Network security starts with scanning because you need to know what you have so that you can identify your vulnerable points and manage the associated risk.Nmap excels in helping you enumerate your network and identify what is running. Nmap is also a key tool in the fight against Conficker and its ilk and can be used to detect an infected node on a network.
With the release of Nmap 5, the first major release since 1997?, there is a noticeable speed advantage with faster scans. Aside from the speed improvements there are the new tools such as Ncat and Nmap Scripting Engine (NSE) that make Nmap 5 a must have.
- “The new Ncat tool aims to be your Swiss Army Knife for data transfer, redirection, and debugging,” the Nmap 5.0 release announcement states.
- NSE is all about automating network scanning task with scripts.”Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap. All existing scripts have been improved, and 32 new ones added. New scripts include a whole bunch of MSRPC/NetBIOS attacks, queries, and vulnerability probes; open proxy detection; whois and AS number lookup queries; brute force attack scripts against the SNMP and POP3 protocols; and many more.”
Other “stuff” in this version…
- ncat (allows data transfer, redirection and debugging) – (Remember hobbit’s nc ?)
- ndiff scan comparison
- better performance
- improved zenmap GUI (including a real neat feature to visually map the network you have scanned)
- Improvement of nmap scripting engine (nse), reviewed existing scripts and added 32 new scripts.
A useful if not must have tool. It not only applies to security, but also to simple things such as trying to find that pesky administrative interface to a WSS or MOSS environment when you cannot get access to the desktop… The more you have and know the better your options as they say.