vulnerability tests

wild_eyed · 13-01-2004 10:18pm #1

looking for sercuity holes in my system ect, i know its full of them.... ixd used to have one, but its gone now....

phobos · 13-01-2004 10:59pm

Well for starters there is a wide range of vulnerability types that can exist on a given system. I'd be surprised if you found a single tool that could address the majorty of them. Everything from the software you've installed, to the network, and generaly policies you have in place need to be considered, when doing a vulnerability assessment.

What kind of environment does the host live in?
Does the host provide services to other machines on the network?
Does the host need access to services provided on the network?
How many people need access to the machine?
(the critical word in the last 2 being "need").

The list can go on and on...
However it is good to assess the situation, and then decided what to do in order to "improve" security. You are not going to create a 100% secure setup, because there is no such thing, and if there was, it would be unusable. The trade-off between usablility and security is in the hands of the administrator. Someone told me once that a computer with no power is 100% secure. My answer is that I could open the case and rob the hard disk. So physical access is something else, but that would fall under policy. Policies are just as important, if not more, than the software/hardware systems we put in place to improve security.

You haven't provided enough information to describe what kind of system you wish to secure or assess for vulnerabilities, but I'm sure you can take some of what I've said and put it to use. There are plenty of software utilities out there that let us audit system security. Tools like nmap, snort, l0pht, John the Ripper, SuperScan, Kismet, Etheral, etc, etc, etc. But they won't cover every aspect. You will have to draw the line somewhere, and acknowledge that a line exists. Break the problem up in to distinct catagories, and identify risks. By all means use the tools of the trade to audit the system, that's what they are there for.

At the moment I'm working on a security framework for system, which will be deployed on an isolated wireless network. I can tell you that "little" is not the word I'd use to describe what can go wrong in that scenario. But a lot of decisions regarding security have been made, and the system is a hell of a lot better than it was not so long ago. Some of the security features in place, I've written myself, and seem to work well in this scenario. But developing custom security tools (in-house) isn't always the best route to take, as application level vulerabilities can and do exist (after all we're only human).

But first, learn everything you can about the host and it's environment. Ask yourself questions. Draft a procedure to audit & secure holes. Develop a policy to maintain a certain level of security. Remember updating software and hardware systems, along with updating secure policies are part and parcel of a good policy itself.

;-phobos-)

Capt'n Midnight · 13-01-2004 11:33pm

And watch out for cookie exploits

Especially chocolate chip cookies - "I'll give you a cookie if you let me have a go on the word processor!"

Another thing to do is figure out is there anything on the system worth defending - you could set up a honeypot to waste intruders time and alert you to attacks - if practicable have internet access separate from data, ie not on the same network. You could also setup a light browsing PC (sacrificial) connected to the internet so if/when it gets trashed you just wipe and start over.

Reminder - IE still has unpatched vunerabilites - if you are using windows without an external firewall you can make your system safer and thats before you take into account IE & Office & Outlook Express & VB scripting.

XP SP2 will be out soon. One route crackers sometimes use is to attack files that have not changed since the original release of an OS (ie have never been patched) - if they can break one of these then most PC's are vunerable....