Worlds Largest Network .com
Internet Security


Port Blocking Isn't Enough Security

As a result of the recent onslaught of Internet-based virus attacks and their effect on many companies' operations, some organizations responded defensively by shutting down TCP ports that were vulnerable. Unfortunately, many quickly learned that other essential business applications relied on these same ports and that they had, unknowingly, shut down critical business applications.

The problem highlights the need for enterprises to understand the functional behavior of existing networked business applications and specifically to inventory their port usage.

The Blaster worm took advantage of the underlying behavior of networked applications to enable its rapid spread. Many other viruses and worms rely on similar vectors of infection. This behavior is based on the underlying common protocol used by all Internet applications as well as those running on most modern corporate networks. This protocol, TCP/IP, transmits data by encapsulating it in an electronic envelope. The envelope bears an address that networks and computers use to route and process it. Just as regular mail addresses can be broken down into functional parts (e.g., street number, street, city and state) so can the TCP/IP address. One of these address components is known as the TCP port.

The TCP port, usually assigned by the Internet Assigned Number Authority (IANA), designates the destination application for the data. It's sort of the street number that the destination computer uses once it receives the packet from wherever it came in the network. Interestingly, network traffic from Blaster and similar worms use a fixed port number (the street number), even if the rest of the address is different (continuing with the analogy, the city, state and street are all different--just the street number remains the same.)

In response to the Blaster virus, a number of advisories recommended that network managers set up blockades against the Blaster port numbers (it actually used a few) to prevent its spread. This turned out to be a problem. The worm used these ports because other software actively uses them. Thus, when the managers set up their blockades they did more than stop the spread of the worm, they stopped the flow of vital data and control communications.

While Blaster slowed traffic (by overloading network connections), the managers stopped traffic completely.

Of course, future viruses and worms will likely contain more destructive payloads. So, stopping their spread is critical. Yet, the question remains: How can network and security managers prevent or lessen the blow of implementing such traffic blocks?

Modifying all network applications to use different ports won't help. Besides, doing so would require enormous effort, and all the worm would have to do is target the new ports. So, something more is required.

You will find much more on this topic at WorldsLargestNetwork.com

  Home
  Partners
  $100000 Club
  Is Free.. Free?
  Free Games
  Custom Software
  Website Hosting

WorldsLargestNetwork.com





Is Free really Free?



Spyware Scanner will Scan Your PC for Malicious Spyware or Adware Free!

Home | Partner with the Best
Worlds Largest Network

Active © WorldsLargestNetwork.com; All Rights Reserved