Book Image

Practical Network Scanning

By : Ajay Singh Chauhan
Book Image

Practical Network Scanning

By: Ajay Singh Chauhan

Overview of this book

Network scanning is the process of assessing a network to identify an active host network; same methods can be used by an attacker or network administrator for security assessment. This procedure plays a vital role in risk assessment programs or while preparing a security plan for your organization. Practical Network Scanning starts with the concept of network scanning and how organizations can benefit from it. Then, going forward, we delve into the different scanning steps, such as service detection, firewall detection, TCP/IP port detection, and OS detection. We also implement these concepts using a few of the most prominent tools on the market, such as Nessus and Nmap. In the concluding chapters, we prepare a complete vulnerability assessment plan for your organization. By the end of this book, you will have hands-on experience in performing network scanning using different tools and in choosing the best tools for your system.
Table of Contents (19 chapters)
Title Page
Packt Upsell
Contributors
Preface
Index

Summary


So far, we discussed why infrastructure is an absolute requirement for today's internet world and what this means for system admins and internet users. We also learned how to build secure IT infrastructure and policy frameworks to protect information.

One of the major weaknesses in information security today is the human element. The everyday behavior of employees and end users represents one of the greatest risks to organizations and customers. IT technology is evolving faster than ever before. We are seeing new security controls, policies, and best practices put in place within organizations, but every day security breaches continue to take place. Nobody is 100% protected from small to large organizations. It only takes a simple mistake from an uneducated end user to leave a back door open in your information security. Organizations need to be aware of the people they work with, within the organization and outside as well. Developing adequate training and security frameworks for employee and end users becomes very important for protecting systems, especially considering the fact that it's not just technology which plays an important role, but also its users. I again repeat: if you have internet enabled devices, it is also your responsibility to secure them.

In 2017, Ransomware such as WannaCry, NotPetya, and Bad Rabbit have demonstrated the dangers of this threat and the potential impact on almost any industry. In 2018, it is predicted that IOT will be a big target for attackers in upcoming years, as well as Cloud infrastructures, Artificial Intelligence (AI), and of course the rise of mobile attackers increases daily.

In our next chapter we will discuss how to design secure infrastructure, keeping common risk factors in mind. This starts with placement of firewall and DDoS protection techniques.

Here is a famous quote to keep in mind:

“If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked” ― Richard Clarke