Solved

Server Vulneriability

Posted on 2014-11-09
5
327 Views
Last Modified: 2014-11-14
Hello Experts,

My cliend hired an IT auditor, and just by knowing the domain name he was able to state that the server is quite exposed.

How can I run such a test.

here are the results that he sent me:

Initiating OS detection (try #1) against cp10-100.hostingmetro.com (12.34.567.100)
Nmap scan report for cp10-100.hostingmetro.com (12.34.567.100)
Host is up (0.072s latency).
Not shown: 981 closed ports
PORT     STATE    SERVICE
21/tcp   open     ftp
23/tcp   open     telnet
25/tcp   filtered smtp
53/tcp   open     domain
80/tcp   open     http
110/tcp  open     pop3
135/tcp  open     msrpc
139/tcp  filtered netbios-ssn
143/tcp  open     imap
443/tcp  open     https
445/tcp  filtered microsoft-ds
990/tcp  open     ftps
1025/tcp open     NFS-or-IIS
1026/tcp open     LSA-or-nterm
1027/tcp open     IIS
1433/tcp open     ms-sql-s
3306/tcp open     mysql
3389/tcp open     ms-wbt-server
8080/tcp open     http-proxy
Device type: general purpose
Running: Microsoft Windows 2003|XP
OS CPE: cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp::sp2
OS details: Microsoft Windows Server 2003 SP1 or SP2, Microsoft Windows XP SP2 or Windows Server 2003 SP1 or SP2
Network Distance: 9 hops
TCP Sequence Prediction: Difficulty=261 (Good luck!) 

Open in new window

0
Comment
Question by:APD_Toronto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 25

Expert Comment

by:madunix
ID: 40431462
use nmap  http://nmap.org/, check the following Nmap training video http://brakeingsecurity.com/nmap-pt1

You can search for "free vulnerability scanner" on Google to get links to a number of free tools, used for assessment such as Nessus
http://sectools.org/tag/vuln-scanners/
0
 

Author Comment

by:APD_Toronto
ID: 40431530
Is there a non-download web util?
0
 
LVL 4

Expert Comment

by:artsec
ID: 40431721
Basically, he used a port scanner (nmap) with reference to provided result. The result shows the ports which are open and therefor the running services related to each port. Then he use these information to identify which version of related application installed to exploit related vulnerabilities. This is standard practice when a client asks for black box penetration testing.
0
 

Author Comment

by:APD_Toronto
ID: 40437877
I got nmap and run the test for my site and others, like workopolis.ca. I also did some research and know that certain ports are needed for certain services, like 1433 for mssql and 3306 for mysql.

When you do a nmap scan for workopolis.ca, you only see 443 and 80, both of which I believe are http ports. However, workopolis.ca is big job site, and no doubt they have some type of database. We do not see nor 1433 nor 3306.

Am I correct to assume that in workopolis.ca's case they only expose the mandatory ports, but the ports for database are only exposed to IPs that need them. For example, if you have a separate web server and a separate database server, port 1433 for both servers is seen only by the server itself and each other.

If my understanding is correct?

If yes, I understand how this is more secure, but if needed ports are exposed widely (like my initial post above), is it very dangerous?

Thank you
0
 
LVL 4

Accepted Solution

by:
artsec earned 500 total points
ID: 40441687
You are absolutely correct. The best security practice is allowing access to those ports which are needed only. The open ports provide information and access to your server and applications. Those information will be used against your server to exploit known or 0-day vulnerabilities. For instance if the bad guy knows you are running MySQL 5.x then he tries to exploit all related vulnerabilities to MySQL 5.x. Then he move forwards to next known platform or application that you used such as ISS and try to exploit related vulnerabilities to ISS.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question