2.3 Network Security Testing Tools

nmap / zenmap

low-level scanner used to discover computers and their services on a network. can be used for malicious purposes as it allows the use of decoy hosts on the same LAN as the target host to mask the source of the scan

superscan

port scanning software that is designed to detect open TCP and UDP ports, determine what services are running on those ports, and to run queries, such as whois, ping, traceroute, and hostname lookups

security information event management (SIEM)

technology used in enterprise organizations to provide real time reporting and long-term analysis of security events

gfi languard

a network and security scanner which detects vulnerabilities

tripwire

assesses and validates IT configurations against internal policies, compliance standards, and security best practices

nessus

a vulnerability scanning software, focusing on remote access, misconfigurations, and DoS against the TCP/IP stack

l0phtcrack

a password auditing and recovery application

metasploit

provides information about vulnerabilities and aids in penetration testing and IDS signature development

classic TCP and UDP port scanning

searches for different services on one host

classic TCP and UDP port sweeping

searches for the same service on multiple hosts

stealth TCP and UDP port scans and sweeps

similar to classic scans and sweeps, but harder to detect by the target host or IPS

remote operating system identification

AKA OS fingerprinting, identifies the operating system of the host

security information management (SIM) and security event management (SEM)

what 2 previous products were combined to create security information event management (SIEM)?