Discussion I

profileSolomon Kane
Discussion2.docx

Career Relevancy

In the cybersecurity field, you will be expected to recognize different network scanning concepts. You will be trained on how to perform scans from a variety of networking tools and be able to interpret the results. Network scanning will reveal any live systems and open ports on a network, enabling you to be proactive in closing unused ports and updating vulnerabilities on live systems. These steps prevent an attacker from entering an organization's network unauthorized.

Background:

After identifying the target system and performing initial reconnaissance, attackers begin to search for an entry point into the target system. It should be noted that the scanning itself is not the actual intrusion, but an extended form of reconnaissance in which the attacker learns more about the target, including information about operating systems, services, and any configuration lapses. The information gleaned from this reconnaissance helps the attacker select the best strategies for attack.

Consider for a moment how intruders might enter a home. The access points of a house are the doors and windows. These are the areas intruders will focus on when trying to enter a place of residence. When it comes to computer systems and networks, ports are the doors and windows of the system that an intruder uses to gain access. A general rule for computer systems is that more the number of open ports on a system, the more vulnerable the system is. However, there are cases, in which a system has fewer open ports compared to another machine, but the open ports present a much higher level of vulnerability.

Scanning is the process of gathering additional detailed information about the target by using highly complex and aggressive reconnaissance techniques. Network scanning refers to the set of procedures used for identifying hosts, ports, and services in a network. Scanning is one of the most important phases of intelligence gathering for an attacker as it enables him/her to create a profile within the target organization. Through scanning, the attacker gains access to specific IP addresses that can be accessed over the network, operating systems and system architecture, and the services running on each computer. The purpose of scanning is to expose weak points in communications channels and probe as many listeners as possible, while also keeping track of areas that are responsive to an attacker's commands.

There are three different types of scanning:

1. Port Scanning: This type of scanning lists the open ports and services. Port scanning is the process of checking the services running on the target computer by sending a sequence of messages in an attempt to break in. Port scanning involves connecting to or probing TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) ports on the target system to determine if the services are running or if they are in a listening state. The listening state provides information about the operating system and the application currently in use. Sometimes, active services that are listening may allow unauthorized users access to change configuration settings or to run software with vulnerabilities.

2. Network Scanning: This type of scanning lists IP addresses. Network scanning allows a hacker to identify a network's active hosts. Active hosts are identified either as new targets for attack or to be used to assess the security of the network.

3. Vulnerability Scanning: This type of scanning exposes known weaknesses on the network. A vulnerability scanner consists of a scanning engine and a catalog. The catalog includes a list of common files with known vulnerabilities and common exploits for a range of servers. A vulnerability scanner may look for backup files or directory traversal exploits, for example. The scanning engine maintains logic for reading the exploit list, transferring the request to the Web server, and analyzing the requests to ensure the safety of the server. These tools generally target vulnerabilities that secure host configurations can fix easily, with updated security patches and a clean Web document.

Below are some objectives for scanning a network:

· Discover the network’s live hosts, IP addresses, and open live ports. Using open ports, the attacker will determine the best means of entry into the system.

· Discover the operating system and system architecture of the target. This is also known as fingerprinting. An attacker can formulate an attack strategy based on the operating system’s vulnerabilities.

· Discover the services running/listening on the target system. This gives the attacker an indication of vulnerabilities to target.

· Identify vulnerabilities in any of the network systems. This helps an attacker compromise the target system or network through various exploits.

IPv6 increases the size of IP address space from 32 bits to 128 bits to support more levels of hierarchy. Traditional network scanning techniques are computationally less feasible because of larger search space (64 bits of host address space, or 264 addresses) provided by IPv6 in a subnet. Scanning in the IPv6 network is more difficult and complex when compared to the IPv4. Additionally, a number of scanning tools do not support ping sweeps on IPv6 networks. Attackers would need to harvest IPv6 addresses from network traffic, recorded logs, or "Received from" and other headers in archived emails or Usenet news messages to identify IPv6 addresses for subsequent port scanning. Scanning an IPv6 network, however, offers a large number of hosts in a subnet; if an attacker can compromise one subnet host, they can probe the "all hosts" link local multicast address, which causes a great impact if the host's numbers are sequential. An attacker needs to analyze 264 addresses to verify if a particular open service is running on a host in that subnet. At a conservative rate of one probe per second, such a scan would take about 5 billion years to complete.

There are three major types of vulnerability scanners that businesses can use to find network soft spots:

· A network scanner, which searches the network for potential weak points.

· A port scanner, which searches the network for open ports. Hackers will often use idle, empty ports to enter a network system.

· A web application security scanner, which allows a business to complete risk assessments to identify the level of vulnerability of web applications.

Scanning tools scan and identify live hosts, open ports, running services on a target network, location-info, NetBIOS info and information about all TCP/IP, UDP open ports. Information obtained from these tools will assist an ethical hacker in creating the profile of the target organization and be able to scan the network for open ports of the devices connected. The tools below are cited from The Essential Guide to Vulnerability Scanning (2009):

· Acunetix Web Vulnerability Scanner: This software suite includes a Web security scanner, crawler, report analysis tool and a database of security checks for all leading Web server platforms.

· Cenzic Hailstorm: Cenzic's application scanner can analyze Web-application security status across departments, business units and geographies.

· GFI LANguard Network Security Scanner: This vulnerability-management solution includes network-vulnerability scanning, patch management, and auditing support.

· Teneble Nessus 3: Compatible with various types of Unix, this product performs over 900 remote security checks and suggests solutions for security problems.

· Nmap: Nmap is a simple port scanner delivered in the form of a free, open-source utility for network exploration or security auditing.

· QualysGuard: Qualys Inc. claims to be the first software vendor to offer a hosted, on-demand solution for security-risk and compliance management.

· Retina Network Security Scanner: Vendor eEye Digital Security Inc. contends that its vulnerability scanner detects both known and zero-day vulnerabilities. The product also provides a security-risk assessment that helps business embrace security best practices, adopt policy enforcement and handle regulatory audits.

· SAINT Network Vulnerability Scanner: This network-vulnerability scanner is integrated with a penetration testing tool to enable users to exploit found vulnerabilities.

Prompt

Are countermeasures a sure-fire solution to all issues? Explain your answer. While answering this question, think about what the pitfalls are for not properly scanning networks.

For your citation, you might use articles that show examples of how to prepare for network scanning and their applicability to the features and protocols for network vulnerabilities. Explore options for organizations to implement incident security measures for recovery efforts for vulnerability within their enterprise and/or infrastructure. You can also find articles from experts that explain how to implement countermeasures with port scanning tools and/or live system-scanning tools.