tailieunhanh - Open Source Security Tools : Practical Guide to Security Applications part 15

Open Source Security Tools : Practical Guide to Security Applications part 15. Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses. Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. | Page 119 Wednesday June 23 2004 10 24 PM Uses for Port Scanners 119 by servers such as mail Web and FTP. Unless there is a good reason for this for example PCAnywhere your desktop machines should not be running these types of services. Hunt for Trojan Horses To hunt for Trojan horses on your network run a scan of your network and translate it into the Nlog database format. Open the Nlog search page select the ports and set the range from 30 000 to 65 400. This is the favored range for Trojan horses because it is out of the range of normal services and so they usually will go unnoticed that is unless you are port scanning your network. However just because there are some services running on high-level ports doesn t always mean you have Trojan horses but it is worth paying attention to services running on these high port numbers. Once you ve narrowed it down to the machine and port numbers you can rule them out by checking the services running on those machines or by telneting to those port numbers and seeing if you get a service banner. Check Your External Network Exposure Put your Nmap box outside your network either on a dial-up or home broadband connection and try scanning your company s public IP addresses. By doing this you will see what services are accessible from the Internet and thereby to any port scanner-wielding person . This is the most vulnerable part of your network and you should take extra care to secure any services that are public-facing by using a vulnerability scanner such as the one described in the next chapter. It will also show if your firewall is properly filtering ports that it is forwarding to internal LAN addresses. So you ve seen all the cool things you can do with a port scanner like Nmap. These programs are useful for finding out what you have running and where your exposures might be. But how do you know if those exposed points might be vulnerable Or if services that are supposed to be open are safe and secure That .

TỪ KHÓA LIÊN QUAN