**Project Title: "MacBook Air Security Assessment with Nmap – Before & After Analysis"**

🔹 Project Plan Outline: Nmap-Based Security Testing on MacBook Air


**Introduction**
This project explores how Nmap can be used to assess and improve system security on a MacBook Air. The goal is to analyze open ports, services, and security configurations, apply changes, and compare results. By conducting multiple scans and modifying security settings, we aim to understand how different configurations impact network exposure.

**📌 Project Goals**

1️⃣ Run an initial Nmap scan (firewall enabled) to establish a baseline of open ports and services.

2️⃣ Disable the firewall and conduct a comparative scan to observe what new services and ports become visible.

3️⃣ Perform a stealth scan to analyze how the MacBook responds to more discreet scanning techniques.

4️⃣ Manually disable unnecessary services (VNC, file sharing, remote access) to assess their impact on network exposure.

5️⃣ Re-enable the firewall to restore protection after disabling unneeded services.

6️⃣ Run a final Nmap scan to confirm that the system is fully locked down.

7️⃣ Document findings to evaluate the effectiveness of firewall rules, stealth scanning techniques, and service hardening.


**🔷 Scan Initialization**

steventuschman@Stevens-Laptop ~ % sudo nmap -p- -A 192.168.1.148
Password:
✔ Command Used:
sudo → Runs with root privileges (needed for scanning all ports).
nmap → Calls the network scanning tool.
-p- → Scans all 65,535 TCP ports.
-A → Enables OS detection, service detection, script scanning, and traceroute.
OS Detection – Tries to determine the operating system of the target device by analyzing response patterns.
Service Detection – Identifies which services (e.g., SSH, HTTP, DNS) are running on open ports and attempts to determine their versions.
Script Scanning – Runs Nmap Scripting Engine (NSE) scripts to gather additional information, such as vulnerability checks.
Traceroute – Maps the network path to the target by identifying the routers and hops along the way.
📌 Why This Matters?
Using -A provides comprehensive intelligence on a target, making it useful for security auditing, penetration testing, and network troubleshooting.

192.168.1.148 → The target IP address (your MacBook).

**📌 Why We Used This Command:**

We wanted to find all open ports, not just common ones.
We needed detailed service and OS information.


**🔷 General Scan Information**

Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-28 13:52 PST
✔ Nmap version: 7.95
✔ Scan started at: February 28, 2025, at 13:52 PST


Nmap scan report for Stevens-Laptop.attlocal.net (192.168.1.148)
Host is up (0.00023s latency).
✔ Target Host: Stevens-Laptop.attlocal.net (Your MacBook).
✔ Response Time: 0.00023 seconds – Very fast, indicating that your laptop is on the same network as the scanner.

**📌 Why Does This Matter?**

If a host wasn’t up, it would show as "Host is down" or "Filtered".
Low latency suggests it's a local device with a strong connection.


**🔷 Closed Ports Summary**

Not shown: 65531 closed tcp ports (reset)
✔ 65531 ports are closed – These ports responded, but they are not accepting connections.
✔ Only 4 ports are open – These are the ones that allow traffic.

📌 What "reset" Means:

The term "reset" means that the scanned ports actively rejected the connection attempt (instead of simply dropping it).


**🔷 Open Ports & Services**


**1️⃣ Port 22 – Secure Shell (SSH)**

22/tcp    open  ssh     OpenSSH 9.7 (protocol 2.0)
✔ Port 22 is open, meaning SSH (Secure Shell) remote access is enabled.
✔ Service: OpenSSH version 9.7, using protocol version 2.0.

📌 Security Implications:

If you don’t need remote access, disable SSH for security.
If you do need SSH, restrict access to trusted IP addresses.


**SSH Cryptographic Keys**

| ssh-hostkey: 
|   256 2b:90:cd:75:c6:48:2d:0d:f7:48:9d:b5:7a:e8:29:c5 (ECDSA)
|_  256 60:a9:d8:b2:a0:3b:5a:b8:20:3d:9b:5a:e7:c1:b6:42 (ED25519)
✔ These are SSH host keys, used to verify the server's identity.
✔ Key Types:
ECDSA (Elliptic Curve Digital Signature Algorithm) – Faster and secure.
ED25519 (Edwards-curve Digital Signature Algorithm 25519) – Even more secure and modern.

**📌 Why Does This Matter?**

These keys help prevent man-in-the-middle attacks.
They are only important if you use SSH frequently.


**2️⃣ Ports 5000 & 7000 – AirTunes Streaming**

5000/tcp  open  rtsp    AirTunes rtspd 775.3.1
|_rtsp-methods: ERROR: Script execution failed (use -d to debug)
7000/tcp  open  rtsp    AirTunes rtspd 775.3.1
|_rtsp-methods: ERROR: Script execution failed (use -d to debug)
✔ Both ports are related to Apple’s AirTunes (RTSP protocol).
✔ RTSP (Real-Time Streaming Protocol) allows media streaming between Apple devices.
✔ The error (ERROR: Script execution failed) means that Nmap could not extract additional information.

📌 Security Implications:

If you do not use AirTunes, disable it in Sharing settings.
These ports don’t pose a major risk but could be closed if unnecessary.


**3️⃣ Port 50958 – Unknown Service**

50958/tcp open  unknown
✔ This is an open but unidentified port.
✔ It is likely being used by an application running on your Mac.

📌 How to Investigate This Port:
Run the following command to find the application using this port:
sudo lsof -i :50958
If it’s something unnecessary, close the application or block the port.
If it’s a legitimate service, keep it open.

**🔷 Operating System & Device Fingerprinting**
Device type: general purpose
Running: Apple macOS 12.X
OS CPE: cpe:/o:apple:mac_os_x:12
OS details: Apple macOS 12 (Monterey) (Darwin 21.1.0 - 21.6.0)
✔ OS Detected: macOS 12 (Monterey).
✔ Device Type: General-purpose laptop/desktop.

(By directly interfacing with my MacBook Air, I can confirm that it is running macOS Sonoma 14.6.1 by checking System Settings → About This Mac or running the command sw_vers, which displays the exact OS version. However, when performing an Nmap scan with OS detection, the tool identified the system as macOS 12 Monterey. This discrepancy is likely due to Nmap’s OS fingerprinting relying on network behavior rather than directly querying the system. If Apple has maintained similar network stack characteristics between Monterey and Sonoma, Nmap may default to the closest known match in its database. Additionally, macOS security updates could be modifying system responses to network probes, making precise detection more difficult.)


**🔷 Network Information**
Network Distance: 0 hops
✔ 0 hops means the device is on the same local network as the scanner.

**📌 Why This Matters:**

If the scan had gone through multiple routers, the hop count would have been greater than 0.


**📊 Summary of Key Findings**
Port	State	Service	Implications
22	Open	SSH (OpenSSH 9.7)	Remote login enabled; disable if unnecessary
5000	Open	AirTunes RTSP	Apple media streaming enabled
7000	Open	AirTunes RTSP	Second Apple streaming port enabled
50958	Open	Unknown	Needs investigation with lsof command
🛠️ Next Steps: Improving Security & Running a Follow-Up Scan


**1️⃣ Investigate Port 50958**
Run:
sudo lsof -i :50958
This will reveal which application is using this port.

**2️⃣ Disable AirTunes if Not Needed**
If you don’t use AirPlay or iTunes streaming, disable AirTunes in System Preferences > Sharing.

**3️⃣ Restrict or Disable SSH (Port 22)**
If SSH is not needed, disable it:
sudo systemsetup -setremotelogin off
If SSH is needed, restrict it to trusted IP addresses with a firewall rule.

**4️⃣ Run a Follow-Up Scan After Changes**
Once changes are applied, rerun the scan to compare the results:
sudo nmap -p- -A 192.168.1.148
This will confirm if disabling services successfully closed the ports.


📌 Conclusion
We analyzed the open ports on the MacBook and identified security implications.
AirTunes is enabled but may not be necessary.
SSH (Secure Shell) is open, which should be secured or disabled if not in use.
An unknown service (port 50958) requires further investigation.


**Investigating the Impact of macOS Firewall on Nmap Scanning**

In our initial scans, several macOS sharing services were enabled, yet they did not appear in the Nmap results. One possible explanation is that the macOS firewall is actively blocking or filtering incoming connection attempts, preventing Nmap from detecting open ports. macOS has a built-in firewall designed to enhance security by limiting unauthorized network access. By default, it may block certain services even if they are enabled.

To test this hypothesis, we will temporarily disable the firewall and run the same Nmap scan again. If additional open ports appear in the results, this confirms that the firewall was actively restricting visibility. If the results remain the same, it suggests that those services may not be actively listening on a detectable port. After completing the test, we will re-enable the firewall to maintain security. This step will allow us to better understand how the firewall influences network scanning and service exposure on macOS.




**Section-by-Section Interpretation of Nmap Scan Results (After Disabling Firewall)**

🔹 Command Executed
nmap -A 192.168.1.148
-A: Enables aggressive scanning, which includes:
OS detection
Service detection
Script scanning
Traceroute
192.168.1.148: Scanning the MacBook Air’s local IP.

**📌 Scan Results Breakdown**
1️⃣ Host Information
Nmap scan report for Stevens-Laptop.attlocal.net (192.168.1.148)
Host is up (0.000039s latency).
✔ Hostname: Stevens-Laptop.attlocal.net
✔ IP Address: 192.168.1.148
✔ Latency: 0.000039s (very low, meaning it is on the same local network)

2️⃣ Ports and Services Detected

Not shown: 994 closed tcp ports (conn-refused)
✔ 994 ports are closed, meaning they reject connections.
✔ Only a few ports are open and accepting connections.

Port	State	Service	Version/Notes
22/tcp	Open	ssh	OpenSSH 9.7 (protocol 2.0), used for remote login via Secure Shell (SSH).
445/tcp	Open	microsoft-ds?	Possible SMB (file sharing) service, but unexpected on macOS.
3283/tcp	Open	netassistant?	Likely Apple Remote Desktop Assistant service.
5000/tcp	Open	rtsp	AirTunes media streaming service from Apple.
5900/tcp	Open	vnc	Apple Remote Desktop (VNC) service for screen sharing.
7000/tcp	Open	rtsp	Another AirTunes streaming service.
50958/tcp	Open	unknown	A non-standard port running an unknown service.
58807/tcp	Open	http	Possibly 1Password Agent or Daylite Server Admin.


**🔹 Changes Compared to Previous Scan:**

Newly Detected Ports: 445, 3283, 5900, 50958, 58807
Previously Hidden: These ports were not detected when the firewall was enabled.


**3️⃣ SSH Service (Port 22)**

22/tcp   open  ssh OpenSSH 9.7 (protocol 2.0)
| ssh-hostkey: 
|   256 2b:90:cd:75:c6:48:2d:0d:f7:48:9d:b5:7a:e8:29:c5 (ECDSA)
|_  256 60:a9:d8:b2:a0:3b:5a:b8:20:3d:9b:5a:e7:c1:b6:42 (ED25519)
✔ OpenSSH 9.7 is running, allowing secure remote access.
✔ The SSH host key fingerprints are shown, which can be used to verify the authenticity of the server.

**🔹 Security Concern:**
SSH is accessible from the network, which means anyone on this local network could attempt to connect.
Solution: Restrict SSH to specific users or disable it if not needed

**4️⃣ Microsoft DS / SMB Service (Port 445)**
445/tcp  open  microsoft-ds?
✔ This port is typically used for file sharing (SMB) on Windows networks.
✔ Unusual on macOS, meaning it might be:
A misconfiguration.
A background service running due to file sharing being enabled.

**🔹 Security Concern:**
SMB has a history of critical vulnerabilities (e.g., WannaCry ransomware exploit).
If not intentionally used, it should be disabled.

**5️⃣ Apple Remote Desktop Services (Ports 3283 & 5900)**

3283/tcp open  netassistant?
5900/tcp open  vnc Apple remote desktop vnc
✔ Port 3283: Used by Apple Remote Desktop (ARD) for remote assistance.
✔ Port 5900: The standard VNC (Virtual Network Computing) port for screen sharing.

**🔹 Security Concern:**
Enables remote control of the MacBook.
Should be restricted to trusted devices or disabled if not needed.


**6️⃣ AirTunes Streaming Services (Ports 5000 & 7000)**

5000/tcp  open  rtsp AirTunes rtspd 775.3.1
7000/tcp  open  rtsp AirTunes rtspd 775.3.1
✔ Used by Apple’s AirTunes for streaming media.
✔ Likely tied to iTunes or AirPlay functionalities.
✔ No major security risks, but should not be open if not used.

**7️⃣ Unknown Service on Port 50958**
50958/tcp open unknown
✔ This port is open but Nmap could not determine the running service.
✔ Could be a macOS background process.

**8️⃣ HTTP Service on Port 58807**

58807/tcp open http 1Password Agent or Daylite Server Admin caldav
✔ This appears to be related to 1Password (a password manager) or Daylite Server Admin.
✔ Running a web server-like service.
**🔹 Security Concern:**
If this is a password manager agent, exposing it to the network may not be safe.
If not needed, it should be disabled.


**📌 Host Script Results**

| smb2-time: 
|   date: 2025-02-28T23:35:13
|_  start_date: N/A
| smb2-security-mode: 
|   3:0:2: 
|_    Message signing enabled and required
|_clock-skew: -3m59s
✔ SMB Message Signing is enabled (a security feature for encrypted authentication).
✔ The system clock is slightly off by ~4 minutes.

(The system clock being off by about four minutes is likely due to a delay in Network Time Protocol (NTP) synchronization, manual time settings, system sleep/wake delays, or minor hardware clock drift. macOS typically syncs time with Apple’s NTP servers (time.apple.com), but network issues, firewall settings, or disabled automatic time updates can cause discrepancies. To resolve this, ensure "Set time and date automatically" is enabled under System Settings > General > Date & Time, or manually force a sync using sudo sntp -sS time.apple.com in Terminal. Accurate time synchronization is crucial for log accuracy, cryptographic authentication, and security protocols like Kerberos, which rely on precise timestamps.)

**📌 Operating System Detection**

Device type: general purpose
Running: Apple macOS 12.X
OS CPE: cpe:/o:apple:mac_os_x:12
OS details: Apple macOS 12 (Monterey) (Darwin 21.1.0 - 21.6.0)
✔ Detected OS: macOS 12 Monterey
✔ Actual OS: macOS Sonoma 14.6.1
✔ Why the discrepancy?
Nmap’s OS detection relies on network behavior, not internal system data.
Sonoma and Monterey share similar signatures, causing misidentification.

**📌 Analysis & Next Steps**
🔹 Key Takeaways from This Scan
Firewall Impact Confirmed
Before: Several services were hidden.
After: Many new open ports appeared, including VNC, SMB, and NetAssistant.


**Potential Security Risks**
SSH (Port 22): Open to the network, should be restricted.

SMB (Port 445): Unexpected on macOS, should be investigated.

Apple Remote Desktop (Port 5900): Allows full remote control of the MacBook.

Unknown Service (Port 50958): Needs further investigation.

HTTP Service (Port 58807): Exposes a local application.


**📌 Next Steps**
✔ Re-enable the firewall to block unwanted access.
✔ Restrict SSH access to trusted devices or disable it if unnecessary.
✔ Disable SMB (Port 445) unless actively used for file sharing.
✔ Limit VNC (Port 5900) to specific, trusted connections.
✔ Investigate Port 50958 to determine the running service.
✔ Check if Port 58807 (1Password/Daylite) needs to be accessible.

Conclusion
This scan provided valuable insight into how the macOS firewall protects system services and revealed security considerations for open network ports. By taking the next steps, we can secure the MacBook while maintaining necessary functionality.

**Summary of the Third Scan (Firewall Re-Enabled, Services Still Enabled)**

After disabling the firewall and running a scan that revealed many open ports and active services, we proceeded to re-enable the firewall without making any other changes. We then ran a third scan to measure its impact. The results showed a significant reduction in detected open ports, confirming that the firewall was once again filtering incoming connection attempts. However, since all services remained enabled, we expected some essential ports to remain open for system functionality. This scan reinforced our earlier findings that the firewall plays a crucial role in obscuring services from external probes. Our next step is to disable unnecessary services and perform a final scan to evaluate how reducing the attack surface affects system visibility and security.

**Objective Findings from the Third Scan**

Firewall Status: Re-enabled (after being turned off in the previous scan).
Services Status: All previously enabled services remained on (File Sharing, Remote Login, Content Caching, etc.).

**Comparison with Second Scan (Firewall Disabled):**
Several previously visible ports were no longer detected.
Services such as VNC (5900) and NetAssistant (3283) were no longer exposed externally.
SSH (22) remained open, suggesting it is explicitly allowed through the firewall.
AirTunes-related ports (5000, 7000) were filtered again.
Unknown service on port 50958, which was previously detected, was no longer visible.

**Key Takeaways:**
The firewall effectively blocks inbound probes and reduces service visibility.
Some critical services (like SSH) remain accessible, indicating macOS’s built-in firewall rules allow essential system functions.
The discrepancy between enabled services and detected ports suggests additional macOS security mechanisms (e.g., application-layer filtering, code signing).

Remaining Risk: Services are still active internally, meaning they could be accessed locally or through specific firewall exceptions.




**Summary of Third Scan (Firewall Enabled, Unnecessary Services Disabled)**

At this stage of the project, we conducted a third scan after re-enabling the firewall while also manually disabling unnecessary services and remote access settings. This scan aimed to determine how effectively these changes reduced the system’s attack surface while still allowing essential functionality.

**Key Findings:**

Open ports were significantly reduced compared to the previous scan where the firewall was disabled.
SSH (Port 22) remained open, which is expected as it was not manually disabled.
AirTunes-related ports (5000/tcp & 7000/tcp) were still detected, likely due to macOS system-level services.
Apple Remote Desktop (VNC - Port 5900) persisted, despite previous attempts to disable it in System Settings.
Port 58807 (HTTP service) remained active, possibly related to system management services.
Unknown high port (50958) continued to be detected, warranting further investigation with lsof.

The results confirm that the firewall is actively filtering connections, allowing only explicitly permitted services to respond. However, certain services may still be running in the background despite being disabled in System Settings, highlighting the need for deeper system analysis.

**Next Step: Stealth Scanning**

Now that we have tested security settings under standard scanning conditions, we will proceed with stealth scanning techniques to determine how well the system evades detection by more sophisticated scanning methods. The goal is to evaluate whether stealth scans can bypass firewall protections and detect services that were previously obscured.

The next step is to perform a stealth scan using an SYN scan (-sS). This scan type is less detectable by firewalls and intrusion detection systems because it does not complete the full TCP handshake.

**Command for Stealth Scan:**

sudo nmap -sS -Pn -T4 192.168.1.148

**Explanation of Parameters:**
sudo → Required for privileged scanning (raw packets).
nmap → Calls the Nmap tool.
-sS → SYN scan (Stealth Scan), sends SYN packets without completing a full connection.
-Pn → Treats the target as online (skips ICMP ping check, useful if firewall blocks pings).
-T4 → Sets a faster scan timing template.

Objective:
Determine if services that were hidden in previous scans can be detected.
Test whether stealth scanning techniques bypass firewall filtering.
Compare results with previous scans.

Next Steps After Running the Scan:
Send the scan output.
We will analyze the results.
Compare findings with previous scans.
Determine whether the stealth scan was able to bypass firewall protections.

**Project Summary: MacBook Air Security Assessment with Nmap – Before & After Analysis**

**Summary of Final Stealth Scan & Key Findings**

In this project, we conducted a series of structured Nmap scans to assess the impact of macOS firewall settings on system visibility and security. The final scan, a stealth scan (-sS -Pn -T4), revealed only two open ports, significantly reducing the exposed attack surface compared to previous scans.

Command Used: sudo nmap -sS -Pn -T4 192.168.1.148


**Results:**
Two open ports detected:
5000/tcp → UPnP (Universal Plug and Play)
7000/tcp → afs3-fileserver (Andrew File System service)
998 ports explicitly rejected connections (reset state), indicating that the firewall successfully blocked most probes.
Previously detected services (SSH, VNC, AirTunes, unknown services) were no longer visible.
Stealth scanning techniques did not retrieve OS details, service versions, or script-based information.

**Final Interpretation**
The results confirmed that the macOS firewall effectively reduces system visibility in network scans. The stealth scan, which does not complete full TCP handshakes, was unable to detect most services, reinforcing the importance of firewall rules in preventing unauthorized reconnaissance.
The only detected services (UPnP and AFS3) should be reviewed for necessity.
Compared to full scans, the stealth scan demonstrated a significant decrease in system exposure.
Firewalls, along with service management, play a critical role in security hardening.

**Comparison: How Security Measures Reduced Attack Surface**
Scan Type	Firewall State	Ports Detected	Notable Observations
Baseline Full Scan (-A, -p-)	Enabled	7+ open ports	Some services visible despite firewall
Full Scan After Disabling Firewall (-A, -p-)	Disabled	7+ open ports	More services exposed, proving firewall effectiveness
Stealth Scan (-sS -Pn -T4)	Enabled	2 open ports	Majority of services hidden; stealth scan was largely ineffective

**Final Security Adjustments**

To finalize system hardening and ensure minimal exposure, the following steps should be taken:Investigate Remaining Open Ports (5000 & 7000)
Running: sudo lsof -i :5000 and sudo lsof -i :7000
Determine if these services are necessary or should be disabled.
Ensure the Firewall Remains Enabled

The macOS firewall was proven effective in blocking unauthorized scanning attempts.
Keeping it enabled is critical for ongoing security.

Disable Unnecessary Services
If UPnP or AFS3 is not needed, disable them in System Settings > Sharing.









**Project Summary: MacBook Air Security Assessment with Nmap**

**Introduction**

This project was conducted to assess the security posture of a MacBook Air by leveraging Nmap scanning techniques. The goal was to analyze how different security configurations impact network visibility and exposure. By performing multiple scans under varying conditions, we were able to observe the role of macOS firewall settings, remote services, and stealth scanning techniques in system security.

**Key Phases & Findings**

1️⃣ Baseline Scan (Firewall Enabled, All Services Enabled)
Objective: Identify open ports and services while the firewall was enabled.
Findings:
Fewer ports were detected than expected.
The firewall actively blocked Nmap’s ability to see some services.
OS detection reported macOS 12 Monterey, despite the system running macOS Sonoma 14.6.1, highlighting limitations in network fingerprinting.

2️⃣ Firewall Disabled Scan (All Services Still Enabled)
Objective: Determine the firewall’s impact by running the scan again with the firewall turned off.
Findings:
Additional ports and services were revealed, confirming the firewall’s role in filtering traffic.
Services such as SSH (22), AirTunes (5000, 7000), and VNC (5900) became visible.
SMB and NetAssistant services appeared, further expanding the attack surface.

3️⃣ Re-Enabling Firewall While Keeping Services Active
Objective: See if the firewall’s protection would once again obscure certain services.
Findings:
The firewall successfully hid many ports again.
However, some services (AirTunes, VNC) remained detectable, likely due to their specific configurations.

4️⃣ Stealth Scan with Nmap SYN Scan (-sS -Pn -T4)
Objective: Test how stealth scanning techniques impact visibility.
Findings:
Stealth scanning revealed only two open ports (5000 and 7000) instead of the broader set detected in previous scans.
This indicates that macOS firewall settings and TCP handshake behavior limit visibility to more subtle scan types.
A stealth scan would likely bypass simple intrusion detection systems (IDS) that only log full TCP connections.
Conclusion & Takeaways
macOS Firewall is highly effective at reducing network exposure.

With the firewall on, many services remained hidden from external scans.
When disabled, additional services were immediately detected.
Nmap OS fingerprinting is not always accurate.

macOS was misidentified as Monterey 12 instead of Sonoma 14.6.1, due to how Apple implements network stack responses.
Stealth scanning techniques significantly reduce detection.

A SYN scan (-sS) identified only two ports, showing that even when services are open, certain scans might not detect them.
The attack surface can be minimized by disabling unnecessary services.

Features like AirTunes, VNC, and SSH expose remote access points.
If remote access is not needed, these services should be disabled for better security.
Final Thoughts
This project demonstrated how Nmap can be used to analyze a system’s security posture under different configurations.
By systematically modifying security settings and observing the results, we gained insight into:

The effectiveness of the firewall in blocking connections.
The impact of stealth scanning in network reconnaissance.
How open services contribute to potential attack surfaces.
While this project focused on local network scanning, similar techniques can be applied to larger-scale cybersecurity assessments, including penetration testing, vulnerability scanning, and enterprise security auditing.

Suggested Next Steps (For Future Exploration): ✅ Investigate Nmap scripting engine (NSE) for vulnerability scanning.
✅ Experiment with IPv6 scanning techniques (nmap -6).
✅ Use a packet analyzer (Wireshark) to monitor network traffic while scanning.
✅ Automate periodic scans with Python for continuous monitoring.

**Project Complete 🎯**

The experiment successfully mapped the attack surface, tested firewall effectiveness, and analyzed scan evasion techniques.
By applying these findings, security posture can be significantly improved through firewall enforcement, service minimization, and stealth detection awareness.

