What are some best practices for avoiding port scanning?
The simplest thing you can do to protect yourself from port scan attacks or reconnaissance attacks is to use a good firewall and intrusion prevention system (IPS). It's not possible to protect against all such attacks -- after all, if you're running a Web server, port 80 is obviously going to be visible to the world -- but, this approach will limit an organization's exposure.
The firewall strictly controls which ports are exposed and to whom they are visible, limiting the attack surface discoverable with a port scan. The IPS will detect port scans in progress and shut them down before they are able to gain a full map of your network.
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
Related Q&A from Mike Chapple
Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires. Continue Reading
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading