Technical (Bottom-Up) Methodology 155
however, a few key points to remember. First, beware of the tools that you
run. There are primarily two types of tests: active and passive. The following
are examples of active testing:
Probes using scanners:
– Nessus — broad view
– Webtrends Security Analyzer — focused view
– SolarWinds tools — Cisco devices
Use of exploit scripts and “underground” tools:
– Password crackers — on all platforms and by sniffing
– War dialers — remote access
– Web exploit tools — Web server specific
– Wireless testing
It is important to note that using any of the tests above will degrade
network performance in one aspect or another. Some tools have a very small
footprint on network performance while others can cause nearly total inter-
ruption. So be aware that any active tool will increase network traffic, processor
utilization, or both. On most networks this will not be a problem; however,
you should study the network with the tools cited in the network sniffer
section or the tools cited under the network discovery section of the zero-
information-based attacks.
In addition to increasing network traffic or processor load, your testing
can have other negative impacts on the target network. Several of the tools
we examined have the ability to run denial-of-service (DoS) testing. Here is
a handy rule-of-thumb:
Denial of service tests tend to deny service.
So be aware of the effects of DoS testing a production network. This is
especially true if you are testing during peak production times. Remember
that if you are not sure, do not guess on a production network. If you are
afraid of the consequences of running a test, take it home and run it against
your home network, or against another test network. However, your test
network should be a network that you have permission to test. This leads us
to another point: only test network systems that you have permission to test.
Do not say that we did not warn you. Testing systems that you are not
authorized to can get you in a world of trouble. So be cautious.
The second type of testing that you will do during a network vulnerability
assessment is passive testing. During a passive test, you seldom have any
impact on network performance (see Exhibit 60). The following tests are
examples of passive tests:
SNMP and RMON “listening”:
– General network sniffing
– Wireless sniffing