Network Scanning
Home > Ask the Security Experts > Network Security Questions & Answers > Can a firewall alone effectively block port-scanning activity?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Can a firewall alone effectively block port-scanning activity?

Mike Chapple EXPERT RESPONSE FROM: Mike Chapple

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 27 December 2007
My organization's PCs use Windows XP with SP2, and they have firewalls and antivirus software installed. My firewall, however, registers constant port scanning. How can I block this activity?

>
EXPERT RESPONSE
Most importantly, ensure that you're properly configuring both your network and software firewalls to only pass traffic that is explicitly required for business purposes. Such restrictions will resolve 99% of the port scanning activity directed at your network, blocking most attempts before they ever reach your systems. That said, a firewall alone won't completely protect you against port-scanning activity. The attacker will be able to detect ports that you've intentionally exposed to the Internet, and these can provide valuable reconnaissance information for a future attack.

The best line of defense against port scanning threats is a good intrusion prevention system (IPS). Many commercial firewalls -- both hardware and software -- come with the technology, either built-in or available as an optional feature. Alternatively, you may purchase and install a dedicated IPS to protect your network against attack. These systems monitor your network for potentially malicious traffic and block it before the traffic reaches the internal network. In a port-scanning scenario, the IPS recognizes that a particular source address is scanning your network. The intrusion prevention system then blocks that system's access and does so for a specified period of time.

More information:

  • Use Nmap to review your open ports.
  • A readers asks Mike Chapple, "What is a 'top-down' IPS sensor search?"


    • Sound Off! -   Be the first to post a message to Sound Off!


    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Network Security
    Will Cisco's plan to open access to the IOS improve network security?
    Will VoIP attacks result in more than just spam?
    Should enterprises implement a mandatory iPhone VPN?
    Will organizations that lag behind on IPv6 adoption have greater security risks?
    Should iPhone email be sent without SSL encryption?
    How to secure an FTP connection
    DMVPN configuration: Is an additional firewall needed between the router and the Internet?
    Is centralized logging worth all the effort?
    What are the pros and cons of shaping P2P packets?
    Should an ISP keep corrupted machines off of a network?

    Network Intrusion Detection (IDS)
    What are best practices for creating an IDS and maintaining a signature database?
    Network intrusion prevention systems: Should enterprises deploy now?
    RSA 2008: Sourcefire founder Roesch previews Snort 3
    Screencast: Opening up the Network Security Toolkit
    Should an intrusion detection system (IDS) be written using Java?
    What security risks do enterprise honeypots pose?
    What are the benefits of 'in-the-cloud' network security services?
    Screencast: Snort -- Tactics for basic network analysis
    Can Snort stop application-layer attacks?
    Juniper UAC to deliver Shavlik patch management technology
    Network Intrusion Detection (IDS) Research

    Network Scanning
    What are the best ways to hide system information from network scanning software?
    How to run a Nessus system scan
    Nessus: Vulnerability scanning in the enterprise
    Nessus 3 Tutorial
    Screencast: Using Nessus to scan for vulnerabilities
    Web scanning and reporting best practices
    PING: Fyodor
    Getting the best bargain on network vulnerability scanning
    Juniper UAC to deliver Shavlik patch management technology
    Sourcefire, Nmap deal to open vulnerability scanning

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    computer forensics  (SearchSecurity.com)
    Diffie-Hellman key exchange  (SearchSecurity.com)
    Einstein  (SearchSecurity.com)
    HIDS/NIDS  (SearchSecurity.com)
    intrusion detection  (SearchSecurity.com)
    network behavior analysis  (SearchSecurity.com)
    ultrasound  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice

    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts