Nmap in the Enterprise: Your Guide to Network Scanning (Paperback)

by Angela Orebaugh (Author), Becky Pinkard (Author)
Key Phrases: using nmap, network distance, nmap output, Nmap Scanning, Starting Nmap, Microsoft Windows (more...)

Editorial Reviews

Review
Russ Rogers is co-founder, CEO, CTO and Principal Security Consultant for Security Horizon, Inc. Russ is a United States Air Force Veteran and has served in military and contract support for the National Security Agency and the Defense Information Systems Agency. He also serves as the Professor of Network Security at the University of Advancing Technology (uat.edu) in Tempe, AZ.

?My career is based on performing network evaluations and penetration tests on customer networks to find security holes. A significant part of my job is understanding the specifics of what machines, services, and applications are available to attack on those networks. This is normally the first step in any network security work. Although there are certainly multiple tools available that could be used for this, the industry agrees (by huge majority) that NMAP is the best tool for the job. It provides mandatory functions, such as service identification and verification, but also provides the added capabilities for identifying the host operating system and utilizing a variety of port scans methods, depending on the job requirements.

Many of the options within NMAP are no longer documented within the help files, requiring users of the product to keep their own notes or perform extensive web searches looking for the appropriate command line options to use. It is my opinion that a Syngress book on the NMAP tool would provide an invaluable reference to individuals depending on the NMAP tool. What a great benefit it would be to reach over and take a reference from the book shelf.

Of course, all truly useful reference books need a qualified author who understands the underlying details. I believe Angela Orebaugh has the background and network knowledge to write a comprehensive and valuable reference book on NMAP. Angela has already authored books on intrusion detection, Snort IDS, and packet sniffing using Snort. The understanding of networks and protocols required to write on those topics is mandatory when authoring a reference on port scanning. It is my hope that Ms. Orebaugh can de-mystify some of the basic operations of the port scans and provide a much needed tutorial on how each scan works and why it might be useful in each situation.?

Richard Stiennon, vice president at Gartner
"Nmap is one of the tools in your toolbox you need as a network analyst. I would recommend everyone in the world use it to check port 135 to see if [they] have desktop servers listening on it. If you don't, you're going to be down in the next couple of weeks."


Book Description
A comprehensive guide and tool suite Nmap, which has over 1,000,000 users and is distributed with many operating systems including Redhat Linux, Debian Linux, Gentoo, FreeBSD, and OpenBSD.

See all Editorial Reviews

Product Details

• Paperback: 384 pages
• Publisher: Syngress (January 14, 2008)
• Language: English
• ISBN-10: 1597492418
• ISBN-13: 978-1597492416
• Product Dimensions: 8.9 x 7.4 x 0.8 inches
• Shipping Weight: 1.2 pounds (View shipping rates and policies)
• Average Customer Review: 3.4 out of 5 stars See all reviews (5 customer reviews)
• Amazon.com Sales Rank: #135,322 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

6 of 6 people found the following review helpful:

5.0 out of 5 stars Great resource for using Nmap , October 13, 2008

By	Jenny Matthews "Jenny" (California) - See all my reviews

I've been a system administrator for several years. I've never used Nmap before because I thought it was just a hacking tool. Two months ago one of our security consultants had this book with him and I took a look at it. I had no idea that Nmap could be used to do so many everyday tasks. I ordered my copy that day and I have been using Nmap ever since.

Chapter 1 is a basic overview of basic network protocols, OSI model, and network scanning techniques. A new user (and especially someone new to security) will find this information very useful and informative. More experienced users can probably skip this chapter. One good piece of advice in this chapter is to make sure you have permission to run Nmap. As a system administrator of an entire domain I have permission to use tools like Nmap, but I did receive a call from the security folks because they don't usually see Nmap traffic in my segment! (Chapter 8 shows how they discovered it)

Chapter 2 has some good information on using Nmap to perform network inventory, assessment management, and compliance testing. I created a simple script that runs every morning and sends me a report of the active hosts, what operating system they are running, what ports are open, and what services are installed. This is great! I discovered a system already that someone had installed an application on overnight that is not allowed per our company policy. I was able to quickly locate the system and have the administrator remove the application. I used the information in Chapter 4 to put together my scripts. It has a lot of good examples. I really like the additional features you get with Zenmap such as the Command Wizard and the ability to create profiles. I created profiles for the commands I commonly run for each of my zones.

Chapter 6 - WOW - this chapter gets into the weeds of Nmap fingerprints. I especially liked how this chapter also pointed out how to use Nmap to justify your IT budget. I will be putting that advice to good use soon to justify OS and application upgrades!

NDiff has already come in very handy and I am hoping to port some of my scripts to Bilbo. I am going to start using some of the monitoring techniques in Chapter 8 to monitor my domain to make sure no one else is scanning. I also plan to move on to some of the advanced scanning techniques covered to learn about evasion, spoofing, and perimeter device testing, but I'm not there yet. I highly recommend this book for other folks like me who manage systems and networks, it has made my job a lot easier!

4 of 4 people found the following review helpful:

3.0 out of 5 stars Basic introduction to Nmap with no real enterprise focus, June 7, 2008

By	Richard Bejtlich "TaoSecurity.com" (Metro Washington, DC) - See all my reviews (TOP 500 REVIEWER)    (REAL NAME)

Initially I hoped Nmap in the Enterprise (NITE) would live up to its title. I was excited to see "Automate Tasks with the Nmap Scripting Engine (NSE)" on the cover, in addition to the "Enterprise" focus. It turns out that beyond a few command line options of which I was not previously aware, and some good info on interpreting OS fingerprinting output in Ch 6, I didn't learn much by reading NITE. If you are new to Nmap or network scanning you will probably like NITE, but if you want a real enterprise focus or information on NSE you will be disappointed.

If you're going to make "Enterprise" part of the title for NITE, I would expect more attention paid to one of the biggest problems in enterprise scanning: data management. You can scan all you want, but the real problem is doing something intelligent with the output. With about 21 pages of text, Ch 7 (Tooling Around With Nmap) is the closest NITE comes to saying something about managing Nmap output beyond the single, smallish scan scenario. Unfortunately, the chapter is not up to the task.

Some might consider it unfair to criticize the book if there really is no enterprise-quality Nmap support application available. If that is the case, I have two replies. First, change the focus. Second, implement that application, and include it in the book. If you think the second is too much work, consider my reviews of the Hacking Exposed titles on Wireless, VoIP, or Cisco. All three author teams wrote specific tools to address shortcomings in each of their subject areas, and then included them in their three books. Not all authors can do this, but that level of effort really contributes to an outstanding book.

Turning to NSE, I hoped to learn about how to use Lua scripting with Nmap. The section on NSE is less than three full pages (pp 116-118) and basically concludes with a reference to the Nmap home page for more information. In the one place where the newest book on Nmap could have differentiated itself from its predecessors (many other Syngress books, Osborne's Anti-Hacker Toolkit or Hacking Exposed, and so on), NITE avoids the issue.

Aside from these issues, NITE is a good book for those with basic or perhaps intermediate experience with Nmap. Most of the items I found useful could have been gleaned from the Nmap man page or changelog, but I'll mention a few here. P 96 shows using the --reason switch to give more detail on responses from targets. PP 97-99 show using the -sL switch for list scans and -PN as the replacement for -P0. Note that Table 4.2 says -sN replaces -P0; it should say -PN replaces -P0 due to confusion with -PO (used for Internet Protocol enumeration). I liked the --osscan-limit switch on p 111 to only perform OS identification against targets offering at least one open and one closed port. P 127 reminded me of runtime interaction commands, like v/V for verbosity, d/D for debugging, and p/P for packet tracing. P 129 demonstrated the value of using --log-errors.

Ch 6 (Nmap OS Fingerprinting) was my favorite chapter. I liked the explanation of the components of an OS fingerprint. I hadn't seen this so thoroughly explained elsewhere, although it might exist. Overall, I should mention that the book was much better written than the average Syngress title. I credit the two (and only) authors for this level of quality.

If you have no other references for Nmap, and you use the tool in limited engagements, you should buy this book. If you're looking for help with real enterprise use or advanced Nmap usage, keep looking. Perhaps a second edition will address these issues?

1 of 1 people found the following review helpful:

5.0 out of 5 stars Great Intro, March 17, 2008

By	Michael Pisto - See all my reviews (REAL NAME)

I've been using Nmap for a few years now as a basic scanner, not needing more that the little that I have needed it. This book give a great overview to the basics of nmap and good ways to log your scans. it's very current, they use nmap 4.50 in the book and 4.60 just came out so it's very current. For any network administrators out there that haven't used nmap or were scared of the command line, get this book. nmap is the best, you'll learn a great deal about using it in your network to map your network out. The authors show you how to log, do some assessment tests, scan, etc.

it's funny that ethereal/wireshark, snort...etc all have many books written about them, but there's only 2 that i know of for nmap, this one, Professor Messer has a whole site dedicated to nmap and he has written an ebook (also own it, great! and he has webinars). I know Fyodor is compiling a book but who knows when that'll be out.

Do yourself a favor if you administer any network, get this book because nmap will be your new best friend!!!

Great!