Getting Started in Port Scanning Using Nmap and Kali Linux

How Secure Is Your System?

A default install of CentOS 8 may seem like a good idea but how exposed does that leave you, after all it is Enterprise Level Linux.

In this course we work with nmap and Wireshark on Kali Linux from Offensive Security. Scanning your network with the tools and systems used by hackers helps you understand the cyber security risk to your systems. First, we identify one simple weakness with port 9090 open by default, in the firewall in readiness for Cockpit the web administration console. Cockpit is disabled by default leaving the system with one open port 22 and one closed port 9090 just what is needed for an effective Operating System detection scan. Simply closing 9090 in the firewall reduces this threat.

Next we learn to audit SSH security to detect systems that allow password based authentication, again a default setting we need to secure. The nmap Scripting Engine or NSE is perfect to delve inside of the services running on your system to expose weaknesses. Throughout the course, we use Wireshark to analyse the network activity helping you to understand the different modes of nmap.

Finally we secure the threats using Ansible configuration management; ensuring that the fixes are documented and repeatable.

The main topics covered in this course include:

• Nmap as root and non-root accounts

• The detection phases used by nmap

• Host discovery using nmap

• Creating lists of online hosts

• Using different host discovery techniques in nmap

• Using different port selection mechanisms in nmap

• Using nmap and awk to list SSH Servers on the network

• Capturing and filtering packets with Wireshark

• Using NSE scripts to print SSH Host-keys and authentication methods

• Using Ansible to secure your host configuration