Although the only 100% secure network is the one that is disconnected, we may take defensive measures that help us minimize security risks in our infrastructure during the scan.
Here are some precautions that we can take:
To start, you cannot scan an application that is not installed. This means that before putting a target on production we should do a “hardening” of the operating system, applications and services.
Hardening means “minimize”. Therefore, for a server to perform a specific function there is no point to enable unnecessary services, neither should be installed applications that do not serve the intended purpose. For example,
if the target would be only a Web server (HTTP/HTTPS), then why the service IRC (chat) have to be enabled?
By preventing unnecessary applications remaining active on the equipment, we prevent that potential vulnerabilities become a point for future exploitation.
Enable automatic update of the operating system patches that fix security issues so they are installed in a timely manner.
Keep up support contracts with the hardware/software providers, to reach them in case of an eventuality, for example; a zero-day vulnerability (for which there is no patch yet).
Redesigning the network to include security measures such as segmentation to separate security zones by intelligent next generation firewalls.
Set rules in firewalls to filter unauthorized access from the Internet and internal subnets ports.
Install intrusion prevention systems (IPS) that can work with firewalls and other network devices to detect threats (such as ping sweeps, mass scanning, etc.) and block them immediately.
Perform periodic analysis of vulnerabilities to detect any possible threats to the security of our network and take appropriate corrective actions.