In-Depth

How a Network Scan Can Improve Your Security

A scan can improve the security of your network, but be sure you know the law before you decide to do so.


While people usually associate scans with either crackers (malicious hackers) or expensive consultants, they can be very useful in helping busy IT professionals keep their networks secure. A growing perception in the industry is that scanning isn't necessarily a bad thing. But in some cases, the legal aspects of scanning have been called into question.

Some folks compare scanning to walking down a strip mall and looking for vulnerabilities and weaknesses in the stores' physical security. By itself, such activity isn't illegal, and the automatic assumption of malicious intent is premature. Different jurisdictions are taking different positions regarding this matter; understand the law, both where you are and where the target's located, even if you think you're fully authorized to perform a scan.

A network scan can provide you information about the host similar to information "received" by a malicious individual. That may include the type of OS running on the target (fingerprinting), applications/services running on the target and advertising themselves to the network (port scan), and possible vulnerabilities present in the OS and applications on the target (OS and application vulnerability scan). Also, some scanning tools allow you to execute denial of service (DOS), buffer overflow, fault injection and other attacks against the target system. This functionality built into the scanners helps you perform rigorous testing on pre-production systems in a controlled manner.

On the "black-hat" side, the information obtained about the target gives hackers an understanding of how to plan and perform an attack. The more information about the OS, applications and vulnerabilities present on your hosts that malicious intruders have, the more they can focus their efforts toward a specific platform and/or application. For example, if an attacker's able to see that you're running IIS 4.0 on a Windows NT 4.0 server without some of the recent patches, they can immediately exploit vulnerabilities such patches were designed to fix. Databases of such vulnerabilities are often easily accessible via the Internet.

A popular misperception in the industry is that hackers can always get away with using scanners, since there are mechanisms built into the scanners to "mask" the scan. Most of the time, it's possible to detect scanning activity in the firewall and/or OS logs, but sometimes it's hard to say what kind of scanner was used, especially because a malicious attacker may be able to run a raw script probing your host from the command line. Also, many scanners provide capabilities for "stealth" (SYN) scans, where a TCP/IP connection never gets established with the target and, therefore, the investigation of malicious activity is harder, if not impossible (depending on the type of network technologies used around the target). Some scanners (especially commercial products) specifically identify themselves on the network to facilitate investigations of unauthorized scans and protect the software vendors from the legal consequences of unauthorized use of their software.

About the Author

Greg Saoutine, MCSE, is an IT Consultant working in New York City.

Featured

  • Attackers Using Excel Read-Only Files To Obscure Malware

    Attackers can attempt to hide malicious payloads in Excel files sent by e-mail by using a standard Excel feature, according to a Tuesday post by Mimecast researchers.

  • Microsoft 365 Personal and Family Product Unveiled

    Microsoft on Monday announced new "Microsoft 365 Personal and Family subscriptions" to come next month, a new single consumer product providing access to applications such as Excel, PowerPoint and Word.

  • Microsoft Shifting Away from Office 365 Brand Name in April

    Microsoft on Monday announced coming product naming changes, where "Office 365" is mostly getting replaced by the "Microsoft 365" brand.

  • Microsoft Grows Services Amid COVID-19

    Microsoft in a Saturday announcement recapped how its services have been affected by "shelter-in-place" governmental mandates in the last week, providing details on growth stats and prioritizations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.