Wednesday, April 20, 2011

Network Security Scanners For Administrators

There are more and more applications for network administrators on the market, both commercial and free, which serve to verify the system security. Today's administrator has to be highly motivated and extremely patient, as he has to become familiar with a large amount of new software to help him in his difficult work.
There has been a flood of network monitors, network configurators, and other programs to improve network function, or that relieve the administrator of at least part of his responsibilities. However, it is the administrator's duty to deal with the network.

 Full automation of the network combined with a superficial status check are a recipe for trouble. This is especially true of huge corporate networks, where security is often neglected. Instead of surveying their systems at least once a day, administrators often hand off this responsibility to various applications. In fact, these applications should only help the administrator in detecting possible irregularities or unauthorized access, and not, as many seem to think, completely take over this task. Software can easily be deceived.

This post will show how administrator should monitor network security. We will demonstrate that it is worth dedicating one's time to analyzing and choosing the correct settings instead of automating the monitoring function of the data being sent.

This post can also be understood from "the other side" - the hacker's point of view. The majority of network applications , which on the one hand help protect a network, can also be used to manipulate a network for one's own purposes. In particular, we mean scanners, one of the most popular network kinds of programs in recent years.

We should bear in mind that the best method to get to know the network security level is to attempt to break down all the barriers that normally protect our systems. Just as real-life detectives do, to learn the details or the motive of an offense we have to put ourselves in the criminal's place, so as administrators we should become hackers and carry out an attack on our own network. it is also good to try to obtain as much information as possible about it. just as an intruder would do before cracking.

What are scanners?

Scanners, the subject of this post, are "neutral" network applications. this means that they can help both a hacker and an administrator. Their task is to collect information about network devices. As it turns out, this information can be quite varied. We are able to discover which software is used in the system, to check how long it has been running, and to find out about the available ports. Of course the scanners are written in such a way that their activity won't leave unwanted footprints on the target machine. It happens often that scanning is performed using undocumented protocols, the monitoring of which is usually ignored.

The advantages this presents may seem to be useful only to a hacker, but they are also important to an administrator. They allow us to make appropriate changes to the settings and improve the system security level.

There are three popular scanners, Nmap, Nessus, and Nikto. Each of these applications provides different functions, and they complement each other perfectly.



Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. Unlike many simple port scanners that just send packets at some predefined constant rate, nmap accounts for the network conditions (latency fluctuations, network congestion, the target interference with the scan) during the run. Also, owing to the large and active user community providing feedback on its features and contributing back, nmap has succeeded to extend its discovery capabilities beyond basic host being up/down or port being open/closed to being able to determine operating system of the target, names and versions of the listening services, estimate uptime, the type of device, presence of the firewall. [from Wikipedia]

Nmap runs on Linux, Microsoft Windows, Solaris, HP-UX and BSD variants (including Mac OS X), and also on AmigaOS and SGI IRIX. Linux is the most popular nmap platform with Windows following it closely.



Nessus is an application that is worth to discuss about. This program is similar in funcionality to nmap, but it distinguishers itself by an extended error detabase, updated every day, that is very useful for the user. In addition, Nessus is easy to keep up to date, using a plugin system for this purpose. The plugins are created with a special NASL script language. Information about the application can be obtained on the homepage of the project:


Nikto performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs, versions on over 950 servers, and version specific problems on over 260 servers.

About The Author

This post is written by Aleksandar Tasevski, He writes related to Ethical hacking and security stuffs at his website, If you are interested in writing a guest post on this blog, Kindly read the guidelines here