Firewall or Port Scanner

Firewall or Port Scanner
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Firewall or Port Scanner amahmood5 08-02-2006
Posted by on August 2, 2006, 5:51 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi all,

You'll all be familiar with free, self-service Internet-based
port-scanning tools;

Sheilds Up (https://grc.com/x/ne.dll?bh0bkyd2)
PC Flank (http://www.pcflank.com/test.htm)
Sygate SOS (http://scan.sygatetech.com/)
Security Metrics (http://www.securitymetrics.com/portscan.adp)
Symantec
(http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym)

These only work with any degree of reliability if you have a direct
connection to the Internet with a real IP address.

There are also lots of utilities for administrators to scan internal
networks (nmap, GFI LanGuard, etc).

However, I'm after "something in between".

We have a network where users are free to connect their own computers.
(this network is firewalled off so it has extremely limited access to
the rest of the network). The rest of the network is reasonably
secure, but there's a risk that users can infect each other WITHIN this
network (more than a risk, really, it's certain to happen!)

We can ask users to ensure they have firewalls/anti-virus/etc, and to
some extent we can enforce it (eg using CheckPoint's Integrity
Clientless Security). However, as a first step, I'd like users to be
able to browse to a web server WITHIN the network where they click
"SCAN", then the web server will scan their host for open ports. They
then get a simple red/amber/green assessment/diagnosis of
vulnerabilities. The idea is, we SCARE them into applying security
measures!

I've checked the popular free self-service scanners, but none offer a
service we can host on our network. Specialist tools (eg GFI LanGuard)
are for administrator use. I can't find a service we can host on our
network that provides self-service scanning. Anyone have any ideas?

Kind regards,

Anwar


Posted by Volker Birk on August 2, 2006, 6:01 am
If you were  Registered and logged in, you could reply and use other advanced thread options
amahmood5@uclan.ac.uk wrote:
[Portscanning]
> Anyone have any ideas?

Only a truism:

man nmap

Yours,
VB.
--
Ich würde schätzen, dass ca. 87% aller spontanen Schätzungen völlig für
den Arsch sind.

        Ralph Angenendt in debate@ccc.de

Posted by Sebastian Gottschalk on August 2, 2006, 11:17 am
If you were  Registered and logged in, you could reply and use other advanced thread options
amahmood5@uclan.ac.uk wrote:
> Hi all,
>
> You'll all be familiar with free, self-service Internet-based
> port-scanning tools;
>
> Sheilds Up (https://grc.com/x/ne.dll?bh0bkyd2)
> PC Flank (http://www.pcflank.com/test.htm)
> Sygate SOS (http://scan.sygatetech.com/)
> Security Metrics (http://www.securitymetrics.com/portscan.adp)
> Symantec
> (http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym)

I'm not familiar with them. I just know them and I don't use them
because I know how flawed they are.

> These only work with any degree of reliability if you have a direct
> connection to the Internet with a real IP address.

They don't work to any sufficient degree of reliability.

> The idea is, we SCARE them into applying security measures!

Once again: You cannot solve social problems with technical means.

> Anyone have any ideas?

Yes. Deny access of unauthorized machines at all in a written policy,
and use IEEE 802.1X to enforce this policy in your network.

Similar ThreadsPosted
is there a software port scanner that says open or closed or stealth? June 22, 2007, 1:50 pm
MS Live OneCare Security Scanner: Credible Alternatives? Please Help February 26, 2008, 12:25 am
Firewall port 1105 (FTRANHC) & port 1239 (NMSD) ? January 6, 2006, 1:48 am
netscreen: not allowed to port forward port outside port < 1024 toone inside >= 1024? December 15, 2004, 12:47 pm
Sunblade 100 Workstation serial port link to Cisco PIX appliance CONSOLE port. January 26, 2005, 2:13 pm
iptables port forwarding - port is filtered, needs to be open March 11, 2005, 4:15 pm
Why is port forwarding more secure than opening up a port? December 16, 2004, 1:03 pm
port forwarding/ opening port November 2, 2005, 11:03 am
trigger port & public port? November 2, 2005, 10:01 pm
Firewall & Port Questions November 8, 2004, 7:43 am

The site map in XML format XML site map

Contact Us | Privacy Policy