Cyber Security Network Mapping & Port Scanning

Question

Explore the fundamentals of Cyber Security, Network Mapping, and Port Scanning in this comprehensive introduction. Learn how to secure your network and identify vulnerabilities effectively. Dive into key topics like network security, vulnerability assessment, and more.

Answer 1

Cyber Security: Network Mapping & Port Scanning

Network mapping and port scanning are essential steps in identifying and securing network vulnerabilities. Nmap, also known as the Network Mapper, is a popular tool for performing these tasks.

1. Introduction

Explanation of Network Mapping and Port Scanning

Network mapping involves the discovery and documentation of network devices, including hosts, routers, switches, and their relationships. Port scanning is the process of identifying open ports on networked devices to understand the services they offer and potential vulnerabilities.

2. Nmap - The Network Mapper

Introduction to Nmap

Nmap is a powerful and open-source tool used for network discovery and security auditing. It is available for various platforms and provides both command-line and graphical user interfaces.

3. Network Mapping

Using Nmap to Discover Hosts on a Network

You can use Nmap to discover hosts on a network by executing the following command:

nmap -sn 192.168.1.0/24
 

• -sn indicates a ping scan, which only identifies live hosts.
• 192.168.1.0/24 is an example of a network range.

The current approach for asset discovery is not very effective, as many systems on the network may ignore incoming pings. This could be due to the presence of a Firewall that blocks them or because of a Host-Based Firewall, which is a firewall implemented on the system itself instead of the network.

A more effective approach involves sending various types of packets to a system to request a response, thereby determining if the system is active. For instance, Nmap employs the following packet types to elicit a response:

1. ICMP Echo Request
2. TCP SYN packet to port 443
3. TCP ACK packet to port 80
4. ICMP Timestamp request

However, there is an anomaly in this approach. According to TCP communication rules, a system should engage in a three-way handshake before initiating communication. Nmap intentionally deviates from this rule with the mentioned packets. Can you identify which packet behaves differently from what systems typically expect?

The TCP ACK packet sent to port 80 does not conform to the standard TCP rules. Nmap does this deliberately to provoke a response from the target system. To send non-standard packets, Nmap requires the highest level of privileges, such as root or local administrator access. This deviation from the rules can lead to more accurate results in most port scanning scenarios.

If you wish to disable Network Mapping in Nmap, you can use the -Pn flag. Nmap will then consider all IP systems as active and proceed directly to port scanning.

4. ARP Scan

Address Resolution Protocol Scan

ARP scanning is used to find hosts on the local network segment. It sends ARP requests and collects responses from devices to identify hosts.

nmap -PR 192.168.1.0/24
 

• -PR specifies an ARP ping scan.

5. Port Scanning

Identifying Open Ports on Hosts

Port scanning helps identify which services are running on a host by checking if specific ports are open. You can perform TCP and UDP port scans with Nmap.

Port scanning serves the purpose of identifying accessible services for potential connections. Every open service presents a potential attack vector that malicious individuals could exploit. Therefore, understanding the status of open ports is crucial.

Attackers are keen on discerning the applications actively listening on the network. These applications present enticing opportunities for attackers, as they might reveal vulnerabilities that could be exploited against the organization.

Port scanning involves the transmission of packets to an application and awaiting responses. For TCP services, this is relatively straightforward since a TCP service, when available, consistently responds with a SYN/ACK packet. However, with UDP services, the process becomes more intricate. In most cases, to ascertain the availability of the service, attackers must dispatch specific input that triggers a response from the application. UDP-based applications typically remain unresponsive unless the client sends precisely the required input to initiate communication.

6. TCP Port Scanning

Scanning TCP Ports with Nmap

Scan common TCP ports on a host with the following command:

nmap -p 80,443,22 192.168.1.1
 

• -p specifies the ports to scan.
• 192.168.1.1 is the target host.

7. UDP Port Scanning

Scanning UDP Ports with Nmap

Scan UDP ports on a host using:

nmap -sU -p 53 192.168.1.1
 

• -sU enables UDP scanning.

8. Useful Nmap Scan Types and Options

Explanation of Common Nmap Scanning Techniques

• Syn Scan: -sS sends TCP SYN packets to check for open ports.
• Full Connect Scan: -sT attempts a full TCP connection to open ports.
• Version Detection: -sV identifies services and their versions.
• OS Fingerprinting: -O detects the operating system of a host.
• Aggressive Scan: -A combines various scan types for comprehensive information.

9. Nmap Timing Options

Adjusting Scan Timing for Efficiency

• Paranoid: -T0 minimizes the impact on the network.
• Sneaky: -T1 is slow and stealthy.
• Polite: -T2 is the default, balancing speed and stealth.
• Aggressive: -T3 is faster and more noticeable.
• Insane: -T4 is very fast but may trigger alarms.

10. Zenmap

Graphical User Interface (GUI) for Nmap

Zenmap is a graphical front-end for Nmap that simplifies scan configuration and result interpretation. It provides a user-friendly interface for both beginner and advanced users.

These topics provide an overview of network mapping and port scanning, along with Nmap usage and options. Always use such tools responsibly and only on networks you have permission to scan to avoid legal and ethical issues.

Answer 2

FAQs on Cyber Security Network Mapping & Port Scanning

Q: What is network mapping? 

A: Network mapping is the process of discovering and identifying all the devices and systems on a network, including their interconnections. It provides a visual representation of the network's topology, helping security professionals understand its structure.

Q: Why is network mapping important for cybersecurity? 

A: Network mapping is crucial for security because it allows organizations to identify potential vulnerabilities and weaknesses in their network infrastructure. By knowing what devices are on the network, security teams can implement necessary controls and defenses.

Q: What is port scanning? 

 A: Port scanning is the process of scanning a target system or network to identify open ports and services running on those ports. It is a common technique used by both security professionals and malicious actors to assess network security.

Q: What are some common port scanning techniques? 

 A: Common port scanning techniques include:

• TCP Connect Scanning
• SYN/ACK Scanning (Half-open scanning)
• UDP Scanning
• Full Open Scanning
• Idle Scanning
• XMAS Scanning
• NULL Scanning

Q: Why is port scanning important in cybersecurity? 

A: Port scanning helps identify open ports and services, which can be potential attack vectors for hackers. By understanding what ports are exposed, organizations can close unnecessary or insecure ports to reduce their attack surface.

Q: Is port scanning illegal? 

 A: Port scanning is generally considered a legal and necessary practice for network administrators and security professionals to maintain the security of their networks. However, unauthorized port scanning against someone else's network without permission can be illegal and is often considered a cyberattack.

Q: Can you provide an example of a network mapping tool or code? 

 A: Here's an example of using the Nmap (Network Mapper) command-line tool to perform network mapping:

nmap -sP 192.168.1.0/24
 

This command scans all hosts in the 192.168.1.0/24 subnet and identifies which hosts are online without performing a full port scan.

Q: Can you provide an example of a port scanning tool or code? 

A: Here's an example of using Nmap for port scanning:

nmap -p 1-100 192.168.1.100
 

This command scans ports 1 through 100 on the host with IP address 192.168.1.100. It will identify which of these ports are open and the services running on them.

Q: How can I protect my network from unauthorized port scanning? 

A: To protect your network from unauthorized port scanning, consider implementing the following measures:

• Use a firewall to filter incoming and outgoing traffic.
• Limit exposure by closing unnecessary ports and services.
• Implement network segmentation.
• Monitor network traffic for unusual activities.
• Educate your staff on the importance of cybersecurity.

Important Interview Questions and Answers on Cyber Security Network Mapping & Port Scanning

Q: What is network mapping, and why is it important in cybersecurity?

Network mapping is the process of discovering and mapping the devices, hosts, and their interconnections within a network. It is crucial in cybersecurity to understand the network's topology, identify vulnerabilities, and plan security measures. This knowledge helps in defending the network against potential threats.

Q: What are common network mapping techniques?

Common network mapping techniques include:

1. Ping Sweeping: Sending ICMP echo requests to a range of IP addresses to determine which hosts are alive.
2. ARP (Address Resolution Protocol) Scanning: Mapping MAC addresses to IP addresses.
3. TCP/UDP Scanning: Identifying open ports and services on hosts.

Q: Explain how to perform a basic network scan using Python and the socket library.

import socket

target = "example.com"

def scan_port(host, port):
    try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(1)
        sock.connect((host, port))
        sock.close()
        return True
    except (socket.timeout, ConnectionRefusedError):
        return False

for port in range(1, 1025):  # Scan common ports
    if scan_port(target, port):
        print(f"Port {port} is open")
 

This code attempts to connect to each port in the range 1 to 1024. If the connection is successful, it prints that the port is open.

Q: What is port scanning, and why is it used in cybersecurity?

Port scanning is the process of probing a computer's ports to discover open services and vulnerabilities. It is used in cybersecurity to identify potential entry points for attackers and to assess the security of network services.

Q: What are common port scanning techniques?

Common port scanning techniques include:

1. TCP Connect Scan: Attempting to establish a full TCP connection to each port.
2. TCP SYN Scan (half-open scan): Sending a SYN packet to the target ports and analyzing the response.
3. UDP Scan: Sending UDP packets to various ports and analyzing responses.

Q: Explain how to perform a basic TCP Connect Scan using Python.

import socket

target = "example.com"

def scan_port(host, port):
    try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.connect((host, port))
        sock.close()
        return True
    except (ConnectionRefusedError, OSError):
        return False

for port in range(1, 1025):  # Scan common ports
    if scan_port(target, port):
        print(f"Port {port} is open")
 

This code attempts to establish a full TCP connection to each port in the range 1 to 1024 and reports open ports.