Free «Network Security » Essay Sample

Introduction

Network security is the protection of networks and the services they provide against any unauthorized amendments, destruction or divulgence. Network security therefore provides a guarantee that a network can carry on its core functions as required without harm to the organization. The use of local and wide area network systems pose a great risk by exposing networks to attacks on password files not to mention unauthorized access. Systems that exist on larger networks are more prone to security risks. It against this risks that there exists the need to employ the services of network security tools like Nmap and GFI LANguard to work against these risks. The network security tools, in as much as they provide help, also do have certain short comings that require review and improvements (Huang, Scott and Dingzhu 2010).   

Nmap (Network Mapper) is a complimentary and open source service for network security assessment. It is used by system and network administrators to perform tasks of monitoring host uptime, carrying out network inventory and service upgrade management. It utilizes raw IP packets in great ways to establish the hosts present on the network, services these present hosts provide, operating systems run by the hosts, types of firewalls in use among others. Its main design objective is to scan large networks in a short time but it also performs well against a single host.  GFI LANguard on the other hand is a renowned network security and vulnerability scanner that provide total network security outline with the least of administrative input, at the same time, providing curative help through its patch management characteristics.

The choice of Nmap and GFI LANguard is because Nmap is flexible for it supports numerous complex techniques that map out networks full of routers, firewalls and many other obstacles. It is also powerful and has the ability to scan large networks of many thousands of machines. Nmap is very well documented with comprehensive and up to date whitepapers, tutorials in several languages. The fact that it has received several awards including Information Security Product of the Year by Linux Journal makes it the network security tool of choice. GFI LANguard is preferred for its patch management feature which helps eliminate missing security patches by providing fully automated detection which downloads and install these missing patches. The fact that it supports non Microsoft software helps administrators in dealing with non Microsoft applications the same way as those of Microsoft.

Weakness on the Nmap and GFILANguard as network port scanner tools

Nmap is a free for downloading network security tool developed by hackers, given that it is the same tool used by many hackers makes it the best. Other than being known for versatility and simplicity in use, it has a few weaknesses. One weakness is that Nmap requires separate WinPcap Installation. For years, Nmap has been a strictly UNIX tool and its porting to Windows platform by eEye Security a couple of years ago. As of today, the Windows version has been greatly improved by eEye to a level that its abilities are very close to those of UNIX. To successfully run Nmap on Windows there is need to install WinPcap packet driver. The beauty of it all is that these drivers are distributed as part of eEye software and Window- based installer is equally available online.  

In case the PC to be secured has several Ethernet configured interfaces, Nmap must be told which one to perform its work on. This is a minor weakness because it can be simply overcome by an addition of an “–e2” string to the command line string. All one needs to do is provide Nmap with a series of IP addresses and in addition to probing the open ports, it will generate all manner of important information like the core operating system together with the NetBIOS identity of the PC running that IP address (Frye and Douglas 2007).

One other short coming associated with Nmap is that, due to its UNIX roots, it has an extremely short command-line sentence structure which is very case sensitive. This makes it difficult to figure out whether one command uses capital O or numerical 0 and if one incorrect letter is typed, the commands can never work. There exists an IP address:   NmapNT –sT192.168.1.0 that uses TCP connect command to open all ports on a particular IP address and so if one wants to scan an entire subnet then all that is needed is to append a a/24 for the whole class C subnet. If the intent is to check out a network without being detected, then the appropriate scanning option is a TCP SYN stealth scan that sends a SYN packet without necessarily opening the connection. TCP (Transmission Control Protocol) ensures that before any data is transmitted; a trustworthy connection is first obtained and recognized (Czech, Joseph and Plotkin 1998).

The ability of Nmap to fragment packets alongside timings that remit very few packets stretched over a considerably long period of time is a weakness. The reason is that when packets are fragmented and percolate very slowly, an intrusion detection device is not likely to take note of any suspicious activity. This slow timing ensures that alarms never go off by having a significant amount of data, packets or connections to many ports of a single device in a given time frame. This fragmentation gives room for an attacker to sneak packets through a firewall by bypassing packet filters; this is because packet filters only examine the initial fragment of a packet.  An attacker can cover up data with overlapping fragments and headers.

Decoy scanning feature in Nmap where it generates numerous false scans to divert attention from the real scan is another weakness on this port scanner tool. In as much as this feature is regarded as a weakness, it can as well fall under the pros of Nmap because looking at it critically, decoy scanning helps users in preparing for the likelihood of dealing with fragmentation which helps in sealing a possible security gap (Seagren, Eric 2006).

Being open source software, Nmap is free for downloads to all, at least for now and for that, it does not have a license and security warranty among other features. Providers of Nmap can as a result not be held to account in the event of any breach since they are not contractually bound. This is likely to change if what the developer, Fyodor told SecurityFocus .com will come to pass. Fyodor, the founder of insecure.com, hinted that Nmap will sometime in the future go commercial but still keep the features is has a free tool today. When this happens, then the weaknesses associated to the current free version will be immediately overcome (Orebaugh, Angela and Pinkard 2008).

Fyodor is a ‘grey hat’, that is a combination of ‘black hat’ and ‘white hat’. A white hat hacker is one who breaches security for non malicious reasons like testing the system while a black hacker on the other hand is one who violates security for malicious or personal gain. Fyodor is both and that makes his product, Nmap very dangerous. The fact that it serves both the good and the bad guys makes it very difficult to trust. He should make a choice and take one side, should he choose to be a complete white hat and commercialize Nmap, that will be a major step in improving the brand by making it trusted more that it is today. It is important to take note that even with Nmap’s position as a white hat hackers’ product, it is very popular among many users (Shema, et al 2004).

GFI LANguard has the weakness of requiring software to be installed in at least a single computer for the purposes of test during the process of uninstallation; there is therefore need for manual work each time an unauthorized application is encountered. Other than deploying software and updates it is not possible to act in real time when a malicious service is detected and the only option present is the use of Remote Desktop Option (RDO) (Posey, Brien, and Thompson 2009).

Network scanning has the general short coming that the processes do not directly identify known exposures; it is also not used as a final test but is instead a prelude to infiltration testing alongside requiring substantial expertise to interpret results.  These faults cut across all security tools and are not specific to either Nmap or GFI LANguard.

Conclusion

Even with the existing weaknesses, it must be accepted that GFI LANguard and Nmap do a lot of good to users with regard to network security. The good done by these tools, if were to be put on a scale, to a large extent outweigh their short comings. GFI LANguard for example is a virtual system consultant that provides the administrator with a complete picture of the network set up and risk analysis. These features go a long way in helping maintain a secure and compliant network that is faster and more efficient. Its other function of helping an administrator know exactly what is happening in the network is particularly very important since it provides information on changes that have security implications in terms of any new applications installed services that are either started or stopped, happenings that are core to an administrator’s performance (Gookin and Dan2007.

Network Papper (Nmap) is also not completely weak. Even with the numerous concerns around it, there are many great features that make it not only popular, but also fundamental to the security of networks. Just like in the case of GFI LANguard, I have the opinion that it brings more good than harm to users. It can be used defensively to help identify weaknesses that require correction since it has the ability of determining open in the system. But just like for defense purposes, hackers can equally make use of its services to investigate vulnerable areas in a system that can be exploited for various reasons. It is therefore a double edge sword that cuts on both the hackers and administrators sides (James 2007). 

In a nutshell, Nmap, GFI LANguard and all the available network security scanners paly a very important role in helping organizations to protect their systems from exploitation by hackers. In as much as there are weaknesses, it should be appreciated by all users that the role of these tools is so important to a point that information system industry cannot be existence without them. A thought of a world without security scanners cannot be comprehended today, as a matter of fact, this industry cannot exist without these tools. That having been addressed, it’s of great significance that the existing loopholes existing in these two tolls (Nmap and GFI LANguard) should be improved for the greater good of the tools and the industry at large (Conway, Richard, and Cordingley 2004).