I work in a large library and we have two separate networks, one for public access and another that serves as our private internal network. A week or so ago, someone on my public access network ran a port scan that ideally would not be authorized. What would be the best way to prevent public users from initiating a scan on a public computer or notebook connected to the public wireless interface?
Given the very nature of the public wireless network, it is tricky to proactively deal with port scanning attempts.
We can attempt to deal with this at the network level, but having both the system we need to protect and the unauthorized scanning system on the same VLAN makes it difficult to identify a choke point or a tap to deploy proactive network-based detective/preventive capabilities, like a network-based intrusion prevention system (IPS).
Ideally you would want to deal with this at a host level. To clarify, the host here is the system you are trying to protect. Depending on the OS type, there are a few host-based products available that can block port scan attempts. In the Windows world, there are some mature offerings from antivirus companies that feature both a built-in firewall and an IPS. In the Unix/Linux world, an interesting utility to look at is Port Scan Attack Detector (PSAD), which leverages iptable logs and tracks port-scanning attempts. It has the capability to block the source initiating the scan due to its close integration with iptables. Read Eckie Silapaswang's article, which goes over an active blocking deployment scenario with PSAD.
Dig deeper on Wireless LAN Design and Setup
Related Q&A from Anand Sastry, featured expert
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses.continue reading
Transferring files from a DMZ to an internal FTP server can be risky. In this expert response, Anand Sastry explains how to use SFTP automation to ...continue reading
When setting up a site-to-site VPN, where should the VPN endpoint be in the DMZ? Learn more in this expert response.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.