Electronic Books

The results are displayed as the assessment executes.
400
Practical Hacking Techniques and Countermeasures
An HTML page displaying an itemized result of the assessment is given by
clicking on the green report button or by clicking on View and then
clicking on Report.
By clicking on the Details selection on the Web page reveals the specifics
of the results.
Vulnerability Scanning
401
Click on individual results to display each vulnerability result. In this
example, the NT Server Password was selected, which scrolls to the area
of the results page for those details. This example shows the following:

The Administrator password was determined to be 123.

The account was last logged into Fri Nov 18 21:48:43 2005.

The account has logged in a total of 9 times.
*Note: Keep in mind that attackers look at all data collected. If an Administrator
account has only logged in a total of 9 times, this may indicate that the user
does not use that server very much or is not logging out and may not dedicate
appropriate security measures to keep that server up to date. Even if the
password cannot be determined by X-Scan, the fact that this server has port
3389 open indicates other tools may be able to gain access (Lab 59).
*Note: X-Scan is an excellent tool to check for vulnerabilities against servers and the
price (free) cannot be beat.
402
Practical Hacking Techniques and Countermeasures
Lab 65: Vulnerability Scanner
Perform Vulnerability Assessment: SARA
Prerequisites: None
Countermeasures: Secure ACLs, Bastion servers/workstations
Description: SARA (Security Auditor??™s Research Assistant) discovers,
analyzes, and reports on security vulnerabilities of network-based
computers, servers, routers, and firewalls.


Pages:
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154