From Ryan Groom,
Your Guide to Business Security.
FREE Newsletter. Sign Up Now!

Phase I - Network Map

The result of the network map is a comprehensive list of all active hosts and services operating in the tested address space.

Network scans first identify active hosts in the tested address range. Once active hosts have been identified, they are scanned for open ports that will then identify the network services operating on that host.

The information gathered during this open port scan will often identify the target operating system. This process is called operating system fingerprinting.

Network mapping will assist in identifying the application running on a particular port. Identifying which application product is installed can be critical for detecting vulnerabilities. A technique called 'Banner Grabbing' is used to help identify applications. Banner information is generally not visible to the end-user (at least in the case of web servers and browsers) however it is transmitted and can provide a wealth of information, including the application type, application version and even operating system type and version.

Network mapping is conducted to:

Check for unauthorized hosts connected to the organization's network

Identify vulnerable services

Identify deviations from the allowed services defined in the organization’s security policy

Create a detailed map of what servers and services can be seen by anyone on the Internet

Prepare for detailed vulnerability assessment