Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Network Scanning Cookbook

You're reading from   Network Scanning Cookbook Practical network security using Nmap and Nessus 7

Arrow left icon
Product type Paperback
Published in Sep 2018
Publisher Packt
ISBN-13 9781789346480
Length 304 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Sairam Jetty Sairam Jetty
Author Profile Icon Sairam Jetty
Sairam Jetty
Arrow right icon
View More author details
Toc

Table of Contents (10) Chapters Close

Preface 1. Introduction to Network Vulnerability Scanning 2. Understanding Network Scanning Tools FREE CHAPTER 3. Port Scanning 4. Vulnerability Scanning 5. Configuration Audits 6. Report Analysis and Confirmation 7. Understanding the Customization and Optimization of Nessus and Nmap 8. Network Scanning for IoT, SCADA/ICS 9. Other Books You May Enjoy

Complexity

Today's network environments have a complex structure consisting of firewalls, DMZ, and network devices such as switches and routers. These devices consist of complex access lists and virtual network configurations, which makes it difficult to generalize any activity. A shift in any of the preceding configurations could result in a change of the architecture of the whole network.

If we are looking to perform an IP-based scan on any of the network components, we have to be sure that all the data packets generated are reaching the destination intact and are not being impacted by any of the devices or solutions in between. For example, if Alice is scanning Bob's computer over the network and both of them are separated by a firewall, where Bob's subnet is configured to be in WAN Ping Block Mode as a part of which ping packets will be identified and dropped at the firewall level, Alice's host discovery scans for Bob's computer will result in a false positive that machine is not live.

In order to perform a successful security profiling using a Network Vulnerability Scan, the following factors need to be considered:

  • Scope of the scan
  • Network architecture
  • Network access

Scope of the scan

If we are required to perform a vulnerability assessment for a specific application's infrastructure, it is very important to identify the data transmission sources and the components involved in the end-to-end communication. This will allow the penetration tester to perform the vulnerability scan on this scope and identify vulnerabilities specific to this application. Instead, if we choose to scan the subnets or a broader range of IP addresses, we might end up highlighting unnecessary vulnerabilities, which most of the time leads to confusion during the remediation phase. For example, if we are looking to audit a web-based application, we might be looking to include a web application, application server, web server, and database server as part of the audit scope.

Network architecture

It is always important to understand the placement of the IP address or the component on which we are performing vulnerability scanning. This will help us to customize our approach and to reduce false positives. For example, if Alice is trying to scan a web application hosted behind a web application firewall, she needs to customize the payloads or the scripts used to identify vulnerabilities using techniques such as encoding, to ensure that the payloads are not blocked by the web application firewall.

Network access

When tasked to perform Network Vulnerability Scans on a huge network, it is very important to know whether proper access has been provided to your appliance or host to perform the scanning activity. A network vulnerability scan performed without proper network access will yield incomplete results. It is always recommended to have the scanner appliance or host IP address to be whitelisted across the network devices to obtain full access to the scope of the scan.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime