Potential Dangers and Defense Strategies SEC 280 Week 1 Case Study Nikia Moore DeVry University
PING SWEEPS & PORT SCANS 2
Ping Sweeps & Port Scans: Potential Dangers and Defense Strategies This is an assessment of ping sweeps and port scans, which are computer network penetrating tools that can be used to infiltrate a network. For many businesses in the United States, a key feature in security is assuring the protection of private company information. Network systems must be designed to ensure the availability, confidentiality, integrity, and the overall safety of sensitive information. This is a very important business requirement that cannot be pushed aside. The aim of this report is to explain what these techniques are and how they can be used to address and avoid potentially harmful activity inside the network. Ping sweeps and port scans can have a positive effect on the company if both the potential risks and defense strategies of the probing methods are understood and used properly. A ping sweep, also called an Internet Control Message Protocol (ICMP) sweep is one of several diagnostic tests called network probes that can be used to see what range of Internet Protocol (IP) addresses are in active and available within a network. Nicknamed ping sweeps for the ping sound that is received when there are active technologies on a network. First the hacker sends out a series of ICMP ping messages to map out a computer network. (Conklin, 15) Once the ICMP echo request is sent out the hacker waits for a response, whichever computer(s) that sends a signal back stand available for attack. (Conklin 12) Moreover, there are additional commands that can be sent with the ping sweep request that can extract even more valuable information from the network. Ping sweeps can also be used by network administrators to discover the vulnerabilities that are in their networks, so there are legitimate reasons why ping sweeps are used too. There is in addition network monitoring software available that detect ping sweeps in the networks traffic such as Microsoft Network Monitor, Solarwinds, ManageEngine OpManager, and others. PING SWEEPS & PORT SCANS 3
The port scan is the next level in the network probing process. A port scan actually examines Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports to determine which ones are open and what services are running on that device. (Conklin, 210) This procedure can find out which operating system (known as OS fingerprinting) is being used on the active computer, along with the application programs and services that are available (recognized as banner grabbing). (Conklin 12-13) This gives hackers significant information about the services on the active workstation, thus making it easier to gain access and fundamentally do damage to the network. Knowing the system makes it that much easier for network intrusion and exploitation of weaknesses in a network. Ping sweeps can also be used legitimately by the system network administrators to find vulnerability, but when mischievous computer hackers perform these activities on a network, it usually means that they are attempting to attack. in the network system. In either case, there need to be tools in place to avoid any foul play in your network. Fortunately there are semi-simple ways to protect your network and avoid these types of problems. All of the most recent up-to- date patches for that are applicable for that particular operating system all patches for the operating system and applications must be installed, limiting the services that need to be patched, and limiting the disclosure of private information about the organization can avoid infiltration. (Conklin 391)There should be a strict password policy in place for users of the network and that means using password procedures accordingly (consistent changes, special characters, etc.). Finally, there must be a good back up just in case an intrusion is successful. Ping sweeps are IP scans that are performed for host detection purposes and port scans are used to find a back door that will as author William Arthur Conklin put it help identify which ports are open, thus giving an indication of which services may be running on the targeted PING SWEEPS & PORT SCANS 4
machine. (Conklin 15) In order to safeguard against nefarious computer activity, preventive security measures have to be taken to ensure that intruders cannot gain access to confidential information within a network. There is also ethical hacking that can be used by network administrators to be a step ahead of attackers combined with network monitoring tools that can be used to detect and defend against intrusion, beating the bad guy to the punch. Furthermore, this same network probing tactics can be used as an analyzing approach to troubleshoot application issues. Businesses are ethically and legally required to protect private and/or confidential information. The computer system network managers/administrators have to go above and beyond to protect vital company data from unwelcomed prowlers and that takes first make sure on-site and online data recovery back up plan is working correctly, firewalls must be up, assuring that good network monitoring tools are available, all security patches for operating systems and all applications used are up-to-date, and access controls are put in place to effectively secure the network.
PING SWEEPS & PORT SCANS 5
References Conklin, Wm. A. (2010) Principles of Computer Security: Security+ and Beyond, 2nd Edition. (pp. 15) Columbus, OH: McGraw-Hill Learning Solutions. Conklin, Wm. A. (2010) Principles of Computer Security: Security+ and Beyond, 2nd Edition. (pp. 12) Columbus, OH: McGraw-Hill Learning Solutions. Conklin, Wm. A. (2010) Principles of Computer Security: Security+ and Beyond, 2nd Edition. (pp. 210) Columbus, OH: McGraw-Hill Learning Solutions. Conklin, Wm. A. (2010) Principles of Computer Security: Security+ and Beyond, 2nd Edition. (pp. 12-13) Columbus, OH: McGraw-Hill Learning Solutions. Conklin, Wm. A. (2010) Principles of Computer Security: Security+ and Beyond, 2nd Edition. (pp. 391)Columbus, OH: McGraw-Hill Learning Solutions.