Sec280 Week 1 Case Study

SEC280

Week 1 Case Study

In this paper, I will be providing an assessment of two types of network probes: Port Scans and Ping Sweeps. A network probe is basically a tool used to gain information about the status of a network. Network probes are not technically attacks on a network itself. However, they can be used to gain critical information about a network system’s vulnerabilities and may be used for attacks in the future. Therefore, they should not be taken lightly as they may be a precursor to future intrusions. I will explain the concepts these two common network probes and provide proactive measures to guard against these probes.

The port scan is the most common type of network probe. It is very easy to program a simple scanner in Java or Perl, or they can be obtained easily through the internet. A Port Scan is used probe an end device on a network, such as a server or workstation, for open ports. This in turns tells the intruder what services are running on the said workstation or server because many services use reserved ports. For example, FTP uses port 21, HTTP port 80, IMAP port 143, etc. If the intruder finds what services are running through the open ports, they can then proceed to find out what version of particular software is running. If that version has vulnerabilities, then an intruder can exploit that vulnerability to gain privileged access into the network.

So you can see, a port scan itself is not an attack, but it can reveal weaknesses in a system that can be used to deliver an attack on a network. The obvious safeguard is to make sure all the software running on the end devices are all up to date versions as previous versions might have exploits that are unpatched which a hacker can use. Also, you should turn off all ports and only turn on the ports that are absolutely necessary for network operation. This action can block most of the potential threats to the network. A network administrator may also use monitoring tools like a port...