You may not realize it but hackers are scanning your Internet connection looking for an opening – constantly.
When they find one they’ll launch an attack against that opening to see if they can get in.
But it all starts with scanning your network.
Automated Tools Are a Wonderful Thing
Cyber criminals don’t scan each individual network on the Internet one by one. They have automated tools that randomly scan every IP address on the Internet.
Hackers aren’t lazy people – just efficient and intelligent. The tools they use can be preloaded with a range of Internet addresses to scan. As this tool finds an Internet address with certain openings it produces a list of the address and the opening. This list is then fed into another tool that actively tries to exploit that opening with various programs. If no exploit works, the hacker’s program will move on to the next potential victim.
When you see the scanning activity in your firewall logs, you’ll know where you’re being scanned from and what they’re trying to target. Armed with that data you should check to see if you’re running software that uses that port and if it has any newly discovered openings. If you’re using software listening on that scanned port and there is a patch available, you should have that patch applied immediately.
As stated, you’ll see this activity in your firewall logs – that is, if someone is actually reviewing your firewall logs.
Oh, my firewall has logs?
When most business owners are asked about their firewall logs, the typical response is usually, “Oh, my firewall has logs?”
Yes, all firewalls produce log files. Most of them only show what’s been blocked, which is like showing pictures of all the thieves that are in prison, while the bank down the street is being robbed.
You want to see all traffic. If your firewall only logs activity it knows about, your security is totally dependent on the ability of your firewall and the way it’s configured with default settings.
Many people believe that “having” a firewall is sufficient. Have you ever seen the firewall settings for the router/modem that many DSL or Cable providers give you?
The configuration is usually something like:
Firewall: Yes No
These companies don’t want you calling them every time you can’t get a connection on the Internet. So they predetermine what your firewall should block and what should be allowed – to save them the expense of tech support calls.
An Example Log File
Let’s review a log entry.
Date Time: 06/18/2007 12:04:03.416
Source IP: 218.10.111.119
Source Port: 12200
Destination IP: 55.66.777.1
Destination Port: 6588
What is this showing?
Well the Source IP address is from Heilongjiang, a province in China. The destination IP is our client (mangled to protect the innocent) but the important data is the destination port. That identifies what the hackers are looking for.
Port 6588 can be a few different things. They could be scanning for a Trojan that uses that port. If their scan responds with the typical response of the remote access Trojan, they know they’ve found an infected system. The hacker's system will tell them what service is listening on port 6588 so they know what tools to use to attack that port.
Without reviewing your logs you have no idea what is trying to get into your network.
Without a properly configured firewall, this type of attack would surely get through.
When talking security with a business owner I always ask, “When was the last time your network was scanned for openings?” They usually respond with, “Never”. To which I reply, “Oh you’re wrong there. You’ve been scanned, you just don’t know by whom!”
Regular scans of your network show you what the hackers are seeing of your network. It’s a simple process and should be performed at least once a month. The results should be presented to you in a very readable, understandable report.
What to Do Next
The first thing you should do is check your firewall to make sure it’s logging all activity. Then, your job is to start reviewing the logs either everyday or at a bare minimum, once a week.
Some routers have the firewall “built-in”. I’ve often found these are very limited in their ability to protect. Even more limiting is their logging functionality. Typically these devices will only show what’s blocked. Often these router/firewalls have the option to have the logs emailed to someone when they’re filled with entries. This is a nice option as you can have them directed to someone who will (should) review them in detail and notify you of any entries to be concerned with.
If your firewall doesn’t provide the level of detail described in this article, you should seriously consider upgrading. You can keep your existing router just turn off the firewall feature and buy a dedicated firewall.
Then you’ll know what the hackers know about your network.
Microsoft SQL Server® 2008 - Free Trial
Download the Free 180-day Trial of SQL Server® 2008 Enterprise Edition!
Try It Out | Ways To Save | Read White Paper | Learn More
Microsoft.com/SQLServer2008
Download the Free 180-day Trial of SQL Server® 2008 Enterprise Edition!
Try It Out | Ways To Save | Read White Paper | Learn More
Microsoft.com/SQLServer2008
Microsoft® Forefront - Free Trial
Get Enterprise-Wide Protection with Microsoft® Forefront. Download Today!
Try It Out | Read Case Study | Learn More | Resources
Microsoft.com/Forefront
Get Enterprise-Wide Protection with Microsoft® Forefront. Download Today!
Try It Out | Read Case Study | Learn More | Resources
Microsoft.com/Forefront
Cisco Network Security
Get State-of-the-Art Security And Keep Your Company Safe With Cisco.
www.cisco.com
Get State-of-the-Art Security And Keep Your Company Safe With Cisco.
www.cisco.com
Microsoft® System Center - Free Trial
Automate Deployment, Consolidate & Virtualize Servers, & More. Download Today!
Try It Out | Read White Paper | Learn More | Resources
Microsoft.com/SystemCenter
Automate Deployment, Consolidate & Virtualize Servers, & More. Download Today!
Try It Out | Read White Paper | Learn More | Resources
Microsoft.com/SystemCenter
Free B2B search marketing whitepaper, B2B Search Marketing Strategy Guide: Advice From the Pros.
