Q

What Project Sonar means for enterprise network security

Can Project Sonar, an Internet-scanning project, benefit enterprise network security? Expert Brad Casey discusses.

I've heard some promising things about Project Sonar. Can you explain how it works and how enterprises can take advantage of it to improve network security?

Ask the expert

Do you have a network security question? Submit it now via email! (All questions are anonymous.)

Project Sonar is an Internet-scanning project that was initiated by Rapid7's Chief Security Officer, HD Moore. The project consists of several entities within the information security community, not the least of which is the University of Michigan. The organizations or individuals involved with the project scan the Internet for various Internet-facing devices that use default logins and/or passwords or maintain any other type of vendor-programmed back door that is typically used for management. Participants then report their findings to Project Sonar, which organizes the results and shares the data with the rest of the community.

For example, according to researchers at Rapid7, serious vulnerabilities were found in multiple servers that utilize baseboard management controllers, which are essentially out-of-band connections many servers maintain that allow for remote connection to the server without having to go through the operating system. This is a profound issue and thanks to Project Sonar and Internet scanning, many organizations have found out that their systems are vulnerable and have taken action to remediate them.

Your enterprise can take advantage of Project Sonar by becoming a participant. As I understand it, the people involved with Project Sonar are always on the lookout for new contributors. One thing you must take into account, however, is whether your organization's Internet Service Provider (ISP) allows this type of scanning. Simply put, many ISPs begin to drop packets and/or block connections when they discover any sort of Internet-scanning activity, for fear that it may be an unauthorized party trying to profile their networks -- or, worse, a precursor to a denial-of-service attack. Still, Project Sonar is indeed a worthwhile effort and organizations would do well to support it.

This was first published in April 2014

Dig deeper on Monitoring Network Traffic and Network Forensics

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close