MIT210 – Information Systems Security and Assurance Lab #2: Using Nmap for Network Inventory, Asset Management, Policy Compliance and Auditing Student Name : Date Due : June 25, 2011 Professor : Dr. Oliver C. Agustin Objective: Learn how security tools such as Nmap can be used to perform compliance testing, inventory and asset management, security auditing and system administration. Setup Lab Environment This section guides you to setting up your backtrack live DVD with your VirtualBox to facilitate capturing screenshots which are one of the deliverables in this lab exercise. 1. For this Lab exercise, you can use the previous setup that you have in lab#1, but first you have to install the Nmap available from the DVD resources provided for you (see How To Run Nmap Section) , or as another alternative, you can use the BackTrack ISO together with VirtualBox. The latter method is encouraged. 2. Steps for using the Backtrack ISO is provide below: 1. Launch your VirtualBox software. You should see a window similar to the one shown below. 2. Click New, in the toolbar to launch the New Virtual Machine Wizard. 3. Enter the following information then click Next:
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
MIT210 – Information Systems Security and Assurance
Lab #2: Using Nmap for Network Inventory, Asset Management,
Policy Compliance and Auditing
Student Name :
Date Due : June 25, 2011
Professor : Dr. Oliver C. Agustin
Objective: Learn how security tools such as Nmap can be used to perform compliance testing, inventory
and asset management, security auditing and system administration.
Setup Lab Environment This section guides you to setting up your backtrack live DVD with your VirtualBox to facilitate capturing
screenshots which are one of the deliverables in this lab exercise.
1. For this Lab exercise, you can use the previous setup that you have in lab#1, but first you have to
install the Nmap available from the DVD resources provided for you (see How To Run Nmap
Section) , or as another alternative, you can use the BackTrack ISO together with VirtualBox.
The latter method is encouraged.
2. Steps for using the Backtrack ISO is provide below:
1. Launch your VirtualBox software. You should see a window similar to the one shown
below.
2. Click New, in the toolbar to launch the New Virtual Machine Wizard.
3. Enter the following information then click Next:
VM Name and OS Type: Backtrack
OS: Linux
Version: Ubuntu (64-bit) or Ubuntu
4. When asked for the size of memory, select the default value. You may increase this
value if you like. Click Next.
5. You will be asked to specify virtual hard disk, uncheck the selection as shown. Click
Next.
6. A dialog box will be displayed telling you didn’t attached any hard disk. Just ignore this
warning and click Continue.
7. Clicking the Finish button concludes the initial setup. But there is one more thing to do.
8. Highlight the newly created Virtual Machine called Backtrack and click Settings.
9. Backtrack Settings window will be displayed, then select Storage on the left pane.
10. Click the button pointed by the red arrow, and point it to the Backtrack ISO provided for
you. The name of the ISO image is BT5-KDE-64.ISO (not mit210.iso, the iso image BT5-
KDE-64.iso is inside this mit210.iso)
Note: this ISO image is only available when you burned the ISO image (mit210.iso) I
provided for you. You may also access this file if you use virtual CD/DVD manager such
as Daemon Tools, PowerISO, etc.
11. You should be able to boot your Backtrack OS by clicking the start button on the toolbar.
Note: For additional information how to use the Backtrack DVD, you may google some
tutorials from the Internet.
Uses of Nmap
Compliance Testing
Testing for compliance can be one of the most important detective security controls you perform in an
enterprise infrastructure. The purpose of compliance testing is to measure the critical components of
the organization to the policies and controls that govern them. Normally this function falls to either an
internal or external audit team.
Audit team is responsible for staying on top of the latest requirements and also to ensure that
compliance testing is done in both an orderly and timely fashion. Much like designing and maintaining
the policies themselves, compliance testing requires persistent and ongoing attention.
There are many different types of compliance testing where Nmap could be utilized as part of the
solution. Some examples are:
Testing for open ports on the interfaces of a firewall.
Performing scans across workstation IP address ranges to determine if any unauthorized
networking applications are installed.
Determining if the correct version of web service is installed in your De-Militarized Zone (DMZ).
Locating systems with open file sharing ports.
Locating unauthorized File Transfer Protocol (FTP) servers, printers or operating systems.
Any number of needs specific to the controls written around your organization’s policies.
Inventory and Asset Management
Commercial applications exist designed to track assets, manage inventory counts, relay information
about installed services, and monitor system uptime. Luckily for non-commercial application owners,
this is another area where Nmap’s ease of use pays off with excellent results. In a matter of minutes, an
administrator can generate a scan request for a range of IP addresses, an entire subnet, or even re-scan
pre-identified systems. The options for identifying services and Operating System (OS) type come in
handy when you are trying to identify existing desktops or servers in the infrastructure.
Security Auditing
Security auditing can be defined as creating a set of controls specific to the technology or infrastructure
being reviewed and then applying those controls, like a filter, to your environment. Any gaps in or
outside that filter become audit points and could negatively impact the audit’s overall assessment of
your security framework.
Nmap can assist with such audit needs as:
Auditing firewalls by verifying the firewall filters are operating properly.
Searching for open ports on perimeter devices (perimeter being anything from Internet-edge, to
extranet or intranet boundary lines).
Performing reconnaissance for certain versions of services.
Utilizing the OS detection feature to pin-point outdated or unauthorized systems on your
networks.
Discovering unauthorized applications and services.
System Administration
Although it is normally seen as a go-to application for security professionals, its wide-range of port
scanning, service and OS identification capabilities make it perfect for the system administrator. If you
decide to make Nmap available to administrators outside IT Security, keep in mind that this could
increase unwanted scanning activity in your network.
How To Run Nmap Prior to running Nmap, you should have completed the initial setup through VirtualBox. There are
various methods in which you can run Nmap. We assume that our target machine is our desktop. They
are as follows:
1. Running Nmap in the guest Windows XP OS via VirtualBox. You may use this method but there
are some prerequisites:
To use Nmap using this method, you should install the nmap-5.51-setup.exe found in
the DVD image (named mit210.iso) that were provided for you.
You can find the Nmap setup file inside the folder software.
2. Running Nmap through Backtrack ISO image
If you want access to more advanced security tools, this is more preferred because it
allows you to explore other tools that are available in the package.
3. Run Nmap in a different machine that is connected in the same network.
Visit http://insecure.org/nmap/nmap_doc.html for additional more information on Nmap.
Exercises The first step in any penetration test or attack is to locate targets. There is no better tool for this than
Nmap. We will use Nmap for three different scans: ping, port, version. The ping sweep allows us to
locate computers that are alive, the port scan provides information about open ports on a system and
the version scan tells us specifics about the services that are listening on those ports. The beauty of
Nmap is that we have so much flexibility in the range of IP addresses you want to look at.
In the following tasks, you are not limited to the number of IP addresses to scan. It could be a private
network or public network.
Opening Backtrack
1. Launch virtualbox by selecting Backtrack and clicking Start.