Overall Satisfaction with Nmap
All of IT and Security uses NMap to scan systems for rogue or non-approved open ports. We also scan to be sure there are no non-approved operating systems, such as Windows XP or Vista on the network. I also use it to check open port service versions. In other words, I need to be sure that systems running an SSH server, for example, have the latest or the most secure version of the software. NMap helps us keep our systems secure. A periodic network sweep with it also keeps us updated on any new systems attached to the network and exactly what they're running. It provides a snapshot inventory, as well as, the security information. Any suspect systems can be intensely scanned and physically located for further investigation.
- NMap provides a very fast and a very thorough network "sweep" that allows you to quickly map out exactly what's on your network.
- NMap is highly configurable. The "canned" choices are very good in most instances, but using various switches and options, you can create a very specific scan and get exactly the results you're looking for.
- NMap is easy to use. Even a new administrator will be able to use the graphical version (Zenmap) with efficiency right away.
- Running stealthier scans would be a bonus. Current scans are pretty noisy.
- Scans run fast, which sometimes can make it look like a system is being attacked. There is a slow, comprehensive scan option, though.
- NMap scripts are written in Lua, which is not a mainstream language.
- NMap being free of charge has a positive impact on our budget. It is an enterprise-class tool that anyone can download and use.
- NMap, both command line and GUI, is a very advanced tool that is easy to use, so there's very little learning curve involved, which has a positive impact on productivity and security.
- A valuable feature that is a huge time saver is that you can compare scans. This saves hours of searching manually for differences in scan results. Faster results means faster mitigation of problems, which can be a real money saver.
I've used several very good network scanners, but NMap is really the choice for most security professionals and IT professionals who do security work. All the other tools are good, but they all lack some of NMap's flexibility, scalability, and numerous options for scan customization. NMap can be run at the command on a schedule for automated discovery and reporting. It has scan comparison and the capability to create scan profiles that can be used as "canned" scans without reinventing and forgetting options.
NMap is well suited to just about any situation, network size, or complexity. Some have brought up the point that NMap's proxy settings need work. I haven't used NMap with a proxy. NMap is my "go to" tool for a cursory security sweep. Once a problem is found, I can perform a deeper dive scan on a system or a network. I wouldn't, and don't, use NMap as my only security tool. No single tool has all the answers. For example, it is not a Wireshark in that it does not capture packets or analyze them. It is basically a port scanner, host discovery, OS detection tool.