Page 1493 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1493

After an attacker performs an IP probe, they are left with a list of
               active systems on a given network. The next task is to select one or

               more systems to target with additional attacks. Often, attackers have a
               type of target in mind; web servers, file servers, and other servers
               supporting critical operations are prime targets.

               To narrow down their search, attackers use port scan software to
               probe all the active systems on a network and determine what public
               services are running on each machine. For example, if the attacker

               wants to target a web server, they might run a port scan to locate any
               systems with a service running on port 80, the default port for
               Hypertext Transfer Protocol (HTTP) services. Administrators should
               use this information to disable unnecessary services on systems under
               their control. This reduces the attack surface of the system, making it
               more difficult for an attacker to find a foothold from which to begin an
               attack.


               Vulnerability Scans


               The third technique is the vulnerability scan. Once the attacker
               determines a specific system to target, they need to discover a specific
               vulnerability in that system that can be exploited to gain the desired
               access permissions. A variety of tools available on the internet assist
               with this task. Some of the more popular tools for this purpose include

               Nessus, OpenVAS, Qualys, Core Impact, and Nexpose. These packages
               contain a database of known vulnerabilities and probe targeted
               systems to locate security flaws. They then produce very attractive
               reports that detail every vulnerability detected. From that point, it’s
               simply a matter of locating a script that exploits a specific vulnerability

               and launching an attack against the victim.
               It’s important to note that vulnerability scanners are highly automated

               tools. They can be used to launch an attack against a specific system,
               but it’s just as likely that an attacker would use a series of IP probes,
               port scans, and vulnerability scans to narrow down a list of potential
               victims. However, chances are an intruder will run a vulnerability
               scanner against an entire network to probe for any weakness that

               could be exploited.
   1488   1489   1490   1491   1492   1493   1494   1495   1496   1497   1498