Its prudent for network administrators to be proactive enough to identify what a hacker might know about about their network, before the hackers do. But how does one go about doing that? Simple – by using a tool similar to what hackers use – Nmap.org. The full form of Nmap is Network Mapper.
The basic activities of a hacker would include identifying what systems/ services are on (accessible) in a network, identifying the versions of applications/ operating systems advertised by individual hosts in the network & trying to take control (or gain administrative privileges) by attacking known vulnerabilities of the un-patched/ mis-configured Operating Systems or applications. For the last part, various other software tools might be used, but for the identification purposes, they might use port scanners like Nmap to get to know the systems in the network better.
So, if a network administrator uses such a security scanner tool in their own network, they would get to know a lot of details about the various hosts in the network. They can identify which hosts are on, which ports on these hosts are open, if the hosts are running old/ un-patched versions of the operating systems/ applications, etc. This may be a very crucial step in a large enterprise network and the network administrator might actually be in for a surprise!
Some capabilities of Nmap Security Scanning Software: (Its open source and free to download)
- Run port scans on different types of hosts on a network simultaneously.
- Scan a range of hosts (computers, servers, routers, etc) by specifying its IP address range, for example.
- Identify the various hosts that are up (On) and accessible in a network.
- Identify the number of ports that are open on each scanned host, in the network (Eg. 22, 53, etc).
- Identify the type of services running in each open port for all scanned hosts (Eg. http, ssh, etc).
- Identify the type of applications (and its version) running in each host.
- Identify the operating system/ OS version running in each host.
- No of hops required to reach each of the scanned hosts in the network.
- Latency (time taken to reach the host) and RTT (Round Trip Time).
- MAC address of each host and manufacturer of their NIC cards.
- Type of firewall/ packet filter protecting the hosts on the network, etc.
So, as you can see, Nmap helps the network administrator to identify a lot of information about the active hosts in their network – particularly the systems that are running un-patched/ outdated versions of the applications/ operating systems in the network. These systems need to be dealt with immediately to reduce the probability of risk due to external hackers/ intruders.
Nmap can be run from the command line (preferred method). But there is also a GUI (Graphical User Interface) called Zenmap that has been developed particularly for Nmap which can be used by new users.
You can follow the latest Computer Networking/IT Products released for homes/small businesses & reviews by subscribing to this blog with your email address in the top right-hand sidebar box: ‘Follow by E-mail’. You can expect one mail per week (max).