Book Image

Practical Network Scanning

By : Ajay Singh Chauhan
Book Image

Practical Network Scanning

By: Ajay Singh Chauhan

Overview of this book

Network scanning is the process of assessing a network to identify an active host network; same methods can be used by an attacker or network administrator for security assessment. This procedure plays a vital role in risk assessment programs or while preparing a security plan for your organization. Practical Network Scanning starts with the concept of network scanning and how organizations can benefit from it. Then, going forward, we delve into the different scanning steps, such as service detection, firewall detection, TCP/IP port detection, and OS detection. We also implement these concepts using a few of the most prominent tools on the market, such as Nessus and Nmap. In the concluding chapters, we prepare a complete vulnerability assessment plan for your organization. By the end of this book, you will have hands-on experience in performing network scanning using different tools and in choosing the best tools for your system.

Related Content you might be interested in

Current Title:

Small book image
Practical Network Scanning
Ajay Singh Chauhan
May, 2018 | 326 pages
Small book image
CCNA Security 210-260 Certification Guide
Glen D Singh | Vijay Anandh | Michael Vinod
Jun, 2018 | 518 pages
Small book image
CompTIA Network+ Certification Guide
Glen D Singh | Rishi Latchmepersad
Dec, 2018 | 422 pages
Small book image
Network Protocols for Security Professionals
Deepanshu Khanna | Yoram Orzach
Oct, 2022 | 580 pages
Table of Contents (19 chapters)
Title Page
Title Page
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
Fundamental Security Concepts
Fundamental Security Concepts
Why security?
Building blocks of information security
Computer security
Network security
Internet security
Security issues, threats, and attacks
Summary
Questions
Further reading
2
Secure Network Design
Secure Network Design
Access control 
Network management and security design
Hardening your TCP/IP stack
DoS and DDoS attacks 
IP spoofing
Ping sweeps and Port scans
DNS vulnerabilities 
Two factor authentication
Summary 
Questions
Further reading
3
Server-Level Security
Server-Level Security
Classification of data
Physical security 
Disk encryption
Hardening server security
Authentication NTLM versus Kerberos
Password policies
Server-level permissions
Server antivirus and malware protection
Local security policies
Summary
Questions
Further reading
4
Cloud Security Design
Cloud Security Design
Cloud offerings
Public versus private
Shared technology and shared danger
Security approach for cloud computing
DDoS attack protection
Data loss prevention
Exploited system vulnerabilities
Summary 
Questions
Further reading
5
Application Security Design
Application Security Design
GDPR
SQL Injection
WAFs
Blacklisting and whitelisting
Using HTTPS for everything
Summary
Questions
Further reading
6
Threat Detection and Response
Threat Detection and Response
Network threat detection
Endpoint threat detection
Security information and event management
Summary
Questions
Further reading
7
Vulnerability Assessment
Vulnerability Assessment
Infrastructure concerns
Nessus installation, configuration, and vulnerability assessment methodology
Sample report
Summary
Questions
Further reading
8
Remote OS Detection
Remote OS Detection
Reasons for OS detection 
Determining vulnerability of target hosts
Tailoring exploits
OS detection technique with Nmap
TCP/IP fingerprinting methods supported by Nmap
Understanding an Nmap fingerprint
OS matching algorithms
Summary
Questions
Further reading
9
Public Key Infrastructure-SSL
Public Key Infrastructure-SSL
Foundation of SSL
TLS versus SSL
Public Key Infrastructure
Attacks against PKI
Microsoft Windows and IIS
OpenSSL
SSL Management tools
Summary 
Questions
Further reading
10
Firewall Placement and Detection Techniques
Firewall Placement and Detection Techniques
Technical requirements
Firewall and design considerations
Demilitarized Zone
OSI model versus TCP/IP model
Firewall performance, capabilities, and function
Summary
Questions
Further Reading
11
VPN and WAN Encryption
VPN and WAN Encryption
Overview
Classes of VPN
Type of VPN protocol
VPN Design
IKE V1 versus IKE V2
WAN Encryption technique
Summary 
Questions
Further Reading
12
Summary and Scope of Security Technologies
Summary and Scope of Security Technologies
DDoS protection
BGP FlowSpec
AI in cyber security 
Next Gen SIEM
Software Defined Networking Firewall
Bring-Your-Own-Identity (BYOI)
Summary
Further reading 
Assessment
Assessment
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Other Books you may enjoy
Other Books you may enjoy
Leave a review - let other readers know what you think
Index
Index

TCP/IP fingerprinting methods supported by Nmap

In the past, the banner grabbing method was used to detect remote operating systems. Telnet Connect used to be sent to a targeted system and the system would display a banner of the operating system running on a host. This was not a very accurate method as the system admin could also disable a banner or change the actual banner in order to misguide attackers.

The new method of remote OS detection is to analyze the packet between the source and destination. This detection technique detects OS platforms and OS versions as well. 

TCP/UDP/IP basic

To use an analogy, if IPs are a building address, service ports are flat numbers. Both TCP and UDP uses incoming and outgoing ports for data communication. Most IP-based services use standard ports (HTTP TCP:80, SMTP TCP:25, and DNS TCP-UDP:53). 

TCP stack has six flag message types to complete a three-way handshake:

Here is a packet capture for one of the websites I opened on the web browser. This shows a...

Previous Section
End of Section 6
Next Section