Preview

Lab 1

Satisfactory Essays
Open Document
Open Document
567 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Lab 1
Lab #1
1. List the five (5) steps of the Hacking process.

Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks

2. In order to exploit or attack the targeted systems, what can you do as an initial first step to collect as much information as possible about the targets prior to devising an attack and penetration test plan?

The first step would be the reconnaissance or footprinting step of the hacking process.

3. What applications and tools can be used to perform this initial reconnaissance and probing step?

Whois query, ping sweeps, Nmap, etc

4. How can social engineering be used to gather information or data about the organization’s IT infrastructure?

Social engineering is being used to by tricking people into giving out information that is not normally publicly available.

5. What does the enumeration step of the five (5) step hacking process entail and how is it vital to the hacker’s objective?

Enumeration is used to extract more-detailed and useful information from a victim’s system.

6. Explain how an attacker will avoid being detected following a successful penetration attack?

Attacker would avoid detection by covering tracks step of the hacking process where they cover up their tracks in the system they hacked into.

7. What method does an attacker use to regain access to an already penetrated system?

The hacker will use a backdoor into the system

8. As a security professional, you have been asked to perform an intrusive penetration test which involves cracking into the organization’s WLAN for a company. While performing this task, you are able to retrieve the authentication key. Should you use this and continue testing, or stop here and report your findings to the client?

You should follow the plan that was laid out in the planning stage of the penetration test

9. Which NIST standards document encompasses security testing and penetrating testing?

NIST 800-42 guideline on network

You May Also Find These Documents Helpful

  • Good Essays

    Nt1310 Unit 6 Paper

    • 712 Words
    • 3 Pages

    When proceeding with a Penetration test you must specifically authorize access to X party for conducting Y testing on your network. You should specifically lay out details of what the test will include and not include. When it will be done. What systems they will attempt to breech, what indicators will be done to prove the breech. This will protect both you and the Pen testing company incase something happens during the test or in the future. If a report showing how exactly they breeched your network was released to an outside party and they…

    • 712 Words
    • 3 Pages
    Good Essays
  • Good Essays

    ISSC362 Week 2 Lab

    • 454 Words
    • 2 Pages

    Vulnerability MS08-067 is an exposure in Server Service that could allow remote code execution in an affected system. The operating systems affected are Microsoft Windows 2000, Windows XP, and Windows Server 2003.…

    • 454 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    a. Social engineering is used in the real world. Reverse social engineering is used in the cyber world.…

    • 312 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    3. What must you obtain before you begin the ethical hacking process or penetration test on a live…

    • 652 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    Nt1310 Final Exam

    • 393 Words
    • 2 Pages

    The Motives Behind Hacking: Vandalism, Public Interest, Reveal Wrongdoing, Financial Gain, As a Protest, The Challenge (fun).…

    • 393 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    There are several steps that need to take place while planning and executing a penetration test. The first is the planning and preparation stage. During this stage, penetration testers and management personnel should hold a meeting to determine the exact scope, goals, and method of the penetration test. Failure to do this will only result in a list of exploitable vulnerabilities without any type of prioritization or guidelines for the organization. Since these tests can cause networks to crash or connectivity to slow tremendously, it is very important the penetration testers know what kinds of tests are and are not acceptable to management. Legal documents should also be drafted during this time to protect the penetration testers. Since the testing involves acts that would normally be illegal and could compromise confidential information, these documents can outline how the information will be handled, returned and/or destroyed. A liability waiver should also be included to protect the testers from and ramifications of any system damage during the test.…

    • 591 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    6. By deleting all traces of information that the attacker was there, being careful not to delete too much which could also prove someone was there.…

    • 263 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    IS4560 Lab 1 Assessment

    • 292 Words
    • 1 Page

    6. To avoid being detected, a hacker will have to erase all records of their activity. But must be careful not to erase normal system records that show the hacker wasn’t there.…

    • 292 Words
    • 1 Page
    Satisfactory Essays
  • Good Essays

    It Infrastructure

    • 342 Words
    • 2 Pages

    The User Domain is comprised of individuals that are often not aware of the tricks of attackers. For example, networks usually have strong passwords that one must know in order to gain access to the Internet. Nevertheless, social engineers can persuade individuals to give out personal information such as passwords and other types of private information. By giving out such information can cause computer viruses and infections executed by social engineers. Another way in which the User Domain can fall susceptible to attackers is the activities carried out by individuals on the computer. Visiting dangerous websites, downloading malicious files, and installing infected programs all give invitations to attackers to hack computer systems. In addition, inserting infected jump drives into computers can cause an entire computer network to become infected.…

    • 342 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Organized Crime

    • 375 Words
    • 2 Pages

    One new trend in organized crime is cybercrime. The key to it is social engineering. Hackers can easily persuade someone now a days to do things on their computer that is not in their best interest and the internet is assisting them.…

    • 375 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    Computer hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose. People who engage in computer hacking activities are often called hackers. Since the word “hack” has long been used to describe someone who is incompetent at his/her profession, some hackers claim this term is offensive and fails to give appropriate recognition to their skills.…

    • 2426 Words
    • 10 Pages
    Powerful Essays
  • Powerful Essays

    System Analysis and Design

    • 13666 Words
    • 55 Pages

    1. Describe three traditional techniques for collecting information during analysis. When might one be better than another?…

    • 13666 Words
    • 55 Pages
    Powerful Essays
  • Good Essays

    Social Engineering

    • 3841 Words
    • 16 Pages

    An early form of social engineering first appeared in the 1980′s and was named phreaking. Phreakers called phone companies and claimed to be system…

    • 3841 Words
    • 16 Pages
    Good Essays
  • Best Essays

    Near Field Communication (NFC) is one of the most popular short range wireless communication technology that offers in close proximity data transfer. Its simplicity and safe communication makes it more popular in day to day life when an NFC enabled device brought within few centimetres of another NFC device or tag. According to the communication between NFC devices due to its close proximity inhibits eavesdropping on NFC-enabled transactions.…

    • 2919 Words
    • 12 Pages
    Best Essays
  • Good Essays

    Social engineering is one type that you should watch for as a threat. This is a malicious user that will manipulate an organization’s member’s information. The attacker will use the information to bypass the security and access the confidential data that is stored on the system. The way this can happen is through e-mail, via phone, or even through instant messaging. The way you will know this is happening is because it will come in the form of hoaxes, phishing, or spam. The phishing attacks will be in e-mail, voice calls, or even social networks. The spam will come in three main forms that are called traditional spam, spim, and spit. The spam examples are like if you receive an e-mail from an unknown user that offers you a special offer and wants you to click some link to get the offer, another example is you answer a phone call from an unknown number and hear a recording saying that you qualify for a pre-approved bank loan and need your information to get the loan. An example of spim spam is where a user replies to an instant message in which they’re offered a free trial membership to some kind of program. Traditional spam is where attackers use spam as a way for…

    • 651 Words
    • 3 Pages
    Good Essays