Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: Scanning--more then one side to the argument

Re: Scanning--more then one side to the argument

From: Shand <shand_at_adelphia.net>
Date: Wed, 30 Mar 2005 15:33:01 -0500

External scans.

Against customer using our internet service.

Does a port have to show as "open" or can they for usability show only as
filtered, closed?

Thoughts?

Shand

----- Original Message -----
From: "Steve Fletcher" <safletcher_at_insightbb.com>
To: "'Sherman Hand'" <shand_at_adelphia.net>;
<security-basics_at_securityfocus.com>
Sent: Wednesday, March 30, 2005 3:18 PM
Subject: RE: Scanning--more then one side to the argument

>I have a question regarding this. Are you talking about doing an external
> scan or an internal scan? I assume an external, because an internal scan
> should show a LOT of open ports.
>
> I would say that any open port POTENTIALLY could be a security issue
> waiting
> to happen, but common sense dictates that some ports must be open for
> usability reasons. Plus, if you're going to follow this line of thought,
> the fact that the systems are connected to the Internet AT ALL poses a
> potential risk. Or, just being networked could be a risk. Or, being
> powered on poses a potential risk.
>
> So, based on this, sure it COULD be a security risk waiting to happen, but
> more information needs to be gathered to determine the true extent of the
> risk. And, it must be reevaluated at regular intervals to catch new
> issues
> that might have come up since the last scan. What is safe now might not
> be
> 6 months from now.
>
> Hope this helps.
>
> Steve Fletcher
> MCSE (NT4/Win2k), MCSE: Security (Win2k), HP Master ASE, CCNA, Security+
> safletcher_at_insightbb.com
>
> -----Original Message-----
> From: Sherman Hand [mailto:shand_at_adelphia.net]
> Sent: Wednesday, March 30, 2005 5:05 PM
> To: security-basics_at_securityfocus.com
> Subject: Scanning--more then one side to the argument
>
>
>
> There has been a on going discussion about the scanning results on our
> customers.
>
> Thought one says that "any" port on a standard nmap, showing as "open" is
> a
> security risk.
>
> Thought two says, no since some things need to show in a state of open.
>
> Should we be stating that through proactive scan, when we find any port
> showing as open, that it is a security issue waiting to happen?
>
> Or only if we can show a issue?
>
> Thoughts?
>
> Shand
>
>

---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security
professionals. Norwich University is fulfilling this demand with its MS in
Information Security offered online. Recognized by the NSA as an
academically excellent program, NU offers you the opportunity to earn your
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------
Received on Mar 31 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]