A firewall alone cannot fully block port scanning activity. While firewalls can prevent unwanted access by filtering communication over risky ports, they have limitations. Firewalls only provide part of the protection needed and proper configuration by human administrators is still required. Additional security tools like intrusion detection systems are needed to monitor for attacks that get past the firewall.

1. Sameer Farooq (Reg.no: 11501907)
Lovely Professional University Phagwara, Punjab-144411
Can a firewall alone effectively
block port-scanning activity?

2. • “hostile Internet searches for open ‘doors,’ or ports, through which intruders gain access to computers.
• consist of sending a message to a port and listening for an answer. The received response indicates the port
status and can be helpful in determining a host’s operating system and other information relevant to launching a
future attack.
• It is sometimes utilized by security technicians to audit computers for vulnerabilities, also used by hackers to
target victims.
Port Scanning

3. • 3 types:
1. Vertical Scans :
• port scan that targets several destination ports on a single host.
• easiest to detect because only local (single host) detection mechanisms are required.
2. Horizontal Scans
• port scan that targets the same port on several hosts.
3. Block Scans
• Combining vertical and horizontal scanning styles.
Classification Methodology

4. • Software program or a dedicated network appliance.
• Separate a secure area from a less secure area and to control inbound and outbound communications on anything
from a single machine to an entire network.
Software Firewalls (personal firewalls )
• Prevents unwanted access by identifying and preventing communication over risky ports.
• Computers communicate over many different recognized ports, and the firewall will tend to permit these without
prompting or alerting the user.
• Drawback : software running on a personal computer operating system.
• e.g ZoneAlarm, BlackICE, and Kerio.
Firewall?

5. Hardware Firewalls
• They also have software components, but run either on a specially engineered network appliance or on an
optimized server dedicated to the task of running the firewall.
• The operating system difficult to attack.
• Used by corporation must be configured,
• Small versions for home users are already configured to block access over risky ports.
• Rules can be as simple as allowing port 80 traffic to flow through the firewall in both directions, or as complex as
only allowing 1433 (SQL server) traffic from a specific IP address

6. • A firewall monitors incoming and outgoing connections through one's personal computer.
• One technique used by firewall technology is the opening of all the ports at one time. This action stops port
scans from returning any ports.
• Another approach is to filter all port scans going to one's computer. An individual can also choose to port scan
his or her own system, which enables one to see the personal computer through the eyes of a hacker.
• A Port scan is like ringing the doorbell to see whether someone’s at home. The police usually can’t do anything
about it. They have to wait until a crime is committed. Sometimes, if a computer system is affected too much by
a port scan, one can argue that the port scan was, in fact, a denial-of-service (DoS) attack, which is usually an
offense.
• Up-to some extent firewalls are the best protection one can invest in with regard to port scanning. Firewalls
deny outside access to an individual's personal computer.
• With this type of protection, a personal computer is essentially hidden from unwelcome visitors and is also
protected from a variety of other hacking techniques.
Port scanning protection with firewall

7. • “firewall: buzzword ”
“We have a firewall in place and therefore our network must be secure”.
• Total reliance on the firewall tool, may provide a false sense of security. The firewall it is not a panacea. The
firewall is simply one of many tools in a toolkit for IT security policy.
• Firewalls control both incoming and outgoing network traffic. They can allow certain packets to pass through or
else disable access for them. For example, a firewall can be configured to pass traffic solely to port 80 of the
Web server and to port 25 of the email server
• Human intervention is also required to decide how to screen traffic and “instruct” the firewall to accept or deny
incoming packets. A poorly configured firewall may worsen the system’s effective immunity to attacks. This is
because system administrators may believe that their systems are safe inside the “Maginot Line” and will
become lax towards internal day to day security standards, if a firewall is in place.
Is a firewall the ultimate solution?

8. • Similarly to “firewall” another buzzword has recently become very popular – “IDS”.
• IDS solutions are designed to monitor events in an IT system, thus complementing the first line of defense (behind
firewalls) against attacks.
• If one wishes to compare to a home anti-burglary system, firewalls perform the role of door and window locks. These
types of locks will stop the majority of burglars but sophisticated intruders may circumvent security devices that
protect an intended target i.e. a home. Therefore, most people use a combination of sophisticated locks with alarm
systems. An IDS performs the role of such an alarm system and adds the next preventive layer of security by detecting
attacks that penetrate IT systems.
• Once the protection barrier has been negotiated, such an anomalous situation must be reported to the system
administrator as quickly as possible. It would be useful to view what an intruder was doing in an IT system. These are
the key tasks for Intrusion Detection System programs.
• IDS tools are those which perform the function of such a “policeman”, by taking care of the security of IT systems
and detecting potential intrusions.

9. ~~~~…… END