nmap

Firewalls, IDS, IPS and Nmap

David Johnson

23 Sep 2024 — 1 min read

To prevent unathorized access and malitious attacks on a network system
administrators have a few options in their arsinal. Firewalls and Intrusion
Detection/Prevention Systems are the main line of defense in this situation.
These defenses are effective when configured properly. However, every defense
has its weakness. Understanding the limitations of these systams are crutial
for attackers and defensers. The goal of this essay is to explore these systems
and the role they play, and how we can use Nmap, a powerful tool for scanning
networks, can test these defenses and identify potential weaknesses.

Firewalls can be software or dedecated hardware devices that monitors network
traffic and filters packets based on predefined rules. These rules can be based
upon IP address, ports, or protocols. For example, ICMP is often filtered to prevent
scanning tools. An Intrustion Detection System is similar in designe. However,
there are two main differences. First, it does not prevent packets from being
sent. Rather it notifies the security team or system administrator of abnomilies.
Secondly, it is much more advanced and looks at the overall traffic. Looking
for known patterns or suspicious activites. Whereas an Inrusion Prevention
System is a mix of both. Not only does it look at the traffic as a whole and
look for known patterns or suspicious behavior, it also blocks or drops packtes
like a firewall.

These tools are a great defense if used properly. To use them properly you
must have well thought out rules and keep them up to date. Overly permissive
rules can inadvertantly expose sentsitive information. IDS and IPS need to be
kept up to date to make sure they have the latest attack signtures and
abnomility detection. These devices also have their limitations. For example,
encrypted traffic. If the data packets are encrypted the contents can not be
inspected, only the metadata can. These devices can also affect network
performance. Like the securty screening at the airport if you have a lot of
packets comming in and if each one needs to be inspected, it can create a
bottleneck. Also, there are alwsys a possibility of a false negitive or a false
positive. Meaning that regular mainitance and testing is important to keeping
your devices working at peak performance.

Supporting the Security Parthenon: How the Five Pillars of Information Security Work Together and Why Authorization Deserves Its Place

Like the pillars of the great Parthenon the five pillars of information security hold up and support a comprehensive security program. In this essay I will discuss the five pillars and how they are connected by providing specific examples of how they support and rely on each other within a

Golden Ticket

Golden Ticket This document covers how to create a Golden Ticket. An Active Directory Domain server is required for this to work. Connected clients are useful but not required. Creating the Ticket To create a Golden Ticket the NT Hash for KRBTGT will need to be aquired as well as

Bash Breakout

Breaking out of a restricted shell is a significant step in ethical hacking and penetration testing. However, sometimes you find yourself in a limited or non-interactive shell environment where essential features like command history navigation and screen clearing don't work. In such cases, upgrading to a fully interactive

A Piece of Cake

Security is a piece of cake. Just imagine a piece of cake sitting there, all delicious looking. You want that piece of cake, but you have to study first. You want to keep this cake secure. You don't want anyone finding, eating, or stealing it. You don'

Read more

Supporting the Security Parthenon: How the Five Pillars of Information Security Work Together and Why Authorization Deserves Its Place

Golden Ticket

Bash Breakout

A Piece of Cake