Information Security: Scanning and Analysis Tools

SCANNING AND ANALYSIS TOOLS

Typically used to collect information that attacker would need to launch successful attack

Attack protocol is series of steps or processes used by an attacker, in a logical sequence, to launch attack against a target system or network

Footprinting: the organized research of Internet addresses owned or controlled by a target organization

Fingerprinting: systematic survey of all of target organization’s Internet addresses collected during the footprinting phase

Fingerprinting reveals useful information about internal structure and operational nature of target system or network for anticipated attack

These tools are valuable to network defender since they can quickly pinpoint the parts of the systems or network that need a prompt repair to close the vulnerability

Port Scanners

Tools used by both attackers and defenders to identify computers active on a network, and other useful information

Can scan for specific types of computers, protocols, or resources, or their scans can be generic

The more specific the scanner is, the better it can give attackers and defenders useful information

Firewall Analysis Tools

Several tools automate remote discovery of firewall rules and assist the administrator in analyzing the rules

Administrators who feel wary of using same tools that attackers use should remember:

It is intent of user that will dictate how information gathered will be used

In order to defend a computer or network well, necessary to understand ways it can be attacked

A tool that can help close up an open or poorly configured firewall will help network defender minimize risk from attack

Packet Sniffers

Network tool that collects copies of packets from network and analyzes them

Can provide network administrator with valuable information for diagnosing and resolving networking issues

In the wrong hands, a sniffer can be used to eavesdrop on network traffic

To use packet sniffer legally, administrator must be on network that organization owns, be under direct authorization of owners of network, and have knowledge and consent of the content creators

Wireless Security Tools

Organization that spends its time securing wired network and leaves wireless networks to operate in any manner is opening itself up for security breach

Security professional must assess risk of wireless networks

A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess level of privacy or confidentiality afforded on the wireless network