Twenty-four hours a day, seven days a week, 365 days each year – it’s
happening. Whether you are awake or asleep, in a meeting or on vacation,
they are out there probing your network, looking for a way in. A way to
exploit you; a way to steal your data, a place to store illegal
content, a website they can deface, or any of a hundred other ways to
mess with you for the simple joy of it all. And they can do this with
relative ease, even in an automated fashion, with simple tools that are
readily available to all.
I’m talking about network scanners. The bad guys use them all day every day to assess networks around the world because a network scanner is one of the easiest and most efficient ways to find the cracks in your armor. If you want to see your network the same way an attacker would, then you want to use a network scanner.
I’m talking about network scanners. The bad guys use them all day every day to assess networks around the world because a network scanner is one of the easiest and most efficient ways to find the cracks in your armor. If you want to see your network the same way an attacker would, then you want to use a network scanner.
Network scanners perform automated tests of systems over the network.
They don’t require agents or any other software to be installed on the
“target” machines. They assess a system based on what they can get from
it over the network. It’s the same sort of reconnaissance that is
performed against your network around the clock, and that is why you
want to do it too. Here are five checks you should perform regularly
using your network scanner.
1. Vulnerability assessments
Network scanners can use databases of known vulnerabilities to check for
anything that might present a risk to your systems. Update that
database regularly since new vulnerabilities are discovered all the
time.
2. Port scans
A port scanner is a very fast way to determine what sort of systems are
running on your network, and are probably the most common sort of recon
you will see. Determine what should be accessible on your network from
the Internet, validate that with a port scanner, and then use a
combination of firewall rule cleanup and system hardening to shut down
anything that doesn’t belong.
3. Default password access
There’s a reason there are tens of thousands of default password lists
on the Internet-they make for a very easy way to get in. Don’t make it
easy for an attacker. Make sure everything on your network has been
configured with a strong password to prevent unauthorized access.
4. Running services
To compromise a service, it first has to be running. Every server has to
run certain services, otherwise it’s just a space heater, but many run
unneeded services either because they are on by default, or the admin
who set it up didn’t know any better. Use your network scanner to find
all running services, and then shut down the ones that are not needed.
5. Remote access
Speaking of default passwords, in about half of the security audits I
have performed for customers, I have found remote access software that
they didn’t know about, running on systems that made it very easy to get
in. Use your network scanner to find all of the Telnet, SSH, RDP,
GoToMyPC, LogMeIn, PCAnywhere and other applications that can provide
remote access to a system, and shut down all the ones that shouldn’t be
there. Finding all those “secret” ways in, and closing up the unapproved
ones, will greatly reduce the risks to your network.
Using a network scanner, set up a regular schedule of scanning your
systems for these five critical checks. Scan from the outside to see
what the firewall cannot stop, and scan from the internal network so you
understand just how much damage an inside threat can cause. Knowing
your systems the way an attacker will, helps you to ensure everything is
safe.
This guest post was provided by Casper Manes on behalf of GFI
Software Ltd. Learn more about the importance of network scanning by
downloading the free eBook: A first aid kit for SysAdmins. All product and company names herein may be trademarks of their respective owners.
0 komentar:
Posting Komentar