gsec practical assignment version 1.2b overview using fport on windows nt to map applicatio

《gsec practical assignment version 1.2b overview using fport on windows nt to map applicatio》由会员上传分享，免费在线阅读，更多相关内容在教育资源-天天文库。

1、GSECPracticalAssignmentVersion1.2bUsingFportonWindowsNTtoMapApplicationstoOpenPortsbyTeenaJ.HensonOverviewTodevelopdefense-in-depthcomputersecurity,anunderstandingofvariousvulnerabilitiesmustberealizedbeforeaprotectionstrategyisdeveloped.OneKeyfingerpr

2、int=AF19FA272F94998DFDB5DE3DF8B506E4A1694E46elementtominimizevulnerabilitiesistodevelopcomputersecuritypolicies,andthesepoliciesmustbeinpractice.Inaddition,riskassessmentsshouldbeperformed,andthehighestrisk-factorvulnerabilitiesmustbeeliminatedpromptly

3、.Acommonlyacceptedcomputersecuritypolicyusuallystartswithafirewallbeingestablishedatthecompany’sInternetconnection.Anextstepcouldbehostscanningornetworkintrusiondetectionsystemswithintheorganization.Alsoforconsiderationis“backdoor”accesstothenetworkvia

4、modemconnectionsfromothernetworks.Policiesshouldextendtoroutinebackupsforcriticaldata.Additionalprotectioncanbeinstalledwithhost-basedintrusiondetectionsystemstoprotectagainstthe“insiderthreat”oraccessthroughthefirewall.However,toestablishaneffectiveho

5、st-basedintrusiondetectionsystem,knowledgeoftheservicesandapplicationsthatopenportsonthesystemisanecessity.TheQuestionAninterestingquestionwasposedbyChrisBrentoninhis“PoorMan’sNTAuditing”presentationportionofthecourseworkfortheSANSGSECCertification.Mr.

6、Brentonasked“The$64,000questionis,canyouidentifyeachoftheprocessesrunningonyourmachinethathaveopenedeachofthelistedlisteningports?”TheGoalIdentifyallopenportsonaWindowsNT4.0Workstationutilizingtoolsand©SANSInstitute2000-2002,Authorretainsfullrights.kno

7、wledgeprovidedintheSANSGSECcourseworkorobtainedfromtheinternet.MethodsUsedtoAchievetheGoalKeyfingerprint=AF19FA272F94998DFDB5DE3DF8B506E4A1694E461)Issueanetstat-acommandataMS-DOScommandprompttorevealtheopenportsonyoursystem.Thislistmaybesurprising.Ther

8、earemanyapplications©SANSInstitute2000-2002AspartofGIACpracticalrepository.Authorretainsfullrights.GSECPracticalAssignmentVersion1.2bandservicesthatopenports,andthegoalistofindwhattheseareandwhytheyareopeningthesespecificports.“Netstat–