Security Auditing

[Remote_Access_]

Security Auditing

Security auditing should be a requirement for everyone that is connected to the Internet. There are many tools and programs available to help you test your network or PC at home. A few topics you should read about and have a good general knowledge are:

Firewalls - What they are, how to use one, where to get one,etc.
IDS - Intrusion Detection System
Sniffers - Find out where attacks come from, who sent what packet, etc. Buffer overflow protection - Keep your box safe from this common vulnerability Honey pots - creates virtual systems to trap scanners and hackers Proxy – to help you remain anonymous on the web
SOCKS chain - work through a chain of SOCKS or HTTP proxies to hide your IP

Security auditing can be done for a fee from various companies or done by you to save a few dollars and get more of a “hand on experience” with testing your network or your box at home.. Who knows, you may even learn something. Here are a few things to look for when testing the security of your box:

Vulnerabilities
Malware – Trojans & viruses
NFS &net BIOS - way of sharing file
Network monitoring tools – PC Anywhere, Remote admin, etc
Physical Security – Commonly over looked vulnerability
Wingate - allows a Win95 PC to act as a gateway.
CGI Scripts - poorly written CGI programs are vulnerable to intruders.

These are just a few common and well-known vulnerabilities. For a more detailed list of vulnerabilities visit Http://www.CERT.org

Ports

You should monitor what ports and services are running on your machine. Especially the ones that you don’t recognize. You can find a list of ports and what services run on those ports on any of your favorite search engines. To remove the risk of being attacked, close any application that you find suspicious and view the file’s properties. You should be aware of what ports are open because it gives hackers another place to attack.

Patches, fixes, and updates

For what ever OS, browser, or any other application you use, applying patches are a necessary part of securing your computer. You may have the latest version of X but a week later there’s a number of vulnerabilities, bugs, holes, and flaws discovered. I would recommend checking the company’s web site often for updates and fixes for what ever software, OS, application, etc. you’re using. You may also want to change the default setting or at least take a look at them to make sure they are properly set. Default settings are a common vulnerability. Hundreds of advisories are released daily from various security groups and organizations. One of the largest and well-known organization is the SANS institute. SANS has a large database of advisories, vulnerabilities, and other useful security information. To visit SANS’ web site go to this address: Http://www.SANS.org

Firewalls

Although firewalls are a good method of protecting your computer(s), it shouldn’t be your only line of defense against hackers. Firewalls can provide some degree of protection however, no firewall can detect or stop all attacks, so it’s not sufficient to install a firewall and then ignore all other security measures.


Remote_Access_

[Remote_Access_]

The village idiot has returned with another intelligent remark
when he gave me negative points:

did you actualy write this your self?

Yes you idiot I wrote this my self. It's easy to critisize my work,
complain about this and that but when's the last time YOU
posted a tutorial that was hand typed? It's funny how when
someone posts an actual security topic no one replies, but
when you ask general questions and make ignorant threads
you get quite a few replies.. why is that? Perhaps it's cause
this person dosen't know anything about security and dosen't
have anything to contribute. If I were that person I wouldn't
reveal my identity either...
*sighs* Ah well.. I hope this helped
some of you with your understanding of security.

Remote_Access_

[MrLinus]

It's so nice to see a security related post on a security related site (what a concept eh? ROFL). But RA does bring up some important factors to consider when doing a security audit as part of the overall security process. Remember that security is a process and not just a slipshod affair that you do when you get attacked, hear about attacks or just go through the day-to-day. I will probably do an article on the whole idea of network security process in the Newsletter #2.

[niboreon]

Great job, RA!

If doing an audit for a company I would start by asking for their policies.
If doint an audit for an acquaintance, I start by finding out from them what level of security they expect and what their tolerances are for things like down time and time spent as sys adm of their own systems.

Then I try to match those expectations to the technologies that you discussed.

[Remote_Access_]

Thanks niboreon.

Yes, I should have mentioned that you need to have the company's permission
before you do a security audit. Other wise they may mistake you as an attacker
and may even result in you being fired.. don't want that to happen.
You should always have the person or persons permission before you test the
security on their computer(s). I just went over the basics of doing an audit but
in the newsletter it will contain more detailed information. If you would like to
add or modify any information on this article for the newsletter send an email
to remote_access_@antionline.org or msmittens@msmittens.com

Remember that security is a process and not just a slipshod affair that you do when you get attacked..

That's correct. You can't maintain security only when your box is being attacked or
scanned. Security is manditory and should be a requirement for everyone.. or at least it should be for those that are interested or concerned about it. BTW, I'd like to hear how you would test you computer for holes, vulnerabilities, etc. What procedures would you take if you preformed an audit?

Remote_Access_

[dieterle81]

first a good work remote_access.
another good stuyy to read is:
http://rr.sans.org/audit/linux_sec.php
it's more for linux but it's interesting as well and it has heaps of links to that topic

cheers,

[smirc]

If doing an audit for a company I would start by asking for their policies.

I totally agree with you here. I did a subject related to this at uni and the first thing the said was,

"It doesn't matter how good your security is, if you don't have a firm and comprehensive security policy."

The second thing they said was,

"The weakest link in any network's security is always the user."

Makes your think doesn't it.

[Conf1rm3d_K1ll]

Originally posted by MsMittens
It's so nice to see a security related post on a security related site (what a concept eh? ROFL).

I have to admit that sometimes my mind wonders off the job and I post un security related threads. I even had the hide to ask for a Tech Support thread <gasp!>...LOL. Anyway, this IS a security site and it's good to see these type of threads back. Good pst R_A....

[micael]

God post Remote_Access_ .

MsMittens I'm looking forward to the next number of AO News. Keep up the good work !

niboreon you are right policies and permissions are important and not only for the auditing, its important for the whole process of creating a secure network. Good post !

My 2 cents down the drain..

Words of Wisdom from smirc.
- "The weakest link in any network's security is always the user."

I agree ! My users always trying to give me gray hair and a nervous breakdown, we'll see who wins .

[Alexzel]

Hello RA!

Good day to you! Good Post! You said it straight and clear. Most important of all, it was indeed informative

Keep-up the good posts!!!

A blessed day to all!!!

_____________________________

"I expect to pass through life but once. If, therefore, there be any kindness I can show, or any good thing I can do for any fellow being, let me do it now… as I shall not pass this way again. " ~William Penn