This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
Information Security isn't the only standby celebrating its 10th birthday. Nmap, the popular open source security scanner and network mapping tool, hit double digits in 2007 as well. Like so many projects of its kind, Nmap was a labor of love--and necessity--according to its creator, hacker Fyodor.
After months of work and testing, Nmap replaced my other port scanners. At first I kept it to myself, but then I realized that other people might be interested.
So I released it in Phrack magazine on Sept. 1, 1997.
Why has it become so ubiquitous? I was surprised as anyone
| by that. Apparently many people had the same port scanning needs as I did. I was overwhelmed with ideas, bug reports and patches, so I released a second version. The project really resonated with people, so I abandoned some of my other security projects, such as the Exploit World archive I maintained back then, and have focused on Nmap development ever since. It has grown to be much more than a port scanner.
What Nmap feature or phase of its evolution are you most proud of? Probably OS detection, which we just overhauled to create a second-generation system (http://insecure.org/nmap/osdetect/). I'm also very proud of the version detection system (http://insecure.org/nmap/vscan/).
What's your opinion on the rash of commercialization around open source security products? I'm thinking specifically Tenable/Nessus, Sourcefire/Snort-ClamAV. I suppose it is their right if they have all their copyright ducks in a row, but I am certainly disappointed whenever I see an open source application go proprietary. I haven't used Nessus since they went that road.
If mobility has destroyed the traditional network perimeter, looking ahead, how do products such as Nmap have to evolve? Nmap definitely must evolve as networking technology and practices change. For example, the whole port scanning engine had to be rewritten as default-drop firewalls grew in popularity. We also added IPv6 support because that is very slowly catching on. The port to the Win-dows platform enabled many more Nmap users as well.
Mobility and the breakdown of network perimeters actually make Nmap more important. As networks grow more complex and distributed, you want to look at them from many angles by scanning from numerous endpoints. Nmap also makes it easy to inventory these big networks and identify unauthorized devices. Nmap is also often used for debugging purposes to understand and fix networks, so it isn't solely a security tool.
Read the complete interview at searchsecurity.com/10thanniversary.
This was first published in January 2008