Home > Ask the Security Experts > Network Security Questions & Answers > Can a firewall alone effectively block port-scanning activity?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Can a firewall alone effectively block port-scanning activity?

Mike Chapple, featured expert EXPERT RESPONSE FROM: Mike Chapple, featured expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 27 December 2007
My organization's PCs use Windows XP with SP2, and they have firewalls and antivirus software installed. My firewall, however, registers constant port scanning. How can I block this activity?


BROWSE BY TAG
Network Security,   Network Intrusion Detection (IDS),   Enterprise Network Security,   Network Intrusion Detection and Analysis,   Monitoring Network Traffic and Network Forensics,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Network Security
How to set up a split-tunnel VPN in Windows Vista
What is the difference between static and dynamic network validation?
Port scan attack prevention best practices
Securing the intranet with remote access VPN security
How to prevent network sniffing and eavesdropping
How to implement virtual firewalls in a complex network infrastructure
How to manage network bandwidth with distributed ISP bandwidth
How to edit group policy objects to give a user local admin rights
How to prevent operating system cloning with AES 256-bit encryption
How to securely connect a LAN POS to a remote point-of-sale device

Network Intrusion Detection (IDS)
Preventing SQL injection attacks: A network admin's perspective
Lifecycle of a network security vulnerability
Best Intrusion Prevention and Detection Products
Rogue AP containment methods
SIMs tools and tactics for business intelligence
IPS and IDS deployment strategies
Know when you need IDS, IPS or both
Trend Micro to acquire Third Brigade for virtualization, cloud security
New product aims to control rogue applications that avoid firewalls
How to perform a network forensic analysis and investigation
Network Intrusion Detection (IDS) Research

Monitoring Network Traffic and Network Forensics
Botnet masters turn to Google, social networks to avoid detection
Preventing SQL injection attacks: A network admin's perspective
Breach prevention: How to keep track of data and applications
Researchers find thousands of flawed embedded devices
Network traffic collection, analysis helps prevent data breaches
Lifecycle of a network security vulnerability
Port scan attack prevention best practices
How to prevent network sniffing and eavesdropping
DoD urges less network anonymity, more PKI use
Chained Exploits: How to prevent phishing attacks from corporate spies

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
computer forensics  (SearchSecurity.com)
Diffie-Hellman key exchange  (SearchSecurity.com)
Einstein  (SearchSecurity.com)
HIDS/NIDS  (SearchSecurity.com)
network behavior analysis  (SearchSecurity.com)
ultrasound  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


Most importantly, ensure that you're properly configuring both your network and software firewalls to only pass traffic that is explicitly required for business purposes. Such restrictions will resolve 99% of the port scanning activity directed at your network, blocking most attempts before they ever reach your systems. That said, a firewall alone won't completely protect you against port-scanning activity. The attacker will be able to detect ports that you've intentionally exposed to the Internet, and these can provide valuable reconnaissance information for a future attack.

The best line of defense against port scanning threats is a good intrusion prevention system (IPS). Many commercial firewalls -- both hardware and software -- come with the technology, either built-in or available as an optional feature. Alternatively, you may purchase and install a dedicated IPS to protect your network against attack. These systems monitor your network for potentially malicious traffic and block it before the traffic reaches the internal network. In a port-scanning scenario, the IPS recognizes that a particular source address is scanning your network. The intrusion prevention system then blocks that system's access and does so for a specified period of time.

More information:

  • Use Nmap to review your open ports.
  • A readers asks Mike Chapple, "What is a 'top-down' IPS sensor search?"




  • Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy
      TechTarget - The IT Media ROI Experts