For Immediate IT Support 613-288-5805 or

The Five Phases of a Hack – Scanning

When it comes to IT in business, keeping systems fully operational and information secure should be of top priority as a loss of either can spell financial disaster. Ottawa IT consulting firms understand this and can help their clients secure their network infrastructure. Hackers themselves understand these aims, hence why they target mission critical systems within a network.

So a hacker has finished their reconnaissance and has amassed a wealth of information, of both the technical and non-technical kinds. The non-technical information can stand by for now as the technical information gathered takes the forefront in the scanning phase.

The hacker has learned information such as public IP addresses, server information and possibly even network and security device information as well. This is all important to help lay out the map of the target network, which is one of the goals of scanning.

So what is scanning? Scanning is the probing of a network to learn more information about systems within the network such as open ports on devices, the services and processes they are running, and the vulnerabilities that might not have been patched. There are generally three types of scan that hackers (and security auditors) use to ascertain this information.

Network Scans: A network scan is the most basic scan in its aims. Essentially a network scan is used to determine where live systems are on the network and how many of them there is. Network scanning provides a basic logical layout of a network, so a hacker has a basic roadmap of their target.

Port Scans: Port scans go a bit deeper than network scans, and provide not only a map of the target but also a list of open ports and services running on a host. This provides a higher resolution map than the network scan, as not only does it show that a system with an IP address of 10.10.10.10 is up and running it will show that port 80 (which is the well-known port for HTTP traffic) is open. This indicates that the machine with the address of 10.10.10.10 is a web server, and a hacker can use this information to plan the next phase of their hack. Port scans can also be used to detect which operating system is running on a device. Again this is more information a hacker can use in the proceeding phases.

Vulnerability Scans: Vulnerability scanners take it one step beyond port scans and will detect not just open ports and operating systems, but if the host is vulnerable to a list of known exploits based on the implementations of their operating systems and services running on open ports. Where a port scanner would indicate that a host is running Windows 7, with possibly specifying the service pack, a vulnerability scanner will detect the level of patching that the operating system has had by indicating to which exploits it is vulnerable.

After performing these scans, the scanning phase is not yet over. The hacker, after probing the network to discover hosts and probing the hosts to discover running services, will now begin to probe those services to extract yet more information.

Information that the hacker will be looking out for in this process will be: usernames and groups, routing details, applications and auditing and services settings to name just a few. All the information gained throughout the reconnaissance and scanning phases have been building up the next phase in the hack (by far the most fun part), gaining access. IT consulting companies in Ottawa can perform security audits and penetration tests to discover their network’s weaknesses. It’s always better to be proactive, rather than reactive when it comes to security.

There are ways to mitigate the risk that the scanning phase poses. Tech support providers in Ottawa can assist with disabling all unnecessary services and closing of all unnecessary ports. Networking devices can be configured to block incoming connections based on the state of connections e.g. TCP three way handshake is initiated from an external IP address. These are just a couple of suggestions to help improve an organization’s security posture, further enquiry on how to reduce the potential risks associated with the scanning phase is most certainly advised.