O'Reilly logo

Build Your Own Security Lab: A Field Guide for Network Testing by Michael Gregg

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5. Enumerating Systems

Enumeration can best be defined as the process of counting. From a security standpoint, it's the process the attacker follows before an attack. The attacker is attempting to count or identify systems and understand their role or purpose. This may mean the identification of open ports, applications, vulnerable services, DNS or NetBIOS names, and IP addresses before an attack.

This chapter looks at the process of enumeration. It explores how enumeration is executed and looks at ways to reduce the effectiveness of enumeration by attackers. In enumeration, the goal is to look for user account information, system groups and roles, passwords, unprotected shares, applications, and banners, and attempt to identify network resources. You also might want to include obtaining Active Directory information. This process fits in well with the network security lab you have constructed, as here is the place to test your enumeration skills, yet also implement different types of defensive measures to see how well they work. The overall goal is to use the lab to learn how to defeat those that attempt enumeration maliciously.

Enumeration

Many people might think of enumeration as just a Windows type of activity. That is actually untrue, as enumeration can be performed against many other different types of systems and services, including the following:

  • Simple Network Management Protocol (SNMP)

  • Routing devices

  • Other vulnerable services (such as web servers, SQL servers, and applications ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required