December 04, 2009, 4:03 PM — WHEN IS THE BEST TIME TO PERFORM SCANS ON OPEN PORTS OF A NETWORK? Monthly. For most companies a monthly scan is adequate to ensure that the incoming connections are only for known services and that the ports haven't been penetrated by intruders or malware, says Chester Wisniewski, senior security advisor with security vendor Sophos. Tip: In addition, ports should be carefully checked on a system after it is provisioned for the first time, and whenever new software is deployed, he says. Administrators should remember to check for UDP (User Datagram Protocol) ports as well, which the recent Conficker worm exploited.
Administrators should document what they find after each scan, says Wisniewski. "Careful documentation of what has been opened and why can help close holes for services that have been discontinued, and prevent accidental ports being open to new servers taking on the address of the old ones," he says.
This is part of ITworld's "Best Time" series. See the full list of Best Times to do all sorts of technology-related things. Think you know the "Best Time" to do something? Send to firstname.lastname@example.org.