• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 191
  • Last Modified:

Network security

How do i measure my windows network security. Is there any better tool built in or 3rd party tools available?
0
ittechlab
Asked:
ittechlab
1 Solution
 
IPKON_NetworksCommented:
What are you trying to measure?
Penetration tests you should use something easy like www.dnsstuff.com to see what everyone else can see about you, then move into something the will test your system like www.sec-tec.com.

If you want to test your internal network security then again, you need to try and break it. Use a tool to check your password strength such as www.insecure.org (limited free download). Big companies like McAfee and Symantec will also provide you with security probes that will test your network but be biased towards AV generally.

Is this what you are after?

Hope this helps
Barny
0
 
Rich RumbleSecurity SamuraiCommented:
M$ has this tool, the Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx
https://www.grc.com/x/ne.dll?bh0bkyd2   http://www.grc.com/lt/leaktest.htm (zonealarm will help with this one)
GFI Languard Network Security Scanner http://www.gfi.com/lannetscan/
-rich
0
 
a_hicCommented:
to scan vulnerabilities the best tool is : nessus,
www.nessus.org
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
imreble1Commented:
MBSA is shit, zonealarm is also very predicatable and laughed upon. Nessus is a pretty good free utility. This will scan ports and try some other weak hacks/exploits but nothing will truly test your enviroment like a Inline IDP/IDS will. These free tools are just that, You get what you pay for.. Your best bet is to do a port scan/attack with something from the outside like nessus and than bring it inside.. What people don't realize is over 80% of hacks are done within the network. What do you have inside your network that monitors signatures/activity? Do you have permissions set correctly on your shares? What about physical access? Your only stronger than your weakest link, ex. an employee that write his/her password down, or has too much permissions. Are console ports password protected? Just some minor ideas..


RDC
Fishnetsecurity.com
0
 
imreble1Commented:
Almost forgot nmap.. very good tool..
0
 
Rich RumbleSecurity SamuraiCommented:
The MBSA offers some good insight into your current system, such as missing patches, simple or no passwords on accounts etc... I'm not sure what is "predictatable" with zonealarm, and never heard it "laughed" upon, that's more of blackice's thing ;) An inline IDS doesn't test an environment as they are passive, typically IDP's aren't passive and you'll be testing is the IDP's effectiveness firstly, and the rest of the network secondly.
Best practices and egress filtering are some of the best ways to mitigate interal attacks to be sure. The author should learn the phrase "Secuirty isn't a Program, it's a Process"
http://xinn.org/win_bestpractices.html
http://xinn.org/iptables-nat.html#Windows-Egress
But with such a general question, it's hard to know what the author is actually looking for.
-rich
0
 
hstilesCommented:
Network Security encompasses everything from how well your firewall is configured to how many users you have with unneccesarily high privileges, just to make your life easy.

So, you need start by documenting your environment thoroughly.  A missing patch or service pack on a file server is less of an issue than an IT department where everyone spends all day logged on as administrative users or staff have unneccesarily generous internet access.
0
 
TolomirAdministratorCommented:
Would had split the points, but there are just 30, sorry anything else would be unfair.

Tolomir
0
 
GranModCommented:
PAQed with no points refunded (of 30)

GranMod
Community Support Moderator
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now