Results 1 to 2 of 2

Thread: How to test your own system

  1. #1

    Post How to test your own system

    This is a brief tutorial on how someone can check their own system for its level of security. Can it be penetrated? How much information can someone get?

    First of all, you need to check your basic settings. Do you have any default usernames or passwords? (I.E. Root/Admin) If so, change them.

    Also, make sure all of your passwords are secure, this part is pretty basic.

    After this, you need to check for services running, are they up to date, have you not been checking them often enough?

    That's the basic information that most of us here already do. The thing that not many of us will think to do is find someone else. A friend even, but ALWAYS have someone else check your system, preferably someone who knows fairly little about the specifics (eg. They didn't help set it up.)

    Why? Because you know all of the usernames for things, and after you've changed them, you may not know when someone who doesn't already have this information can guess them. Its all too easy for you to decide it can't be guessed, while someone looking in on it can. This is a key fault, and one that many people will over look.

    After you have had that person check for security problems in your computer/network, fix everything that they've been able to do, and then have them go in again. Sometimes, fixes create new problems. This is the sort of thing that many people will also forget to check for.

    Now that you've done that sort of thing, make sure you don't have anything unneeded running on the computers. Unneeded hardware and software, for what you actually use that is, is a huge security risk. Any services running on your computer that are not used should be, by default, disabled. Security problems in hardware and software can be found at any time, and you don't want to have to keep up to date on every little thing.

    If your computer has a scanner than you rarely use, disconnect it. With Windows, UPnP and such, it may be possible for someone to send a signal to your scanner, which will send an image to the computer, and possibly crash it. This example is a little far out there, but it is possible, and can be done by the wily attacker.

    Make sure to run scans and uninstall all of the drivers for such things, if you do not think you will hook up the hardware fairly often, to be sure that the problems are gone, maintence here is key. Go through again, with having some friend, hopefully you can now bring in someone new again, and look for more faults.

    Make sure that you have also given as little information as possible for the user accounts. A finger to a Linux box can give the persons full name, if it is given. If a Black Hat is attacking a companies computers, they will be able to find out what company it is, and contact the user for an account they wish to compromise. This is where social engineering kicks in, and can be quite deadly. (Read the Art of Deception by Kevin Mitnick if you have not already.)

    Also, one final, quick note, on social engineering. If someone calls up an employee or user asking for information, that person should call back the person in IT, or at a phone number that the person is KNOWN to be at, this will reduce the chances of someone being tricked.

    This was just a brief tutorial pointing out some things that will help you make sure your computers remain secure, and on how to test them. I hope it will help some people, and bring to view things which were just subconcious knowledge before.

    Happy hacking!

  2. #2
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Hi there.

    Make sure that you have also given as little information as possible for the user accounts. A finger to a Linux box can give the persons full name, if it is given.
    Thats not always true and does not only apply for linux. The remote finger will only work if the target computer actually has his port 79 open (finger server running). Otherwise the finger will not return any results.

    Then, you mean if i dont get another person to check my security, that im not safe???

    Please excuse my critics on your "tutorial", but in this tutorial i have learned absolutely nothing what so ever. Let me help you out a bit here.


    Very important is that when you say that something has to be done this way, then WHY?

    First of all, you need to check your basic settings. Do you have any default usernames or passwords? (I.E. Root/Admin) If so, change them.
    The reason for this is, so the attacker cannot find out which user has admin priveleges (UID 0), and also because alot of "cracking" software will look for default names such as administrator and root.


    Also, make sure all of your passwords are secure, this part is pretty basic.
    This part is not pretty basic. This part is actually one of the very most important parts when it comes to computer security. I have written an entire tutorial only on the subject "Choosing secure passwords". This part should have alot more details. Check out what you have todo in order to actually have a secure password:

    http://www.antionline.com/showthread...light=password

    That's the basic information that most of us here already do. The thing that not many of us will think to do is find someone else. A friend even, but ALWAYS have someone else check your system, preferably someone who knows fairly little about the specifics (eg. They didn't help set it up.)

    At that point you have covered about 3% of the "basic information". What also puzzles me most, is that you cut this tutorial off with the comments to get someone else to test your security. You have got a small point there, but thats after you have actually finished securing your computer to the best of your knowledge.

    Things you have left out in this tutorial are :

    1 - BACKUPS = very very important.

    2 - ANTIVIRUS

    3 - FIREWALL

    4 - Encryption of sensitive data.

    5 - Making an image of your existing system configuration, so you can compare important system files at a later time. (aka IDS)

    6 - Making sure that your system actually logs events, and how to configure it todo so.

    7 - What is allowed to connect from where to where, and how. (/etc/hosts.allow, /etc/hosts.deny) etc...


    All of these points should be described with great detail. How to do them all, and why!

    Please forgive me if my comments are not what you expected, no offense or flaming meant whatsoever. Im trying to help you out here. You did say a few things that are true, but the examples are not relevant. The scanner for example. Im not going to disconnect my scanners, cameras, printers, mice, whatever im not using at this moment. Securing a computer means that you can have all these peripherials connected and have secured access to them.


    You have pointed out many times to diactivate or remove any service thats not needed. Thats very true, but you also should tell us why.


    Now that you've done that sort of thing, make sure you don't have anything unneeded running on the computers. Unneeded hardware and software, for what you actually use that is, is a huge security risk. Any services running on your computer that are not used should be, by default, disabled. Security problems in hardware and software can be found at any time, and you don't want to have to keep up to date on every little thing.
    First of all.... You do want to keep upto date on every little thing, thats part of maintaining a computer.

    The reason why you should disable or remove services that you do not use is:

    Some services run with administrative priveleges (ROOT/ADMINISTRATOR). If one of these services are compromised, then the attacker has the rights (priveleges) of the user that has started this services. A solution would be to launch services as a normal user. Dont let any super daemons start the services if the services can be started in standalone mode.

    What im trying to say is.....if you dont tell us why todo these things, then i will not do them, since i cannot find a reason todo so. So in a tutorial its always very important to provide the following on every single point.

    1 - Situation.

    2 - Problem within the situation.

    3 - Solution.


    Just one last nagging, please use the search feature on AO, this tutorial has been posted many times before. Again i apologize for all the nagging i have done. The rest of the things that you have said are true. I just added a bit of information to it.


    Good luck on securing your computer. (oh, and never trust another person to audit you. There is no such thing as trust when it comes to security)

    Cheers.



    /addon/

    I got so carried away that i forgot. To test your own security, use the following tools.

    1 - ping - Any OS - to test if a host is up and to see how long it takes for a icmp packet to reach the host.

    2 - ethereal/tcpdump - *nix/winported - To sniff packets and see if/where/how encrytpion is needed.

    3- nmap - *nix/winported - Good port scanner to scan for open ports and get information on services, version of services, and OS guesses.

    4 - nessus - *nix - Administrators security testing tool. Scan computers for weak points and gives accurate information about what needs patching/attention.

    5 - saint - *nix -Administrators security testing tool. Scan computers for weak points and gives accurate information about what needs patching/attention, and provides alot of information on how to fix detected weak points.

    6 - languard - windows - Administrators testing tool. Scan computers for weak points, and gives out alot of information about users, shares, even attempts to crack passwords and spoofs messenging services to test weakneses.

    7 - netstat - *nix/windows - Tells you what ports you have open and sometimes even tells you which services are using them. Also tells you whos connected to you on which port.

    8 - ps -aux - *nix - Tells you what processes you have running, and which user is running the process.

    9 - top - *nix - Tells you in order which process is taking up how much resources on your host.

    10 - traceroute - *nix - Shows you the route a packet takes to reach its destination.

    11 - tracert - windows - same as traceroute ^ above, just the win version of it.

    (depending on what OS you test your security from).

    These tools can get alot of information about weakneses in your system.

    Good luck
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •