2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet875/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   871   872   873   874   875   876   877   878   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Vulnerability Scans
The third technique is the 
vulnerability scan
. Once the attacker determines a specific 
system to target, they need to discover a specific vulnerability in that system that can be 
exploited to gain the desired access permissions. A variety of tools available on the internet 
assist with this task. Some of the more popular tools for this purpose include Nessus, 
OpenVAS, Qualys, Core Impact, and Nexpose. These packages contain a database of 
known vulnerabilities and probe targeted systems to locate security flaws. They then pro-
duce very attractive reports that detail every vulnerability detected. From that point, it’s 
simply a matter of locating a script that exploits a specific vulnerability and launching an 
attack against the victim.
It’s important to note that vulnerability scanners are highly automated tools. They can 
be used to launch an attack against a specific system, but it’s just as likely that an attacker 
would use a series of IP probes, port scans, and vulnerability scans to narrow down a list of 
potential victims. However, chances are an intruder will run a vulnerability scanner against 
an entire network to probe for any weakness that could be exploited.
Once again, simply updating operating systems to the most recent security patch level 
can repair almost every weakness reported by a vulnerability scanner. Furthermore, wise 
system administrators learn to think like the enemy—they download and run these vulner-
ability scanners against their own networks (with the permission of upper management) to 
see what security holes might be pointed out to a potential attacker. This allows them to 
quickly focus their resources on fortifying the weakest points on their networks.
Masquerading Attacks
One of the easiest ways to gain access to resources you’re not otherwise entitled to use is 
to impersonate someone who does have the appropriate access permissions. In the offline 
world, teenagers often borrow the driver’s license of an older sibling to purchase alcohol, 
and the same type of thing happens in the computer security world. Attackers borrow the 
identities of legitimate users and systems to gain the trust of third parties. In the following 
sections, we’ll take a look at two common masquerading attacks—IP spoofing and session 
hijacking.


Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   871   872   873   874   875   876   877   878   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2025
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish