I've heard some promising things about Project Sonar. Can you explain how it works and how enterprises can take
advantage of it to improve network security?
Ask the expert
Do you have a network security question? Submit it now via email! (All questions are anonymous.)
Project Sonar is an Internet-scanning project that was initiated by Rapid7's Chief Security Officer, HD Moore. The project consists of several entities within the information security community, not the least of which is the University of Michigan. The organizations or individuals involved with the project scan the Internet for various Internet-facing devices that use default logins and/or passwords or maintain any other type of vendor-programmed back door that is typically used for management. Participants then report their findings to Project Sonar, which organizes the results and shares the data with the rest of the community.
For example, according to researchers at Rapid7, serious vulnerabilities were found in multiple servers that utilize baseboard management controllers, which are essentially out-of-band connections many servers maintain that allow for remote connection to the server without having to go through the operating system. This is a profound issue and thanks to Project Sonar and Internet scanning, many organizations have found out that their systems are vulnerable and have taken action to remediate them.
Your enterprise can take advantage of Project Sonar by becoming a participant. As I understand it, the people involved with Project Sonar are always on the lookout for new contributors. One thing you must take into account, however, is whether your organization's Internet Service Provider (ISP) allows this type of scanning. Simply put, many ISPs begin to drop packets and/or block connections when they discover any sort of Internet-scanning activity, for fear that it may be an unauthorized party trying to profile their networks -- or, worse, a precursor to a denial-of-service attack. Still, Project Sonar is indeed a worthwhile effort and organizations would do well to support it.
Dig deeper on Monitoring Network Traffic and Network Forensics
Related Q&A from Brad Casey, Contributor
Does your enterprise track eliminated firewall rules? It's one of the change management best practices suggested by expert Brad Casey.continue reading
The Department of Defense is using a converged network security architecture to simplify security management. Learn about the security benefits.continue reading
If Wi-Fi network passwords are accessed off Android mobile devices by third parties, it could mean disaster without the right precautions.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.