In real life, it's most often used to locate available hosts and services on a network, determine the operating systems and versions utilized by machines on a network and pinpoint a network's open ports. While it's a valuable tool used by security pros for performing a network inventory or a vulnerability assessment, some fear that a Maxtix-like scenario is not as far fetched as it seems, as it is also a tool in some malicious hackers' arsenals, used to help find open ports running services vulnerable to attack.
In collaboration with security expert Michael Cobb, SearchSecurity.com has produced an Nmap Technical Guide, offering up all the guidance information security professionals need to install, configure, run and evaluate Nmap in the enterprise, both on Windows and Linux platforms. Browse through the technical tips below and learn how this free tool can help make your organization more secure.
NMAP TECHNICAL GUIDE
Nmap: A valuable open source tool for network security
Installing and configuring Nmap on Windows
Installing and configuring Nmap on Linux
Scanning ports and services
Nmap: More port scanning techniques
Firewall configuration testing
Techniques for improving scan times
Interpreting and acting on Nmap results
Nmap parsers and interfaces
Nmap and the open source debate
About the author:
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.
This Technical Guide originally appeared on SearchSecurity.com.
This was first published in November 2006