Threat Assessment of Ping Sweeps and Port Scans

Threat Assessment of Ping Sweeps and Port Scans Ping sweeps and port scans are two techniques that a malicious computer user such as a hacker can utilize to compromise an Enterprise networks security and gain access to their proprietary data. For example, private email messages can be forwarded to a rogue destination email address: Done by installing a virus program into a user’s email client through a discovered active computers open TCP/IP IMAP port (port number 143) that is not being currently used by that user (Clarke, 2008). The virus then could take advantage of security vulnerabilities in that users email client program and forward emails from that users inbox over to another destination email address without them knowing about it. Therefore, in light of such exploits as just described it is vitally important to address and mitigate the security problem to an Enterprise network from ping sweeps and port scans that can be incurred from outside sources by the use of strong Firewall protections. To better comprehend the danger that ping sweeps and port scans can represent here is a more detailed explanation of each of these techniques.
Ping sweeps First, a ping is a computer network utility tool using the Internet Control Message Protocol (ICMP) to send multiple data packets to a target host device such as server, workstation, or printer to establish whether that host device on a network is actively present (turned on, or active) and able to communicate. If the target host device in question sends back a reply then that device is determined to indeed be active on the network. So therefore, a ping sweep is number of pings that are executed to determine which out of a range of IP addresses map over to live host devices (Rouse, 2005). To perform this task there are several available software tools to choose from, such as fping, gping, and Nmap for UNIX systems. Also, there is Rhino9’s Pinger software and SolarWinds Ping Sweep for Windows systems.