Two Great, Free Network Security Apps
February 18, 2009
These two free, open source network security apps--Angry IP Scanner and Wikto--can alert you to open avenues of attack against your systems.
While it would be nice to snap your fingers and have security issues simply vanish, we all know that you won't get out of it so easily. Countless hours searching for the culprit; probing for vulnerabilities ahead of time; and taking measures to isolate and patch any issues is certainly tedious but, with the right tools, it can be a whole lot less painful.
Batten down the hatches with Angry IP Scanner
Knowing what your networked computers, and the network at large, are leaving themselves open to is a good first step at preventing any sort of malicious action from happening in the first place. A smart move is to get your hands on a port scanner to find which open ports PCs and servers are potentially communicating on.
A tried and true application for such a task is the open source Angry IP Scanner. It has a single purpose, which is to probe ports on the IP Address and port range you point it to and it will reply back with any devices it has found and what ports are open, should they fall into the range you asked for it to scan.
It's a simple matter of inserting an IP range into the program's main user interface while the preferences page, located under the tools option, allows you to change a number of settings in order to limit your scan's impact on your network. The ports tab is where you'll want to input the specific ports or range of ports for the application to focus on.
You may want to focus on a few known trouble regions with your scan, or go with a full scan should you wish to be thorough. Just be advised that the wider you cast your port scanning net the longer the scans will take.
In the event that you're not up to date on what various ports are commonly used by which applications you may want to have a look at Wikipedia's list of TCP and UDP port numbers. It's a good list, but given the nature of some applications and their use of randomized ports, some false positives are likely to pop up. Of course if you don't want any of your PCs to accept incoming connections you'll have to take appropriate measures on those specific machines.
Tangled in the World Wide Web
As useful as that Web server has been for your company, the very simple fact is that some portion of it will have a flaw exposed at some point in time. Proper configuration and culling unnecessary features goes a long way to securing a Website, but things are bound to sneak past even the most watchful eye.
SensePost's open source application Wikto is designed to check against many common flaws found in Web server installations that can lead to anything from a hijacked server to compromised client/customer information. This Windows program is based off of the Linux focused Nikto, which you'll want to keep in mind should you want updated vulnerabilities to scan for as they host current databases that work for Wikto as well.
Operating the program is a simple enough task, although you'll want to use the program's scan wizard and follow the recommended scanning sequence (Spider, Googler, Back End, Wiktio). You're likely to get your fair share of hits from your Web server's software spitting back errors if it cant find files the program is requesting, but if it does encounter issues with your installation, you'll be sure to notice.
If your scans come out clean you're free to breathe a little easier, although keeping on top of updates to your server's software is generally a good idea.
This was a short look at a pair of open source tools designed to make some aspects of troubleshooting easier and less teeth grinding. There's plenty more of them out there, and while many of them serve the same basic purpose, multiple tools for the job are always handy to keep around.
Article courtesy of EnterpriseITPlanet.