I've heard some promising things about Project Sonar. Can you explain how it works and how enterprises can take advantage of it to improve network security?
Ask the expert
Do you have a network security question? Submit it now via email! (All questions are anonymous.)
Project Sonar is an Internet-scanning project that was initiated by Rapid7's Chief Security Officer, HD Moore. The project consists of several entities within the information security community, not the least of which is the University of Michigan. The organizations or individuals involved with the project scan the Internet for various Internet-facing devices that use default logins and/or passwords or maintain any other type of vendor-programmed back door that is typically used for management. Participants then report their findings to Project Sonar, which organizes the results and shares the data with the rest of the community.
For example, according to researchers at Rapid7, serious vulnerabilities were found in multiple servers that utilize baseboard management controllers, which are essentially out-of-band connections many servers maintain that allow for remote connection to the server without having to go through the operating system. This is a profound issue and thanks to Project Sonar and Internet scanning, many organizations have found out that their systems are vulnerable and have taken action to remediate them.
Your enterprise can take advantage of Project Sonar by becoming a participant. As I understand it, the people involved with Project Sonar are always on the lookout for new contributors. One thing you must take into account, however, is whether your organization's Internet Service Provider (ISP) allows this type of scanning. Simply put, many ISPs begin to drop packets and/or block connections when they discover any sort of Internet-scanning activity, for fear that it may be an unauthorized party trying to profile their networks -- or, worse, a precursor to a denial-of-service attack. Still, Project Sonar is indeed a worthwhile effort and organizations would do well to support it.
Dig Deeper on Real-time network monitoring and forensics
Related Q&A from Brad Casey
Allowing users to tunnel through a firewall to access any site creates a security risk. How big of a risk is it? It depends on how much you trust ... Continue Reading
Our IT organization needs to secure customer names, but also needs to conduct searches on the entire customer database to match and merge records. Continue Reading
Don't treat physical and virtual machines' security differently. Since VM security issues threaten the whole infrastructure, here's how to stop ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.