NMAP – Network Security
In today’s world the security of a company’s computer network is of utmost importance. As a network administrator or a network security professional you want to be able to assess your network to make sure that it isn’t vulnerable. One of the tools that is out there to assist in completing this task is the network scanner NMAP.
NMAP is a network scanning tool that can be used to perform security audits or explore a network. It is a free tool that can be run on the numerous operating systems including: Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, and Amiga just to name a few. Through the use of raw IP packets NMAP completely maps a network, allowing for a complete inventory to be taken and for potential security holes to be identified and corrected. This network mapping is accomplished using numerous techniques including ping sweeps, port scanning, TCP fingerprinting and version detection.
In researching NMAP for one of my classes I discovered one of its main benefits – documentation. For a free tool the amount of documentation available is astounding. On the documentation page there is a main reference guide as well as guides on installation, the scripting engine, and articles on things like remote OS detection and IPID idle scan. There are also links to documentation and videos created by users of NMAP. And if you really want to dive into details there are books available including an official guide by NMAP creator Fyodor.
Since its creation in 1997 NMAP has evolved to meet the challenges posed by the ever-changing network environment. In an interview last year, Fyodor points out why NMAP is such an important tool for network administors and security professionals.
Mobility and the breakdown of network perimeters actually make Nmap more important. As networks grow more complex and distributed, you want to look at them from many angles by scanning from numerous endpoints. Nmap also makes it easy to inventory these big networks and identify unauthorized devices. For example, employees have been known to compromise security by plugging wireless devices and infected laptops into enterprise networks. Nmap is also often used for debugging purposes to understand and fix networks, so it isn’t solely a security tool.
John Green also sums up quite nicely why NMAP is a must have tool in the network protection arsenal.
The intelligence that can be garnered by using nmap is extensive. It provides all the information that is needed for a well-informed, full-fledged, precisely targeted assault on a network. Such an attack would have a high probability of success, and would likely go unnoticed by organizations that lack intrusion detection capabilities.