Skip to 0 minutes and 4 seconds In this lab we are going to scan our target in order to find out what services are running on it. We can use Nmap with the default options and simply run Nmap and the IP of the target. The scan will take a moment. We now have the results, let’s have a look at them. By default, Nmaps scans the first 1000 most common ports. Of them, 996 are closed and there is no firewall running there. Further down we can see that the target is running as an SSH server on port 22 probably for remote administration, a web server on port 80 and a MySQL database. It appears to be a web server with a back-end database.
Skip to 1 minute and 17 seconds Let’s have a look at the website. It seems to be a simple company web portal. We will play with that later. Now, let’s think a bit about that database. Suppose that it is there simply as a back-end to the web server. Do we really need it visible directly from outside of the server? Well, no is the simple answer. From a security point of view this is not a good idea as it increases the attack surface of the server. What we want is to run a firewall which hides the database.
Scanning a target
Watch the above video in which we perform a basic host scan. Find out whether it is behind a firewall and what services are running on it.
Over the next few steps, we take a look at the exposure of networked devices and services on a server, both with and without a firewall, and discuss the security implications this could have.
We will use Nmap – a network scanner capable of discovering running hosts and services on a network. At this point, we will only use its basic functionality and will explore it in more detail in later modules. In the meantime you can find more about it at the Nmap website.