Port Scans for Insight

ClearPath Forward3 minutes readFeb 24th, 2012

They’re out there. If you look at logs for the firewalls that protect your Internet-facing servers, you will probably find a wealth of connection attempts from computers all over the world, and the majority of these will not be from your customers. A range of attackers will be represented, from script kiddies simply replicating attacks they found elsewhere to professionals looking for a weakness that will let them gain access to your systems without your authorization.

Professional cybercriminals are well-organized, methodical, and patient. Defending against them starts with understanding the methods they use. Let’s take a look at one of those

One method to attack a server is to send data to one of its network ports, in hopes of finding a vulnerability to exploit. If the attack doesn’t succeed in compromising data on the server, it might cause a denial of service if it makes the listening process fail or get so tied up handling spurious requests that legitimate ones can’t get through.

If the attack fails to penetrate the server’s defenses, at least it might help the attacker learn more about the server. For example, an SNMP query might identify the operating system build level, or a TCP/IP fingerprint might tell the attacker about the server’s operating system based on knowledge of detailed differences among TCP implementations. With that knowledge, the attacker can be more efficient with follow-up attacks, concentrating on those that have a history of succeeding on that particular server type.

Now let’s look at one of the steps the ClearPath OS 2200 developers are taking to make sure you can protect your ClearPath server against these attacks. First, as background, you may already be aware that the Payment Card Industry Data Security Standard (PCI DSS) calls for payment card processors to perform quarterly vulnerability scans, so that they will have essential information to identify and remediate their vulnerabilities. Each scan must cover all externally accessible (Internet-facing) IP addresses in existence at the entity and comply with the PCI DSS security scanning procedures. Scanning procedures similar to these can help you understand your possible vulnerabilities, even if you don’t process payment cards.

Using software from an Approved Scanning Vendor (ASV) makes it easier to adhere to the proper procedures. ClearPath OS 2200 development and system test procedures include using port scans from Qualys, a leading ASV, to identify potential vulnerabilities so they can be addressed before the software is released.

Among the port scans the Unisys development and test groups use, QualysGuard software can run a port scan that matches the PCI DSS requirements and provide a report that identifies potential vulnerabilities in a non-intrusive manner. What’s non-intrusive about it? As an example, if the software guesses an administrator userid and password—you did change those from the defaults, didn’t you?—the default QualysGuard PCI scan does not take the next step and log on and perform mischief on the vulnerable server. The cybercriminal won’t be so kind.

The scan report classifies each confirmed or potential vulnerability by its severity and, in the case of QualysGuard PCI, offers an analysis of the vulnerability and suggestions to remediate it.

That’s why port scanning leads to insight. As Richard Hamming said in Numerical Methods for Scientists and Engineers (McGraw-Hill, 1962), “The purpose of computing is insight, not numbers.” And that insight helps us build in the security that ClearPath servers are famous for.

Tags-   ClearPath OS 2200 Port scan Security