SECURITY PENETRATION TESTING Are Your Computer Secure Enough Now ?

Detecting and Evading the OS Fingerprint Scan

One simple way to avoid a lot of these types of attacks is simply to stay patched and updated across the infrastructure. Unfortunately, patching and maintenance is not enough to deter a lot of hackers worth their salt. Some tactics you can use to hide from the dreaded Nmap fingerprinting scan are to employ firewalls and system-level virus protection and port stealthing. This will greatly increase your ability to remain invisible to Nmap. Other methods include the use of programs such as Morph and IP Personality. Another technique employs the use of strategically-placed honey pots. A few well placed and thought out honey pots can add a tremendous level of proactive security to your network, as well as allow you to more easily use Nmap on your network in a positive way. You simply need to exclude your honey pots in your fingerprinting scans, or take them offline while you conduct your security scans and audits.

H4×0rz, Tigers and Bears

Most security minded administrators keep abreast of the latest exploits being released that can affect systems in their networks. Upon hearing of a new exploit, a proactive administrator would start a scan across the network searching for versions of the potentially afflicted OS. Within a short period of time, a list could be generated and a targeted patching regiment could be initiated to get these machines back into a green state. Otherwise, if we do nothing, we leave ourselves open to a potentially crippling attack that could cost an organization untold amounts of money. Costs related to outages and data loss can easily be devastating to a business, not to mention the career of administrators asleep at the wheel.

Nmap Security Audits and Inventory

Nmap OS and version scanning can be an invaluable tool for recurring security audits. In the enterprise, we are frequently faced with mandatory security scans and audits for such federal regulations such as Sarbanes Oxley (SOX). This practice is something we should all strive to do, even if we do not have to satisfy SOX or other requirements. Scanning with Nmap can yield information such as open services, ports, and versions known to have exploits or otherwise malicious repercussions if left untouched. You may find that you have a rather easily exploited version of BIND running in a lab somewhere that you were not informed of.

Saving Hard Money with the Nmap OSFS

Nmap OS fingerprinting can also assist your IT budget by providing important details on operating systems in the enterprise and making it much easier to keep your licenses and related contracts in order.

For example, you may think you have 142 SQL servers on your network, when in reality; Bob's engineering team stopped using SQL databases 6 months ago. They did not inform you or your team of the changes. Their team previously accounted for 126 of those 142 total SQL databases. Lucky for you, you're not relying on Bob's good intentions to have your budgets and account payables in order. An Nmap OSFS of Bob's subnet tells you that they are actually only using 97 SQL databases now. That's a difference of 29 SQL databases and quite a savings when it comes down to the licensing. It is often quite difficult for the IT department to justify itself because of its inability to provide a positive cash flow for the organization. This method and approach to proactive savings will give you ability and credibility to justify your resource requirements and cost adjustments.

Nmap to the Rescue

Nmap OSFS can be a useful tool for an administrator in more than a few ways. In addition to proactive usefulness, the information yielded by a well-planned and executed Nmap OS and version scan can aide an administrator in times of crisis.

Nmap OS Fingerprint Scan as an Administrative Tool

For an administrator, Nmap is not only cost effective, but it can also save you an enormous amount of time and labor. It can even save you money by keeping your license information to date. The operating system fingerprint scan gives all of these benefits to us in the -O flag. Something as simple as:

#nmap --O <ip subnet>

Or even a happy median for a typical system administrator performing an inventory scan or security audit might be something along the lines of:

#nmap --fuzzy -sV -F <ip address or subnet>