CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [91]
GFI LANguard This is a commercial network security scanner for Windows. It scans IP networks to detect what machines are running. It can determine the host operating system, what applications are running, what Windows service packs are installed, whether any security patches are missing, and more.
Retina This is a commercial vulnerability assessment scanner by eEye. Like Nessus, Retina scans all the hosts on a network and reports on any vulnerabilities found.
CORE IMPACT CORE IMPACT is an automated pen testing product that is widely considered to be the most powerful exploitation tool available (it's also very costly). It has a large, regularly updated database of professional exploits. Among its features, it can exploit one machine and then establish an encrypted tunnel through that machine to reach and exploit other machines.
ISS Internet Scanner This is an application-level vulnerability assessment. Internet Scanner can identify more than 1,300 types of networked devices on your network, including desktops, servers, routers/switches, firewalls, security devices, and application routers.
X-Scan X-Scan is a general multithreaded plug-in-supported network vulnerability scanner. It can detect service types, remote operating system types and versions, and weak usernames and passwords.
SARA Security Auditor's Research Assistant (SARA) is a vulnerability assessment tool derived from the System Administrator Tool for Analyzing Networks (SATAN) scanner. Updates are typically released twice a month.
QualysGuard This is a web-based vulnerability scanner. Users can securely access QualysGuard through an easy-to-use web interface. It features more than 5,000 vulnerability checks, as well as an inference-based scanning engine.
SAINT Security Administrator's Integrated Network Tool (SAINT) is a commercial vulnerability assessment tool.
MBSA Microsoft Baseline Security Analyzer (MBSA) is built on the Windows Update Agent and Microsoft Update infrastructure. It ensures consistency with other Microsoft products and, on average, scans more than 3 million computers each week.
In addition to this list, you should be familiar with the following vulnerability exploitation tools:
Metasploit Framework This is an open-source software product used to develop, test, and use exploit code.
Canvas Canvas is a commercial vulnerability exploitation tool. It includes more than 150 exploits.
Overview of the Pen-Test Deliverables
The main deliverable at the end of a penetration test is the pen testing report. The report should include the following:
■ List of your findings, in order of highest risk
■ Analysis of your findings
■ Conclusion or explanation of your findings
■ Remediation measures for your findings
■ Log files from tools that provide supporting evidence of your findings
■ Executive summary of the organization's security posture
■ Name of the tester and the date testing occurred
■ Any positive findings or good security implementations
Exam Essentials
Know the definition of a security assessment. A security assessment is a test that uses hacking tools to determine an organization's security posture.
Know pen testing deliverables. A pen testing report of the findings of the penetration test should include suggestions to improve security, positive findings, and log files.
Know the legal requirements of a pen test. A pen tester should have the client sign a liability release, a scope of work, and a nondisclosure agreement.
List the penetration testing steps. Pre-attack, attack, and post-attack are the three phases of pen testing.
Know the two types of security assessments. Security assessments can be performed either internally or externally.
Review Questions
1. What is the purpose of a pen test?
A. To simulate methods that intruders take to gain escalated privileges
B. To see if you can get confidential network data
C. To test