Vulnerability Scanning with Nmap : Network Scanning

Overview: 

In this Coursera guided project I have conducted a comprehensive exploration of network security using Nmap, starting with a basic scan on authorized target to monitor for vulnerabilities. Progressed to more advanced scans by leveraging Nmap options for accurate and efficient results. Finally, enhanced the usability of scanned data by implementing options to output results to files, enabling later analysis and assessment of network and system security.

Nmap Introduction:

Nmap, short for "Network Mapper," is a powerful open-source tool used for network exploration and security auditing. It allows users to discover hosts and services on a computer network, creating a map of the network's structure. Nmap operates by sending packets to target hosts and analyzing the responses to provide information about open ports, services running, and potential vulnerabilities. Widely used by security professionals and network administrators, Nmap offers a range of options for customization and can be employed for tasks such as port scanning, version detection, and OS fingerprinting.

Key Terminologies:

Vulnerability: A vulnerability is a weakness or flaw in a system, network, or application that could be exploited by a threat actor to compromise the integrity, availability, or confidentiality of that system or the data it handles.

Packet: A packet is a basic unit of data transmitted over a network.

Host: A host is a device or computer connected to a network that can send or receive data.

Port: A port is a logical endpoint for communication on a computer or network, allowing data to be sent to or received from specific services or processes.

Open Ports: Open ports are network communication endpoints on a computer or device that are actively listening for incoming data and are accessible for communication.

Port Scanning: Port scanning is a technique used to discover open ports on a computer or network, revealing available services and potential vulnerabilities.

OS Fingerprinting: OS fingerprinting is the process of identifying the operating system running on a computer or device by analyzing its response to specific network probes or requests.

Ping Scan: A ping scan in Nmap is a quick method to discover live hosts on a network by sending ICMP echo requests (ping) and checking for responses.

ICMP: ICMP, or Internet Control Message Protocol, is a network layer protocol in the Internet Protocol (IP) suite. ICMP is used for error reporting, diagnostics, and signaling between network devices.

Subnet: A subnet is a logical division of an IP network, grouping devices for efficient organization and management.

Nmap Options: Nmap options are command-line parameters that users can include when running the Nmap tool to customize and modify the behavior of their scans.

Firewall: A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

HTTP Port: The HTTP port, typically port 80, is a network port used for transmitting Hypertext Transfer Protocol (HTTP) data, facilitating communication between web browsers and web servers.

SSH Port: The SSH port, commonly port 22, is a network port used for Secure Shell (SSH) communication. It provides a secure and encrypted method for remote access to servers and secure file transfers.

Task 1: Performed a Basic Nmap Scan on the Target

Used the command nmap scanme.nmap.org  to perform a (authorized) ping scan on host scanme.nmap.org which gives the following information:

Nmap version 7.68, time and date when scan is started 2023-03-38 19:06 UTC, host is up (reachable) at the scan time, port information with their services, in which 4 ports were open and the other 996 were closed, 1 IP address was scanned, and the duration the scan took to complete is 1,24 seconds.

Used the command nmap scanme.nmap.org/30  to perform a basic scan on the subnet of the network. The "/30" represents a small subnet that includes only two usable IP addresses. This scan result give me a bit more detail of the open ports available.

Task 2: Performed a Nmap Scan using Options

Used the command nmap –A –T4 scane.nmap.org  to perform a aggressive scan on the subnet of the network, which gives a bit more information about the target than the basic scan such as Operating System detection,  version detection and script scanning and traceroute.

The following information retrieved after performing this scan:

OS detected is Linux, port 22 /TCP is running open SSH, port 88/TCP is running open http,  31337/tcp is running tcpwrapped.

Task 3: Performed a Nmap Scan and output the result in the file

Used the command nmap –p 88 –A oN scan.txt scanme.nmap.org/30  to perform a scan in which I specified port which is 88 (default http port) to check web server security, -A for the aggressive scan to get information such as OS detection, version detection, script scanning and traceroute, -oN scan.txt will save the scan in the file scan.txt, scanme.nmap.org is the target domain and /30 scans the ip addresses of the subnet.

Filtered HTTP port in Nmap results indicates that a firewall or network filtering is preventing Nmap from determining whether the port is open or closed.

NGINX is a popular open-source web server and reverse proxy server, known for its high performance, scalability, and efficient handling of concurrent connections

OS detected in CentOS is a free and open-source Linux distribution based on the sources of Red Hat Enterprise Linux (RHEL). It aims to provide a stable, community-supported platform suitable for enterprise environments.

Verified  the file whether it  is created used command –ls in the terminal.

Verified the contents of the txt file using command cat scan.txt.

Lessons Learned:

·    Ensure proper authorization before conducting any network scans, adhering to ethical standards and legal guidelines for responsible and lawful use of security tools.

·     Use the Nmap man page to discover a wealth of options and gain a comprehensive understanding of how to customize scans effectively.

·  Saving a Nmap scan results to files, enable later analysis and contribute to a more thorough understanding of network and system security.

Conclusion:

Throughout this project, I learned valuable lessons in conducting Nmap scans cautiously on authorized targets, tailoring scans effectively using various options, and emphasizing ethical considerations. The hands-on experience allowed me to monitor network vulnerabilities, perform security audits, and deepen my understanding of Nmap's capabilities. Recognizing the significance of saving results to files facilitated subsequent analysis, contributing to a more thorough grasp of network and system security.

CERTIFICATE OF COMPLETION