Re: Allowing scanning from home

[Adam Jones <ajones1 () gmail com>]

I believe that it boils down to two things, group consensus on the
subject, and the obvious issues with scanning across networks.

One of the most important things in any kind of security evaluation is
to ensure that everyone involved is ok with it. At my office we do not
manage our own switches, and have clients in remote locations of our
campus. Scanning across those locations is a violation of network
usage unless specifically allowed by the administering body of our
network devices. My point is that everyone responsible for any
component used in the scanning must agree to it to ensure that you are
not violating anyone's policies.

You also need to ensure that scanning from a home network is not
prohibited by the ISP. A lot of them do have regulations against
scanning in the usage agreement. Do it enough times and someone is
bound to take notice.

Personally I doubt it is worth the risk. Home systems usually go
through too many networks with too many people to contact and get
approval from for the scanning to take place. Setting up an encrypted
VPN that is treated by your firewalls as any other IP address would
get you into your own network without worrying about the home ISP
taking issue with scanning, but that seems like a lot of trouble just
to do a little scanning from home. It would be much easier to alter
the firewall rules to treat one of your own ips as a foreign ip and do
everything from work.

-Adam