers, and efficiently protect important assets from emerging threats. Continuing with new skills tends to make participants contributing significantly towards the robustness of organization resilience against a more convoluted face of cyber risks.