Checking your machines for vulnerabilities (pretending you're the hacker)

Using InternetPeriscope, you can scan and test your machines for vulnerabilities. It is recommended that you do this periodically (at least once a month), as software updates, configurations, and hacker activity can make a previously "safe" machine vulnerable to a hacker's attack.

The following list illustrates a few of the ways you can use InternetPeriscope to test your machines for vulnerabilities:
  • Is your firewall working the way you think it should? Has your firewall's configuration changed? Run a Port Scan from a machine outside of your firewall, to see what the hacker's see when they scan your machines. Use the Scan History feature to determine if your firewall configuration has changed. If it has changed, make sure you know why.
  • Run a Port Scan from inside your firewall (if you have one), to see what Internet Services are installed on your machine. Run this test for all ports (1-65535) and for all protocols (UDP and TCP). Does InternetPeriscope list any of these services as hacker software? Can any of these services be disabled? Disabling unsused services can make your machines less vulnerable to attack.

    Does the Scan History show that any suspicious software has been installed since your last scan?
  • Many hackers attempt to exploit RPC services. Are there any Unix RPC Services that you can remove from your machines? Are there any Windows RPC Services that you can remove from your machines? Removing unnecessary services can make your machines less vulnerable to attack.
  • Check your Windows machines for the Null Session Vulnerability.
  • Check your Windows machines for unused user accounts. Unused accounts should be deleted or disabled as they make it easier for hackers to guess logins and passwords. InternetPeriscope can give you a list of accounts. It is up to you to determine which accounts are in use. It is recommended that you disable the Guest account on all Windows machines.
  • Periodically check your Windows machines to see what Sessions are active. Are any of these Sessions suspicious? Can you account for all the Null Sessions?
  • Use InternetPeriscope to fingerprint your web servers. Are you running the most recent versions? Often, web software is updated with hotfixes and patches to fix vulnerabilities.
  • Use InternetPeriscope to fingerprint your mail servers. Are you running the most recent versions? Often, mail software is updated with hotfixes and patches to fix vulnerabilities.
  • Use InternetPeriscope's Intrustion Detection Service (IDS) to find out if hacker's are scanning your machine. Use the Intrustion History feature to find patterns of attack.
  • Check your Web Servers to see if they have vulnerable cgi-scripts or programs,
  • Monitor as many machines and services as possible. This can alert you to Denial of Service (DoS) attacks against your machines, enabling you to respond quickly. Malicious hackers use DoS attacks to disable services on your machines.

Problems, Comments, Suggestions? Click here to contact Greg Thatcher

Please read my Disclaimer





Copyright (c) 2013 Thatcher Development Software, LLC. All rights reserved. No claim to original U.S. Gov't works.