Port scanning is an invasive activity. Port scanning is the process of checking to see if a network is available or not. Port scanning can also cause denial of service on a network if it is scanned long enough. The type of scans that are done are half scans, FIN scans, XMAS scans and other stealth scans that could be used to penetrate a firewall. The ports can be filtered, opened, or closed.
Cases have been attempted to convict people for doing port scans, but the courts have time and time again said as long as people are just scanning they are not committing a crime. The rules do vary from state to state. One of the more famous cases is Moulton vs VC3 where Scott Moulton, a owner and operator of a security company was trying to test the county’s 911 system for vulnerabilities and discovered VC3’s firewall. The judge after Scott explained it to him agreed that it was not a crime. That was in 2000.
But just because it is not illegal by the law does not mean that it is not invasive and uses computer and network resources. It has to send traffic to each port in order to discover if it is an open or closed port. Even if you are not receiving data or information from the ports you are getting information about the network and the company’s network and infrastructure. You are learning how secure or unsecure they are. You in some instincts learn what programs or equipment they may be using.
Showing posts with label Network Security. Show all posts
Showing posts with label Network Security. Show all posts
Wednesday, May 12, 2010
Saturday, March 20, 2010
Knock, Knock Let Me In
Do you know who is trying to get in to your network. Someone is always knocking at your door. The doors of the network is called ports. Anyone working on my network should have a fairly good understanding and knowledge of why a port is open, and if they do not have a good reason for it to be open then close it. Port knocking provides a stealthy method of authentication and information transfer to a networked machine that has no open ports. Some basic functionality needs to be provided with any port knocking implementation:
- A way to monitor the firewall log file needs to be devised.
- A method to extract the sequences of ports from the log file and translate their payload into usable information.
- Once the information is obtained from the sequence, the implementation must provide some way to manipulate the firewall rules.
Thursday, February 18, 2010
Risk Assessment Necessary Evil
This week I have been learning about doing risk assessment in order to inform how much companies would actually lose if the company lost equipment or data. I learned it is tough in coming up with all that could go wrong and with what is of value within a company that I need to take into account.
The hardest part of the "assessment" is assigning a numerical value. You have to think of the employee worth, and the amount of time that goes into the assessment. You also have to think of the time that it takes to replace the data and information that may be compromised if a system fails.
Will you be able to cover quickly? Remember that the longer your system and network may be down the longer you will be not satisfying customers' needs. You have to be prepared. Make the necessary backups, images, have the necessary disks. Do you have extra computer parts in case your system blows up? Are the backup and recovery procedures written down and are the staff prepared on how to implement those procedures. These are the questions to ask.
Systems should be operational within an hour. If it is not then something is wrong with your recovery procedure. The quicker you can get back to work the better. I know there are some extreme instances where that will not be possible, but that also needs to be taken into account.
As always leave me a comment about anything I say, and remember stay secure out there.
The hardest part of the "assessment" is assigning a numerical value. You have to think of the employee worth, and the amount of time that goes into the assessment. You also have to think of the time that it takes to replace the data and information that may be compromised if a system fails.
Will you be able to cover quickly? Remember that the longer your system and network may be down the longer you will be not satisfying customers' needs. You have to be prepared. Make the necessary backups, images, have the necessary disks. Do you have extra computer parts in case your system blows up? Are the backup and recovery procedures written down and are the staff prepared on how to implement those procedures. These are the questions to ask.
Systems should be operational within an hour. If it is not then something is wrong with your recovery procedure. The quicker you can get back to work the better. I know there are some extreme instances where that will not be possible, but that also needs to be taken into account.
As always leave me a comment about anything I say, and remember stay secure out there.
Subscribe to:
Posts (Atom)