Hello, Let‘s Talk Port Scanning Security

Before we dive deeper, I first want to provide an overview of what port scanning entails and key reasons it matters for protecting infrastructure.

Content Navigation show

Port scanning refers to checking the status of network entry points called ports to uncover security issues – much like knocking on doors of a building to see which open or closed. Performing scans help identify misconfigurations and vulnerabilities on your assets before the bad guys exploit them.

Now that we‘re on the same page about fundamentals, let‘s explore port scanning further…

Why Port Scanning Matters

Port scanning provides vital visibility – according to research from Imperva, 76% of organizations battled port scanning attacks just last year.

Additional reasons proactive scanning is essential include:

  • Asset Inventory: Discover devices and services on your networks
  • Risk Assessment: Pinpoint vulnerable programs
  • Regulatory Mandates: Meet audit standards for due diligence

Simply put, throwing a blindfold on leaves you susceptible!

Peering Into Ports

Before executing scans, it‘s helpful to understand basics of what happens when probes are sent to ports:

Open: Port is listening for incoming connections
Closed: No application actively listening on port
Filtered: Packet filtered by firewall, no response

Armed with that foundation, let‘s walk through common scanning approaches…

TCP Connect Scanning

This technique establishes a full three-way handshake with probed ports:

Scanner > SYN  
Target > SYN/ACK
Scanner > ACK

If successful connection, port is open!

While noisy, TCP connects confirm real-world connectivity.

UDP Scanning

Without handshake formalities, UDP scanning simply sends data:

Scanner > UDP data
Target > ICMP unreachable (closed) 
         OR
Response (open)

Drawbacks are slow speeds and difficulty detecting open ports.

But useful discovering UDP services!

Now that we‘ve covered basics, let‘s discuss best practices securing infrastructure against scans.

Securing Against Scans

Proven methods include:

  • Firewall rules restricting access
  • Monitoring for unusual connection patterns
  • Validating only required ports left open
  • Implementing remediation procedures

Details on each approach provided below…

And there you have it! We covered what port scanning entails, common techniques, and key measures for protecting systems. Hope you found this overview useful – let me know if any other questions!

Tags: