A security scanner is usually employed to do port scans of remote systems. In turn, a port scan of a system enables the owner to discover which features are obtainable on a platform and whether or not these services are available through a firewall. A good example of a popular and competent security scanner is the ever-ubiquitous Nmap Security Scanner. Naturally, a scanner of this type will deploy normally known port assignments in order to determine which of the services are operating on a linked port.
For instance, if your security scanner identifies a system's TCP port 80 as exposed, it should report that the port is vulnerable for HTTP (which is the standard used for website hosting).By default, this doesn't necessarily mean that a web server is currently executing and exploiting your system vulnerabilities; there's the possibility that the administrator merely wants to be crafty and conceal an active SSH service on TCP port 80 because he knows that a default scan won't be able to detect it.
Conducting a Service Scan Security - Vulnerability Management
In order to discern which service is truly running on any given port, a security scanner has a "service scan" feature that's responsible for extra tests and examinations against an open port, which should determine more data and details about the service operating on a particular port.Whenever a security scan is done under the service scan option, the following events should automatically happen:
A service scan enables the security scanner to carry out additional examinations on each open port in order to establish which service is truly executing on the port.
If an IP address is specifically targeted by the scan, the security scanner will try to conduct a reverse DNS lookup in order to determine the FQDN of the scanned host or hosts.
The system will be inspected for the one thousand most frequently used TCP ports. Moreover, the type of scan that will be performed is a normal SYN scan.
Security scanners will also scan the ports in random order to ensure better scanning results that's not limited by a fatal predictability that most self-respecting attackers could easily bypass.
If you'd rather that your system's ports are scanned in a more sequential or logical order (for the sake of, say, examining your IDS/IPS capabilities), there should be options available in your security scanner to do just that.