The "No Network is 100% Secure" series
- Port Scanning -
A White Paper
All rights reserved - may not be copied without permission
Easyrider LAN Pro, NOC Design Consultants
What is port scanning?: Port scanning is similar to a thief going through
your neighborhood and checking every door and window on each house to see which
ones are open and which ones are locked.
TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are two of the protocols that make up the TCP/IP protocol suite which is used to communicate on the Internet. Each of these has ports 0 through 65535 available so essentially there are more than 130,000 doorknobs for burglars to jiggle.
The first 1024 TCP ports are called the Well-Known Ports and are associated with standard services such as FTP, HTTP, SMTP or DNS. Some of the addresses over 1023 also have commonly associated services, but the majority of these ports are not associated with any service and are available for a program or application to use to communicate on.
Port scanning software, in its most basic state, simply sends out a request to connect to the target computer on each port sequentially and makes a note of which ports responded or seem open to more in-depth probing.
If a port scan is being done with malicious intent, the intruder would generally prefer to go undetected. Network security applications can be configured to alert administrators if they detect connection requests across a broad range of ports from a single host. However, many port scanning programs provide the ability for an intruder to perform these scans and not be detected.
Port scanning will determine which ports are open and which are not. An intruder can then come back and target the open ports to see if they are vulnerable to exploitation.
To help ensure that your network is protected and secure you may wish to perform your own port scans. Once you find out what ports respond as being open you should then determine whether its actually necessary for those ports to be accessible from outside your network. If they're not necessary you should shut them down or block them. Some (but very few) ports will indeed be required to be open. You should then research what sorts of vulnerabilities and exploits your network is open to by having these ports accessible and then apply the appropriate patches or mitigation to protect your network as much as possible.
Having firewalls in place is no guarantee that your network is secure. If firewall rules are lax or if logs are not being monitored, it can be very easy for a cyber-burglar to learn all about your network, what kind of computers are in it, what software is running and so on. And if an intruder can probe a port, they can exploit it! Implementing tight firewall rules, shutting down services that aren't needed and closing all unnecessary ports should be just the first steps in your overall enterprise security plan. If you fail to do this, it will only be a question of "when", not "if" your network will be broken into.
Easyrider LAN Pro has a lot of experience auditing sites and determining how vulnerable they are to exploits. We also put on security seminars in conjunction with our partner, Tektal, to help educate the IT community regarding threats to their networks.
About the Author
Frank Saxton is a computer network security engineer and Easyrider LAN Pro principle. Home-based in Portland, Oregon, Frank has been designing remote diagnostic and network enterprise monitoring centers since the late 1970s. Prior to becoming a professional systems engineering consultant in 1990, Frank had a 20 year career in computer systems field engineering and field engineering management. Frank has a BSEE from Northeastern University and holds several certifications including Network General's Certified Network Expert (CNX). As a NOC design engineer and architect, Frank works regularly with enterprise-class monitoring tools such as HP Openview Operations, BMC Patrol and others. In his enterprise security audit work, Frank uses sniffers and other professional grade monitoring tools on a daily basis.
Next in the security white paper series:
How Cyber Criminals will mature over the next ten years
Are you vulnerable to drive-by exploits?
High value sites recent hacks
IT employment challenges of the 21st century
Employment reference checking white paper
Competency Certifications White Paper
Firewall White Paper
Virus White Paper
GhostNet White Paper
Password White Paper
Digital Identification Certificates White Paper
Cryptography White Paper
OpenID White Paper
Intrusion Detection Systems IDS White Paper
Rootkit White Paper
Unnecessary Windows XP Services White Paper
Scareware White Paper
Exaflood Internet Brownout White Paper
Cloud Computing White Paper
Proxy Server White Paper
Personal Computer PC Security White Paper
Conficker White Paper
Phishing White Paper
DNS Poisoning White Paper
SPAM White Paper
Best Practices White Paper
Denial of Service DoS White Paper
Trojan Virus Attacks White Paper
Monitoring Basics 101 White Paper
Monitoring Basics 102 White Paper
Monitoring Basics 103 White Paper
Virtual Machine Security White Paper
Aurora vulnerability White Paper
Shelfware White Paper
Outsourced IT White Paper
Easyrider LAN Pro Consulting services:
Network Security Audit and PC Tune-up service
- Proxy server installation and configuration
- Enterprise security consultations
- Disaster recovery planning
- Disaster recovery services
- Capacity, migration and upgrade planning
- Build and deploy central syslog server
- Build trouble ticket systems
- Design and build monitoring environments
- Design and build Network Operations Centers (NOC)
- HP Openview, BMC Patrol consulting
Last modified March 25, 2009
Copyright 1990-2009 Easyrider LAN Pro