Recently there was a discussion about whether or not we should permit the IS&T security people to scan our network for a relatively new and quite dangerous Windows security vulnerability. The vulnerability was patched by Microsoft some time ago, and the only systems left without protection are those that are both poorly administered and that have automatic updates disabled. We need to know about machines on our network that fit that description. That alone is good enough to warrant this sort of active scanning. We asked a representative subsection of the lab if they thought we should go ahead with the scanning, and received close enough to a concensus that we went ahead with it. However, reflecting on this tonight leads me to believe that we should not have even bothered asking. The prime reason for this conclusion is the clear fact that the "bad guys" are doing this all the time, and with much more nefarious purposes in mind. We already identify many hundreds of unique attempts each day to actually probe our systems for vulnerabilities. If we're concerned that our own scans our somehow going to disrupt normal operation of the target systems, we better be doing a whole lot more to protect these systems from the rest of the Internet.
writebacks...
trackback
TrackBack ping me at:
http://people.csail.mit.edu/noahm/blosxom.cgi/portscans.trackback
comment...