IP Network Scanning and Security Reconnaissance - Security
(Page 4 of 4 )
Rather than addressing each security concern as it arises, network security analysts have developed a method of beating intruders before they have even started. This method, anti-reconnaissance, blocks hackers at the very first stage by nullifying the effects of port scanning. Through use of proxies, firewalls, and other more recent technologies, security analysts are able to obfuscate data being sent to hackers in such a way that it is virtually impossible to gain access to any network, secured or not.
There are two forms of anti-reconnaissance: active and passive. The active variety identifies port scanning activities which could potentially be indicative of an intrusion attempt. Once it has identified these scans, it can either outright block them or send false data that will mislead a hacker. The passive kind randomizes the data which is returned from a port scan. This is a much simpler implementation, and is almost as effective as active anti-reconnaissance.
The chance that a single computer has the security issue a hacker is searching for is very low; a hacker may need a list of thousands of computers to find a single vulnerable one. If such a small fraction as 20 out of 1000 computers is falsely reporting that it is open to attack, a hacker will have to waste the time to go through frustrated hacking attempts on all of these computers before he or she finds a computer that really is vulnerable. They may not even be able to find a truly vulnerable one, if that one happens to be running anti-reconnaissance and falsely indicates that it is not vulnerable.
In essence, anti-reconnaissance effectively nullifies the effects of reconnaissance, the primary method by which hackers collect the information necessary for their exploits. The technology has developed quickly to allow security analysts the opportunity to efficiently and effectively prevent all forms of network intrusion.
There are now numerous tools on the market that will allow you to analyze the security of your network. Many will also provide information and advice on how to raise that security. The effectiveness of each tool varies by the situation, and no one tool is the best for every facet of your security. If you are looking for some utilities to start with, you can look into Nmap, Nessus, or SAINT.
DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.
