Port Monitoring/Scanning

Port monitoring is a good way to know what the risks are. If you have a port monitoring program then you will probably know someone is planning an attack before it happens. Monitoring can be done by the firewall or by another server. http://www.insecure.com/ provides a list of known security tools that can help you decide how to protect your system.

Port scanning is one of the most misunderstood security issues for new networking people. Port scanning is about the same as walking around a bank and looking at the cameras and checking out the security of the design. This is good for administrators who want to know about the security risks, but it does not look good if someone else does it to your server. Port scanning is when you try to connect to each port and see what happens. If there is a server running on the port you will probably get a response, but if the port is closed you will probably get a rejection packet from the server. Hackers and crackers scan a machine and look for ports like ftp and telnet that are know security risks. If these ports are open then they sometimes attempt an attack. The initial scan is perfectly legal, but what often follows is not legal.