BMC Defender NMAP adapter

BMC Defender NMAP adapter is a set of files and executables that you can add to the BMC Defender Server. The adapter enables you to perform device discovery, network service port discovery, and system baselining. It is useful for asset management, change management, and general security.

The section provides information on specific features and capabilities of the BMC Defender NMAP adapter including installation procedures, operating theory, application notes, and certain features not documented elsewhere.

You can install the BMC Defender NMAP adapter software on any BMC Defender Server. The software is not required by BMC Defender to manage users, nor does it necessarily provide additional correlation functions within the program. The BMC Defender NMAP adapter software uses third-party open source software that can be useful for a variety of forensic and analytical functions by experienced users. BMC Defender Server uses this software and can send alerts upon changes to devices and service ports on a managed network.

This section is intended for BMC Defender Server users who operate the system and system administrators responsible for installing the software components. This information is also of interest to program developers and administrators.

BMC Defender NMAP adapter adds the System > NMAP tab to the BMC Defender Server system. On this tab, you can configure the execution parameters of the NMAP program (including the schedule of execution) and control the syslog messages that are sent by BMC Defender Server in response to NMAP program output.

NMAP system basics

Network Mapper (NMAP) is a popular third-party, open-source security scanner. The BMC Defender NMAP adapter software provides a number of features for probing computer networks, including host discovery, and service and operating system detection.

The BMC Defender NMAP adapter uses NMAP software but otherwise does not directly supported it. In particular, BMC uses NMAP to discover hosts and services on a computer network, establishing a baseline for security management suitable for detecting configuration changes to the network, as well as basic vulnerability testing.

For more information about NMAP, see http://nmap.org, which includes complete distribution packages, documentation, scripts, and other features.

Baseline files

In addition to scanning the network for devices and ports, the NMAP plug-in also constructs and maintains image files that serve as the basic baseline configuration expected by the administrator.

The principle function of the software is to compare new listings to image files, and send syslog messages when new devices add to the network, new service ports are found to be open, and devices and ports removed. This furnishes change management functions critical to many organizations, and allows BMC Defender Server to detect when new devices get added to the network, and new ports get opened on servers.

Baselining functions are initially configured to report any changes. (Configure it by the auto generate image files setting set to True by default.) At some point, when the administrator feels like a baseline is adequately establishing, the administrator can set this value to Off on the System > NMAP screen, and record any changes to the baseline system configuration from that point.

The user can view these baseline files, and a change log, using links at the top of the System > NMAP screen. 

This section contains information about the following topics: