let’s explore some of the common uses of port scanning for cybersecurity professionals:
1) penetration testing for security purposes
2) compromised host detection for Network.
Port scanning is administered at an early stage during a penetration test. It allows you to spot and check the status of all network entry points available on a target system.
Penetration testers include in-house staff whose job it’s to spot and resolve security vulnerabilities across their employer’s network. It also includes security consultants hired for penetration testing by external clients.
It also includes individuals who port scan networks for research purposes and to develop their own knowledge and penetration testing skills.
Compromised host detection
Your company invites customers to log into your customer service portal. When visitors reach your website, you test several known ports on those visitors’ devices; specifically, those ports that are sometimes targeted by hackers using remotely controlled apps or by trojans.
This can offer you a risk score from which you’ll decide whether to let the user log into your app or website.
This approach can assist you to bar not just hackers from your network, but also innocent users, whose devices may are compromised.
Now let’s check out how these activities can fall foul of the law…
About US Rule
Under the pc Fraud and Abuse Act (1986), it’s a criminal offense to realize “unauthorized access” to a computer.
While the intent of the law is to prosecute malicious hackers, its ambiguity has long posed a possible problem for security experts. On a strict reading of the Act, If you employ port scanning on a network without the owner’s consent, then technically, you’re in breach of the law.
However, a June 2021 Supreme Court decision, Van Buren, could be excellent news for security researchers. therein case, the court held that mere violation of access restrictions isn’t necessarily an offense. Rather, the prohibition is restricted to someone who “accesses a computer with authorization, on the other hand, obtains information located especially areas of the pc – like files, folders or databases that are off-limits to him”.
This decision has barely been handed down, so it remains to be seen how it’s interpreted. However, it’s going to establish the principle that simply pinging or port scanning a network and zip else, isn’t actionable.
So are you able to actually get into trouble for this sort of ‘white hat’ portal scanning? In most jurisdictions, prosecutors have guidelines in situ beginning the circumstances where they’re going to and can not bring an action (common-sense rules). If there’s no malicious intent and no actual damage, the prosecution is usually unlikely.
You cannot rule out the likelihood that your white hat port scanning activities won’t harm a 3rd party. Let’s say, as an example, that your unauthorized scanning attempts are picked up by an organization’s perimeter defenses. It’s theoretically possible that this might hamper or temporarily disable a critical network function. If the organization suffers loss as a result (and if the relevant country’s laws leave it), there’s the danger of a civil claim for damages to hide this loss.