Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 437
  • Last Modified:

Recommendation on hackers attacking server

I don't know if this is appropriate or not.  I am seeking a way to find out if my company has security holes.  My boss does NOT want to install Microsoft 2003 patches (believe me I've recommended it stronglyy).  Is there a book where I can try to 'hack' our server from another IP address to show if there is vulnerability of not.  I swear I am not a hacker, but I need to see if our network is secure.  he is under the impression that if you are not trying to get in from a specific IP address, it's absolutely safe.  i wanted to mention that even microsoft.com has been hacked but held my tongue.  I need something nitty gritty.  The lowest of the low tricks.

If this is an inappropriate request, please let me know.  I don't mean to offend.

Thanks.
0
texastwostep
Asked:
texastwostep
  • 3
1 Solution
 
jhanceCommented:
If I were in your shoes, I'd be getting my resume updated and start networking around for another position.  If something does happen (which IMHO is more likely all the time) and it's clear that you didn't keep the system updated who do you think is going to get the blame?  This sounds like a setup to me and your boss is trying to position you for a fall!!
0
 
tnapolitanoCommented:
What you are proposing to perform is a vulnerability assessment/penetration test.

Guide to Penetration Testing
http://searchnetworking.techtarget.com/general/0,295582,sid7_gci1083683,00.html

I strongly urge you: before you begin a penetration test, get management approval. In writing.


0
 
tnapolitanoCommented:
Jhance has a good point. You might consider putting your recommendations regarding security & concerns over lack of patching in writing so you have an email trail in the event of intrusion/outbreak.
0
 
texastwostepAuthor Commented:
I'll get it in writing, thanks.  Any recommendations on books?  I don't want to go 'underground' and be associated with groups of hackers that do this for fun.

Thanks.
0
 
tnapolitanoCommented:
Going 'underground' isn't necessary, there are plenty of sources/howtos on performing vulnerability assessments and ethical hacking.

First, read: search for information on how to perform a risk assessment, vuln assessment, pen test, etc.

Second: you only mention attempting to determine security state from external attackers (i.e, ports/services available outside firewall). But unpatched/unhardened (default, "out-of-the-box" configurations) systems can leave a organization open to other vectors of attack, such as malware.

Third: it's my experience that a organization that does not have a patch mgmt strategy isn't doing much else in the way of information security. Sounds like security is being left up to the firewall, the classic 'eggshell' principle of security. Read up on Layered Security.

There's alot more I could write, but things you could begin to do after gaining written approval: familiarize yourself with and employ vulnerability scanners (ISS Security Scanner, GFI Languard, Nessus, etc.) to determine current security state and potential vulnerabilites.

Hope this all helps.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now