Cyber Defense and penetration Testing: Week 4 - Scanning

LoadingLoading previews...
Scanning
HTML Creative Commons: Attribution-Noncommercial-No Derivative Works 4.0
View
    Scanning
    Scanning
    1 file in this resource
    Summary: Once the passive reconnaissance phase is over, a penetration tester can initiate the Scanning phase. This is the active attempt to connect to a system to elicit a response and determine the services running on it. Scanning is often also defined as Active Reconnaissance and typically enables the attacker to establish information about IP addresses, services running on a computer and operating systems. The main objective of scanning is to probe ports, keeping track of open TCP/IP ports that would be receptive to hacking and establish applications vulnerable to hacking. Scanning is a 3-step sequence process [1]: 1. Locating a live system in a network. 2. Scanning the system for open ports and running services. 3. Scanning the system for vulnerabilities. Scanning can also be used to identify/detect the target operating system (fingerprinting) The three steps are defined as follows: • Network Scanning – checks live IP addresses. This is a procedure for identifying active hosts on a network. • Port Scanning - determines open ports and active services in each of the identified live hosts. A series of messages are sent to a computer to learn which network services and associated "well-known" port number are running. • Vulnerability Scanning – The active services are scanned for vulnerabilities to determine the presence of known flaws.
    Creators:
    Divisions: Academic > School of Computing, Engineering and Built Environment > Department of Computing > Computing
    Copyright holder: Copyright © Glasgow Caledonian University
    Viewing permissions: World
    Depositing User:
    Date Deposited: 13 Jul 2018 08:36
    Last Modified: 13 Feb 2020 12:06
    URI: https://edshare.gcu.ac.uk/id/eprint/3849

    Actions (login required)

    View Item View Item

    Toolbox

    There are no actions available for this resource.