Security Basics mailing list archives
Re: Scanning--more then one side to the argument
From: "Steve" <securityfocus () delahunty com>
Date: Fri, 1 Apr 2005 09:11:27 -0500
I know of hosting providers that filter ports properly, will not allow in port scans, block pings, etc -- they block that at the border through their security architecture. So that would keep some attackers from knowing that certain ports are actually open. But of course the ports are truly open, how else would one run a web server that you want the public to hit without port 80 open? STEVE ----- Original Message ----- From: "Barrie Dempster" <barrie () reboot-robot net> To: "Sherman Hand" <shand () adelphia net> Cc: <security-basics () securityfocus com> Sent: Thursday, March 31, 2005 7:57 AM Subject: Re: Scanning--more then one side to the argument Sherman Hand wrote:
There has been a on going discussion about the scanning results on our
customers.
Thought one says that "any" port on a standard nmap, showing as "open" is
a security risk.
Thought two says, no since some things need to show in a state of open. Should we be stating that through proactive scan, when we find any port showing as open, that it is a security issue waiting to happen? Or only if we can show a issue? Thoughts? Shand
Anything being "open" is a *potential* security issue. If you have a service running there is the *potential* for it to have bugs. This is contrasted with *actual* security issues where the port is open and the listening service has a vulnerability. Example: If I run a public web server I would open a port, this has the *potential* for security issues to occur, but as long as the service isn't vulnerable there is no *actual* security issue. Opening up running services does increase avenues of attack, increases risk and is why we only run services that are necessary. Is it a security issue waiting to happen? Yes absolutely, it can and most likely will become a security issue. This however is defining "security issue" as a definite attack vector. You could also define "security issue" as "something we need to consider in our security policy". What exactly is the significance of the question? and in what context do you have "security issue" -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue blog: http://zeedo.blogspot.com site: http://www.bsrf.org.uk CA: www.cacert.org "He who hingeth aboot, getteth hee-haw" - Victor (Still Game) --------------------------------------------------------------------------- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ----------------------------------------------------------------------------
Current thread:
- RE: Scanning--more then one side to the argument David Gillett (Apr 04)
- <Possible follow-ups>
- Re: Scanning--more then one side to the argument Antonio Weber (Apr 04)
- Re: Scanning--more then one side to the argument Steven DeFord (Apr 04)
- Re: Scanning--more then one side to the argument Steve (Apr 04)
- Re: Scanning--more then one side to the argument Steven DeFord (Apr 04)
- Re: Scanning--more then one side to the argument routerg (Apr 04)