Get started Bring yourself up to speed with our introductory content.

What Project Sonar means for enterprise network security

Can Project Sonar, an Internet-scanning project, benefit enterprise network security? Expert Brad Casey discusses.

I've heard some promising things about Project Sonar. Can you explain how it works and how enterprises can take advantage of it to improve network security?

Ask the expert

Do you have a network security question? Submit it now via email! (All questions are anonymous.)

Project Sonar is an Internet-scanning project that was initiated by Rapid7's Chief Security Officer, HD Moore. The project consists of several entities within the information security community, not the least of which is the University of Michigan. The organizations or individuals involved with the project scan the Internet for various Internet-facing devices that use default logins and/or passwords or maintain any other type of vendor-programmed back door that is typically used for management. Participants then report their findings to Project Sonar, which organizes the results and shares the data with the rest of the community.

For example, according to researchers at Rapid7, serious vulnerabilities were found in multiple servers that utilize baseboard management controllers, which are essentially out-of-band connections many servers maintain that allow for remote connection to the server without having to go through the operating system. This is a profound issue and thanks to Project Sonar and Internet scanning, many organizations have found out that their systems are vulnerable and have taken action to remediate them.

Your enterprise can take advantage of Project Sonar by becoming a participant. As I understand it, the people involved with Project Sonar are always on the lookout for new contributors. One thing you must take into account, however, is whether your organization's Internet Service Provider (ISP) allows this type of scanning. Simply put, many ISPs begin to drop packets and/or block connections when they discover any sort of Internet-scanning activity, for fear that it may be an unauthorized party trying to profile their networks -- or, worse, a precursor to a denial-of-service attack. Still, Project Sonar is indeed a worthwhile effort and organizations would do well to support it.

This was last published in April 2014

Dig Deeper on Real-time network monitoring and forensics

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.