Security Auditing
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Security Auditing

  1. #1

    Lightbulb Security Auditing

    Security Auditing

    Security auditing should be a requirement for everyone that is connected to the Internet. There are many tools and programs available to help you test your network or PC at home. A few topics you should read about and have a good general knowledge are:

    Firewalls - What they are, how to use one, where to get one,etc.
    IDS - Intrusion Detection System
    Sniffers - Find out where attacks come from, who sent what packet, etc. Buffer overflow protection - Keep your box safe from this common vulnerability Honey pots - creates virtual systems to trap scanners and hackers Proxy – to help you remain anonymous on the web
    SOCKS chain - work through a chain of SOCKS or HTTP proxies to hide your IP

    Security auditing can be done for a fee from various companies or done by you to save a few dollars and get more of a “hand on experience” with testing your network or your box at home.. Who knows, you may even learn something. Here are a few things to look for when testing the security of your box:

    Vulnerabilities
    Malware – Trojans & viruses
    NFS &net BIOS - way of sharing file
    Network monitoring tools – PC Anywhere, Remote admin, etc
    Physical Security – Commonly over looked vulnerability
    Wingate - allows a Win95 PC to act as a gateway.
    CGI Scripts - poorly written CGI programs are vulnerable to intruders.

    These are just a few common and well-known vulnerabilities. For a more detailed list of vulnerabilities visit Http://www.CERT.org

    Ports

    You should monitor what ports and services are running on your machine. Especially the ones that you don’t recognize. You can find a list of ports and what services run on those ports on any of your favorite search engines. To remove the risk of being attacked, close any application that you find suspicious and view the file’s properties. You should be aware of what ports are open because it gives hackers another place to attack.

    Patches, fixes, and updates

    For what ever OS, browser, or any other application you use, applying patches are a necessary part of securing your computer. You may have the latest version of X but a week later there’s a number of vulnerabilities, bugs, holes, and flaws discovered. I would recommend checking the company’s web site often for updates and fixes for what ever software, OS, application, etc. you’re using. You may also want to change the default setting or at least take a look at them to make sure they are properly set. Default settings are a common vulnerability. Hundreds of advisories are released daily from various security groups and organizations. One of the largest and well-known organization is the SANS institute. SANS has a large database of advisories, vulnerabilities, and other useful security information. To visit SANS’ web site go to this address: Http://www.SANS.org

    Firewalls

    Although firewalls are a good method of protecting your computer(s), it shouldn’t be your only line of defense against hackers. Firewalls can provide some degree of protection however, no firewall can detect or stop all attacks, so it’s not sufficient to install a firewall and then ignore all other security measures.


    Remote_Access_

  2. #2

    Lightbulb

    The village idiot has returned with another intelligent remark
    when he gave me negative points:

    did you actualy write this your self?
    Yes you idiot I wrote this my self. It's easy to critisize my work,
    complain about this and that but when's the last time YOU
    posted a tutorial that was hand typed? It's funny how when
    someone posts an actual security topic no one replies, but
    when you ask general questions and make ignorant threads
    you get quite a few replies.. why is that? Perhaps it's cause
    this person dosen't know anything about security and dosen't
    have anything to contribute. If I were that person I wouldn't
    reveal my identity either...
    *sighs* Ah well.. I hope this helped
    some of you with your understanding of security.

    Remote_Access_

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Talking

    It's so nice to see a security related post on a security related site (what a concept eh? ROFL). But RA does bring up some important factors to consider when doing a security audit as part of the overall security process. Remember that security is a process and not just a slipshod affair that you do when you get attacked, hear about attacks or just go through the day-to-day. I will probably do an article on the whole idea of network security process in the Newsletter #2.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    157

    Lightbulb

    Great job, RA!

    If doing an audit for a company I would start by asking for their policies.
    If doint an audit for an acquaintance, I start by finding out from them what level of security they expect and what their tolerances are for things like down time and time spent as sys adm of their own systems.

    Then I try to match those expectations to the technologies that you discussed.

    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=
    Noah built the ark BEFORE it rained.


    http://ld.net/?rn
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=

  5. #5

    Smile Security Auditing

    Thanks niboreon.

    Yes, I should have mentioned that you need to have the company's permission
    before you do a security audit. Other wise they may mistake you as an attacker
    and may even result in you being fired.. don't want that to happen.
    You should always have the person or persons permission before you test the
    security on their computer(s). I just went over the basics of doing an audit but
    in the newsletter it will contain more detailed information. If you would like to
    add or modify any information on this article for the newsletter send an email
    to remote_access_@antionline.org or msmittens@msmittens.com

    Remember that security is a process and not just a slipshod affair that you do when you get attacked..
    That's correct. You can't maintain security only when your box is being attacked or
    scanned. Security is manditory and should be a requirement for everyone.. or at least it should be for those that are interested or concerned about it. BTW, I'd like to hear how you would test you computer for holes, vulnerabilities, etc. What procedures would you take if you preformed an audit?

    Remote_Access_

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    119

    Thumbs up

    first a good work remote_access.
    another good stuyy to read is:
    http://rr.sans.org/audit/linux_sec.php
    it's more for linux but it's interesting as well and it has heaps of links to that topic

    cheers,

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    If doing an audit for a company I would start by asking for their policies.
    I totally agree with you here. I did a subject related to this at uni and the first thing the said was,

    "It doesn't matter how good your security is, if you don't have a firm and comprehensive security policy."

    The second thing they said was,

    "The weakest link in any network's security is always the user."

    Makes your think doesn't it.
    OpenBSD - The proactively secure operating system.

  8. #8
    Originally posted by MsMittens
    It's so nice to see a security related post on a security related site (what a concept eh? ROFL).

    I have to admit that sometimes my mind wonders off the job and I post un security related threads. I even had the hide to ask for a Tech Support thread <gasp!>...LOL. Anyway, this IS a security site and it's good to see these type of threads back. Good pst R_A....

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    God post Remote_Access_ .

    MsMittens I'm looking forward to the next number of AO News. Keep up the good work !

    niboreon you are right policies and permissions are important and not only for the auditing, its important for the whole process of creating a secure network. Good post !

    My 2 cents down the drain..

    Words of Wisdom from smirc.
    - "The weakest link in any network's security is always the user."
    I agree ! My users always trying to give me gray hair and a nervous breakdown, we'll see who wins .

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    145
    Hello RA!

    Good day to you! Good Post! You said it straight and clear. Most important of all, it was indeed informative

    Keep-up the good posts!!!

    A blessed day to all!!!

    _____________________________

    "I expect to pass through life but once. If, therefore, there be any kindness I can show, or any good thing I can do for any fellow being, let me do it now… as I shall not pass this way again. " ~William Penn

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •