A security manager believes that too many services are running on a mission critical database server. Which of the following tools might a security analyst use to determine services that are running on the server, without logging into the machine?
A.
OVAL
B.
Port scanner
C.
Protocol analyzer
D.
NIDS
System administrators are constantly being advised to check their systems for open ports and services that might be running that are either unintended or unnecessary. In some cases, the services might be Trojans just waiting to be exploited.
The most common host-based tool for checking for open ports on Windows or Unix systems is the netstat command. But running this command means actually walking or remotely accessing each and every server; and you miss other host systems that might be listening on improper ports. This is where port scanners come in; with this tool, a system, network, or security administrator can check a group of hosts all at once.
Port scanning software has long been in the hacker’s arsenal and is finally emerging as an important defensive tool as well. Originally only available for Unix/Linux systems and distributed on underground hacker web sites, port scanners are now also available for Windows platforms and have even entered the realm of reputable, commercial software. If you don’t know what a port scanner is, you should; and if you don’t use a port scanner to test your defenses, you should.