Security is one of the most important factors in networks as they provide a control service, information backup, fault tolerance, and is also scalable. Network scanning allows us to check how secure a system is.
However, due to the evolution of threats that occur on a daily basis, there is no single solution to solve all the security problems present in the network. Therefore, the tools we use for network security must go further and be one step ahead of threats.
Data from a network scanning
The infrastructure of a network in an enterprise varies depending on its size, the number of services it offers or uses, and the number of users who are using that network. As networks have limits in terms of their scope, the infrastructure of each has the task of growing and adjusting to their needs.
The use of the Internet allows people to access large volume of information and is available all over the planet due to communications that are established either by satellite or by the wiring that travels the oceans.
Network scanning is known as the different techniques and strategies that are employed in identifying the components that are part of it and the information it transmits.
Main techniques used for network scanning
Some of the main techniques employed in this network discovery process can be seen below.
Port scanning
This technique consists of determining which ports are active on a computer connected to a corportative network. To know if a door is open or not we try to communicate with it and we check what their type of response is. If there is a response the port is active. The following tool can be used for port scanning.
Network mapping
It consists of detecting which devices are active on the network by sending data packets to record which computers are active. Depending on the response issued by the device we can know if the destination computer is connected or not to the network.
The most commonly used application for network mapping is Nmap. Network Mapper Nmap (from Network Mapper)is a free softwareutility for scanning, managing and auditing the security of computer networks.
There are three levels of maps to consider: physical, logical, and functional.
- A physical network map shows all the actual components of your network, including cables, plugs, racks, ports, servers, cables, and more. A physical network map gives you a visual representation of all the material elements of your network and the connections between them.
- A logical map is more abstract than the physical network map. Shows the type of network topology (bus, ring, and so on) and how data flows between physical objects in your network. This includes IP addresses, firewalls, routers, subnets and subnet masks, traffic flow, voice gateways, and other network segments.
- A functional network map shows how application traffic flows through the network physically. These types of network maps are as useful as they are accurate, which means you need a suitable, high-quality tool.
Operating System Detection
Operating System Detection tools are designed to scan a network and identify the operating system of each machine. To build a complete picture of the entire network, an OSD tool must be able to scan a large network quickly enough to identify users who can only connect for a short period of time.
The tool to determine the operating system is also Nmap. Nmap can use scans that provide operating system, version, and service discovery for single or multiple devices. Operating system scanning works using the TCP/IP stack fingerprinting method. Service scanning works by using the Nmap-service-probes database to enumerate the details of the services running on a target host.
Service and version discovery
It consists of sending messages so that the destination computer indicates in its response the services and the versions it has. These techniques are focused on finding and listing the computers that are on a network, along with the software installed on them.
Other techniques of network scanning
However, there are other network scanning techniques aimed at testing the effectiveness of network security configurations, which must be able to be detected by those configurations to prevent them. Examples of these can be:
- Hide the source from the sender of the messages.
- Send fragmented packets.
- Poll with special response timeout settings for sent messages.
The data obtained in these processes is intended to clarify which components, software and hardware, are on the network. The following is an example that represents what you expect to find when polling a computer connected to a company’s network.
Host 192.168.100.1 active device, that is, responds to messages.
Open ports:
135/tcp open msrpc.
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-term-serv
8081/tcp open blackice-icecap Operating system Windows 7 SP3
References
- https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap
- https://www.dnsstuff.com/network-mapping-tools
- https://nmap.org/man/es/man-os-detection.html
- https://nmap.org/book/osdetect.html