Introduction

Information security professionals who are tasked with protecting their organization's technological infrastructure must possess at least a basic understanding of networking. A quick and easy way to understand how systems are networked together is to perform network scanning. Network-scanning tools return results quickly, and are useful for troubleshooting. Network-scanning tools not only teach you how systems interconnect; they also reveal how systems appear on a network.

A network scan of any system might reveal unexpected services or vulnerabilities. Knowing how that system appears to others on the network is most valuable to someone seeking to exploit that system. For example, even though a Web server has a singular purpose, it might present itself on the network as offering many additional services. And while the administrator might be diligent in ensuring the Web service is protected, the other available services may provide a variety of opportunities for attack. These "attack vectors" are most easily identified through network scanning. It's critical that information security professionals use network scanning to identify these attack vectors before an attacker does. This enables the IT professional to mitigate or eliminate these unnecessary risks.

In this lab, you will learn about and practice network scanning. The tools used for the lab are some of the industry's most popular and well-known scanning tools available.

This lab has four parts, which should be completed in the order specified.

In the first part of the lab, you will complete a basic but thorough review of network essentials. This guarantees a foundation on which to build your network-scanning knowledge. Be prepared to gain a deeper understanding of why network-scanning skills are valuable. After research and a case study, you will be ready to perform network scanning on the virtual lab environment provided for you.

In the second part of the lab, you will perform network scanning within the virtual lab environment. The network environment contains multiple subnets and several systems per subnet. You will learn about and make use of the network-scanning application Nmap. Because Nmap is a command-line utility, the lab also makes use of the popular front-end GUI for Nmap, called Zenmap. Using Nmap and Zenmap, you will scan and map out all the connected devices. Your objective for the scan is to identify the operating system (OS) of each devices, services running on those devices, as well as the versions of target services.

The third section of the lab is about managing scan results. Running a network scan produces myriad scan results. This section provides several opportunities to manipulate and manage the results to produce reports and records for later use. Note that the information gathered and reported from this lab will be used in future labs. Therefore, it is important not only to scan correctly, but also to produce reports to be used later.

Finally, if assigned by your instructor, you will explore the virtual environment on your own in the fourth part of the lab to answer a set of challenge questions that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation.

Learning Objectives

Upon completing this lab, you will be able to:

Understand the basic principles of networking and network scanning.

Use network-scanning tools, including Nmap and the graphical interface Zenmap.

Prepare and record scanning results be used for a later lab.

Overview
In this lab, you researched and gained an understanding of principles of computer networking and network scanning. You used network-scanning tools such as Nmap and the GUI interface Zenmap. Lastly, you prepared and recorded scan results. These lab results will be used for a future lab.

Lab Assessment Questions & Answers

1. What are some reasons an information security professional would scan a system or network of systems?

2. Why is it important to learn at least a few commonly used ports and their associated services?

3. What TCP/IP protocol relies on a three-way handshake to establish a connection-oriented transmission and how might this handshake assist in network scanning?

4. Between TCP and UDP, which protocol requires less overhead and is generally faster?

5. Give an example of a situation in which an information security professional might use Nmap to verify statements made by a system administrator.

6. Describe the relationship between Nmap and Zenmap.

7. If you wanted to use Nmap for command-line scanning, how would Zenmap help?

8. Describe the different scan profile types you used in Zenmap.

9. What scan profile type can you use to positively identify a system's OS?

10. True or False: The Zenmap application allows you to graphically present the full scanned topology.

11. True or False: The scans performed in Zenmap are automatically saved for later reference after the application is closed.