General Security Concepts: Attacks • Chapter 2  77

                      way to do it. As stated earlier, the victim must believe you are who you
                      say you are. Try to think of plausible situations, and, if possible, know
                      the names of other people in the organization that you are social engi-
                      neering. Familiarity means comfort, and comfort means trust. With
                      these tips in mind, along with some practice, you are likely to be able to
                      obtain the information you request.





                 Vulnerability Scanning

                 Vulnerability scanning is important to both attackers and those responsible for
                 security hosts and networks.This refers to the act of probing a host in order to find
                 an exploitable service or process.There are a number of tools that can assist in vul-
                 nerability scanning.A basic example is a tool called Nmap. It is a port scanner,
                 which sends packets to a host in order to generate a list of services the host is run-
                 ning, and it will also return the OS type.With this information, an attacker can get
                 a better idea of what type of attack may be suitable for that particular host. For
                 example, it would not make sense to launch an IIS attack against a UNIX machine,
                 so knowing the OS and installed services means an attacker can better search for an
                 exploit that will work.
                    A more sophisticated vulnerability scanning tool is Nessus. It is a freeware tool,
                 which can be set up to scan multiple types of architectures for vulnerabilities using
                 a list of known attack types. It has several modes of operation, but in its default
                 mode, it will generate a very readable output detailing what services are currently
                 exploitable, and which may be exploitable. It also offers suggestions on how to
                 improve the security of a host. It’s a great tool for evaluating the security of your
                 systems, and can be downloaded from www.nessus.org.
                    Another free utility is Microsoft’s Security Baseline Analyzer, which can be
                 downloaded from www.microsoft.com/technet/security/tools/mbsahome.mspx. It
                 can be used to assess your own company’s security, and will list patches and config-
                 urations that should be changed on Microsoft machines to improve their security.














                                                                              www.syngress.com