I have recently been in discussions about port scanning and the legalities of it, and wherever I read about it on the Internet I find one metaphor that really doesn't make any sense. People liken port scanning to going down a row of houses on a street, walking up to each door on a house, jiggling the doorknob, and noting whether the door would have opened.
This is a severely bad analogy.
It implies that if the port is open - the door is unlocked - attackers or thieves could just waltz in and take all the things. It paints the picture that a single open port would let anybody walk right in and have complete control of the machine. Obviously, this is not the case. It's up to the application listening on the port whether or not the machine on the other end of the line will gain access to the computer. Most applications don't give any unauthenticated user an admin shell. And, of course, an attacker on a particular port can only do things at the privilege level of the application.
In my opinion, port scanning is more like calling a hotel repeatedly and asking to talk to the occupant of a room with whatever number. Some occupants might be more talkative than others, divulging information about the architecture of the building and the arrangement of interesting things. Some particularly gullible could be tricked into opening their room and adjoining rooms to the attacker. Most, however, will just hold a normal conversation, conversing about what they know or do.
This isn't to say that firewalls are pointless. They're a good way to protect network-internal services from the outside world and stop malware from calling home. It's always good to disconnect the phone if you have a particularly naive guest. Likewise, vulnerable yet important services (legacy systems e.g. ye olde SMBv1) should be barred from receiving connections from the outside. Defense in depth is always a good plan, just make decent analogies.
No comments:
Post a Comment