 |
| Nmap in the Enterprise Your Guide to Network Scanning |
Angela Orebaugh is an information security technologist, scientist, and author with
a broad spectrum of expertise in information assurance. She synergizes her 15 years of
hands-on experiences within industry, academia, and government to advise clients on
information assurance strategy, management, and technologies. Ms. Orebaugh is involved
in several security initiatives with the National Institute of Standards and Technology
(NIST) including technical Special Publications (800 series), the National Vulnerability
Database (NVD), Security Content Automation Protocol (SCAP), and secure eVoting.
Ms. Orebaugh is an adjunct professor at George Mason University where she
performs research and teaching in intrusion detection and forensics. Her research
includes peer-reviewed publications in the areas of intrusion detection and prevention,
data mining, attacker profi ling, user behavior analysis, and network forensics.
Ms. Orebaugh is the author of the Syngress best seller’s Wireshark and Ethereal
Network Protocol Analyzer Toolkit and Ethereal Packet Sniffi ng. She has also co-authored
the Snort Cookbook and Intrusion Prevention and Active Response. She is a frequent
speaker at a variety of security conferences and technology events, including the
SANS Institute and the Institute for Applied Network Security.
Ms. Orebaugh holds a Masters degree in Computer Science and a Bachelors degree
in Computer Information Systems from James Madison University. She is currently
completing her dissertation for her Ph.D. at George Mason University, with a
concentration in Information Security.
Angela would like to thank Andrew Williams and Syngress/Elsevier for providing the
opportunity to write this book. It would not have been possible without my security guru
co-author, Becky Pinkard. Thank you for your amazing technical expertise, constant dedication,
and much needed comic relief. I would also like to thank Tim Boyles for his helpful insights and
assistance. I would like to thank Fyodor and the Nmap developers for creating such a full-featured,
versatile tool.
I am fortunate to have such loving and supportive family and friends, who bring joy and
balance to my life. Thank you for always being there. Most of all, I would like to thank Tammy
Wilt. Your love and encouragement gives me strength to follow my dreams and your patience
and support allows me to make them a reality. I am eternally grateful.
Becky Pinkard got her start in the information technology industry in 1996, answering
phones and confi guring dial-up networking for GTE Internetworking. She is currently a
senior security manager with a Fortune 20 company where she is lucky enough to work
with security technology on a daily basis.
Becky is a SANS Certifi ed Instructor and has taught with the SANS Institute since
2001. She has participated as a GIAC GCIA advisory board member and on the Strategic
Advisory Council for the Center for Internet Security. She is a co-author of the Syngress
book, Intrusion Prevention and Active Response, Deploying Network and Host IPS. Becky also
enjoys speaking at technical conferences, conventions and meetings. Basically anywhere
security geeks can get together and have a few laughs while learning something cool!
Additionally, Becky has setup enterprise intrusion detection systems, designed patch,
vulnerability and fi rewall strategies, performed network and web security audits, led
forensics cases, and developed security awareness training in small and large environments.
Becky would like to thank the following folks for their support, kindness and general,
all-around, nice-to-work-withedness in making this book possible.
Syngress Publishing, Elsevier and especially Andrew Williams for his enthusiasm with this
project, sense of humor and much-tested patience.
A huge thank you to Eric Ortego for his assistance with Chapter 6 – may our fi ngerprints
never show up on your assets! J
Thanks to Dan Cutrer for being, without a doubt, the funniest and nicest lawyer I know.
Your insights and assistance were greatly appreciated.
Acknowledgements would not be complete without mentioning Fyodor and all the incredibly
talented people who have made Nmap what it is today. Many, many thanks to you all.
A special thank you goes out to Angela Orebaugh - I will always be indebted to you for
asking me to share this wild book ride with you. Here’s to the only person I now consider one of
my best friends to have never met face-to-face!
Here’s a huge shout out to my Mom, just because I know she will get a kick out of it. I love
you so much – thank you for all your help over the past few months.
Last, but without whom nothing else matters – Kim, Ben, Jake, and our beautiful, happy
baby, Luke. Some day when you get big enough, I will teach you how to scan stuff.
Contents
Chapter 1 Introducing Network Scanning
Introduction
Networking and Protocol Fundamentals
Explaining Ethernet
Understanding the Open Systems Interconnection Model
Layer 1: Physical
Layer 2: Data Link
Layer 3: Network
Layer 4: Transport
Layer 5: Session
Layer 6: Presentation
Layer 7: Application
Carrier Sense Multiple Access/Collision Detection (CSMA/CD)
The Major Protocols: IP, TCP, UDP, and ICMP
IP
Internet Control Message Protocol
TCP
The TCP Handshake
TCP Sequence
UDP
Network Scanning Techniques
Host Discovery
Port and Service Scanning
OS Detection
Optimization
Evasion and Spoofi ng
Common Network Scanning Tools
Who Uses Network Scanning?
Detecting and Protecting
Network Scanning and Policy
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 Introducing Nmap
Introduction
What is Nmap?
History of Nmap
Nmap Features
Nmap’s User Interface
Additional Nmap Resources
Using Nmap in the Enterprise
Using Nmap for Compliance Testing
Using Nmap for Inventory and Asset Management
Using Nmap for Security Auditing
Using Nmap for System Administration
Securing Nmap
Executable and End-User Requirements
System Environment
Security of scan results
Optimizing Nmap
Advanced Nmap Scanning Techniques
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Getting and Installing Nmap
Introduction
Getting Nmap
Platforms and System Requirements
Installing Nmap on Windows
Installing Nmap from Windows Self-Installer
Installing Nmap from the Command-line Zip fi les
Installing Nmap on Linux
Installing Nmap from the RPMs
Installing Nmap RPMs Using YUM
Installing Nmap on Mac OS X
Installing Nmap on Mac OS X from Source
Installing Nmap on Mac OS X Using MacPorts
Installing Nmap on Mac OS X Using Fink
Installing Nmap from Source
Using the confi gure Script
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Using Nmap
Introduction
Starting Nmap Scanning
Target Specifi cation
Discovering Hosts
Port Scanning
Basic Port Scanning
Advanced Port Scanning
Specifying Ports
Detecting Operating Systems
Detecting Service and Application Versions
Other Scanning Options
Nmap Scripting Engine
Performance and Optimization
Evasion and Spoofi ng
Output Logging
Miscellaneous
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Using Zenmap
Introduction
Running Zenmap
Managing Zenmap Scans
Building Commands with the Zenmap Command Wizard
Managing Zenmap Profi les
Managing Zenmap Results
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Nmap OS Fingerprinting
Introduction
What is OS fi ngerprinting?
The Mechanics of Nmap OS Fingerprinting
Nmap OS Fingerprint Scan as an Administrative Tool
Nmap to the Rescue! Tool for Crisis?
Saving Hard Money with the Nmap OSFS
Security Audits and Inventory
H4x0rz, Tigers and Bears…Oh MY!
Detecting and Evading the OS Fingerprint Scan
Morph and IP Personality
Honey Pots
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 Tooling Around with Nmap
Introduction
NDiff–Nmap Diff
Source and Install
Example Usage
RNmap–Remote Nmap
Source and Install
Example Usage
Bilbo
Source and Install
Example Usage
Nmap-Parser
Source and Install
Example Usage
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 Nmap Scanning in the Real World
Introduction
Detecting Nmap on your Network
TCP Connect Scan
SYN Scan
XMAS Scan
Null Scan
Discovering Stealthy Scanning Techniques
Nmap Fragment Scan
Nmap Decoys
Detecting Nmap Fragment Scans
Discovering Unauthorized Applications and Services
Testing Incident Response and Managed Services Alerting
Scanning to Test Alert Procedures
Targeted Reconnaissance with Nmap
Summary
Solutions Fast Track
Frequently Asked Questions
Index
● Screenshot ●
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
File Size
| 5,887 KB |
Pages
|
259 p |
File Type
|
PDF format |
ISBN-13
| 978-1-59749-241-6 |
Copyright
| 2008 by Elsevier, Inc |
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
