FOCA
____ is a Web tool used to gather IP and domain information. It is available for both UNIX and Window OSs.Answer Samba Bugnosis SamSpade
What is “competitive intelligence”?
If you want to open a piano studio to compete against another studio that has been in your neighborhood for many years, getting as much information as possible about your competitor is wise. How could you know the studio was successful without being privy to its bank statements? First, many businesses fail after the first year, so the studio being around for years is a testament to the owner doing something right. Second, you can simply park your car across the street from the studio and count the students to get a good idea of the number of clients. You can easily find out the cost of lessons by calling the studio or looking for ads in newspapers, flyers, telephone books, billboards, and so on. Numerous resources are available to help you discover as much as is legally possible about your competition. Business people have been doing this for years. Now this information gathering, called competitive intelligence, is done on an even higher level through technology. As a security professional, you should be able to explain to the company that hired you all the methods competitors use to gather information. To limit the amount of information a company makes public, you should have a good understanding of what a competitor would do to discover confidential information.
The HTTP ____ method retrieves data by URI.Answer GET PUT POST
HEAD
To limit the amount of information a company makes public, you should have a good understanding of what a competitor would do to discover confidential information.
____ is a Web tool used to gather IP and domain information. It is available for both UNIX and Window OSs.Answer Samba Bugnosis SamSpade
FOCA
How can a computer criminal use HTTP methods before running an exploit on a server?
If you know HTTP methods, you can send a request to a Web server and, from the generated output, determine what OS the Web server is using. You can also find other information that could be used in an attack. After you determine which OS version a company is running, you can search for any exploits that might be used against that network’s systems.
____ is a tool that is used to perform DNS zone transfers.Answer Whois Netcat Metis
Dig
Why is ATM shoulder surfing much easier than computer shoulder surfing?
ATM theft is much easier than computer shoulder surfing because a keypad has fewer characters to memorize than a computer keyboard. If the person throws away the receipt in a trash can near the ATM, the shoulder surfer can match the PIN with an account number and then create a fake ATM card. Often shoulder surfers use binoculars or high-powered telescopes to observe PINS being entered, making it difficult to protect against this attack.
Some cookies can cause security issues because unscrupulous people might store personal information in cookies that can be used to attack a computer or server.
____ enable you to see all the host computers on a network. In other words, they give you an organization’s network diagram.Answer Web bugs Footprints Zone transfers
Namedroppers
The HTTP CONNECT method starts a remote application-layer loopback of the request message.
Network attacks often begin by gathering information from a company’s Web site.
The HTTP ____ method is the same as the GET method, but retrieves only the header information of an HTML document, not the document body.Answer CONNECT PUT POST
HEAD
In computer jargon, the process of finding information on a company’s network is called ____________________.
List at least five tools available for footprinting.
The following tools can be used for footprinting: Google groups, Whois, SamSpade, Web Data Extractor, FOCA, Necrosoft NS Scan, Google search engine, Namedroppers, White Pages, Metis, Dig, Netcat, Wget, Paros, and Maltego.
As a security tester, should you use social-engineering tactics?
As a security tester, you should never use social-engineering tactics unless the person who hired you gives you permission in writing. You should also confirm on which employees you’re allowed to perform social-engineering tests, and document the tests you conduct. Your documentation should include the responses you received, and all test results should, of course, be confidential.
What is the purpose of a Web bug? How do they relate to or differ from spyware?
A Web bug is a 1-pixel x 1-pixel image file referenced in an tag, and it usually works with a cookie. Its purpose is similar to that of spyware and adware: to get information about the person visiting the Web site. Web bugs are not from the same Web site as the Web page creator. They come from third-party companies specializing in data collection. Security professionals need to be aware of cookies and Web bugs to keep these information-gathering tools off company computers.
To help prevent ____ attacks, you must educate your users not to type logon names and passwords when someone is standing directly behind them—or even standing nearby.Answer shoulder-surfing footprinting piggybacking
social engineering
How can computer criminals use the Whois utility for their purposes?
The Whois utility is a commonly used tool for gathering IP address and domain information. With just a company’s Web address, you can discover a tremendous amount of information. Unfortunately, attackers can also make use of this information. Often companies don’t realize that they’re publishing information on the Web that computer criminals can use. The Whois utility gives you information on a company’s IP addresses and any other domains the company might be part of.
To see additional parameters that can be used with the ____ command, you can type nc -h at the command prompt.Answer Nslookup Namedroppers Netcat
Whois
The HTTP ____________________ method is used with a proxy that can dynamically switch to a tunnel connection, such as Secure Socket Layer (SSL).
____ can be used to read PINs entered at ATMs or to detect long-distance authorization codes that callers dial.Answer Shoulder surfing Footprinting Zone transferring
Social engineering
With commands such as ____, you can perform zone transfers of all DNS records.Answer Dig Whois DNS
Netcat
____ is a tool that is used to gather IP and domain information.Answer Whois Netcat Metis
Dig
____ is the most basic HTTP method.Answer GET PUT CONNECT
HEAD
The HTTP ____ method requests that the entity be stored under the Request-URI.Answer GET PUT POST
HEAD
A(n) ____________________ is a text file generated by a Web server and stored on a user’s browser.
The HTTP ____ allows data to be sent to a Web server.Answer GET PUT POST
HEAD
The HTTP ____ method retrieves data by URI.Answer GET PUT POST
HEAD
Wget is a tool that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet.
A(n) ____ is a 1-pixel x 1-pixel image file referenced in an tag, and it usually works with a cookie.Answer image bug zone transfer Bugnosis detector
Web bug
A(n) ____________________ is a person skilled at reading what users enter on their keyboards, especially logon names and passwords.
The ____ tool can generate a report that can show an attacker how a Web site is structured and lists Web pages that can be investigated for further information.Answer Netcat Paros Dig
Whois
How can DNS be used for footprinting?
DNS uses name servers to resolve names. After you determine what name server a company is using, you can attempt to transfer all the records for which the DNS server is responsible. This process, called a zone transfer, can be done with the Dig command. To determine a company’s primary DNS server, you can look for a DNS server containing a Start of Authority (SOA) record. An SOA record shows which zones or IP addresses the DNS server is responsible. After you determine the primary DNS server, you can perform another zone transfer to see all host computers on the company network. In other words, the zone transfer give you an organization’s network diagram. You can use this information to attack other servers or computers that are part of the network infrastructure.
____ can be used to gather information useful for computer criminals, like company phone directories, financial reports, interoffice memos, resumes of employees, etc.Answer Shoulder surfing Footprinting Piggybacking
Dumpster diving
____ is trailing closely behind an employee who has access to an area without the person realizing that you didn’t use a PIN or a security badge to enter the area.Answer Shoulder surfing Footprinting Piggybacking
Dumpster diving
What type of information is usually gathered by social engineering?
Social engineering means using a knowledge of human nature to get information from people. In computer attacks, the information is usually a password to a network or other information an attacker could use to compromise a network. A salesperson can get personal information about customers, such as income, hobbies, social life, drinking habits, music preferences, and the like, just by asking the customer the right questions. A salesperson uses charm and sometimes guile to relax customers. In a sense, a salesperson attempts to bond with customers by pretending to be empathetic with them. After leaving the store, customers might regret some of the information they freely gave, but if the salesperson was personable, they might not think twice about the personal information the salesperson elicited. Social engineers might also use persuasion tactics, intimidation, coercion, extortion, and even blackmail to gather the information they need. They are probably the biggest security threat to networks and the most difficult to protect against.
Namedroppers is a tool that can be used to capture Web server information and possible vulnerabilities in a Web site’s pages that could allow exploits such as SQL injection and buffer overflows.
What is “competitive intelligence”?
If you want to open a piano studio to compete against another studio that has been in your neighborhood for many years, getting as much information as possible about your competitor is wise. How could you know the studio was successful without being privy to its bank statements? First, many businesses fail after the first year, so the studio being around for years is a testament to the owner doing something right. Second, you can simply park your car across the street from the studio and count the students to get a good idea of the number of clients. You can easily find out the cost of lessons by calling the studio or looking for ads in newspapers, flyers, telephone books, billboards, and so on. Numerous resources are available to help you discover as much as is legally possible about your competition. Business people have been doing this for years. Now this information gathering, called competitive intelligence, is done on an even higher level through technology. As a security professional, you should be able to explain to the company that hired you all the methods competitors use to gather information. To limit the amount of information a company makes public, you should have a good understanding of what a competitor would do to discover confidential information.
The ____________________ utility gives you information on a company’s IP addresses and any other domains the company might be part of.
____ means using a knowledge of human nature to get information from people.Answer Fingerprinting Footprinting Zone transferring
Social engineering
List the five techniques used by social engineers in their attempts to gain information from unsuspecting people.
- Urgency- Quid pro quo- Status quo- Kindness
- Position
Elaborate on the following statement: “The most difficult job of a security professional is preventing social engineers from getting crucial information from company employees.”
No matter how thorough a security policy is or how much money is spent on firewalls and intrusion detection systems (IDSs), employees are still the weakest link in an organization. Attackers know this fact and use it. Employees must be trained and tested periodically on security practices. Just as fire drills help prepare people to evacuate during a fire, random security drills can improve a company’s security practices. For example, randomly selecting and testing employees each month to see whether they would give their passwords to someone within or outside the organization is a good way to see if your security memos are being read and followed.
____ is a tool that is used to gather competitive intelligence from Web sites.Answer Whois Netcat Metis
Dig
define HTTP 400 Bad Request
Request not understood by server
define HTTP 405 Method Not Allowed
Request not allowed for the resource
define HTTP 408 Request Timeout
Request not made by client in allotted time
define HTTP 403 Forbidden
Server understands request but refuses to comply
define HTTP 404 Not Found
define HTTP 500 Internal Server Error
Request could not be fulfilled by server
define HTTP 503 Service Unavailable
Server is unavailable due to maintenance or overload
define HTTP 502 Bad Gateway
Server received invalid response from upstream server
define HTTP 504 Gateway Timeout