Nmap

 What       -is    -Nmap

Nmap, short for Network Mapper, is a free and open source tool used for vulnerability checking, port scanning, and, of course, network mapping. Despite being created back in 1997, Nmap remains the gold standard against which all other similar tools, either commercial or open source, is judged.

Nmap has maintained its preeminence because of the large community of developers and coders who help to maintain and update it. The Nmap community reports that the tool, which anyone can get for free, is downloaded several thousand times every week. Because of its flexible, open source code base, it can be modified to work within most customized or heavily specialized environments. There are distributions of Nmap specific to Windows, Mac, and Linux environments, but Nmap also supports less popular or older operating systems like Solaris, AIX, or AmigaOS. The source code is available in C, C++, Perl, and Python.

What is Zenmap?

To deploy Nmap, users originally had to have some advanced programming skills, or at least know their way around console commands or non-graphical interfaces. That changed recently with the introduction of the Zenmap tool for Nmap, which adds a graphical interface that makes launching the program and analyzing the returned output it generates much more accessible. Zenmap was created to allow beginners to use the tool. Like Nmap, Zenmap is free and the source code is both open and available to anyone who wants to use or modify it.

Here are some of the capabilities that are enabled by Zenmap: Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows the interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. And the results of recent scans can be stored in a searchable database.

Nmap became a movie star

The tool was originally created using the C++ computer language by Gordon Lyon. He released the tool through Phrack Magazine under the pseudonym Fyodor Vaskovitch, which he created after reading Fyodor Dostoevsky’s Notes from Underground. Although everyone today knows who Lyon is, he still uses the Fyodor name to identify his work within the Nmap community.

And it’s not just computer professionals and the IT community that consider Nmap to be a star. It’s been featured in popular culture including in books, television shows, and blockbuster movies. It’s a safe bet that no other tool has had so many cameo appearances in major motion pictures.

Nmap has been featured in thriller movies set in the modern-day like Ocean’s 8, Die Hard 4, and The Girl with the Dragon Tattoo. And even though the tool is 25 years old, if Hollywood has it correct, it will still be used well into the future, even a dystopian one. That’s because Nmap is also showcased in Matrix Reloaded, Dredd, Fantastic Four, and Elysium. It even has the dubious distinction of being prominently featured in the softcore pornography series HaXXXor.

The community of developers that maintain Nmap, as well as Lyon himself, has extended an open invitation to directors and film writers, offering to provide technical advice to help make movies that feature Nmap a little more realistic. They also maintain an active and ever-expanding filmography about the tool. One of the reasons why Nmap is featured in so many movies is because of its ability to uncover unknown information about computer networks, meaning that it makes for a great tool for hackers. Ironically, it was designed to help administrators map, protect and defend their networks, but it’s powerful enough that the bad guys can also use it for reconnaissance to capture information about the networks they have targeted for nefarious activities.

Nmap work

The heart of Nmap is port scanning. How it works is that users designate a list of targets on a network that they want to learn information about. Users don’t need to identify specific targets, which is good because most administrators don’t have a complete picture of everything that is using the potentially thousands of ports on their network. Instead, they compile a range of ports to scan. It’s also possible to scan all network ports, although that would potentially take a lot of time and eat up quite a bit of available bandwidth. Plus, depending on the type of passive defenses that are in use on the network, such a massive port scan would likely trigger security alerts. As such, most people use Nmap in more limited deployments or divide different parts of their network up for scheduled scanning over time.

In addition to setting up a range of targets to be scanned, users can also control the depth of each scan. For example, a light or limited scan might return information about which ports are open and which have been closed by firewall settings. More detailed scans could additionally capture information about what kind of devices are using those ports, the operating systems they are running, and even the services that are active on them. Nmap can also discover deeper information, like the version of those discovered services. That makes it a perfect tool for finding vulnerabilities or assisting with patch management efforts.

Controlling the scans used to require console commands, which of course means that some training was required. But the new Zenmap graphical interface makes it easy for just about everyone to tell Nmap what they want it to discover, with or without formal training. Meanwhile, professionals can continue to use the console commands they always have, making it a useful tool for both experts and novices alike.

Nmap a security risk

While one could make the argument that Nmap is a perfect hacking tool, many of the deeper scan activities require root access and privileges. Someone from outside can’t just point Nmap at a target network they don’t have permission to access and have it magically uncover vulnerabilities for them to exploit. Not only that, but the attempt would likely trigger a critical security alert by any defensive or network monitoring tools.

That is not to say that Nmap could not be dangerous in the wrong hands, especially if deployed by a turncoat system administrator or someone using stolen credentials. This was demonstrated in the 2016 Oliver Stone movie Snowden (another film that featured Nmap) about the accused traitor Edward Snowden.

When used properly, Nmap can be invaluable for both optimizing and protecting networks and information. All of the return data sent back by ports scanned using Nmap is collected and compiled by the program. Based on that information, there are several key activities that most people use the tool to help accomplish. They include:

Network Mapping: 

This is the core reason why Nmap was created and remains one of the top uses. Called host discovery, Nmap will identify the types of devices actively using scanned ports. This includes servers, routers, switches, and other devices. Users can also see how those devices are connected, and how they link together to form a network map.

Port Rules Discovery: 

Nmap can easily tell, even with a low-level scan, if a port is open or closed by something like a firewall. In fact, many IT professionals use Nmap to check their work when programming firewalls. They can see if their policies are having the desired effect and if their firewalls are working properly.

Shadow IT Hunting: 

Because Nmap discovers the type and location of devices on a network, it can be used to identify things that should not be there at all. These devices are called shadow IT because their presence on a network isn’t officially authorized, or sometimes may be intentionally hidden. Shadow IT can be dangerous because such devices are not part of a security audit or program. For example, if someone secretly places an Xbox game server on a corporate network, not only will that potentially drain bandwidth, but could act as a springboard for an attack, especially if it’s not maintained with all the latest security patches.

Operating System Detection: 

Nmap can discover the types of operating systems running on discovered devices in a process called OS fingerprinting. This generally returns information about the name of the vendor of the device (Dell, HP, etc.) and the operating system. With a deeper Nmap scan, you can even discover things like the patch level of the OS and the estimated uptime of the device.

Service Discovery: 

The ability to discover services elevates Nmap above the level of a common mapping tool. Instead of simply discovering that a device exists, users can trigger a deeper scan in order to find out what roles discovered devices are performing. This includes identifying if they are acting as mail servers, web servers, database repositories, storage devices or almost anything else. Depending on the scan, Nmap can also report on which specific applications are running, and what version of those applications are being used.

Vulnerability Scanning: 

Nmap is not a dedicated vulnerability scanning tool in that it does not maintain a database of known vulnerabilities or any kind of artificial intelligence that could identify potential threats. However, organizations that regularly ingest security information from threat feeds or other sources can use Nmap to check their susceptibility to specific threats.

For example, if a newly uncovered vulnerability only affects a certain application or service running an older version of the software, Nmap can be used to check to see if any programs currently operating on network assets meet those conditions. If anything is found, then presumably IT teams could prioritize getting those systems patched as quickly as possible to eliminate the vulnerability before an attacker could discover the same thing.

 Future of Nmap

Although the Nmap tool is 25 years old, it continues to evolve. Like other seemingly ancient technologies such as Ethernet or Spanning Tree, it is well maintained by an active community of experts that keep it relevant and up to date. And in the case of Nmap, that community includes its very active creator, who still goes by his Fyodor guise online.

Other advancements like the new Zenmap tool make it even more useful, especially for those who don’t like working with console or command lines. The graphical interface for Zenmap allows users to quickly set up targets and configure desired scans with just a few clicks. That will help Nmap find an even bigger user base.

PHP Strings

What is String in PHP

A string is a sequence of letters, numbers, special characters, and arithmetic values or a combination of all. The simplest way to create a string is to enclose the string literal (i.e. string characters) in single quotation marks ('), like this:

$my_string = 'Hello World';

You can also use double quotation marks ("). However, single and double quotation marks work in different ways. Strings enclosed in single quotes are treated almost literally. In contrast, the strings delimited by the double quotes replace variables with the string representations of their values as well as especially interpret specific escape sequences.

The escape-sequence replacements are:

• \n is replaced by the newline character
• \r is replaced by the carriage-return character
• \t is replaced by the tab character
• \$ is replaced by the dollar sign itself ($)
• \" is replaced by a single double-quote (")
• \\ is replaced by a single backslash (\)

Here's an example to clarify the differences between single and double-quoted strings:

<?php $my_str = 'World'; echo "Hello, $my_str!<br>"; // Displays: Hello World! echo 'Hello, $my_str!<br>'; // Displays: Hello, $my_str! echo '<pre>Hello\tWorld!</pre>'; // Displays: Hello\tWorld! echo "<pre>Hello\tWorld!</pre>"; // Displays: Hello World! echo 'I\'ll be back'; // Displays: I'll be back ?>

PHP Data Types

 Data Types in PHP

The values assigned to a PHP variable may be of different data types including simple string and numeric types to more complex data types like arrays and objects.

PHP supports a total of eight primitive data types: Integer, Floating point number or Float, String, Booleans, Array, Object, resource, and NULL. These data types are used to construct variables. Now let's discuss each one of them in detail.

PHP Integers

Integers are whole numbers, without a decimal point (..., -2, -1, 0, 1, 2, ...). Integers can be specified in decimal (base 10), hexadecimal (base 16 - prefixed with 0x) or octal (base 8 - prefixed with 0) notation, optionally preceded by a sign (- or +).

<?php $a = 123; // decimal number var_dump($a); echo "<br>"; $b = -123; // a negative number var_dump($b); echo "<br>"; $c = 0x1A; // hexadecimal number var_dump($c); echo "<br>"; $d = 0123; // octal number var_dump($d); ?>

PHP echo

The echo statement can output one or more strings. In general terms, the echo statement can display anything that can be displayed to the browser, such as strings, numbers, variables values, the results of expressions, etc.

Since echo is a language construct not actually a function (like if a statement), you can use it without parentheses e.g. echo or echo(). However, if you want to pass more than one parameter to echo, the parameters must not be enclosed within parentheses.

Display Strings of Text

<?php // Displaying string of text echo "Hello World!"; ?>

The output of the above PHP code will look something like this:

Hello World!

Display HTML Code

<?php // Displaying HTML code echo "<h4>This is a simple heading.</h4>"; echo "<h4 style='color: red;'>This is heading with style.</h4>"; ?>

The output of the above PHP code will look something like this:

This is a simple heading.

This is heading with style.

Display Variables

<?php // Defining variables $txt = "Hello World!"; $num = 123456789; $colors = array("Red", "Green", "Blue"); // Displaying variables echo $txt; echo "<br>"; echo $num; echo "<br>"; echo $colors[0]; ?>

The output of the above PHP code will look something like this:

Hello World!
123456789
Red

PHP print Statement

You can also use the print statement (an alternative to echo) to display output to the browser. Like echo the print is also a language construct not a real function. So you can also use it without parentheses like: print or print().

Both echo and print statement works exactly the same way except that the print statement can only output one string, and always returns 1. That's why the echo statement is considered marginally faster than the print statement since it doesn't return any value.

Display Strings of Text

The following example will show you how to display a string of text with the print statement:

<?php // Displaying string of text print "Hello World!"; ?>

The output of the above PHP code will look something like this:

Hello World!

5Star-Cybersecurity-Uk

Protect Your Organization’s

From Cyber Attacks

Proactive Multi-Layered Cybersecurity Protection Service Approach To Transforming Your Business With Cybersecurity Threat Intelligence And Orchestration, Automation, Cybersecurity Services, And Cloud And Managed Security Services. Manage Risk And Accelerate Your Business Innovation And Security At The Same Place.read more

Intrusion detection system (IDS)

 An intrusion detection system (IDS)

An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.

While anomaly detection and reporting are the primary functions of an IDS, some intrusion detection systems are capable of taking action when malicious activity or anomalous traffic is detected, including blocking traffic sent from suspicious Internet Protocol (IP) addresses.

An IDS can be contrasted with an intrusion prevention system (IPS), which monitors network packets for potentially damaging network traffic, like an IDS, but has the primary goal of preventing threats once detected, as opposed to primarily detecting and recording threats.

How do intrusion detection systems work?

Intrusion detection systems are used to detect anomalies with the aim of catching hackers before they do real damage to a network. IDSes can be either network- or host-based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system resides on the network.

Intrusion detection systems work by either looking for signatures of known attacks or deviations from normal activity. These deviations or anomalies are pushed up the stack and examined at the protocol and application layer. They can effectively detect events such as Christmas tree scans and Domain Name System (DNS) poisonings.

An IDS may be implemented as a software application running on customer hardware or as a network security appliance. Cloud-based intrusion detection systems are also available to protect data and systems in cloud deployments.

Different types of intrusion detection systems

IDSes come in different flavors and detect suspicious activities using different methods, including the following:

• A network intrusion detection system (NIDS) is deployed at a strategic point or point within the network, where it can monitor inbound and outbound traffic to and from all the devices on the network.
• A host intrusion detection system (HIDS) runs on all computers or devices in the network with direct access to both the internet and the enterprise's internal network. A HIDS has an advantage over a NIDS in that it may be able to detect anomalous network packets that originate from inside the organization or malicious traffic that a NIDS has failed to detect. A HIDS may also be able to identify malicious traffic that originates from the host itself, such as when the host has been infected with malware and is attempting to spread to other systems.
• A signature-based intrusion detection system (SIDS) monitors all the packets traversing the network and compares them against a database of attack signatures or attributes of known malicious threats, much like antivirus software.
• An anomaly-based intrusion detection system (AIDS) monitors network traffic. It compares it against an established baseline to determine what is considered normal for the network with respect to bandwidth, protocols, ports, and other devices. This type often uses machine learning to establish a baseline and accompanying security policy. It then alerts IT teams to suspicious activity and policy violations. By detecting threats using a broad model instead of specific signatures and attributes, the anomaly-based detection method improves upon the limitations of signature-based methods, especially in the detection of novel threats.

Historically, intrusion detection systems were categorized as passive or active. A passive IDS detected malicious activity would generate an alert or log entries but would not take action. An active IDS sometimes called an intrusion detection and prevention system (IDPs), would generate alerts and log entries but could also be configured to take actions, like blocking IP addresses or shutting down access to restricted resources.

Snort -- one of the most widely used intrusion detection systems -- is an open source, freely available, and lightweight NIDS that is used to detect emerging threats. Snort can be compiled on most Unix or Linux operating systems (OSes), with a version available for Windows as well.

Capabilities of intrusion detection systems

Intrusion detection systems monitor network traffic in order to detect when an attack is being carried out by unauthorized entities. IDSes do this by providing some -- or all -- of the following functions to security professionals:

• monitoring the operation of routers, firewalls, key management servers, and files that are needed by other security controls aimed at detecting, preventing, or recovering from cyberattacks;
• providing administrators a way to tune, organize and understand relevant OS audit trails and other logs that are otherwise difficult to track or parse;
• providing a user-friendly interface so nonexpert staff members can assist with managing system security;
• including an extensive attack signature database against which information from the system can be matched;
• recognizing and reporting when the IDS detects that data files have been altered;
• generating an alarm and notifying that security has been breached; and
• reacting to intruders by blocking them or blocking the server.

Benefits of intrusion detection systems

Intrusion detection systems offer organizations several benefits, starting with the ability to identify security incidents. An IDS can be used to help analyze the quantity and types of attacks. Organizations can use this information to change their security systems or implement more effective controls. An intrusion detection system can also help companies identify bugs or problems with their network device configurations. These metrics can then be used to assess future risks.

Intrusion detection systems can also help enterprises attain regulatory compliance. An IDS gives companies greater visibility across their networks, making it easier to meet security regulations. Additionally, businesses can use their IDS logs as part of the documentation to show they are meeting certain compliance requirements.

Intrusion detection systems can also improve security responses. Since IDS sensors can detect network hosts and devices, they can also be used to inspect data within the network packets, as well as identify the OSes of services being used. Using an IDS to collect this information can be much more efficient than manual censuses of connected systems.

Challenges of intrusion detection systems

IDSes are prone to false alarms -- or false positives. Consequently, organizations need to fine-tune their IDS products when they first install them. This includes properly configuring their intrusion detection systems to recognize what normal traffic on their network looks like compared to potentially malicious activity.

However, despite the inefficiencies they cause, false positives don't usually cause serious damage to the existing network and simply lead to configuration improvements.

A much more serious IDS mistake is a false negative, which is when the IDS misses a threat and mistakes it for legitimate traffic. In a false negative scenario, IT teams have no indication that an attack is taking place and often don't discover it until after the network has been affected in some way. It is better for an IDS to be oversensitive to abnormal behaviors and generate false positives than it is to be undersensitive, generating false negatives.

False negatives are becoming a bigger issue for IDSes -- especially SIDSes -- since malware is evolving and becoming more sophisticated. It's hard to detect a suspected intrusion because new malware may not display the previously detected patterns of suspicious behavior that IDSes are typically designed to detect. As a result, there is an increasing need for IDSes to detect new behavior and proactively identify novel threats and their evasion techniques as soon as possible.

IDS versus IPS

An IPS are similar to an intrusion detection system but differs in that an IPS can be configured to block potential threats. Like intrusion detection systems, IPSec can be used to monitor, log and report activities, but they can also be configured to stop threats without the involvement of a system administrator. An IDS simply warns of suspicious activity taking place, but it doesn't prevent it.

An IPS are typically located between a company's firewall and the rest of its network and may have the ability to stop any suspected traffic from getting to the rest of the network. Intrusion prevention systems execute responses to active attacks in real-time and can actively catch intruders that firewalls or antivirus software may miss. However, organizations should be careful with IPSes because they can also be prone to false positives. An IPS false positive is likely to be more serious than an IDS false positive because the IPS prevents legitimate traffic from getting through, whereas the IDS simply flags it as potentially malicious.

It has become a necessity for most organizations to have either an IDS or an IPS -- and usually both -- as part of their security information and event management (SIEM) framework.

Kali Linux

Kali Linux is a security distribution of Linux derived from Debian and specifically designed for computer forensics and advanced penetration testing. It was developed through rewriting of BackTrack by Mati Aharoni and Devon Kearns of Offensive Security. Kali Linux contains several hundred tools that are well-designed towards various information security tasks, such as penetration testing, security research, computer forensics, and reverse engineering.

BackTrack was their previous information security Operating System. The first iteration of Kali Linux was Kali 1.0.0 was introduced in March 2013. Offensive Security currently funds and supports Kalin Linux. you would see a large banner stating, “Our Most Advanced Penetration Testing Distribution, Ever.” A very bold statement that ironically has yet to be disproven.

Kali Linux has over 600 preinstalled penetration-testing applications to discover. Each program with its unique flexibility and use case. Kali Linux does an excellent job separating these useful utilities into the following.

1. Information Gathering
2. Vulnerability Analysis
3. Wireless Attacks
4. Web Applications
5. Exploitation Tools
6. Stress Testing
7. Forensics Tools
8. Sniffing & Spoofing
9. Password Attacks
10. Maintaining Access
11. Reverse Engineering
12. Reporting Tools
13. Hardware Hacking

Professionals that use Kali Linux

* Security Administrators – Security Administrators are responsible for safeguarding their institution’s information and data. They use Kali Linux to review their environment(s) and ensure there are no easily discoverable vulnerabilities.

* Network Administrators – Network Administrators are responsible for maintaining an efficient and secure network. They use Kali Linux to audit their network. For example, Kali Linux has the ability to detect rogue access points.

* Network Architects – Network Architects, are responsible for designing secure network environments. They utilize Kali Linux to audit their initial designs and ensure nothing was overlooked or misconfigured.

* Pen Testers – Pen Testers, utilize Kali Linux to audit environments and perform reconnaissance on corporate environments which they have been hired to review.

* CISO – CISO or Chief Information Security Officers, use Kali Linux to internally audit their environment and discover if any new applications or rouge configurations have been put in place.

* Forensic Engineers – Kali Linux possesses a “Forensic Mode”, which allows a Forensic Engineer to perform data discovery and recovery in some instances.

* White Hat Hackers – White Hat Hackers, similar to Pen Testers use Kali Linux to audit and discover vulnerabilities that may be present in an environment.

* Black Hat Hackers – Black Hat Hackers, utilize Kali Linux to discover and exploit vulnerabilities. Kali Linux also has numerous social engineer applications, which can be utilized by a Black Hat Hacker to compromise an organization or individual.

* Grey Hat Hackers – Grey Hat Hackers, lie in between White Hat and Black Hat Hackers. They will utilize Kali Linux in the same methods as the two listed above.

* Computer Enthusiast – Computer Enthusiast is a pretty generic term, but anyone interested in learning more about networking or computers, in general, can use Kali Linux to learn more about Information Technology, networking, and common vulnerabilities.