Testing a firewall configuration with Nmap

Value-added resellers and consultants can use Nmap to test their customer's firewall rules. This tip provides best practices for confirming that firewall rules are operating correctly and for acting on the scan results.

Value-added resellers (VARs) and consultants can use Nmap to test their customer's firewall configuration and settings. This tip provides best practices for confirming that firewall rules are operating correctly and then acting on the scan results.

Nmap: Firewall configuration testing
With many organizations having remote or virtual offices it is essential that regular audits are carried out of the devices connecting to the network, both for security and licensing purposes. The following scan will produce a categorized inventory of client and server devices, as well as routers, switches and printers:

 nmap -vv -sS -O -n www.yourorg.com/24 -oA inventory

The SYN scan (-sS) combined with OS fingerprinting (-O) uses very few packets while still gathering the required information. If you are auditing a remote office over a slow link then you can add a timing policy, such as -T 2, to slow down the scan and use less bandwidth and resources on the target machines. 

Finally, while you're running an Nmap scan you can change certain options or request status messages without having to abort and restart the scan. For example, typing V will increase the verbosity of the output while most keys will give you status update showing hosts completed and estimated time remaining.
 

Michael CobbAbout the author:
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity.com's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.

Read more about firewall testing with Nmap:

This tip originally appeared on SearchSecurity.com.



This was first published in December 2006

Dig deeper on Network security products, technologies, services

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close