Home > Ask the Security Experts > Network Security Questions & Answers > Can a firewall alone effectively block port-scanning activity?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Can a firewall alone effectively block port-scanning activity?

Mike Chapple, featured expert EXPERT RESPONSE FROM: Mike Chapple, featured expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 27 December 2007
My organization's PCs use Windows XP with SP2, and they have firewalls and antivirus software installed. My firewall, however, registers constant port scanning. How can I block this activity?


BROWSE BY TAG
Network Security,   Network Intrusion Detection (IDS),   Enterprise Network Security,   Network Intrusion Detection and Analysis,   Monitoring Network Traffic and Network Forensics,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Network Security
Should enterprises be running multiple firewalls?
What are best practices for fiber optic cable security?
What is the difference between a VPN and remote control?
What are the disadvantages of proxy-based firewalls?
What are the best practices for IPS implementation?
How to prevent DDoS attacks on websites
How to configure firewall ports for webmail system implementation
Can S/MIME, XML and IPsec operate in one protocol layer?
How should service providers address VoIP security issues and threats?
How to set up a corporate cell phone management strategy

Network Intrusion Detection (IDS)
SIMs tools and tactics for business intelligence
IPS and IDS deployment strategies
Know when you need IDS, IPS or both
Trend Micro to acquire Third Brigade for virtualization, cloud security
New product aims to control rogue applications that avoid firewalls
How to perform a network forensic analysis and investigation
What is the cause of an 'intrusion attempt' message?
Host-based intrusion prevention addresses server, desktop security
Intrusion detection vs. intrusion prevention
Product review: AirDefense Enterprise 7.3
Network Intrusion Detection (IDS) Research

Monitoring Network Traffic and Network Forensics
Chained Exploits: How to prevent phishing attacks from corporate spies
PCI compliance requirement 10: Auditing
Know when you need IDS, IPS or both
An inside look at security log management forensics investigations
How to analyze a TCP and UDP network traffic spike
How to perform a network forensic analysis and investigation
Tying log management and identity management shortens incident response
The telltale signs of a network attack
Cyberattack mapping could alter security defense strategy
Should the government reduce its external Internet connections?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
computer forensics  (SearchSecurity.com)
Diffie-Hellman key exchange  (SearchSecurity.com)
Einstein  (SearchSecurity.com)
HIDS/NIDS  (SearchSecurity.com)
network behavior analysis  (SearchSecurity.com)
ultrasound  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


Most importantly, ensure that you're properly configuring both your network and software firewalls to only pass traffic that is explicitly required for business purposes. Such restrictions will resolve 99% of the port scanning activity directed at your network, blocking most attempts before they ever reach your systems. That said, a firewall alone won't completely protect you against port-scanning activity. The attacker will be able to detect ports that you've intentionally exposed to the Internet, and these can provide valuable reconnaissance information for a future attack.

The best line of defense against port scanning threats is a good intrusion prevention system (IPS). Many commercial firewalls -- both hardware and software -- come with the technology, either built-in or available as an optional feature. Alternatively, you may purchase and install a dedicated IPS to protect your network against attack. These systems monitor your network for potentially malicious traffic and block it before the traffic reaches the internal network. In a port-scanning scenario, the IPS recognizes that a particular source address is scanning your network. The intrusion prevention system then blocks that system's access and does so for a specified period of time.

More information:

  • Use Nmap to review your open ports.
  • A readers asks Mike Chapple, "What is a 'top-down' IPS sensor search?"




    • Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts