Question

Nmap

• Focus on an overview of the topic - what is the problem?
• Primary security focus area and how - authentication, access control, vulnerability analyzer, security architecture, penetration testing, etc.
  • Why is your tool relevant in the current class?

Design of experiments (attack/defense/protection/response/encryption).Basic proof of concept with preliminary tests.

• Technical content including implementation information such as platform, language and tools to be used.

• Outline for final working model (preferably demo). Include 1-2 design diagrams explaining your working prototype.

Answer 1

1.What is the problem statement that should be solved in over all nmap tool and why is it significant?

Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" of the network. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

PROBLEM STATEMENT

To find

1. The internetworking devices active/inactive in the network.

2. The OS detection and application running in the remote hosts.

3. Topology generation of the network.

4. To create a usable inventory out of the scan.

Problem Statement 1

To find the internetworking devices active/inactive in the network

Implementation:

This involves layer 3 discovery which is implemented using Network Scanner or NMAP/Zenmap Network Management tools. This involves the ICMP protocol which commonly generates the ‗ping‘ or ‗traceroute‘ commands to query the remote host‘s status. Those devices which are currently ‗up‘ will be termed as active in the network whereas those which are ‗down‘ are termed as inactive. To find out the status of the remote host using IP address only we use Zenmap tool. This will generate an output which is shown as follows:

Zenmap showing Host is up with MAC address

Corresponding topology

Zenmap showing Host is down

Zenmap can be used to find out the status of various remote hosts in the subnet or more generally in a network which include routers also. For this we have to specify one IP address along with its mask address which will provide an output corresponding to which all the nodes in the network are checked about their current status. The results for this scan is as shown below:

Zenmap showing what hosts are up in a subnet

Problem Statement 2

The OS detection and application running in the remote hosts.

Implementation

To find out what applications remote host is running mainly nmap command is used in the Command window/Terminal whose output is not clearly understood by the user. To make it more user-friendly we are using the Zenmap Tool. It takes the IP address of the remote host as a input and will generate the output which shows what OS and what application are running in Intense Scan Mode. An example of this is shown below:

Zenmap showing the OS details of the host

Problem Statement 3

Topology generation of the network.

Implementation

To find out the connectivity to the remote host we are using the solution to Problem Statement 1.This back-end output of above can be converted into front-end graphical output using Zenmap tool only. We can generate the graphical topology showing that how the nodes are interconnected in a subnet or more generally in a network.

Zenmap showing topology of the subnet

From the above figure, we observe that host is only one hop away from the destination. Thus there is no device working as a router. Now if remote host is located outside the subnet, a router is required to connect to it. It also points out what is the Latency between local host and target node. So delay is the cost metric. So to access such node we are going via router and it is shown in following figure:

Zenmap showing the local host connected to remote host via router

A gateway router is required when an internal host is to be connected to a remote host in an outer network. Hence, they are internetworking devices. The following topology diagram shows how the gateway router is connecting between hosts in two different networks:

Zenmap showing the local host connected to remote host via a gateway router

Problem Statement 4

To create a usable inventory out of the Nmap scan

Implementation

A portable format is likely needed. Comma-separated values (CSV) are ideal, as this format can be loaded easily into spreadsheet and database programs. The inventory created by nmap is a network-based inventory. The inventory created provides information that is critical to system, application and protocol management, such as a system's IP address, its operating system and the applications that it is running on network ports. Nmap supports the output parameter (-o) to influence how it should write data to standard out. By using it combined with G (-oG), nmap will create output that grep can work easily with, which makes our inventory creation much easier. Using operating system identification.

2. Primary security focus whether it is authentication, access Control or vulnerability analyzer problem and how explain in brief ?

Authentication

1. Something the individual is (static biometrics)

• examples include recognition by fingerprint, retina, and face

2. Something the individual does (dynamic biometrics)

• examples include recognition by voice pattern, handwriting characteristics, and typing rhythm

3. Something the individual knows

• examples include a password, a personal identification number (PIN), or answers to a prearranged set of questions

4. Something the individual possesses

• examples include electronic keycards, smart cards, and physical keys

Access Control

• Implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance
• Mediates between a user and system resources, such as applications, operating systems, firewalls, routers, files, and databases
• A security administrator maintains an authorization database that specifies what type of access to which resources is allowed for this user
• The access control function consults this database to determine whether to grant access
• An auditing function monitors and keeps a record of user accesses to system resources

3. Why nmap tool is relevant to cybersecurity class explain ?

• Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page.
• Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
• Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
• Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
• Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.
• Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
• Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.
• Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press page for further details.
• Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities.