Introduction

In this chapter, we ll discuss the network discovery portion of the onsite evaluation phase. We ll also see some brief introductions to multiple tools available for use in each of the IEM baseline activities covered by the network discovery stage and some of their expected or common uses. Network discovery activities include the first four baseline activities: port scanning, SNMP scanning, enumeration and banner grabbing, and wireless enumeration.

For port scanning, we ll discuss some of the basics of how a port scanner works, why we are performing this activity, and what we re looking for in the results. We ll compare some utilities to see what options and features are out there, to help determine which tools might be better suited to each scenario.

In the second activity, we ll look very briefly at how SNMP operates and some of the things that make it an important service to evaluate for security purposes. We ll get a look at how some network management utilities can be used for security testing purposes, and we ll review other tools designed specifically for evaluating SNMP services, with security in mind.

The basic methods and reasons for performing enumeration are discussed, with the introduction of tools that include manual command-line interface (CLI) testing as well as automated graphical user interface (GUI) utilities. This activity builds off previous activities and takes things farther to discover more information about the target system.

The two most popular tools for performing wireless enumeration are discussed, as is the impact of exposed wireless services.