Let’s assume that you agree that some sort of testing of your computers/network is required or should be done.
How should you test your network?
There are daily scans coming onto all ip addresses on the Internet. This is a fact of life. What is going on?
We have talked about this before: http://oversitesentry.com/how-many-scans-are-attacking-the-internet/
{Most interesting is work on detecting how many scans there were in the Internet on January 2014.
10.8 million scans from 1.76 million hosts
4.5 million (41.7%)scans attributable to the conficker worm TCP-SYN port 445}
(I would not assume this type of traffic has slowed down in a year and couple of months)
So we know the hacker is scanning … somewhere and for some reason.
Let’s assume they have a hack-attack they want to perform, so they may be scanning for systems that would be susceptible for this hack-attack. This is why it is important to keep up on the latest Security-news
And don’t just get your news from 1-3 sources. It is good to get news from many sources, sift through the noise and then act.
The hackers are always looking to make money or obtain their political goals, end result is that they own your machine or in the hacker language: Pwn your machine.
pwn: to conquer and gain ownership.
I realize we do not care to do any scanning and general security, but the hacker does their thing to Pwn you don’t mistake their concerted effort with your unknowing or lack of attention.
So the key is how should we scan the Internet facing systems? or internal systems?
The external systems will face external type attacks, since there is no firewall defending (unless you have an external proxy system, but then the proxy system is bare on the Internet) Some system somewhere will be bare on the Internet. The firewall itself, some email server, or a webserver will be “bare” on the Internet.
we should want to test and scan the bare systems, and scan the systems that are supposed to be filtered.
Second we need to scan our internal systems… Why? because if an internal system is hacked it will try to hack other systems (disseminating malware).
The reason to scan internal systems is to make sure if some system did somehow get infected it will not infect other machines.
So what about the details? How exactly to test? this depends on your network and machines, so at this time I don’t want to get into details, instead give a general nature of how scans would work:
We test and audit your environment to make you safer (A – Σ – Ω).