I'm talking about network scanners. The bad guys use them all day every day to assess networks around the world because a network scanner is one of the easiest and most efficient ways to find the cracks in your armor. If you want to see your network the same way an attacker would, then you want to use a network scanner.
Network scanners perform automated tests of systems over the network. They don't require agents or any other software to be installed on the "target" machines. They assess a system based on what they can get from it over the network. It's the same sort of reconnaissance that is performed against your network around the clock, and that is why you want to do it too. Here are five checks you should perform regularly using your network scanner.
1. Vulnerability assessments
Network scanners can use databases of known vulnerabilities to check for anything that might present a risk to your systems. Update that database regularly since new vulnerabilities are discovered all the time.
2. Port scans
A port scanner is a very fast way to determine what sort of systems are running on your network, and are probably the most common sort of recon you will see. Determine what should be accessible on your network from the Internet, validate that with a port scanner, and then use a combination of firewall rule cleanup and system hardening to shut down anything that doesn't belong.
3. Default password access
There's a reason there are tens of thousands of default password lists on the Internet-they make for a very easy way to get in. Don't make it easy for an attacker. Make sure everything on your network has been configured with a strong password to prevent unauthorized access.
4. Running services
To compromise a service, it first has to be running. Every server has to run certain services, otherwise it's just a space heater, but many run unneeded services either because they are on by default, or the admin who set it up didn't know any better. Use your network scanner to find all running services, and then shut down the ones that are not needed.
5. Remote access
Speaking of default passwords, in about half of the security audits I have performed for customers, I have found remote access software that they didn't know about, running on systems that made it very easy to get in. Use your network scanner to find all of the Telnet, SSH, RDP, GoToMyPC, LogMeIn, PCAnywhere and other applications that can provide remote access to a system, and shut down all the ones that shouldn't be there. Finding all those "secret" ways in, and closing up the unapproved ones, will greatly reduce the risks to your network.
Using a network scanner, set up a regular schedule of scanning your systems for these five critical checks. Scan from the outside to see what the firewall cannot stop, and scan from the internal network so you understand just how much damage an inside threat can cause. Knowing your systems the way an attacker will, helps you to ensure everything is safe.
This guest post was provided by Casper Manes on behalf of GFI Software Ltd. Learn more about the importance of network scanning by downloading the free eBook: A first aid kit for SysAdmins. All product and company names herein may be trademarks of their respective owners.
