In: Computer Science
Nmap
Design of experiments (attack/defense/protection/response/encryption).Basic proof of concept with preliminary tests.
• Technical content including implementation information such as platform, language and tools to be used.
• Outline for final working model (preferably demo). Include 1-2 design diagrams explaining your working prototype.
1.What is the problem statement that should be solved in over all nmap tool and why is it significant?
Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" of the network. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
PROBLEM STATEMENT
To find
1. The internetworking devices active/inactive in the network.
2. The OS detection and application running in the remote hosts.
3. Topology generation of the network.
4. To create a usable inventory out of the scan.
Problem Statement 1
To find the internetworking devices active/inactive in the network
Implementation:
This involves layer 3 discovery which is implemented using Network Scanner or NMAP/Zenmap Network Management tools. This involves the ICMP protocol which commonly generates the ‗ping‘ or ‗traceroute‘ commands to query the remote host‘s status. Those devices which are currently ‗up‘ will be termed as active in the network whereas those which are ‗down‘ are termed as inactive. To find out the status of the remote host using IP address only we use Zenmap tool. This will generate an output which is shown as follows:
Zenmap showing Host is up with MAC address
Corresponding topology
Zenmap showing Host is down
Zenmap can be used to find out the status of various remote hosts in the subnet or more generally in a network which include routers also. For this we have to specify one IP address along with its mask address which will provide an output corresponding to which all the nodes in the network are checked about their current status. The results for this scan is as shown below:
Zenmap showing what hosts are up in a subnet
Problem Statement 2
The OS detection and application running in the remote hosts.
Implementation
To find out what applications remote host is running mainly nmap command is used in the Command window/Terminal whose output is not clearly understood by the user. To make it more user-friendly we are using the Zenmap Tool. It takes the IP address of the remote host as a input and will generate the output which shows what OS and what application are running in Intense Scan Mode. An example of this is shown below:
Zenmap showing the OS details of the host
Problem Statement 3
Topology generation of the network.
Implementation
To find out the connectivity to the remote host we are using the solution to Problem Statement 1.This back-end output of above can be converted into front-end graphical output using Zenmap tool only. We can generate the graphical topology showing that how the nodes are interconnected in a subnet or more generally in a network.
Zenmap showing topology of the subnet
From the above figure, we observe that host is only one hop away from the destination. Thus there is no device working as a router. Now if remote host is located outside the subnet, a router is required to connect to it. It also points out what is the Latency between local host and target node. So delay is the cost metric. So to access such node we are going via router and it is shown in following figure:
Zenmap showing the local host connected to remote host via router
A gateway router is required when an internal host is to be connected to a remote host in an outer network. Hence, they are internetworking devices. The following topology diagram shows how the gateway router is connecting between hosts in two different networks:
Zenmap showing the local host connected to remote host via a gateway router
Problem Statement 4
To create a usable inventory out of the Nmap scan
Implementation
A portable format is likely needed. Comma-separated values (CSV) are ideal, as this format can be loaded easily into spreadsheet and database programs. The inventory created by nmap is a network-based inventory. The inventory created provides information that is critical to system, application and protocol management, such as a system's IP address, its operating system and the applications that it is running on network ports. Nmap supports the output parameter (-o) to influence how it should write data to standard out. By using it combined with G (-oG), nmap will create output that grep can work easily with, which makes our inventory creation much easier. Using operating system identification.
2. Primary security focus whether it is authentication, access Control or vulnerability analyzer problem and how explain in brief ?
Authentication
1. Something the individual is (static biometrics)
2. Something the individual does (dynamic biometrics)
3. Something the individual knows
4. Something the individual possesses
Access Control
3. Why nmap tool is relevant to cybersecurity class explain ?