Security Management Strategies for the CIOAccess "POF fingerprint scanning tools mitigate OS fingerprinting vulnerabilities"
This article is part of the June 2003 issue of Defense-in-Depth: Securing the network from the perimeter to the core
Tools that do operating system fingerprinting are a hacker's dream. They make it ridiculously simple to identify easy targets. Run Nmap against a target, learn what OS version it's running, and then look for a set of attack tools that can take out that particular release. If you place a POF sensor near one of your outgoing network connections, you can quickly build a map of machines and their OSes. Fortunately for us (the good guys), most fingerprinting scans leave distinctive patterns that are easily detected by a decent IDS. But aside from that, the good guys can also use a powerful OS fingerprinting technique called Passive Operating System Fingerprinting (POF). Several POF tools are available; the original is called "p0f" (with a zero), co-created by Michael Zalewski and Bill Stearns. POF is invisible, silent and nonintrusive. Unlike active fingerprinting tools such as Nmap, POF operates only as a sniffer and generates no packets. This is extremely important, because that means it won't interfere with legitimate traffic, and it won't force you and your ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Designing a defense-in-depth network security model
by Joel Snyder, Contributor
We challenged networking and firewall vendors to provide defense-in-depth security from the perimeter to the core. Their responses give us a glimpse into the future of enterprise network security.
-
First person: Editor Andrew Briney on how to pass the CISSP exam
by Andrew Briney
Newly minted CISSP Andrew Briney explains how to pass the CISSP exam, infosec's most coveted and controversial certification.
-
CISSP study plan: CISSP prep books, guides and resources
by Andrew Briney
Check out Andrew Briney's CISSP study plan recommendations on the best CISSP prep books, guides and websites.
-
The security risk management lifecycle framework
by Andrew Briney
Learn about the seven steps in the enterprise information security risk management lifecycle framework.
-
Designing a defense-in-depth network security model
by Joel Snyder, Contributor
-
-
Top challenges facing defense-in-depth firewall technology
by Joel Snyder, Contributor
Defense-in-depth firewall technology may offer value, but there are six barriers thwarting firewall technology on the port level.
-
Preparing for CISSP exam questions: What to expect
by Andrew Briney
Anybody who says the CISSP exam is easy isn't telling the whole story. There are plenty of difficult questions--some legitimate, some goofy.
-
Roundtable: Practical strategies for enterprise-wide risk management
by Andrew Briney
Four CISOs explore practical strategies for managing enterprise risk-from classification to assessment to monitoring to response.
-
Keeping security initiatives on track through executive, management turnover
by Anne Saita
How to keep enterprise security initiatives on track...even when there are cracks in the corporate ladder.
-
Top challenges facing defense-in-depth firewall technology
by Joel Snyder, Contributor
-
Columns
-
Achieving compliance with the California SB 1386 privacy law
by Randy Sabett, Contributor
California's new SB 1386 privacy law is full of ambiguity, but if you do business there, you'd better get your guard up.
-
Test center: CORE IMPACT 3.1 automated pen testing tool
by Scott Sidel, Contributor
Numerous mistakes tarnish the benefits of CORE Security's CORE IMPACT 3.1 automated pen testing tool.
-
POF fingerprint scanning tools mitigate OS fingerprinting vulnerabilities
by Marcus J. Ranum, Contributor
Nmap's silent parnter, POF is an OS fingerprinting tool for the good guys.
-
How to learn IT security in your spare time
by Dana W. Paxson, Contributor
When considering how to learn IT security, never underestimate the power of a few minutes of downtime.
-
Achieving compliance with the California SB 1386 privacy law
by Randy Sabett, Contributor
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...