Scanning and Enumeration Research

According to Hsu and Marinucci (2013) increased technological advancement has brought about much higher cybersecurity threats. With most companies and governments being forced to adopt technological changes, so has the risk against unauthorized information access been elevated. In most cases, governments and organizations store, transmit and share private and confidential information across the vast network. In most cases, some of these networks have a lot of vulnerabilities that might put this data at risk of getting accessed. Following this, it has seen the emergence of white hat hackers, also referred to as ethical hackers (Patil and Bhakkad, 2014). The firms and governments hire such individuals to help in detecting any vulnerability within their information systems that malicious hackers can use in gaining access to the information (Simpson, Backman, and Corley, 2010). In most cases, the white hat hacker will employ the use of similar hacking techniques as the malicious hacker to test the security strength of a system. Additionally, the ethical hackers will provide people with more services such as retrieving data that has been affected by various factors making it inaccessible. However, before one qualifies to become an ethical hacker, he/she must have a certification. It will ensure that the hacker fully understands the ethical responsibilities of the access information systems (Allsopp, 2017). Through acquiring the certification, it will provide the ethical hacker can carry out system hacking, different forms of attacks on the system such as planting Trojan horses and other viruses, SQL injections, scanning, and enumeration. All these techniques form part of the penetration testing means of accessing an organizations information system and identify any existing and potential vulnerabilities (Allsopp, 2017). After the tests, the results will become forwarded to the firm's information technology personnel who will use the outcomes in coming up with recommendations and plans strengthening their system and reduce any likelihood of future attacks.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Scanning and enumeration form part of the penetration testing techniques employed by an ethical hacker when accessing the system. However, one must adhere to various rues a regulation throughout the entire process. The client in question must first approve all the steps that the ethical hacker will employ and have the approval in writing. These will be contained in the "Rules of Engagement" document (Faircloth, 2011). It will outline all the parties involved during the penetration testing period. These will include the IT personnel and testers detailing their contact information and number of hours spent in testing the system for the entire period. The document should correspondingly outline all the IP addresses that will need testing and those that will not require any testing. The Rules of Engagement will similarly describe all liability limitations that might result from the entire testing process (Faircloth, 2011). Through this, it will ensure that all parties involved have a common ground for conducting the penetration testing. In most cases, an ethical hacker will be provided with various targets that will require testing. However, it is still essential that one tests even the other remaining target operate within a trusted subnet environment that a client might not have full awareness. After one figure out which of the targets might have some vulnerability and those that do not, it is then much more straightforward for the ethical hacker to outline and choose the best penetration techniques. In most cases, using a poorly designed system scanning and enumeration layout will reduce the testing's efficiency. Additionally, it might lead to denial of services on the system for using a method that does not fully work with a specific target

Scanning

During this process, the ethical hacker must gather all information related to the target's goals for the services/ports it offers (Kimberly, 2007). Through this information, will allow one in entering the type of information system the organization is using. The data collected from the scanning process includes; applications installed, ports/services, operating systems and the IP addresses that allow for sharing of information between the users of the system the data collected will allow the ethical hacker in determining the best tool for in the hacking process. Overall, the primary aim of scanning is for the ethical hacker to determine which part of the system is alive and responsive within the overall organizational network (Henry, 2012). Some of the underlying scanning protocols and techniques employed include transmission control protocols (TCP), and the Internet Control Message Protocol (ICMP).

In most cases, the information related to the targets that are gathered during this reconnaissance stage is extensive. Therefore, it is essential that the ethical hacker determines first which of the systems within the network appear to be responsive and live. As for the unresponsive systems, the scanning might miss them out; however, through using ICMP protocols, one can still have the chance of detecting the unresponsive targets.

Types of Scanning

Port Scanning

Through this, an ethical hacker can identify available and open TCP/IP ports within the network. Accessing this will allow the hacker to get information about the various services operating within the system (Baloch, 2014). Within a system, every service has a unique port number. SYN scan is the most common scan used during port scanning. In case the port is available, it will respond with an SYN/ACK and an RST in case it turns out as unavailable (Duffy, 2015). The main aim of port scanning is that the hacker will send various data packers o all ports and wait for a response which will be used in the analysis of the security nature of the respective ports. Another essential type of port scanning is the TCP flags such as the URG, PUSH, and FIN. In most cases, various networks will have diverse responses to the type of ports can employ by the hacker.

Network Scanning

It is essential for the hacker to identify the entire host accessing various services from a system. Through network scanning, after the hacker identifies the respective hosts, he/she can choose to attack them or just carry out some security assessments about the network (Kimberly, 2007). It will similarly provide the hacker with each host's IP address.

Vulnerability Scanning

It is the means through which the hacker identifies various vulnerabilities existing in the system. Through the scan, it will provide the hacker with all applications installed on the system and the operating systems version numbers (Graves, 2010). In the end, the hacker will determine the weakness existing n the system and plan an attack with the aim of getting access to various services allowed by the system

CEH Scanning Methodology

Every Certified Ethical Hacker must have full awareness of the scanning methodology high will outline will the necessary step used in scanning the system. Through this, one will not let any vulnerability to bypass the scanning process. Through this, one will have all the essential information necessary to attack the targets.

Checking for Live Systems

The first step is ensuring that the hacker identifies any live and available systems within the network. In case the hacker sends any packets to the targets, they should respond back. The primary means through which a hacker checks for live targets IP's within the system is through conducting ping sweeps also referred to as ICMP sweeps (Kimberly, 2007). A ping reply back to the hacker will indicate the destination is responsive. Different tools are used in doing ping sweeps, some of these include; Nmap and fping command. The diagrams below highlight some of the ping sweep commands.

According to the picture, the -sP option used is to determine which of the hosts is up (Dieterle, 2016). From the image, it indicates that there are 254 IP addresses and out of these only four are up.

The diagram below shows a ping sweep using fping command. Through this, it allows the hacker to send an ICMP echo request to large numbers of hosts. In case the host does not reply to the ICMP echo, it will assume the respective host is not available.

Checking for Open Ports and Service Identification

Through this second step of the CEH scanning methodology, it will allow the hacker know the number of open ports. Through this, it will provide the hacker with information relating to the various vulnerabilities about a particular system. The most common tool used in port scanning is Nmap. It will give the number of posts active for a specific network. The figure below outlines the results of a Nmap scan using the -sS option using the SYN scan (Dieterle, 2016). The main reason for choosing this type of Nmap scan is due to its compatibility, stealth, and speed with various kinds of OS's.

The third step is service identification. It allows the hacker to identify all services performed by the hosts via their respective port numbers. The tools used in conducting port scanning can similarly help in producing results for this step.

OS Fingerprinting

It is necessary for the hacker to have operating system fingerprinting awareness. As a result of this, it will help him/her in designing and implementing better security measures in the system. Additionally, the technique is a vital penetration testing ability. The hacker will look out for the most natural means through which they can use in gaining access to the system. As a result, they will focus on specific exploitable vulnerabilities. In most cases, every operating system has its own set of weaknesses that are unique to its operation. However, in case an attacker determines these sets of flaws, they will have an easy time accessing data from the system. OS fingerprinting techniques can become divided into two sub-groups;

Active OS Fingerprinting

It is much simpler as compared to the passive method. More importantly, the hacker will have a much easier means of accessing the required information (Henry, 2012). The technique allows the hacker to analyze the results of packets sent to the respective targets/the primary tool used in active fingerprinting is Nmap.

Passive OS fingerprinting

The technique, it does not focus on sending packets to the TCP/IP, instead, its sniffs through the ports (Kimberly, 2007). It will ensure the hacker's intrusions will not quickly be noticed by the firewalls. The primary tools used for this type of technique includes the satori network miner

Vulnerability Scanning

It is the fifth step of the CEH scanning methodology. It allows the hacker to exploit potential exploitation points with the aim of determining holes in the system's security (Kimberly, 2007). As a result, it will classify and detect all the weaknesses of the system. The scanning in most cases is run form the hacker's endpoint. There is two type of vulnerability scanning; unauthenticated and authenticated (Graves, 2010). For the latter, the hacker will access the system similar to an intruder without any trusted access to the system. For the former, one accesses the system as a trusted user and determines the vulnerabilities that a trusted user would try to obtain.

Drawing Vulnerability Hosts Network Diagrams

The hacker will then use the network nodes in coming up with network diagram leading to the victim's computer. The hacker will then point al the loopholes that one can use in accessing the victim's system. However, in most...