Understanding Administrative Distance

 Administrative Distance

Administrative distance (AD) is a numerical value assigned to different routing protocols that determine which route a router will choose when multiple paths are available to the same destination, essentially acting as a trust level for the source of routing information, with a lower AD value signifying a more trusted source and thus being preferred by the router; essentially, when a router receives routes from multiple protocols for the same destination, the route with the lowest AD will be chosen to forward traffic.

Key points about administrative distance:

• Trust level: AD's primary function is to indicate the trustworthiness of a routing protocol, with a lower value representing a more reliable source of routing information.
• Router decision-making: When a router receives routes for the same destination from multiple protocols, it compares their AD values and selects the route with the lowest AD to install in its routing table.
• Configuration: Most network devices, like Cisco routers, have a default AD value for each routing protocol, but network administrators can manually adjust these values to prioritize specific routes based on their network design.
• Range: Administrative distance values typically range from 0 (most trusted) to 255 (least trusted).

Example scenario:

• Imagine a network where both OSPF and RIP are running.
• On a Cisco router, OSPF usually has a default AD of 110, while RIP has a default AD of 120.
• If the router receives routes to the same destination from both protocols, it will choose the OSPF route because it has a lower AD, indicating a more reliable path.

Administrative Distance chart:

Important considerations:

Static routes: Static routes often have a very low AD, making them a good choice for critical connections where you want to force traffic along a specific path.

Directly connected networks: Directly connected networks usually have the lowest AD value and are considered the most reliable.

Impact on network design: Properly configuring AD values is crucial for network stability and performance, as it allows administrators to control traffic flow based on the trustworthiness of different routing sources.

This post is covered in Network+.

Nikto: Uncovering Web Server Vulnerabilities with Ease

 Nikto 

Nikto is an open-source, command-line-based web server vulnerability scanner that actively checks web servers for potential security issues, such as outdated software versions, dangerous files, and misconfigurations. It performs a comprehensive "health check" to identify vulnerabilities attackers could exploit. Nikto is a popular tool used by penetration testers and security analysts to assess the security posture of a website or web server.

Key points about Nikto:

• Functionality: Nikto scans web servers by sending HTTP requests to identify potentially dangerous files and programs, checks for outdated server software versions, and examines server configuration errors that could lead to vulnerabilities.
• Extensive checks: It can detect over 6,700 potentially dangerous files or CGI scripts and check for outdated versions of more than 1,250 server types.
• Customizable: Users can configure Nikto to target specific areas of concern by adjusting scan parameters like ports, headers, and plugins.
• Open-source nature: Nikto is an open-source tool under the GPL license. It is freely available and actively maintained by a community of developers.

How to use:

• Nikto is typically run from a command line. You specify the target web server URL and desired scan options.

What Nikto can find:

• Outdated server software: Detects old versions of web server software that may have known vulnerabilities
• Dangerous files: Identifies potentially malicious files like default scripts or hidden files that could be exploited
• Insecure configurations: Flags server settings that could be considered risky, like permissive directory listings
• CGI vulnerabilities: Checks for potential vulnerabilities in Common Gateway Interface (CGI) scripts

Important considerations when using Nikto:

• Permission required: Always obtain permission before scanning a web server. Nikto can generate many requests that could be interpreted as an attack if not authorized.
• False positives: Nikto may sometimes flag non-critical issues, so careful analysis of scan results is necessary.
• Not a complete solution: While comprehensive, Nikto is not a substitute for a full web application penetration test, as it may not identify complex vulnerabilities requiring deeper analysis.

This post is covered in CySA+, Pentest+, and Security+.

Understanding EIGRP: A Comprehensive Guide to Enhanced Interior Gateway Routing Protocol

 EIGRP

EIGRP, which stands for Enhanced Interior Gateway Routing Protocol, is a dynamic routing protocol used in network environments to efficiently share routing information between routers, allowing data to traverse different network topologies by determining the best path to reach a destination, considered a hybrid protocol combining aspects of both distance-vector and link-state routing algorithms; it is known for its fast convergence, scalability, and efficient bandwidth utilization, making it a popular choice for large networks.

Key features of EIGRP:

• Neighbor Discovery: EIGRP establishes neighbor relationships with other routers by exchanging "Hello" packets on shared networks, which is crucial for routing information exchange.
• DUAL Finite State Machine: A core component of EIGRP that calculates the best path to a destination using a complex algorithm, considering factors like bandwidth, delay, and reliability.
• Reliable Transport Protocol: Ensures reliable delivery of routing updates between neighbors using a mechanism to retransmit lost packets.
• Fast Convergence: EIGRP quickly adapts to network changes by rapidly recalculating routes when topology updates occur, minimizing network disruptions.

How EIGRP works:

1. Neighbor Discovery: Routers send "Hello" packets to discover potential neighbors on connected networks.

2. Route Updates: Once neighbors are established, routers exchange routing updates containing information about reachable networks and their associated metrics.

3. DUAL Calculation: The DUAL algorithm within each router calculates the best path to a destination by considering the received routing updates and factors like bandwidth and delay.

4. Route Propagation: The calculated best routes are then propagated to other neighbors, allowing the entire network to converge on the optimal paths.

5. EIGRP uses IP protocol 88

Important EIGRP Concepts:

• Autonomous System (AS): A collection of routers that share routing information within the same EIGRP domain.
• Feasible Distance: The metric used by EIGRP to determine the best path to a destination, considering the cost to reach a neighbor and the advertised distance from that neighbor to the destination.
• Feasible Successor: EIGRP also uses the term "feasible successor," which refers to a loop-free backup route that is not necessarily the best route.
• Split Horizon: A mechanism that prevents loops by preventing a router from advertising a route back to the neighbor from which it received the route.
• Query Process: When a router receives a route update with a better metric for a known network, it initiates a query process to gather more information from neighbors to verify the new path.

Advantages of EIGRP:

• Fast Convergence: EIGRP quickly reacts to network changes due to its DUAL algorithm.
• Scalability: Can efficiently manage large networks with many routers.
• Load Balancing: Supports load balancing by using multiple equal-cost paths.

Disadvantages of EIGRP:

• Complexity: EIGRP configuration can be more intricate than other routing protocols.
• Proprietary: Primarily implemented on Cisco devices, which can limit interoperability with other vendor routers.

This post is covered in Network+.

OSSTMM: A Comprehensive Framework for Systematic Security Testing and Risk Assessment

 OSSTMM

The Open Source Security Testing Methodology Manual (OSSTMM) is a comprehensive security testing and assessment framework. Developed by the Institute for Security and Open Methodologies (ISECOM), OSSTMM provides a systematic and standardized approach to security testing, enabling organizations to identify vulnerabilities, assess risks, and improve their overall security posture.

Key Features of OSSTMM:

1. Peer-Reviewed Methodology: OSSTMM is continuously updated and peer-reviewed to stay relevant to the current state of security testing.
2. Scientific Approach: It emphasizes using metrics, measurements, and statistical analysis to quantify the effectiveness of security controls.
3. Comprehensive Coverage: The manual covers various aspects of security testing, including network security, physical security, web application security, wireless security, and social engineering.
4. Five Key Sections:

• Information Security: Assessing data confidentiality, integrity, and availability.
• Physical Security: Evaluating physical security measures for premises and equipment.
• Telecommunications and Networking Security: Assessing network infrastructure security.
• Personnel Security: Evaluating employee adherence to security policies and procedures.
• Compliance and Reporting: Providing guidelines for compliance and detailed reporting.

Benefits of Using OSSTMM:

• Consistency: Ensures a consistent and reliable approach to security testing.
• Collaboration: Facilitates communication between security professionals, auditors, and stakeholders.
• Continuous Improvement: Encourages ongoing assessment and updating of security measures to stay ahead of emerging threats.

This post is covered in CySA+ and Pentest+.

WPScan: The Ultimate Tool for WordPress Vulnerability Detection

 WPScan

WPScan is a free, open-source command line tool that scans WordPress websites for vulnerabilities:

What it does

WPScan checks for vulnerabilities in WordPress core, plugins, and themes. It also checks for weak passwords and exposed files.

How it works

WPScan mimics an attacker by not relying on access to your WordPress dashboard or source code.

Features

WPScan includes:

• A database of WordPress vulnerabilities that's continuously updated by WordPress security professionals
• A plugin that fits into existing workflows
• A CLI security scanner for security professionals
• An API for accessing the vulnerability database

Key Features:

• Vulnerability Detection: WPScan scans for known vulnerabilities in WordPress core, themes, and plugins using the WPScan Vulnerability Database.
• Enumeration: It can enumerate various aspects of a WordPress site, such as installed plugins, themes, and user accounts.
• Brute Force Testing: WPScan can perform brute force attacks to test the strength of user passwords.
• Customizable Scans: Users can customize their scans with various options, such as using a random user agent, throttling requests, or running in stealth mode to avoid detection.

How WPScan Works:

• Basic Scan: To perform a basic scan, you can use the following command: 

wpscan --url yourwebsite.com

This command will scan the specified website and provide information about its WordPress version, themes, plugins, and other potential vulnerabilities.

• Enumerating Plugins:

wpscan --url yourwebsite.com --enumerate vp

This command will enumerate all vulnerable plugins on the specified website.

• User Enumeration:

wpscan --url yourwebsite.com --enumerate u

This command will list all user accounts that can be discovered from the outside.

• Brute Force Attack:

wpscan --url yourwebsite.com --passwords /path/to/passwordlist.txt --usernames admin

This command will attempt to brute force the password for the specified username using a list of passwords.

How to use it

You can use additional flags to get specific information. For example, to search for vulnerable plugins, you can use the command wpscan --url yourwebsite.com -e vp --api-token YOUR_TOKEN.

Who uses it

WordPress administrators and security teams use WPScan to assess the security of their WordPress installations.

You can regularly scan your WordPress site for malware at least once per month. You should also run a scan whenever you change your website's structure or install new plugins.

This post is covered in CySA+ and Pentest+

Hydra Tool Overview: Enhancing Security Testing with Brute-Force and Dictionary Attacks

 HYDRA

Hydra (THC-Hydra) is a powerful and flexible password-cracking tool used primarily for brute-force attacks on various network services. It is widely used by penetration testers, security researchers, and ethical hackers to test the security of systems by attempting to crack passwords. Here are some key points about Hydra:

Key Features:

• Multi-Protocol Support: Hydra supports many protocols, including SSH, FTP, HTTP, HTTPS, SMB, and databases.
• Parallelized Attacks: Hydra can perform multiple login attempts simultaneously, making it faster than sequential brute-force tools.
• Flexible and Extensible: Hydra can easily be expanded with new modules, supporting additional protocols and attack methods.

How Hydra Works:

• Brute-Force Attacks: Hydra attempts to gain access by systematically trying different combinations of usernames and passwords until it finds the correct one.
• Dictionary Attacks: It can use a list of common passwords (a dictionary) to try against a given username.
• Password Spraying: Hydra can test a single password against multiple usernames to identify weak passwords used by different users.

Basic Usage:

• Single Username and Password:

hydra -l username -p password target service

Example:

hydra -l admin -p admin123 192.168.1.1 ssh

• Using a Password List:

hydra -l username -P /path/to/passwordlist.txt target service

Example:

hydra -l admin -P /usr/share/wordlists/rockyou.txt 192.168.1.1 ssh 

• Using a Username List:

hydra -L /path/to/userlist.txt -p password target service

Example:

hydra -L /usr/share/wordlists/usernames.txt -p admin123 192.168.1.1 ssh

Important Considerations:

• Legal and Ethical Use: Hydra should only be used for authorized testing and with permission from the system owner. Unauthorized use is illegal and unethical.
• Logging and Output: Hydra can save the results of its attempts to a file for later analysis using the -o option.

Hydra is a versatile tool that, when used responsibly, can help improve system security by identifying weak passwords and potential vulnerabilities.

This post is covered in CySA+ and Pentest+

Using Setenforce to Manage SELinux Modes: A Quick Guide

 SELinux setenforce Command

"Setenforce" is a Linux command used to temporarily change the mode of Security-Enhanced Linux (SELinux) between "enforcing" and "permissive" states. It controls whether SELinux actively blocks unauthorized actions or logs them as warnings. You can switch to permissive mode to troubleshoot potential SELinux conflicts without restarting the system, but remember that changes made with "setenforce" do not persist after a reboot.

Key points about setenforce:

Function:

To toggle between SELinux modes, select "enforcing" (strict security enforcement) or "permissive" (log violations without blocking them).

Command usage:

• To switch to permissive mode, setenforce 0
• To switch to enforcing mode: setenforce 1

Checking current mode:

Use the getenforce command to see the current SELinux mode.

Important consideration:

Changes made with "setenforce" only last until the system is rebooted. To permanently change SELinux mode, modify the /etc/selinux/config file.

This post is covered in Security+ and Server+