Solved

Check our System for security

Posted on 2001-07-26
18
247 Views
Last Modified: 2010-04-11
We have just installed ADSL with Non-NAT, on NT, which is running exchange 5.5 and proxy server.  How do i go about checking the security of our network now that its in the open, 24/7.

Can anyone recommend any sites that can check your system security and report on it, or can i do the checking myself.

Thanks
0
Comment
Question by:moahmad
  • 3
  • 3
  • 2
  • +8
18 Comments
 
LVL 12

Expert Comment

by:Housenet
Comment Utility
-If you give me your IP , I'll tell you if its secure.
0
 

Author Comment

by:moahmad
Comment Utility
Hi HOusenet,

Can you tell how i can go about checking the security fo the site myself.

Thanks
0
 
LVL 19

Expert Comment

by:jools
Comment Utility
Try these links;

http://grc.com

Or you may find this one a bit better;
http://scan.sygatetech.com/

You could also get someone you trust to try for you or get a company to do it like http://www.ixsecurity.com (you'll need lots of money for that though!!!)

Jools
0
 
LVL 11

Expert Comment

by:geoffryn
Comment Utility
The grc.com link is an excellent one.  Shields Up is a good basic test.  The reality is that it will be very difficult for you to secure the server and your network without NAT or some sort of security/access product.  You server is not the only vulnerable system.  If you are using public IP addresses all host on your network are vulnerable.  You have to keep Netbios enabled on the server for native Exchange clients and that is a large whole.  You should consider some sort of security product, at the very least use BlackIce or some sort of firewall software on the server.
0
 
LVL 12

Expert Comment

by:Housenet
Comment Utility
-Download retina from www.eeye.com
-Download a good port scanner like ws_ping pro pack.
-Ip's that report ports 135-139 as open are a major problem.
-If these ports are open & you do not have a good password policy, retina should be about to get a few passwords, & at least get a list of all users , services, shares, etc.
0
 

Author Comment

by:moahmad
Comment Utility
Hello,

I have used both sheilds up and sysgatetech, and the only ports open are port 25 because we have exchange and ICMP.  Does having these ports open all time cause a major security ris?  How do i go about protecting them in proxy server.

Cheers
0
 
LVL 19

Expert Comment

by:jools
Comment Utility
Make sure you are upto the latest patch from microsoft.

I believe ICMP responses can be used for DoS ping attacks so you might want to look into that.

Don't know about proxy setup on M$ Sorry.


Jools
0
 
LVL 19

Expert Comment

by:jools
Comment Utility
isn't the proxy setup a separate question???
0
 
LVL 5

Expert Comment

by:Droby10
Comment Utility
you've mentioned that you're running proxy server, so i'll assume you have hosts behind this unprotected box.  even with the latest patches/sp...you're running a risk.

make sure you don't have routing enabled.  if you are allowing icmp through, then are you using dhcp or do the clients have static ip's?  if you have one host with a dynamically assign ip, then you have a significant security issue.  there's a whole case of issues if you're using privately addressed hosts behind the proxy...there's another whole case of issues if they're not.  is this server the only link between the network and the internet...?  are there multiple ip's assigned to the server?  is the server using a same-port connection schema?  are the machines part of a domain...if so is the server on the same domain as the other hosts?  is it a domain controller?  is the internal network a single-collision or switched network?  are you running any internal-only services?

a simple port scan is a quick way to find gaping holes...but it won't apply the knowledge of how to do what when to get from a to b....nmap does about the best job of intuitively mapping out a network.  but even it falls short, especially in this cases like this.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 12

Expert Comment

by:Housenet
Comment Utility
-Having port 25 is necissay for smtp email, just make sure your exchange server is not allowing relaying of emails not originating from your internet domain. Icmp traffic can be stopped on the proxy server using dynamic packet filtering. Check out the security button in the properties of winsock or web proxy server in IIS..
0
 
LVL 1

Expert Comment

by:CompuNerd19
Comment Utility
Hey guys!  Interesting stuff I seemed to stumble upon.  First thing is first.  I here you guys talking alot about legacy netbios "file and print sharing" by Microsoft.  Yes, this is a very nasty and common method to gain access to systems that have weak password protection.  First thing is first...if you have access to a router, simply block ports tcp/udp 135-139.  By doing this you severly hamper an attempt at access.  Also, there is an option for windows NT service pack 4 and up to disable the null connection (ipc# share). This is a registry change so you may want to have somebody else do it for you.  Simple open up regedt32 and modify the HKLM\SYSTEM\CurrentControlSet\Control\LSA key.  Add the value restrictanonymous (data type = reg_dword) and give it a value of 1.   This may be a little to complicated so lets stick with the easy stuff.  Use auditing tools such as legion to scan your IP and try and crack those shares.  Remember, the most secure thing you can do for the NT Operating System itself is to have strong password policy.  The next biggest thing I can think of is SNMP.  If you must use snmp make sure that you change the default passwords of the community strings.  But if I were you I would probably just disable the protocol all together.  Next, take a look at all the services available.  As HouseNet mentioned earlier mail relay may be fun for us but can get you blacklisted.  Heck, I like sending anonymous mail but I hate when I get spammed.  Use the netstat command on the server to view all open tcp/udp connections.  Again, there are a lot of port scanning tools out there.  Find out what programs are associated with those ports and then research vulnerabilities of that program (this is what a cracker will do).  Bout the only way to secure your systems from being cracked is to try and crack them yourself.  Remember this, Windows NT may be the red headed step child of all the networking Operating Systems but Microsoft has always been very good at patching their mistakes.  Register your software and stay on top of the security announcements and patches that Microsoft or your software vendors come out with.  I hope this helps.  Oh....and please do not become a casulity by giving people your network information and then an IP.  Best of luck.    
0
 
LVL 2

Expert Comment

by:kikkertm
Comment Utility
Or if you feel lucky, just post the IP address here and you'll hear soon enough if you're reasonably safe !
I might not have read enough, but a quick scan through the answers shows that only geoffryn mentions a firewall.. Don't trust Proxy too much, go for a solid firewall product. Also, what does you internal network looks like ? Did you implement somekind of DMZ or is everything directly connected to your proxy machine ? Do your internal machines use the DSL machine as internet gateway ? questions questions questions....
0
 
LVL 1

Expert Comment

by:CompuNerd19
Comment Utility
The only firewalls that I would ever recommend to an end user is Firewall-1 or the IDS system of BlackIce.  Sometimes people put to much trust into a firewall.  Yes, you can avoid alot of trouble and it should be mentioned as any valid security measure, but without the proper configurations, a firewall can easily become a two edged sword.  You should have a variety of tools available for checking your system.  You should be familiar with the services you are running and what port they use ect...  you should be familiar with the different "out of the box" exploits of any OS you may have installed.  A good security posture is that of mobility vs. necessity.  In this case, I would agree with the above that a firewall would be a valid suggestion.  On the other hand, don't rely on it by itself to solve all your problems.  Hope this helps (sorry for the lecture)   :)  
0
 

Expert Comment

by:gorgale
Comment Utility
0
 

Expert Comment

by:Brazilian
Comment Utility
0
 
LVL 1

Expert Comment

by:Computer101
Comment Utility
Hello all,
I am Computer101, a moderator from Experts-Exchange and also an expert within this topic area. This question has been open a long time.  What I am going to do is allow feedback from the questioner and experts.  If it is not resolved, I will delete or accept an answer based on the info I have been given, Experts, feel free to offer input.  I will monitor these questions for a period of 5-7 days and come back and evaluate.  I will have another moderator (who is also an expert in this topic area) look at the question also to ensure we do the right thing for this question.

Thank you
Computer101
Community Support Moderator
0
 

Expert Comment

by:SpideyMod
Comment Utility
All,
I am unlocking this question in preparation for cleanup.  I will return in 7 days to finalize this question.  Please leave any recommendations for the final state of this question, I will take all recommendations into consideration.  Failing any feedback, I may decide in 7 days to delete or PAQ this question with no refund.  Thanks.

SpideyMod
Community Support Moderator @Experts Exchange
0
 

Accepted Solution

by:
SpideyMod earned 0 total points
Comment Utility
PAQ'd

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now