Confession time. I love port scanning, I scan my own network and I will scan other networks when asked too. There is so much valuable information to be gathered from scanning. What I especially love about port scanning is the information you can glean from data that is not necessarily visible right away but you can assume is present based on evidence.I often preach isolated networks as a baseline security measure for people personally and for their small businesses. For my own home network I have a what is commonly referred to as a "Guest" network. Setting up a guest network is a quite simple task to do. Most home routers have this functionality built in. I wanted to visualize a guest network for you today!
Here are two images that should cause us to pause.
First image is of a guest network. I am sending an empty, non-recursive host-discovery packet with the SYN flag set. This is a basic command that can be run to figure out who is on the network. As you can see it returned very little, the devices were the router, the local machine and another device.
In the second image I am on my primary network. For visualization I have a bunch of devices on there. On my primary network I have my server, my primary desktop, my cell phone etc. I ran the command from the first image and it returned a ton of info. For the picture I used a simple ping scan -sP, which is basically saying "Who's there? Great! NEXT HOST!!"
So why should we reflect on these two images. Well on my network I actually have a lot of devices. However I don't want people visiting me to be able to access or discover my machines. I have designed my home lab with specific purposes, many of them are security based and I don't need people muddling around where they shouldn't be.
Now imagine this was your business and you didn't have a guest network.
Someone in your waiting room could potentially discover all your severs, the OS, the versions of services. They can conduct in-depth recon on assets present on the network.
Hopefully you are cringing at the thought of this.
The images I have included are of a basic guest network. However many routers come with additional security features like preventing host discovery, password authentication etc.
Give people what they need not what they want.