This is a brief tutorial on how someone can check their own system for its level of security. Can it be penetrated? How much information can someone get?

First of all, you need to check your basic settings. Do you have any default usernames or passwords? (I.E. Root/Admin) If so, change them.

Also, make sure all of your passwords are secure, this part is pretty basic.

After this, you need to check for services running, are they up to date, have you not been checking them often enough?

That's the basic information that most of us here already do. The thing that not many of us will think to do is find someone else. A friend even, but ALWAYS have someone else check your system, preferably someone who knows fairly little about the specifics (eg. They didn't help set it up.)

Why? Because you know all of the usernames for things, and after you've changed them, you may not know when someone who doesn't already have this information can guess them. Its all too easy for you to decide it can't be guessed, while someone looking in on it can. This is a key fault, and one that many people will over look.

After you have had that person check for security problems in your computer/network, fix everything that they've been able to do, and then have them go in again. Sometimes, fixes create new problems. This is the sort of thing that many people will also forget to check for.

Now that you've done that sort of thing, make sure you don't have anything unneeded running on the computers. Unneeded hardware and software, for what you actually use that is, is a huge security risk. Any services running on your computer that are not used should be, by default, disabled. Security problems in hardware and software can be found at any time, and you don't want to have to keep up to date on every little thing.

If your computer has a scanner than you rarely use, disconnect it. With Windows, UPnP and such, it may be possible for someone to send a signal to your scanner, which will send an image to the computer, and possibly crash it. This example is a little far out there, but it is possible, and can be done by the wily attacker.

Make sure to run scans and uninstall all of the drivers for such things, if you do not think you will hook up the hardware fairly often, to be sure that the problems are gone, maintence here is key. Go through again, with having some friend, hopefully you can now bring in someone new again, and look for more faults.

Make sure that you have also given as little information as possible for the user accounts. A finger to a Linux box can give the persons full name, if it is given. If a Black Hat is attacking a companies computers, they will be able to find out what company it is, and contact the user for an account they wish to compromise. This is where social engineering kicks in, and can be quite deadly. (Read the Art of Deception by Kevin Mitnick if you have not already.)

Also, one final, quick note, on social engineering. If someone calls up an employee or user asking for information, that person should call back the person in IT, or at a phone number that the person is KNOWN to be at, this will reduce the chances of someone being tricked.

This was just a brief tutorial pointing out some things that will help you make sure your computers remain secure, and on how to test them. I hope it will help some people, and bring to view things which were just subconcious knowledge before.

Happy hacking!