You’re being scanned. Your company’s network is being continuously scanned for a variety of reasons including research and/or security assessment or for the purpose of a cyber-attack. This is known as network scanning.
What is Network Scanning?
Port scanning takes network scanning to another level by returning information about what services the active host (you or your business) can offer. Open ports and services available on a network host are identified through port scanning and can be used by security technicians to audit computers for vulnerabilities, or by hackers to target victims by identifying weakened access points.
External IP addresses (find yours here) are being scanned constantly by both “good guys” and “bad guys.” The good guys are doing research, such as the University of Michigan, and the bad guys are scanning to exploit networks for financial gain.
Scanning is so simple that virtually anyone can do it, and there are a number of open source tools such as Masscan and ZMap for people to download. These tools can be used to scan every IPV4 IP address on the internet in a matter of only a few hours, and hackers can take this code and manipulate it to search for vulnerabilities as soon as they arepublished.
Malicious Network Scanning
Most scans are stopped by your businesses router and/or firewall because of the Network Address Translation that converts your internal IP addresses to external IP addresses. However, some scans are inevitably able to make it through the router or firewall. NetWatcher works to identify what scans are making it through your firewall using a simple scanning widget.
NetWatcher also provides visibility into ‘Events by Country.’ All of these events are not scanning related, but a high percentage of them will likely be cyber criminals trying to land access one of your internal assets.
Tips for Protecting Your Networks
Your mid-sized businesses external IP address will be scanned, but you can protect it against cyber criminals through the following tips.
- Keep your router/firewall/switch/WiFi firmware up-to-date. The software on routers has bugs and you must keep it up to date.
- Change your router/firewall/switch/WiFi’s administration user name and password. Many routers come with either no user name and password, or a pair that’s widely known. Check out http://www.routerpasswords.com/ as they make it trivial for a hacker to find out your router’s default settings.
- Change WiFi router SSIDs (the wireless network name): Make the wireless network name something other than the router manufacturer’s name (Linksys/Netgear) because hackers know the most common passwords each router brand uses.
- Disable remote administration. Remote administration should be disabled across all routers/firewalls/switches and WiFis.
- Use WPA2 encryption or better on all WiFis. Older encryption such as WEP can be broke in less than a few hours using readily available tools such as Reaver or Pixie Dust.
- Install a UTM firewall and learn how to manage it. Unified threat management is an all-inclusive security product that performs a variety of security functions within a single system.
- Port Scan your Internet facing IP addresses. Use Nmap and Firewall to block or restrict access to services that should not be accessible from the Internet.