October 20th, 2003, 08:01 AM
Security issues with a port scanner
Hullo. I'm designing a port scanner for a basic info security class, and one of the assignment requirements is to list the security concerns of such a program--basically, what possible risks to security this port scanner might pose. The port scanner is meant to be used by an administrator to determine what vulnerabilities exist in the network (and the program takes in input by the user to specify what exactly a vulnerability is).
As far as I can tell...the scanner should be designed in a way that a) it is accurate in its reporting of port statuses and vulnerabilities, b) the program requires installation by an administrator (so a malicious user can't use the scanner to detect vulnerabilities), c) the scanner completes its work in a reasonable amount of time without hogging resources, and d) the scanner doesn't open up any vulerabilities itself when it is executed.
These seem kind of trivial and obvious...are there any other security issues I might be missing?