Archive for May, 2013

1. Vulnerability assessments

Network scanners can use databases of known vulnerabilities to check for anything that might present a risk to your systems. Update that database regularly since new vulnerabilities are discovered all the time.

2. Port scans

A port scanner is a very fast way to determine what sort of systems are running on your network, and are probably the most common sort of recon you will see. Determine what should be accessible on your network from the Internet, validate that with a port scanner, and then use a combination of firewall rule cleanup and system hardening to shut down anything that doesn’t belong.

3. Default password access

There’s a reason there are tens of thousands of default password lists on the Internet-they make for a very easy way to get in. Don’t make it easy for an attacker. Make sure everything on your network has been configured with a strong password to prevent unauthorized access.

4. Running services

To compromise a service, it first has to be running. Every server has to run certain services, otherwise it’s just a space heater, but many run unneeded services either because they are on by default, or the admin who set it up didn’t know any better. Use your network scanner to find all running services, and then shut down the ones that are not needed.

5. Remote access

Speaking of default passwords, in about half of the security audits I have performed for customers, I have found remote access software that they didn’t know about, running on systems that made it very easy to get in. Use your network scanner to find all of the Telnet, SSH, RDP, GoToMyPC, LogMeIn, PCAnywhere and other applications that can provide remote access to a system, and shut down all the ones that shouldn’t be there. Finding all those “secret” ways in, and closing up the unapproved ones, will greatly reduce the risks to your network.

Using a network scanner, set up a regular schedule of scanning your systems for these five critical checks. Scan from the outside to see what the firewall cannot stop, and scan from the internal network so you understand just how much damage an inside threat can cause. Knowing your systems the way an attacker will, helps you to ensure everything is safe.

Advertisements