Unlock the full potential of your projects.
Show full map
Copy and edit map Copy

Comp TIA security Section 4: tools of the Trade

Other
ES
Emtenan saad
Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
Comp TIA security Section 4: tools of the Trade by Mind Map: Comp TIA security Section 4: tools of the Trade

1. * there are many types of logs( event ,security, audit)

2. Logs

2.1. * Non-Network Events -Events that happen on a host even though it's not connected to a network.( date,Time,Process,account,Event number,Event description)

2.1.1. 1- Operating system events 2-Application events 3- Security events

2.2. * Network Events -Events that deals with the communication between the host and something on the network.( Time , sourc address(mac-IP) ,destination Description)

2.2.1. 1- OS-or system-level 2- application-level

3. Protocol Analyzers

3.1. Wireshark

3.1.1. 1-20years 2-powerful tool 3-free 4-specifically mentioned on the security +

3.2. * Sniffer:type of software-usually has name like Pcap-WinPcap -nPcap (grabbing all of the data that’s going in and out of a particular interface)

3.3. * Protocol Analyzers have two functions; sniffing and analyzing the data

3.4. * Wireshark allows us to filter the data by services and protocols

3.5. * Using dnetwork analyzer we can look closely at an activity taking place with that session

4. Network Scanners

4.1. * Nmap is useful for hardware inventory and reconnaissance of your system

4.2. * Nebwork Scans can be done to detect open ports, protocols, hardware and rogue systems

4.3. * Scans can be a resource intensive so plan accordingly to maintain system availability

5. OS Utilities, Part 2 :

5.1. * ipconfig provides the IP Address and ethernet details, and the -all option finds the MAC address

5.2. * nslookup provides information on the DNS server

5.3. Digg is a Linux utility that functions like nslookup, but Digg allows for further functionality

5.4. * Netcat can open and listen to ports, and be an aggressive tool for reconnaissance

6. OS Utilities, Part 1

6.1. * Netstat : let you know what session a particular host is running at any given moment

6.1.1. 1- netstat -n : let you know who you’re talking to 2- netstat - a : let you know who’s trying to talk to you

6.2. * tracert : ARP Address Resolution Protocol:

6.2.1. Tracert can help see what routers are being hit, both internal and external

7. SNMP

7.1. Simple Network Management protocol (SNMP): tool which allows us to administer and manage network devices from hopefully a single source .

7.2. * A few to look at are Nagios.Zanbix,and Spiceworks

7.3. * SNMP uses UDP port 161 or port 10161 when using TLS

7.4. * SNMP managed devices run an agent that talks with a Network Management Station (NMS)

7.5. * SNMPV1 is unencrypted, SNMPV2 added basic encryption, SNMPV3 added TLS