Download - Help Net Security

More documents

Recommendations

Info

2. The addition of the Ndiff scan comparison tool completes Nmap's growth into a whole suite of applications which work together to serve network administrators and security practitioners. Ndiff makes it easy to automatically scan your network daily and report on any changes (systems coming up or going down or changes to the software services they are running). The other two tools now packaged with Nmap itself are Ncat and the much improved Zenmap GUI and results viewer. 3. Nmap performance has improved dramatically. Since the most commonly open ports have now been determined, Nmap now scans fewer ports by default while finding more open ports. Also, a fixed-rate scan engine has been added. Now you can bypass Nmap's congestion control algorithms and scan at exactly the rate (packets per second) you specify. 4. The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap. All existing scripts have been improved, and 32 new ones added. The Nmap Scripting Engine is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. While plenty of users still prefer to run Nmap strictly from the command line, things are changing. "Back in the days of the old Nmapfe GUI, I always used Nmap from the command line. It was just easier to use that way for me, and the GUI didn't really gain me much. In fact, back then, I always considered the Nmapfe GUI to be like training wheels for your bike. People new to Nmap used it to learn the tool and get rolling, but after a day or so of playing in the GUI, they'd move to the command line," said Ed Skoudis, the founder and Senior Security Consultant with InGuardians. "But, with the release of the Zenmap, the latest GUI for Nmap, I'm rethinking this approach entirely. Sure, I still use Nmap from the command line for the vast majority of my work. It's just easy to kick off and script that way. But, I do find myself using the Zenmap GUI more for setting up scanning templates for clients and doing network visualization. So, back two years ago, 99% of my Nmap work was at the command line. Today, about 80% of my usage is at the command line, while the remaining 20% is in the Zenmap GUI," he added. The development process Some may think that Fyodor is the only person behind Nmap. This couldn't be farther from the truth as the project is a group effort with a myriad of contributors from all over the world. Coordinating such a sizable venture is far from easy. "Organizing such a big project is difficult, but we manage by making extensive use of the Subversion revision control system, mailing lists, and chat meetings," said Fyodor. "Also, different people specialize in different parts of the code. For example, David Fifield basically runs Zenmap while Ron Bowes has been writing more NSE scripts than anyone lately. So we each have responsibilities for different subsystems." Users are generally very satisfied with the pace new releases of Nmap see the light of day. Ed Skoudis commented: "Sometimes, I'm a bit overwhelmed at the relentless pace of Nmap updates. I also try to focus on full releases for my production work, rather than the beta releases which seem to come out every few days. For software stability and predictability, those full releases (not the betas) are the way to go." www.insecuremag.com 22
The ultimate guide to Nmap Besides working on the new release of Nmap, Fyodor also took the time to write an allembracing book - "Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning." (bit.ly/11NNXu) From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. It comes out at 468 pages and it's a no-brainer if you're serious about Nmap. A look to the future Since Nmap is one of those projects with a huge user-base and very dedicated developers, it's only natural for the community to constantly ask for new features and fixes. When talking about future versions, Fyodor noted: "We're already back at work developing new features and applications for the Nmap suite. These include a high speed network authentication cracker named Ncrack and a tool named Nping for exploring and troubleshooting networks by sending many types of raw packets and monitoring the responses. We're also expanding our Nmap Scripting Engine to inspect web servers more deeply and discover more vulnerabilities in them." Every now and then, someone wonders if there will be a commercial edition of Nmap somewhere down the line. This is especially important for government agencies, some enterprises and certain military groups that are prohibited from running free software. Every now and then, someone wonders if there will be a commercial edition of Nmap somewhere down the line. This is especially important for government agencies, some enterprises and certain military groups that are prohibited from running free software. Some are not excited with the idea, others would embrace it. Andrew Knapp, an Analyst with CGI says: "Commercial tools, while often easier to use and with better technical support, require more red-tape when adding features that you may find useful for your own uses and environment that the vendor might not find as important to include. I would probably just go out and find other tools that were open source with the features I was looking for." On the other hand, we have Ed Skoudis that has a different view of this hypothetical situation: "I'd certainly be open to a commercial version of Nmap, if it would provide me more or better support. I also think that a commercial Nmap would allow it to gain more use in- Mirko Zorz is the Editor in Chief of (IN)SECURE Magazine and Help Net Security. side of organizations that are forced to pay for their software." To make things official, when asked about this commercial possibility, Fyodor dispelled all myths for (IN)SECURE readers: "Nmap has been free and open source since I released it in 1997, and that isn't changing. The only companies who pay are those who can't comply with the GPL-based license and instead want to redistribute Nmap as part of their proprietary software or appliances." There you go - at least for the foreseeable future, Nmap will stay open source only, and Ed Skoudis added: "I think it is important, so that we can look under the hood and see how the tool does its work. Sometimes, when trying to glean a detailed understanding of how a given option actually functions, or to determine how a few different options may interwork in a way the documentation doesn't describe, it can be useful to review the code. Also, if there is a particular problem that causes Nmap or even a scan target to crash, having the ability to tweak the code is immensely helpful." www.insecuremag.com 23
Page 5 and 6: VPN management for Linux networks N
Page 7 and 8: Splunk 4 supercharges IT search Spl
Page 9 and 10: Mobile Guardian Enterprise Edition
Page 12 and 13: Integrating the results from a vuln
Page 14 and 15: continuous scans are expensive, the
Page 16 and 17: The fine folks at Origin Storage sh
Page 18 and 19: Further customization There is an a
Page 21: When you think about celebrities, y
Page 25 and 26: information wherever it is or where
Page 27 and 28: to externally hosted services that
Page 29 and 30: Practical Intrusion Analysis By Rya
Page 31 and 32: Information Security Management Met
Page 34 and 35: On a daily basis, online spammers a
Page 36 and 37: arranged in the same manner that ot
Page 38 and 39: Have you ever left the light, radio
Page 40: With some imagination, they create
Page 43 and 44: The work “Above the Clouds,” pu
Page 45 and 46: Second, using cloud services betwee
Page 47 and 48: "My IT department came to me with a
Page 49: As expected, cybercrime is soaring
Page 52 and 53: Authors: Felicia Donovan, Kristyn B
Page 55 and 56: In light of recent wireless breache
Page 57 and 58: Myth #4 - We have upgraded all of o
Page 59 and 60: Recent studies show that securing t
Page 61: Another best practice to protect an
Page 64 and 65: malicious users. Other attacks exis
Page 66 and 67: Web Application Frameworks An ideal
Page 68: IT Showcase Asia 2009 6 October-7 O
Page 71 and 72: model (80 percent) for the creation
Page 73 and 74:
The case for authentication The rea
Page 75 and 76:
In a least privilege computing envi
Page 77 and 78:
seriousness of the security threat
Page 80 and 81:
Today!s IT security professionals e
Page 82 and 83:
sensitive customer data, such as e-
Page 84 and 85:
Whether driven by data security man
Page 86 and 87:
Intelligent routing also includes a
Page 89 and 90:
PE Explorer (www.net-security.org/s
Page 91 and 92:
Policy Policy is an overused word,
Page 93 and 94:
with insiders. With malware, at lea
Page 96 and 97:
This article discusses the impact o
Page 98 and 99:
According to the Californian law, p
Page 100 and 101:
lost or stolen, but also for import
Page 103 and 104:
It!s a common scenario right now, p
Page 105:
3. How quickly can you and your IT
Page 108 and 109:
Manage network security Attacks on
Page 110 and 111:
Endpoint or host security is critic
show all

Download - Help Net Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?