Port scanning is a critical component of the reconnaissance phase in cyber security assessments, allowing for the mapping of a network’s exposure to the outside world. Various types of scans exist, such as TCP, UDP, stealth, and aggressive scans, each offering different levels of engagement and detection by the target system. Properly configured firewalls and intrusion detection systems can identify and block malicious port scans.
Key Characteristics:
- Network Discovery: Used to identify what network services are exposed to an attacker or assessor.
- Types of Scans: Includes TCP scans, stealth scans, and UDP scans, among others.
- Security Assessment: Helps to understand the attack surface of a network.
- Tool for Attackers and Defenders: Utilised by both attackers to identify potential attack vectors and defenders to strengthen network security.
Examples:
- Real-World Example: A systems administrator discovers unauthorised remote desktop protocol (RDP) services running on multiple networked computers using a port scan, leading to a policy change to close these ports from public access.
- Hypothetical Scenario: During a penetration test, an ethical hacker uses port scanning to detect a misconfigured firewall permitting traffic to a critical database server, allowing them to recommend necessary changes.
Related Terms:
- Reconnaissance: The initial phase of an attack or security assessment where information is gathered, of which port scanning is a common technique.
- Firewall: A network security system that monitors and filters incoming and outgoing network traffic based on an organisation’s previously established security policies, often the first line of defense against port scans.
- Intrusion Detection System (IDS): A device or software application that monitors a network for malicious activity or policy violations, which may detect port scans.
